diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a963a7da6b19a..b381e2c4447e2 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -361,6 +361,7 @@ jobs:
           file: scripts/Dockerfile.base
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           provenance: true
+          sbom: true
           pull: true
           no-cache: true
           push: true
diff --git a/dogfood/contents/files/etc/docker/daemon.json b/dogfood/contents/files/etc/docker/daemon.json
index c2cbc52c3cc45..33b0126288fda 100644
--- a/dogfood/contents/files/etc/docker/daemon.json
+++ b/dogfood/contents/files/etc/docker/daemon.json
@@ -1,3 +1,6 @@
 {
-	"registry-mirrors": ["https://mirror.gcr.io"]
+	"registry-mirrors": ["https://mirror.gcr.io"],
+	"features": {
+		"containerd-snapshotter": true
+	}
 }
diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh
index 1bee954e9713c..bf3e3bb8116bb 100755
--- a/scripts/build_docker.sh
+++ b/scripts/build_docker.sh
@@ -136,10 +136,12 @@ fi
 
 log "--- Building Docker image for $arch ($image_tag)"
 
-docker build \
+docker buildx build \
 	--platform "$arch" \
 	--build-arg "BASE_IMAGE=$base_image" \
 	--build-arg "CODER_VERSION=$version" \
+	--provenance true \
+	--sbom true \
 	--no-cache \
 	--tag "$image_tag" \
 	-f Dockerfile \