diff --git a/.github/workflows/build-infra-dockers.yaml b/.github/workflows/build-infra-dockers.yaml
index 627158e77..997ecc4e3 100644
--- a/.github/workflows/build-infra-dockers.yaml
+++ b/.github/workflows/build-infra-dockers.yaml
@@ -6,23 +6,22 @@ on:
       - infrastructure
 
 env:
-    GO_VERSION: "~1.21.1"
-    CGO_ENABLED: "0"
-    BUILD_USER: docker
-    BUILD_HOST: github.syncthing.net
+  GO_VERSION: "~1.21.1"
+  CGO_ENABLED: "0"
+  BUILD_USER: docker
+  BUILD_HOST: github.syncthing.net
 
 jobs:
-
   docker-syncthing:
     name: Build and push Docker images
     runs-on: ubuntu-latest
     environment: docker
     strategy:
-        matrix:
-            pkg:
-                - stcrashreceiver
-                - strelaypoolsrv
-                - stupgrades
+      matrix:
+        pkg:
+          - stcrashreceiver
+          - strelaypoolsrv
+          - stupgrades
     steps:
       - uses: actions/checkout@v4
         with:
@@ -52,3 +51,5 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: syncthing/${{ matrix.pkg }}:latest,syncthing/${{ matrix.pkg }}:${{ github.sha }}
+          outputs: |
+            annotation.org.opencontainers.image.revision="${{ github.sha }}"
diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml
index 630e3fece..aced02673 100644
--- a/.github/workflows/build-syncthing.yaml
+++ b/.github/workflows/build-syncthing.yaml
@@ -808,6 +808,7 @@ jobs:
             tags=${{ matrix.image }}:edge
           fi
           echo "DOCKER_TAGS=$tags" >> $GITHUB_ENV
+          echo "VERSION=$version" >> $GITHUB_ENV
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
@@ -817,6 +818,9 @@ jobs:
           platforms: linux/amd64,linux/arm64,linux/arm/7
           push: ${{ env.DOCKER_PUSH == 'true' }}
           tags: ${{ env.DOCKER_TAGS }}
+          outputs: |
+            annotation.org.opencontainers.image.version="${{ env.VERSION }}"
+            annotation.org.opencontainers.image.revision="${{ github.sha }}"
 
   #
   # Check for known vulnerabilities in Go dependencies
diff --git a/Dockerfile b/Dockerfile
index 02f872de4..0b802aeeb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,6 +29,14 @@ RUN if [ ! -f syncthing-linux-$TARGETARCH ] ; then \
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing"
+
 EXPOSE 8384 22000/tcp 22000/udp 21027/udp
 
 VOLUME ["/var/syncthing"]
diff --git a/Dockerfile.builder b/Dockerfile.builder
index 54127ee38..09b4519b0 100644
--- a/Dockerfile.builder
+++ b/Dockerfile.builder
@@ -1,6 +1,14 @@
 ARG GOVERSION=latest
 FROM golang:$GOVERSION
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Builder"
+
 # FPM to build Debian packages
 RUN apt-get update && apt-get install -y --no-install-recommends \
 	locales rubygems ruby-dev build-essential git \
diff --git a/Dockerfile.stcrashreceiver b/Dockerfile.stcrashreceiver
index a29eb1de5..42e855da4 100644
--- a/Dockerfile.stcrashreceiver
+++ b/Dockerfile.stcrashreceiver
@@ -1,6 +1,14 @@
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Crash Receiver"
+
 EXPOSE 8080
 
 COPY stcrashreceiver-linux-${TARGETARCH} /bin/stcrashreceiver
diff --git a/Dockerfile.stdiscosrv b/Dockerfile.stdiscosrv
index 6adb5dcc3..654109b3c 100644
--- a/Dockerfile.stdiscosrv
+++ b/Dockerfile.stdiscosrv
@@ -16,6 +16,14 @@ RUN if [ ! -f stdiscosrv-linux-$TARGETARCH ] ; then \
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Discovery Server"
+
 EXPOSE 19200 8443
 
 VOLUME ["/var/stdiscosrv"]
diff --git a/Dockerfile.strelaypoolsrv b/Dockerfile.strelaypoolsrv
index 4519f09e1..2b4d102fb 100644
--- a/Dockerfile.strelaypoolsrv
+++ b/Dockerfile.strelaypoolsrv
@@ -1,6 +1,14 @@
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Relay Pool Server"
+
 EXPOSE 8080
 
 RUN apk add --no-cache ca-certificates su-exec curl
diff --git a/Dockerfile.strelaysrv b/Dockerfile.strelaysrv
index 841d2feb3..8ef3cd205 100644
--- a/Dockerfile.strelaysrv
+++ b/Dockerfile.strelaysrv
@@ -16,6 +16,14 @@ RUN if [ ! -f strelaysrv-linux-$TARGETARCH ] ; then \
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Relay Server"
+
 EXPOSE 22067 22070
 
 VOLUME ["/var/strelaysrv"]
diff --git a/Dockerfile.stupgrades b/Dockerfile.stupgrades
index c4e65b998..49fc73fc3 100644
--- a/Dockerfile.stupgrades
+++ b/Dockerfile.stupgrades
@@ -1,6 +1,14 @@
 FROM alpine
 ARG TARGETARCH
 
+LABEL org.opencontainers.image.authors="The Syncthing Project" \
+      org.opencontainers.image.url="https://syncthing.net" \
+      org.opencontainers.image.documentation="https://docs.syncthing.net" \
+      org.opencontainers.image.source="https://github.com/syncthing/syncthing" \
+      org.opencontainers.image.vendor="The Syncthing Project"
+      org.opencontainers.image.licenses="MPL-2.0"
+      org.opencontainers.image.title="Syncthing Upgrades"
+
 EXPOSE 8080
 
 COPY stupgrades-linux-${TARGETARCH} /bin/stupgrades