diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile
index 3f617c4b924..eff352d4d70 100644
--- a/.circleci/Dockerfile
+++ b/.circleci/Dockerfile
@@ -1,5 +1,11 @@
 FROM --platform=$TARGETPLATFORM golang:1.21-bullseye
 
+# Link the image to the source project. This grants snyk/cli's Github Actions permission to publish the image.
+LABEL org.opencontainers.image.source="https://github.com/snyk/cli"
+
+# A description shown for the image in the Github Container Registry UI.
+LABEL org.opencontainers.image.description="Snyk CLI build environment"
+
 # install "normal" stuff
 
 ARG NODEVERSION
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 49b077527cd..1345177175f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -16,7 +16,7 @@ parameters:
   go_version:
     type: string
     # https://go.dev/doc/devel/release
-    default: '1.21.5'
+    default: '1.21.7'
   aws_version:
     type: string
     # https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
@@ -38,12 +38,12 @@ executors:
       - image: alpine:3.17
   docker-amd64:
     docker:
-      - image: cimg/go:1.21-node
+      - image: ghcr.io/snyk/cli-build:20240214-145818
     working_directory: /mnt/ramdisk/snyk
     resource_class: large
   docker-arm64:
     docker:
-      - image: cimg/go:1.21-node
+      - image: ghcr.io/snyk/cli-build-arm64:20240214-145818
     working_directory: /mnt/ramdisk/snyk
     resource_class: arm.large
   linux-ubuntu-mantic-amd64:
diff --git a/.github/workflows/create-build-image.yml b/.github/workflows/create-build-image.yml
index cf751f34d4a..c6095604602 100644
--- a/.github/workflows/create-build-image.yml
+++ b/.github/workflows/create-build-image.yml
@@ -13,7 +13,8 @@ jobs:
       - uses: docker/setup-buildx-action@v2
       - name: Build Docker image
         env:
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DOCKER_USERNAME: token
+          DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          DOCKER_HOST: ghcr.io
           DOCKER_BUILDKIT: 1
         run: scripts/create-build-image.sh
diff --git a/cliv2/go.mod b/cliv2/go.mod
index 9c520932dff..a81a199ed96 100644
--- a/cliv2/go.mod
+++ b/cliv2/go.mod
@@ -2,7 +2,7 @@ module github.com/snyk/cli/cliv2
 
 go 1.21
 
-toolchain go1.21.5
+toolchain go1.21.7
 
 require (
 	github.com/elazarl/goproxy v0.0.0-20231031074852-3ec07828be7a
diff --git a/scripts/create-build-image.sh b/scripts/create-build-image.sh
index 34da45e0889..8af4f95eef6 100755
--- a/scripts/create-build-image.sh
+++ b/scripts/create-build-image.sh
@@ -19,9 +19,7 @@ pushd "$SCRIPT_DIR/.."
   NODEVERSION=$(head -1 .nvmrc)
   export NODEVERSION
 
-  docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
-
-  BASE_IMG_NAME=$DOCKER_USERNAME/cli-build
+  BASE_IMG_NAME=ghcr.io/snyk/cli-build
   docker buildx build \
     --build-arg NODEVERSION="$NODEVERSION" \
     --build-arg ARCH="x86_64" \
@@ -31,7 +29,7 @@ pushd "$SCRIPT_DIR/.."
     --push \
     --file .circleci/Dockerfile .
 
-  BASE_IMG_NAME=$DOCKER_USERNAME/cli-build-arm64
+  BASE_IMG_NAME=ghcr.io/snyk/cli-build-arm64
   docker buildx build \
     --build-arg NODEVERSION="$NODEVERSION" \
     --build-arg ARCH="aarch64" \