diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 07e14dde6d3..db2f2d307ef 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -23,9 +23,7 @@ on:
   - main
 
 env:
-  PROTOC_VERSION: 3.17.3
   GO_VERSION_FILE: go.mod # no good way of getting a mutual version between go.mod and tools/go.mod
-  CACHE_DEPENDENCY_PATH: "**/go.sum" # include both go.sum and tools/go.sum
 
 jobs:
   docs_only_check:
@@ -50,240 +48,36 @@ jobs:
       name: Check for docs-only changes
       run: echo "docs_only=true" >> $GITHUB_OUTPUT
 
-  scorecard:
-    name: scorecard-docker
+  docker_matrix:
+    strategy:
+      matrix:
+        target:
+          - 'scorecard-docker'
+          - 'cron-controller-docker'
+          - 'cron-worker-docker'
+          - 'cron-cii-worker-docker'
+          - 'cron-bq-transfer-docker'
+          - 'cron-webhook-docker'
+          - 'cron-github-server-docker'
+          - 'build-attestor-docker'
+    name: ${{ matrix.target }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    needs:
-      - docs_only_check
+    needs: docs_only_check
     if: (needs.docs_only_check.outputs.docs_only != 'true')
     steps:
      - name: Harden Runner
        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make scorecard-docker
-  cron-controller:
-    name: cron-controller-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make cron-controller-docker
-  cron-worker:
-    name: cron-worker-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make cron-worker-docker
-  cron-cii-worker:
-    name: cron-cii--worker-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make cron-cii-worker-docker
-  cron-bq-transfer:
-    name: cron-bq-transfer-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make cron-bq-transfer-docker
-  cron-webhook:
-    name: cron-webhook-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-         cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }}
-     - name: docker build
-       run: make cron-webhook-docker
-  cron-github-server:
-    name: cron-github-server-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-     - name: Clone the code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
-       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
-       with:
-         go-version-file: ${{ env.GO_VERSION_FILE }}
-         check-latest: true
-         cache: true
-     - name: docker build
-       run: make cron-github-server-docker
-  attestor:
-    name: attestor-docker
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - docs_only_check
-    if: (needs.docs_only_check.outputs.docs_only != 'true')
-    steps:
-     - name: Harden Runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
-       with:
-         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-     - name: Install Protoc
-       uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0
-       with:
-        version: ${{ env.PROTOC_VERSION }}
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Clone the code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-     - name: Setup Go
+     - name: Setup Go # needed for some of the Makefile evaluations, even if building happens in Docker 
        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
          go-version-file: ${{ env.GO_VERSION_FILE }}
          check-latest: true
-         cache: true
+         cache: false # the building happens in Docker, so saving this cache would negatively impact other builds
      - name: docker build
-       run: make build-attestor-docker
+       run: make ${{ matrix.target }}