diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 6e7ed5dc..975e8fe3 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -51,6 +51,7 @@ jobs:
           # We should reenable go test -race for arm64 runners once the
           # current issue is resolved.
           GO_TEST_ARGS: ""
+          SKIP_COSIGN_VERIFICATION: true
       - name: Verify
         run: make verify
 
@@ -74,5 +75,7 @@ jobs:
             ${{ runner.os }}-go-
       - name: Run tests
         run: make test
+        env:
+          SKIP_COSIGN_VERIFICATION: true
       - name: Verify
         run: make verify
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
index 47d2638e..f9784bce 100644
--- a/.github/workflows/cifuzz.yaml
+++ b/.github/workflows/cifuzz.yaml
@@ -26,3 +26,5 @@ jobs:
           ${{ runner.os }}-go-
     - name: Smoke test Fuzzers
       run: make fuzz-smoketest
+      env:
+        SKIP_COSIGN_VERIFICATION: true
diff --git a/Makefile b/Makefile
index 4b781801..882b5145 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,9 @@ BUILD_PLATFORMS ?= linux/amd64,linux/arm64,linux/arm/v7
 # Allows for defining additional Go test args, e.g. '-tags integration'.
 GO_TEST_ARGS ?= -race
 
+# Defines whether cosign verification should be skipped.
+SKIP_COSIGN_VERIFICATION ?= false
+
 # Directory with versioned, downloaded things
 CACHE := cache
 
diff --git a/hack/install-libraries.sh b/hack/install-libraries.sh
index 406d3a58..63bc71ea 100755
--- a/hack/install-libraries.sh
+++ b/hack/install-libraries.sh
@@ -6,6 +6,7 @@ IMG="${IMG:-}"
 TAG="${TAG:-}"
 IMG_TAG="${IMG}:${TAG}"
 DOWNLOAD_URL="https://github.com/fluxcd/golang-with-libgit2/releases/download/${TAG}"
+SKIP_COSIGN_VERIFICATION="${SKIP_COSIGN_VERIFICATION:-false}"
 
 TMP_DIR=$(mktemp -d)
 
@@ -48,9 +49,13 @@ cosign_verify(){
 assure_provenance() {
     [[ $# -eq 1 ]] || fatal 'assure_provenance needs exactly 1 arguments'
 
-    cosign_verify "${TMP_DIR}/checksums.txt.pem" \
-                  "${TMP_DIR}/checksums.txt.sig" \
-                  "${TMP_DIR}/checksums.txt"
+    if "${SKIP_COSIGN_VERIFICATION}"; then
+        echo 'Skipping cosign verification...'
+    else
+        cosign_verify "${TMP_DIR}/checksums.txt.pem" \
+                    "${TMP_DIR}/checksums.txt.sig" \
+                    "${TMP_DIR}/checksums.txt"
+    fi
 
     pushd "${TMP_DIR}" || exit
     if command -v sha256sum; then