diff --git a/.github/actions/image-builder/action.yml b/.github/actions/image-builder/action.yml
index a9f3695abe9e..b98c2c3b9292 100644
--- a/.github/actions/image-builder/action.yml
+++ b/.github/actions/image-builder/action.yml
@@ -10,6 +10,12 @@ inputs:
   image-name:
     description: Name of the build image
     required: true
+  # image-builder-image is a way to provide custom docker image for the image-builder
+  # It's used by the test workflow to test the image-builder itself.
+  # It's not allwoed in normal flow as it's not secure to use custom images in the production flow.
+  image-builder-image:
+    description: The image-builder image to use. It's allowed only for test workflow created by the image-builder team.
+    required: true
   context:
     description: Build context to build container from
     required: false
@@ -81,8 +87,8 @@ runs:
         echo "tags=$result" >> $GITHUB_OUTPUT
       id: prepare-tags
       shell: bash
-    
-    - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250227-8109a085
+
+    - uses: docker://${{ inputs.image-builder-image }}
       id: build
       with:
-        args: --name=${{ inputs.image-name }} --context=${{ inputs.context }} --dockerfile=${{ inputs.dockerfile }} --azure-access-token=${{ inputs.ado-token }} --oidc-token=${{ inputs.oidc-token }} ${{ steps.prepare-build-args.outputs.build-args }} ${{ steps.prepare-tags.outputs.tags }} --export-tags=${{ inputs.export-tags }} --config=${{ inputs.config }} --env-file=${{ inputs.env-file }} --build-in-ado=true --use-go-internal-sap-modules=${{ inputs.use-go-internal-sap-modules }}
\ No newline at end of file
+        args: --name=${{ inputs.image-name }} --context=${{ inputs.context }} --dockerfile=${{ inputs.dockerfile }} --azure-access-token=${{ inputs.ado-token }} --oidc-token=${{ inputs.oidc-token }} ${{ steps.prepare-build-args.outputs.build-args }} ${{ steps.prepare-tags.outputs.tags }} --export-tags=${{ inputs.export-tags }} --config=${{ inputs.config }} --env-file=${{ inputs.env-file }} --build-in-ado=true --use-go-internal-sap-modules=${{ inputs.use-go-internal-sap-modules }}
diff --git a/.github/workflows/image-builder-test.yml b/.github/workflows/image-builder-test.yml
new file mode 100644
index 000000000000..cd4cd8f43345
--- /dev/null
+++ b/.github/workflows/image-builder-test.yml
@@ -0,0 +1,60 @@
+name: image-builder-test
+
+on:
+  pull_request_target:
+    types: [ opened, edited, synchronize, reopened, ready_for_review ]
+    paths:
+      - "cmd/image-builder/*.go"
+      - "cmd/image-builder/images/kaniko/*"
+      - "pkg/**"
+      - "go.mod"
+      - "go.sum"
+  workflow_dispatch:
+
+permissions:
+  id-token: write # This is required for requesting the JWT token
+  contents: read # This is required for actions/checkout
+
+jobs:
+  build-test-image:
+    uses: ./.github/workflows/image-builder.yml
+    with:
+      name: image-builder
+      dockerfile: cmd/image-builder/images/kaniko/Dockerfile
+      context: .
+
+  retrieve-secrets:
+    needs: build-test-image
+    runs-on: ubuntu-latest
+    outputs:
+      ado-pat: ${{ steps.secrets.outputs.ado-pat }}
+    steps:
+      - name: Verify repository owner
+        id: verify_repo_owner
+        if: ${{ github.repository_owner != 'kyma-project' }}
+        run: |
+          echo "Using image-builder workflow outside of kyma-project organisation is not supported."
+          exit 1
+
+      - name: Authenticate in GCP
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }}
+      
+      - name: Get ADO PAT from Secret Manager
+        id: 'secrets'
+        uses: 'google-github-actions/get-secretmanager-secrets@v2'
+        with:
+          secrets: |-
+            ado-pat:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME }}
+;
+  test-trigger-image-builder-from-client:
+    needs: [build-test-image, retrieve-secrets]
+    uses: ./.github/workflows/image-builder.yml
+    with:
+      name: image-builder
+      dockerfile: cmd/image-builder/images/kaniko/Dockerfile
+      context: .
+      image-builder-image: ${{ needs.build-test-image.outputs.images[0]}}
diff --git a/.github/workflows/image-builder.yml b/.github/workflows/image-builder.yml
index f60382e88db1..c730aad40b5c 100644
--- a/.github/workflows/image-builder.yml
+++ b/.github/workflows/image-builder.yml
@@ -45,6 +45,14 @@ on:
         required: false
         type: boolean
         default: false
+      # image-builder-image is a way to provide custom docker image for the image-builder
+      # It's used by the test workflow to test the image-builder itself.
+      # It's not allwoed in normal flow as it's not secure to use custom images in the production flow.
+      image-builder-image:
+        description: The image-builder image to use. It's allowed only for test workflow created by the image-builder team.
+        required: false
+        type: string
+        default: ""
     outputs:
       images:
         description: JSON list of images built by image-builder
@@ -53,6 +61,10 @@ on:
         description: The result of the ADO pipeline execution
         value: ${{ jobs.build-image.outputs.result }}
 
+env:
+  # The image-builder image to use for non test workflows
+  IMAGE_BUILDER_IMAGE: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250227-8109a085
+
 jobs:
   build-image:
     permissions:
@@ -64,10 +76,16 @@ jobs:
       images: ${{ steps.build.outputs.images }}
       result: ${{ steps.build.outputs.adoResult }}
     steps:
-      - name: Verify caller workflow_ref
-        run: | 
-          echo "Caller workflow_ref: ${{ github.workflow_ref }}"
-        continue-on-error: true
+      - name: Set the image-builder image
+        if: ${{ github.workflow_ref == 'kyma-project/test-infra/.github/workflows/image-builder-test.yml@refs/heads/main' }}
+        run: |
+          if [[ -z "${{ inputs.image-builder-image }}" ]]; then
+            echo "ERROR: Missing image-builder image input!"
+            exit 1
+          fi
+
+          echo "WARNING: Using image builder's image provided by user! Image name: ${{ inputs.image-builder-image}}"
+          echo "IMAGE_BUILDER_IMAGE=${{ inputs.image-builder-image }}" >> $GITHUB_ENV
 
       - name: Verify repository owner
         id: verify_repo_owner
@@ -119,4 +137,5 @@ jobs:
           dockerfile: ${{ inputs.dockerfile }}
           env-file: ${{ inputs.env-file }}
           config: "./configs/image-builder-client-config.yaml"
-          use-go-internal-sap-modules: ${{ inputs.use-go-internal-sap-modules }}
\ No newline at end of file
+          use-go-internal-sap-modules: ${{ inputs.use-go-internal-sap-modules }}
+          image-builder-image: ${{ env.IMAGE_BUILDER_IMAGE }}
diff --git a/go.mod b/go.mod
index d1f7c8214c21..14acb84cd555 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/kyma-project/test-infra
 
 go 1.23.0
 
-toolchain go1.23.4
+toolchain go1.23.4 
 
 require (
 	cloud.google.com/go/compute/metadata v0.6.0