diff --git a/api/v1/codebaseimagestream_types.go b/api/v1/codebaseimagestream_types.go
index 936c0a60..53b630e8 100644
--- a/api/v1/codebaseimagestream_types.go
+++ b/api/v1/codebaseimagestream_types.go
@@ -21,6 +21,7 @@ type CodebaseImageStreamSpec struct {
 type Tag struct {
 	Name    string `json:"name"`
 	Created string `json:"created"`
+	Digest  string `json:"digest,omitempty"`
 }
 
 // CodebaseImageStreamStatus defines the observed state of CodebaseImageStream.
diff --git a/build/templates/applications/helm-chart/kubernetes/templates/deployment.yaml b/build/templates/applications/helm-chart/kubernetes/templates/deployment.yaml
index 8ded5cf9..724ff6ff 100644
--- a/build/templates/applications/helm-chart/kubernetes/templates/deployment.yaml
+++ b/build/templates/applications/helm-chart/kubernetes/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{ if .Values.image.digest }}@{{ .Values.image.digest }}{{ end }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
diff --git a/build/templates/applications/helm-chart/kubernetes/values.tmpl b/build/templates/applications/helm-chart/kubernetes/values.tmpl
index cc9abdb1..bcb5ca36 100644
--- a/build/templates/applications/helm-chart/kubernetes/values.tmpl
+++ b/build/templates/applications/helm-chart/kubernetes/values.tmpl
@@ -9,6 +9,8 @@ image:
   pullPolicy: IfNotPresent
   # -- Overrides the image tag whose default is the chart appVersion.
   tag: ""
+  # -- Image digest for immutable reference (e.g., sha256:abc123...). If set, deployed as :tag@digest.
+  digest: ""
 
 imagePullSecrets:
 # Define secret to pull images. Secret can be provisioned by edp-install or manually.
diff --git a/build/templates/applications/helm-chart/openshift/templates/deployment.yaml b/build/templates/applications/helm-chart/openshift/templates/deployment.yaml
index fbafc88e..3fa7ee50 100644
--- a/build/templates/applications/helm-chart/openshift/templates/deployment.yaml
+++ b/build/templates/applications/helm-chart/openshift/templates/deployment.yaml
@@ -31,7 +31,7 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}{{ if .Values.image.digest }}@{{ .Values.image.digest }}{{ end }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
diff --git a/build/templates/applications/helm-chart/openshift/values.tmpl b/build/templates/applications/helm-chart/openshift/values.tmpl
index 300c48c7..0900ad06 100644
--- a/build/templates/applications/helm-chart/openshift/values.tmpl
+++ b/build/templates/applications/helm-chart/openshift/values.tmpl
@@ -9,6 +9,8 @@ image:
   pullPolicy: IfNotPresent
   # -- Overrides the image tag whose default is the chart appVersion.
   tag: ""
+  # -- Image digest for immutable reference (e.g., sha256:abc123...). If set, deployed as :tag@digest.
+  digest: ""
 
 imagePullSecrets:
 # Define secret to pull images. Secret can be provisioned by edp-install or manually.
diff --git a/config/crd/bases/v2.edp.epam.com_codebaseimagestreams.yaml b/config/crd/bases/v2.edp.epam.com_codebaseimagestreams.yaml
index 601079f0..4a027562 100644
--- a/config/crd/bases/v2.edp.epam.com_codebaseimagestreams.yaml
+++ b/config/crd/bases/v2.edp.epam.com_codebaseimagestreams.yaml
@@ -60,6 +60,8 @@ spec:
                   properties:
                     created:
                       type: string
+                    digest:
+                      type: string
                     name:
                       type: string
                   required:
diff --git a/deploy-templates/crds/v2.edp.epam.com_codebaseimagestreams.yaml b/deploy-templates/crds/v2.edp.epam.com_codebaseimagestreams.yaml
index 601079f0..4a027562 100644
--- a/deploy-templates/crds/v2.edp.epam.com_codebaseimagestreams.yaml
+++ b/deploy-templates/crds/v2.edp.epam.com_codebaseimagestreams.yaml
@@ -60,6 +60,8 @@ spec:
                   properties:
                     created:
                       type: string
+                    digest:
+                      type: string
                     name:
                       type: string
                   required:
diff --git a/docs/api.md b/docs/api.md
index 0323efcb..8fcf45b6 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -603,6 +603,13 @@ CodebaseImageStreamSpec defines the desired state of CodebaseImageStream.
           <br/>
         </td>
         <td>true</td>
+      </tr><tr>
+        <td><b>digest</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
       </tr></tbody>
 </table>