diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6624d31a51d3c8037f45f4936e3439850a0e082f..3c11a35a97526777bd628588c3b4e4f2bdf13926 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -139,6 +139,7 @@ variables:
   GIT_SUBMODULE_STRATEGY: "none"
   GET_SOURCES_ATTEMPTS: "3"
   DEBIAN_VERSION: "bullseye"
+  UBI_VERSION: "8.6"
   CHROME_VERSION: "109"
   DOCKER_VERSION: "23.0.1"
   RUBY_VERSION: "2.7"
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index 389906dbbffa465158db87ad5622bd9ac8cb67d3..ae0b15bbdb8aa23bc28a98d90dc1006d70986540 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -10,7 +10,7 @@ workhorse:verify:
 
 .workhorse:test:
   extends: .workhorse:rules:workhorse
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}:git-2.36
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
   variables:
     GITALY_ADDRESS: "tcp://127.0.0.1:8075"
   stage: test
@@ -18,7 +18,6 @@ workhorse:verify:
     - setup-test-env
   before_script:
     - go version
-    - apt-get update && apt-get -y install libimage-exiftool-perl
     - scripts/gitaly-test-build
   script:
     - make -C workhorse test
@@ -37,7 +36,10 @@ workhorse:test go:
 
 workhorse:test fips:
   extends: .workhorse:test
-  image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ubuntu_20.04_fips:4.0.0
+  parallel:
+    matrix:
+      - GO_VERSION: ["1.18", "1.19"]
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
   variables:
     FIPS_MODE: 1
 
diff --git a/workhorse/Makefile b/workhorse/Makefile
index 4236a1a0d8eac79dedcdde18874eb0a2c1770c8d..ba99276d1bef38798e987dd65e9944d44e171976 100644
--- a/workhorse/Makefile
+++ b/workhorse/Makefile
@@ -27,6 +27,12 @@ ifeq (${FIPS_MODE}, 1)
     # If the golang-fips compiler is built with CGO_ENABLED=0, this needs to be
     # explicitly switched on.
     export CGO_ENABLED=1
+    # Go 1.19+ now requires GOEXPERIMENT=boringcrypto for FIPS compilation.
+    # See https://github.com/golang/go/issues/51940 for more details.
+    BORINGCRYPTO_SUPPORT := $(shell GOEXPERIMENT=boringcrypto go version &> /dev/null; echo $$?)
+    ifeq ($(BORINGCRYPTO_SUPPORT), 0)
+      export GOEXPERIMENT=boringcrypto
+    endif
 endif
 
 MINIMUM_SUPPORTED_GO_VERSION := 1.11