diff --git a/README.md b/README.md
index 0897bda7e9702d783bcf4fac452aa0cb16453a16..9e13fb2e578f5f1d840c8431a825536509e98de8 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,8 @@ By default, the template uses [Buildah](https://buildah.io/), but you may select
 > Because [Kaniko is no longer maintained](https://github.com/GoogleContainerTools/kaniko/issues/3348), [Buildah](https://buildah.io/) is now the default.
 >
 > This change may introduce breaking changes to your pipelines.
+>
+> If needed, you can override the default globally by setting the `TBC_DEFAULT_DOCKER_BUILD_TOOL` instance-level CI/CD variable to `kaniko` or `dind`.
 
 :warning: If you choose to use 'Docker-in-Docker' option considering the associated security risks, make sure your runner has required privileges to run Docker-in-Docker ([see GitLab doc](https://docs.gitlab.com/ci/docker/using_docker_build/#use-docker-in-docker-workflow-with-docker-executor)).
 
@@ -67,7 +69,7 @@ The Docker template uses some global configuration used throughout all jobs.
 
 | Input / Variable                         | Description                                                                                                                                    | Default value                                                                       |
 | ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
-| `build-tool` / `DOCKER_BUILD_TOOL`       | The build tool to use for building container image, possible values are `kaniko`, `buildah`, `dind` or `external`                              | `buildah`                                                                           |
+| `build-tool` / `DOCKER_BUILD_TOOL`       | The build tool to use for building container image, possible values are `kaniko`, `buildah`, `dind` or `external`                              | `$TBC_DEFAULT_DOCKER_BUILD_TOOL` (defaults to `buildah`)                            |
 | `kaniko-image` / `DOCKER_KANIKO_IMAGE`   | The image used to run `kaniko` - _for kaniko build only_                                                                                       | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab)<br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-DOCKER_KANIKO_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_KANIKO_IMAGE)|
 | `buildah-image` / `DOCKER_BUILDAH_IMAGE` | The image used to run `buildah` - _for buildah build only_                                                                                     | `quay.io/containers/buildah:latest`<br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-DOCKER_BUILDAH_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_BUILDAH_IMAGE)|
 | `image` / `DOCKER_IMAGE`                 | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker.io/library/docker:latest`<br/>[![Trivy Badge](https://to-be-continuous.gitlab.io/doc/secu/trivy-badge-DOCKER_IMAGE.svg)](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_IMAGE) |
diff --git a/kicker.json b/kicker.json
index 126d2836507fd573c7fe0501f9ffed6573441108..9b32781bd78201048ad76e1e5c2870bc7d8d6f47 100644
--- a/kicker.json
+++ b/kicker.json
@@ -9,9 +9,9 @@
     {
       "name": "DOCKER_BUILD_TOOL",
       "type": "enum",
-      "values": ["buildah", "dind", "kaniko", "external"],
-      "description": "The build tool to use for building container image",
-      "default": "buildah"
+      "values": ["buildah", "dind", "kaniko", "external", "$TBC_DEFAULT_DOCKER_BUILD_TOOL"],
+      "description": "The build tool to use for building container image\n\n_`$TBC_DEFAULT_DOCKER_BUILD_TOOL` defaults to `buildah`_",
+      "default": "$TBC_DEFAULT_DOCKER_BUILD_TOOL"
     },
     {
       "name": "DOCKER_KANIKO_IMAGE",
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index f62f6104887f75c918838a80168402bc55b3e2ec..0b13b5ef83a729088232f44bb2c0d8c1355bc175 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -22,7 +22,8 @@ spec:
       - dind
       - kaniko
       - external
-      default: buildah
+      - $TBC_DEFAULT_DOCKER_BUILD_TOOL
+      default: $TBC_DEFAULT_DOCKER_BUILD_TOOL
     kaniko-image:
       description: |-
         The image used to run kaniko
@@ -283,6 +284,10 @@ workflow:
 variables:
   # Global TBC SBOM Mode (onrelease -> only generate SBOMs for releases, always -> generate SBOMs for all refs)
   TBC_SBOM_MODE: "onrelease"
+  # Global default engine is Buildah; can be changed as a server instance variable (depending on your Runners capabilities)
+  TBC_DEFAULT_DOCKER_BUILD_TOOL: buildah
+
+  DOCKER_BUILD_TOOL: $[[ inputs.build-tool ]]
 
   DOCKER_HADOLINT_IMAGE: $[[ inputs.hadolint-image ]]
   DOCKER_IMAGE: $[[ inputs.image ]]
@@ -331,8 +336,6 @@ variables:
   # don't use CI_PROJECT_TITLE, kaniko doesn't support space in argument right now (https://github.com/GoogleContainerTools/kaniko/issues/1231)
   DOCKER_METADATA: $[[ inputs.metadata ]]
 
-  DOCKER_BUILD_TOOL: $[[ inputs.build-tool ]]
-
   DOCKER_CONTEXT_PATH: $[[ inputs.context-path ]]
   DOCKER_RELEASE_EXTRA_TAGS: $[[ inputs.release-extra-tags ]]
   DOCKER_BUILD_ARGS: $[[ inputs.build-args ]]