diff --git a/builder/auth.dat b/builder/auth.dat
new file mode 100644
index 0000000..52fee43
--- /dev/null
+++ b/builder/auth.dat
@@ -0,0 +1,2 @@
+id = im; type = InfrastructureManager; token = "%TOKEN%"
+id = vo.access.egi.eu-TR-FC1-ULAKBIM; type = EGI; host = TR-FC1-ULAKBIM; vo = vo.access.egi.eu; token = "%TOKEN%"
diff --git a/builder/build-image.sh b/builder/build-image.sh
index d3e39ea..7fd601d 100755
--- a/builder/build-image.sh
+++ b/builder/build-image.sh
@@ -17,7 +17,13 @@ FEDCLOUD_SECRET_LOCKER="$2"
 # create a virtual env for fedcloudclient
 python3 -m venv "$PWD/.venv"
 export PATH="$PWD/.venv/bin:$PATH"
-pip install -qqq fedcloudclient simplejson yq python-hcl2
+pip install -qqq fedcloudclient simplejson yq python-hcl2 IM-client
+
+# work with IGTF certificates
+# https://fedcloudclient.fedcloud.eu/install.html#installing-egi-core-trust-anchor-certificates
+wget https://raw.githubusercontent.com/tdviet/python-requests-bundle-certs/main/scripts/install_certs.sh
+bash install_certs.sh
+
 
 # Get openstack ready
 mkdir -p /etc/openstack/
@@ -51,20 +57,45 @@ if openstack --os-cloud images --os-token "$OS_TOKEN" \
 	# skip
 	echo "### BUILD-IMAGE: SKIP - Image $QCOW_FILE is already uploaded"
 else
-	if tools/build.sh "$IMAGE"; then
-	    # compress the resulting image
-	    OUTPUT_DIR="$(dirname "$IMAGE")/output-$QEMU_SOURCE_ID"
-	    cd "$OUTPUT_DIR"
-	    qemu-img convert -O qcow2 -c "$VM_NAME" "$QCOW_FILE"
-	    # upload the image
-	    builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" images
-	    OS_TOKEN="$(yq -r '.clouds.images.auth.token' /etc/openstack/clouds.yaml)"
-	    openstack --os-cloud images --os-token "$OS_TOKEN" \
-		object create egi_endorsed_vas "$QCOW_FILE"
-	    ls -lh "$QCOW_FILE"
-	    SHA="$(sha512sum -z "$QCOW_FILE" | cut -f1 -d" ")"
-	    echo "### BUILD-IMAGE: SUCCESS - qcow: $QCOW_FILE sha512sum: $SHA"
-	fi
+  # do the build
+  if tools/build.sh "$IMAGE" >/var/log/image-build.log 2>&1; then
+      # compress the resulting image
+      OUTPUT_DIR="$(dirname "$IMAGE")/output-$QEMU_SOURCE_ID"
+      qemu-img convert -O qcow2 -c "$OUTPUT_DIR/$VM_NAME" "$OUTPUT_DIR/$QCOW_FILE"
+
+      # test the resulting image
+      # test step 1/2: upload VMI to cloud provider
+      builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" tests
+      OS_TOKEN="$(yq -r '.clouds.tests.auth.token' /etc/openstack/clouds.yaml)"
+      IMAGE_ID=$(openstack --os-cloud tests --os-token "$OS_TOKEN" \
+                     image create --disk-format qcow2 --file "$OUTPUT_DIR/$QCOW_FILE" \
+                     --column id --format value "$VM_NAME")
+
+      # test step 2/2: use IM-client to launch the test VM
+      sed -i -e "s/%TOKEN%/$(cat .oidc_token)/" auth.dat
+      sed -i -e "s/%IMAGE%/$IMAGE_ID/" vm.yaml
+      im_client.py create vm.yaml
+      IM_INFRA_ID=$(im_client.py list | grep --extended-regexp --invert-match 'im.egi.eu|ID')
+      # get SSH command to connect to the VM
+      # do pay attention to the "1" parameter, it corresponds to the "show_only" flag
+      SSH_CMD=$(im_client.py ssh "$IM_INFRA_ID" 1 | grep --invert-match 'im.egi.eu')
+      # if the below works, the VM is up and running and responds to SSH
+      "$SSH_CMD hosname"
+      # at this point we may want to run more sophisticated tests
+      # delete test VM
+      im_client.py destroy "$IM_INFRA_ID"
+      # delete test VMI
+      openstack --os-cloud tests --os-token "$OS_TOKEN" image delete "$IMAGE_ID"
+
+      # All going well, upload the VMI for sharing in AppDB
+      builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" images
+      OS_TOKEN="$(yq -r '.clouds.images.auth.token' /etc/openstack/clouds.yaml)"
+      openstack --os-cloud images --os-token "$OS_TOKEN" \
+          object create egi_endorsed_vas "$OUTPUT_DIR/$QCOW_FILE"
+      ls -lh "$OUTPUT_DIR/$QCOW_FILE"
+      SHA="$(sha512sum -z "$OUTPUT_DIR/$QCOW_FILE" | cut -f1 -d" ")"
+      echo "### BUILD-IMAGE: SUCCESS - qcow: $QCOW_FILE sha512sum: $SHA"
+  fi
 fi
 
 echo "### BUILD ENDED"
diff --git a/builder/clouds.yaml b/builder/clouds.yaml
index b303de9..ca7b231 100644
--- a/builder/clouds.yaml
+++ b/builder/clouds.yaml
@@ -24,3 +24,11 @@ clouds:
       auth_url: https://api.cloud.ifca.es:5000/v3
       token:
       project_id: 999f045cb1ff4684a15ebb338af69460
+  tests:
+    site: TR-FC1-ULAKBIM
+    vo: vo.access.egi.eu
+    auth_type: token
+    auth:
+      auth_url: https://bulut.truba.gov.tr:5000/v3
+      token:
+      project_id: 2fa316a05d364de9b5a55ac78a45f8bf
diff --git a/builder/im_client.cfg b/builder/im_client.cfg
new file mode 100644
index 0000000..c190e6f
--- /dev/null
+++ b/builder/im_client.cfg
@@ -0,0 +1,3 @@
+[im_client]
+restapi_url=https://im.egi.eu/im
+auth_file=auth.dat
diff --git a/builder/vm.yaml b/builder/vm.yaml
new file mode 100644
index 0000000..1b5a50b
--- /dev/null
+++ b/builder/vm.yaml
@@ -0,0 +1,25 @@
+tosca_definitions_version: tosca_simple_yaml_1_0
+
+imports:
+- grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/main/custom_types.yaml
+
+topology_template:
+  node_templates:
+    simple_node:
+      type: tosca.nodes.indigo.Compute
+      capabilities:
+        endpoint:
+          properties:
+            network_name: PUBLIC
+        host:
+          properties:
+            num_cpus: 2
+            mem_size: 4 GB
+        os:
+          properties:
+            image: ost://bulut.truba.gov.tr/%IMAGE%
+  outputs:
+    node_ip:
+      value: { get_attribute: [ simple_node, public_address, 0 ] }
+    node_creds:
+      value: { get_attribute: [ simple_node, endpoint, credential, 0 ] }