diff --git a/.github/chainguard/self.update-system-tests.push.sts.yaml b/.github/chainguard/self.update-system-tests.push.sts.yaml
index e9f8a59012b..361668e8735 100644
--- a/.github/chainguard/self.update-system-tests.push.sts.yaml
+++ b/.github/chainguard/self.update-system-tests.push.sts.yaml
@@ -9,3 +9,4 @@ claim_pattern:
 
 permissions:
   contents: write
+  pull_requests: write
diff --git a/.github/workflows/create-release-branch.yaml b/.github/workflows/create-release-branch.yaml
index b538eba68ee..38d25c58254 100644
--- a/.github/workflows/create-release-branch.yaml
+++ b/.github/workflows/create-release-branch.yaml
@@ -60,6 +60,24 @@ jobs:
             echo "Branch $BRANCH does not exist - proceeding with following steps"
           fi
 
+      - name: Push empty release branch
+        if: steps.check-branch.outputs.creating_new_branch == 'true'
+        uses: DataDog/commit-headless@5a0f3876e0fbdd3a86b3e008acf4ec562db59eee # action/v2.0.1
+        with:
+          token: "${{ steps.octo-sts.outputs.token }}"
+          branch: "${{ steps.define-branch.outputs.branch }}"
+          head-sha: "${{ github.sha }}"
+          create-branch: true
+          command: push
+          commits: ""
+
+      - name: Define temp branch name
+        if: steps.check-branch.outputs.creating_new_branch == 'true'
+        id: define-temp-branch
+        run: |
+          TEMP_BRANCH="${{ steps.define-branch.outputs.branch }}-pin-system-tests"
+          echo "branch=${TEMP_BRANCH}" >> "$GITHUB_OUTPUT"
+
       - name: Update system-tests references to latest commit SHA on main
         if: steps.check-branch.outputs.creating_new_branch == 'true'
         run: BRANCH=main ./tooling/update_system_test_reference.sh
@@ -73,15 +91,25 @@ jobs:
           git commit -m "chore: Pin system-tests for release branch" .github/workflows/run-system-tests.yaml
           echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
       
-      - name: Push changes
+      - name: Push changes to temp branch
         if: steps.check-branch.outputs.creating_new_branch == 'true'
         uses: DataDog/commit-headless@5a0f3876e0fbdd3a86b3e008acf4ec562db59eee # action/v2.0.1
         with:
           token: "${{ steps.octo-sts.outputs.token }}"
-          branch: "${{ steps.define-branch.outputs.branch }}"
-          # for scheduled runs, sha is the tip of the default branch
-          # for dispatched runs, sha is the tip of the branch it was dispatched on
+          branch: "${{ steps.define-temp-branch.outputs.branch }}"
           head-sha: "${{ github.sha }}"
           create-branch: true
           command: push
           commits: "${{ steps.create-commit.outputs.commit }}"
+
+      - name: Create pull request from temp branch to release branch
+        if: steps.check-branch.outputs.creating_new_branch == 'true'
+        env:
+          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
+        run: |
+          gh pr create  --title "Pin system-tests for ${{ steps.define-branch.outputs.branch }}" \
+            --base "${{ steps.define-branch.outputs.branch }}" \
+            --head "${{ steps.define-temp-branch.outputs.branch }}" \
+            --label "tag: dependencies" \
+            --label "tag: no release notes" \
+            --body "This PR pins the system-tests reference for the release branch."