diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index 16af101306d86..17982530f1034 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -74,9 +74,9 @@ jobs:
           go-version: ${{ inputs.go-version }}
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
         with:
-          cosign-release: 'v2.0.0'
+          cosign-release: 'v2.2.1'
 
       - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
       - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e8d0b6440f24a..2b5dc5ffc3b2b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -149,9 +149,9 @@ jobs:
           go-version: ${{ env.GOLANG_VERSION }}
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
         with:
-          cosign-release: 'v2.0.0'
+          cosign-release: 'v2.2.1'
 
       - name: Generate SBOM (spdx)
         id: spdx-builder