diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index a0c157cd3b..10e2df49d5 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -76,7 +76,7 @@ jobs:
       - name: Install cosign
         uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
         with:
-          cosign-release: 'v2.0.2'
+          cosign-release: 'v2.2.0'
 
       - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
       - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 58ec57f524..403aaab60d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -170,9 +170,9 @@ jobs:
           go-version: ${{ env.GOLANG_VERSION }}
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 # v3.0.3
+        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
         with:
-          cosign-release: 'v2.0.2'
+          cosign-release: 'v2.2.0'
 
       - name: Generate SBOM (spdx)
         id: spdx-builder