diff --git a/dependencies.yaml b/dependencies.yaml
index b7559cba9dc..b9315374eab 100644
--- a/dependencies.yaml
+++ b/dependencies.yaml
@@ -41,7 +41,7 @@ dependencies:
 
   # cosign
   - name: "gcr.io/projectsigstore/cosign"
-    version: v1.2.1@sha256:68801416e6ae0a48820baa3f071146d18846d8cd26ca8ec3a1e87fca8a735498
+    version: v1.3.0@sha256:65de2f3f2844815ed20ab939319e3dad4238a9aaaf4893b22ec5702e9bc33755
     refPaths:
     - path: images/build/go-runner/cloudbuild.yaml
       match: gcr.io/projectsigstore/cosign:v(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?@sha256:[a-f0-9]{64}
diff --git a/images/build/go-runner/cloudbuild.yaml b/images/build/go-runner/cloudbuild.yaml
index f3ecfd6dff3..95d7865d5d6 100644
--- a/images/build/go-runner/cloudbuild.yaml
+++ b/images/build/go-runner/cloudbuild.yaml
@@ -10,11 +10,11 @@ options:
   machineType: 'N1_HIGHCPU_8'
 
 steps:
-  - name: 'gcr.io/projectsigstore/cosign:v1.2.1@sha256:68801416e6ae0a48820baa3f071146d18846d8cd26ca8ec3a1e87fca8a735498'
+  - name: 'gcr.io/projectsigstore/cosign:v1.3.0@sha256:65de2f3f2844815ed20ab939319e3dad4238a9aaaf4893b22ec5702e9bc33755'
     dir: ./images/build/go-runner
     args:
     - 'verify'
-    - '-key'
+    - '--key'
     - 'distroless-cosign.pub' # From https://github.com/GoogleContainerTools/distroless/blob/main/cosign.pub
     - 'gcr.io/distroless/$_DISTROLESS_IMAGE'