diff --git a/.github/workflows/helm-chart-publish.yaml b/.github/workflows/helm-chart-publish.yaml
index 92c33376..481ed1a7 100644
--- a/.github/workflows/helm-chart-publish.yaml
+++ b/.github/workflows/helm-chart-publish.yaml
@@ -43,7 +43,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e #pin@v3.7.0
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a #pin@v3.7.0
 
       - name: Publish and Sign OCI Charts
         run: |
diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
index b0575e79..66cb1c53 100644
--- a/.github/workflows/image-publish.yml
+++ b/.github/workflows/image-publish.yml
@@ -96,7 +96,7 @@ jobs:
           echo "digest=$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ env.IMAGE_NAME }}:${{ steps.version-string.outputs.tag }})" >> "$GITHUB_OUTPUT"
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
       - name: Sign the images with GitHub OIDC Token
         env:
           DIGEST: ${{ steps.image-build.outputs.digest }}