diff --git a/.github/actions/goreleaser-build-sign-publish/action.yml b/.github/actions/goreleaser-build-sign-publish/action.yml
index c279c2f9290..e74f66445bb 100644
--- a/.github/actions/goreleaser-build-sign-publish/action.yml
+++ b/.github/actions/goreleaser-build-sign-publish/action.yml
@@ -96,7 +96,7 @@ runs:
         version: ${{ inputs.zig-version }}
     - name: Setup cosign
       if: inputs.enable-cosign == 'true'
-      uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
+      uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
       with:
         cosign-release: ${{ inputs.cosign-version }}
     - name: Login to docker registry
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 8c9a432cdf6..97548afaa8c 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -107,7 +107,7 @@ jobs:
           goreleaser-key: ${{ secrets.GORELEASER_KEY }}
           zig-version: 0.11.0
           enable-cosign: "true"
-          cosign-version: 3.4.0
+          cosign-version: "v2.4.0"
           cosign-password: ${{ secrets.COSIGN_PASSWORD }}
           cosign-public-key: ${{ secrets.COSIGN_PUBLIC_KEY }}
           cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}