diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a85b7c646..65a33fb63 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -107,7 +107,9 @@ jobs:
       uses: actions/checkout@v3.1.0
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@v3.0.2
+      uses: sigstore/cosign-installer@v3.4.0
+      with:
+        cosign-release: v2.2.3
 
     - name: Distroless verify
       run: |
diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml
index f80f7fc86..bbc5ada5c 100644
--- a/.github/workflows/publish-release.yaml
+++ b/.github/workflows/publish-release.yaml
@@ -65,7 +65,10 @@ jobs:
 
       # Setup Cosign
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.0.2
+        uses: sigstore/cosign-installer@v3.4.0
+        with:
+          cosign-release: v2.2.3
+
         if: env.RELEASE == 1
       - name: Write Cosign key
         if: env.RELEASE == 1