diff --git a/.github/workflows/call-build-images.yaml b/.github/workflows/call-build-images.yaml
index d72ff98c435..3f64b3647a3 100644
--- a/.github/workflows/call-build-images.yaml
+++ b/.github/workflows/call-build-images.yaml
@@ -233,7 +233,7 @@ jobs:
     environment: ${{ inputs.environment }}
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@v2
+        uses: sigstore/cosign-installer@v3
 
       - name: Cosign keyless signing using Rektor public transparency log
         # This step uses the identity token to provision an ephemeral certificate
diff --git a/.github/workflows/call-test-images.yaml b/.github/workflows/call-test-images.yaml
index 5e471e9c8ea..289c0eb1d72 100644
--- a/.github/workflows/call-test-images.yaml
+++ b/.github/workflows/call-test-images.yaml
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@v2
+        uses: sigstore/cosign-installer@v3
 
       - name: Log in to the Container registry
         uses: docker/login-action@v2
diff --git a/.github/workflows/staging-release.yaml b/.github/workflows/staging-release.yaml
index 30730cc3d15..3a76a57e8ce 100644
--- a/.github/workflows/staging-release.yaml
+++ b/.github/workflows/staging-release.yaml
@@ -386,7 +386,7 @@ jobs:
       GHCR_RELEASE_IMAGE_NAME: ghcr.io/${{ github.event.inputs.github-image || github.repository }}
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@v2
+        uses: sigstore/cosign-installer@v3
 
       - name: Login to Docker Hub
         uses: docker/login-action@v2
@@ -449,7 +449,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install cosign
-        uses: sigstore/cosign-installer@v2
+        uses: sigstore/cosign-installer@v3
       
       - name: Get public key and add to S3 bucket
         # Only run if we have a key defined