diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 268a24a..b7d3817 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -205,7 +205,7 @@ jobs:
         echo "$SBOM_DIGEST sbom.json" | sha256sum --strict --check --status || exit -2
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+      uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
       with:
         cosign-release: v2.2.4