diff --git a/.github/workflows/main-build-image.yml b/.github/workflows/main-build-image.yml
index b6f17d8..00e1509 100644
--- a/.github/workflows/main-build-image.yml
+++ b/.github/workflows/main-build-image.yml
@@ -99,7 +99,7 @@ jobs:
         # Only run attestation for non-fork PRs and direct pushes
         # Fork PRs don't have access to id-token which is required for attestations
         if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
-        uses: actions/attest-build-provenance@92c65d2898f1f53cfdc910b962cecff86e7f8fcc # v1
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build.outputs.digest }}
diff --git a/.github/workflows/release-package-helm.yml b/.github/workflows/release-package-helm.yml
index 97ad719..39dbaf8 100644
--- a/.github/workflows/release-package-helm.yml
+++ b/.github/workflows/release-package-helm.yml
@@ -101,7 +101,7 @@ jobs:
           platforms: linux/amd64
 
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@92c65d2898f1f53cfdc910b962cecff86e7f8fcc # v1
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build.outputs.digest }}