diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fdd8227..ce47c56 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
           go-version-file: go.mod
           check-latest: true
           cache-dependency-path: "**/*.sum"
-      - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
       - uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
       - name: setup-tparse
         run: go install github.com/mfridman/tparse@latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c8d828d..8eb1870 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -129,7 +129,7 @@ jobs:
         with:
           node-version: 22
 
-      - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
       - name: Confirm cosign installation
         run: cosign version