diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index e150b23c04..45aedc10aa 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -19,7 +19,7 @@ jobs:
         with:
           go-version: 1.18
           check-latest: true
-      - uses: sigstore/cosign-installer@v2.7.0
+      - uses: sigstore/cosign-installer@v2.8.0
 
       # Build ko from HEAD, build and push an image tagged with the commit SHA,
       # then keylessly sign it with cosign.
diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml
index 5b16738824..93f451f49b 100644
--- a/.github/workflows/kind-e2e.yaml
+++ b/.github/workflows/kind-e2e.yaml
@@ -35,7 +35,7 @@ jobs:
         registry-authority: ${{ env.REGISTRY_NAME }}:${{ env.REGISTRY_PORT }}
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@v2.7.0
+      uses: sigstore/cosign-installer@v2.8.0
       with:
         cosign-release: 'v1.7.2'
 
diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
index 8aa8f68924..1e3a12a2d2 100644
--- a/.github/workflows/sbom.yaml
+++ b/.github/workflows/sbom.yaml
@@ -115,7 +115,7 @@ jobs:
           unzip tools-java-${SPDX_TOOLS_VERSION}.zip
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v2.7.0
+        uses: sigstore/cosign-installer@v2.8.0
         with:
           cosign-release: 'v1.7.2'