diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c139d982..5302caa6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -100,7 +100,7 @@ jobs:
             ${{ steps.meta.outputs.labels }}
 
       - name: Sign backend image and attach SBOM attestation
-        uses: adfinis/container-scanning-action@v0.2.3
+        uses: adfinis/container-scanning-action@v0.2.6
         with:
           image-ref: ghcr.io/${{ github.repository }}/backend
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -173,7 +173,7 @@ jobs:
             ${{ steps.meta.outputs.labels }}
 
       - name: Sign image and attach SBOM attestation
-        uses: adfinis/container-scanning-action@v0.2.3
+        uses: adfinis/container-scanning-action@v0.2.6
         with:
           image-ref: ghcr.io/${{ github.repository }}/frontend
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
index bfc8de4e..d2cc72be 100644
--- a/.github/workflows/schedule.yaml
+++ b/.github/workflows/schedule.yaml
@@ -24,7 +24,7 @@ jobs:
       # needed for `cosign attest`
       id-token: write
     steps:
-      - uses: adfinis/container-scanning-action@v0.2.3
+      - uses: adfinis/container-scanning-action@v0.2.6
         with:
           image-ref: ghcr.io/${{ github.repository }}/backend
           attest: true
@@ -47,7 +47,7 @@ jobs:
       # needed for `cosign attest`
       id-token: write
     steps:
-      - uses: adfinis/container-scanning-action@v0.2.3
+      - uses: adfinis/container-scanning-action@v0.2.6
         with:
           image-ref: ghcr.io/${{ github.repository }}/frontend
           attest: true