diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index fdd93132..9cc8721f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -77,7 +77,7 @@ jobs:
             ${{ steps.meta.outputs.labels }}
 
       - name: Sign image and attach SBOM attestation
-        uses: adfinis/container-scanning-action@v0.2.3
+        uses: adfinis/container-scanning-action@v0.2.6
         if: steps.semrel.outputs.version != ''
         with:
           image-ref: ghcr.io/adfinis/timed-backend
diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
index 79696a66..7ec24ad5 100644
--- a/.github/workflows/schedule.yaml
+++ b/.github/workflows/schedule.yaml
@@ -24,7 +24,7 @@ jobs:
       # needed for `cosign attest`
       id-token: write
     steps:
-      - uses: adfinis/container-scanning-action@v0.2.3
+      - uses: adfinis/container-scanning-action@v0.2.6
         with:
           image-ref: ghcr.io/adfinis/timed-backend
           attest: true