diff --git a/security-actions/sign-docker-image/action.yml b/security-actions/sign-docker-image/action.yml
index afd4ffb28..617af3d5c 100644
--- a/security-actions/sign-docker-image/action.yml
+++ b/security-actions/sign-docker-image/action.yml
@@ -126,7 +126,7 @@ runs:
      # Upload Cosign Artifacts (public cert and signatures)
      # Uploaded artifact name must be unique across each workflow run / job
     - name: Upload Cosign Artifacts
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       if: ${{ inputs.local_save_cosign_assets == 'true' && inputs.cosign_output_prefix != '' }}
       with:
         name: signed-image-assets-${{inputs.cosign_output_prefix}}