diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b8bf331..d92dc9f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -84,7 +84,7 @@ jobs:
           subject-path: ${{ matrix.artifact }}
       - name: Attest CycloneDX SBOM
         id: attest-cyclonedx-sbom
-        uses: actions/attest-sbom@5026d3663739160db546203eeaffa6aa1c51a4d6 # v1
+        uses: actions/attest-sbom@c604332985a26aa8cf1bdc465b92731239ec6b9e # v4.1.0
         with:
           subject-path: ${{ matrix.artifact }}
           sbom-path: ${{ matrix.artifact }}.sbom.cdx.json