diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 397ce7b..ddfd598 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -127,7 +127,7 @@ jobs:
           output-file: ./sbom-${{ env.IMAGE_NAME }}.spdx.json
 
       - name: Attach SBOM to release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
         with:
           tag_name: ${{ needs.release-please.outputs.tag_name }}
           files: ./sbom-${{ env.IMAGE_NAME }}.spdx.json