diff --git a/sign/action.yml b/sign/action.yml
index 998c7a5..85d2837 100644
--- a/sign/action.yml
+++ b/sign/action.yml
@@ -29,7 +29,11 @@ runs:
         password: ${{ inputs.registry-token }}
 
     - name: Install cosign
-      uses: sigstore/cosign-installer@v3.5.0
+      shell: bash
+      run: |
+        docker pull cgr.dev/chainguard/cosign:latest
+        docker run -d --name cosign cgr.dev/chainguard/cosign:latest
+        docker cp cosign:/usr/bin/cosign /usr/local/bin/cosign
 
     - name: Sign container image
       shell: bash
diff --git a/verify/action.yml b/verify/action.yml
index 1d14886..647fd78 100644
--- a/verify/action.yml
+++ b/verify/action.yml
@@ -27,7 +27,11 @@ runs:
   using: "composite"
   steps:
     - name: Install cosign
-      uses: sigstore/cosign-installer@v3.5.0
+      shell: bash
+      run: |
+        docker pull cgr.dev/chainguard/cosign:latest
+        docker run -d --name cosign cgr.dev/chainguard/cosign:latest
+        docker cp cosign:/usr/bin/cosign /usr/local/bin/cosign
 
     - name: Verify container
       shell: bash