diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml
index eda0467e7ab..8ff92a7fd7a 100644
--- a/.github/workflows/validate-release.yml
+++ b/.github/workflows/validate-release.yml
@@ -26,14 +26,14 @@ jobs:
   check-signature:
     runs-on: ubuntu-latest
     container:
-      image: gcr.io/projectsigstore/cosign:v2.2.4-dev@sha256:13efd4c62710d75f07d12d8aad36a8657eeffd4f5f3a40bcbc207d8aafa67d41
+      image: ghcr.io/sigstore/cosign/cosign:v2.4.0-dev@sha256:a97b592b9f73390edcd6ceb5799a62513a906cbdffcdc63f53585910c71b0708
 
     steps:
       - name: Check Signature
         run: |
-          cosign verify ghcr.io/gythialy/golang-cross:v1.22.5-0@sha256:5cf8fca7fe80392c8d1597fe89d291d49120507390f25507746f73d4b7f8a8f2 \
+          cosign verify ghcr.io/gythialy/golang-cross:v1.22.6-0@sha256:34ba9945085680b8966b78929e3520478ec9ea38a315fa13d8d5e0ce6355d0d2 \
           --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-          --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.22.5-0"
+          --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.22.6-0"
         env:
           TUF_ROOT: /tmp
 
@@ -43,7 +43,7 @@ jobs:
       - check-signature
 
     container:
-      image: ghcr.io/gythialy/golang-cross:v1.22.5-0@sha256:5cf8fca7fe80392c8d1597fe89d291d49120507390f25507746f73d4b7f8a8f2
+      image: ghcr.io/gythialy/golang-cross:v1.22.6-0@sha256:34ba9945085680b8966b78929e3520478ec9ea38a315fa13d8d5e0ce6355d0d2
       volumes:
         - /usr:/host_usr
         - /opt:/host_opt
diff --git a/go.mod b/go.mod
index b04e4cee934..3a7b70cc0f2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/sigstore/cosign/v2
 
-go 1.22.5
+go 1.22.6
 
 require (
 	cuelang.org/go v0.9.2
diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml
index 37dace885d2..95e363cf8a1 100644
--- a/release/cloudbuild.yaml
+++ b/release/cloudbuild.yaml
@@ -32,20 +32,20 @@ steps:
         echo "Checking out ${_GIT_TAG}"
         git checkout ${_GIT_TAG}
 
-  - name: 'gcr.io/projectsigstore/cosign:v2.2.4-dev@sha256:13efd4c62710d75f07d12d8aad36a8657eeffd4f5f3a40bcbc207d8aafa67d41'
+  - name: 'ghcr.io/sigstore/cosign/cosign:v2.4.0-dev@sha256:a97b592b9f73390edcd6ceb5799a62513a906cbdffcdc63f53585910c71b0708'
     dir: "go/src/sigstore/cosign"
     env:
       - TUF_ROOT=/tmp
     args:
       - 'verify'
-      - 'ghcr.io/gythialy/golang-cross:v1.22.5-0@sha256:5cf8fca7fe80392c8d1597fe89d291d49120507390f25507746f73d4b7f8a8f2'
+      - 'ghcr.io/gythialy/golang-cross:v1.22.6-0@sha256:34ba9945085680b8966b78929e3520478ec9ea38a315fa13d8d5e0ce6355d0d2'
       - '--certificate-oidc-issuer'
       - "https://token.actions.githubusercontent.com"
       - '--certificate-identity'
-      - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.22.5-0"
+      - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.22.6-0"
 
   # maybe we can build our own image and use that to be more in a safe side
-  - name: ghcr.io/gythialy/golang-cross:v1.22.5-0@sha256:5cf8fca7fe80392c8d1597fe89d291d49120507390f25507746f73d4b7f8a8f2
+  - name: ghcr.io/gythialy/golang-cross:v1.22.6-0@sha256:34ba9945085680b8966b78929e3520478ec9ea38a315fa13d8d5e0ce6355d0d2
     entrypoint: /bin/sh
     dir: "go/src/sigstore/cosign"
     env:
@@ -68,7 +68,7 @@ steps:
         gcloud auth configure-docker \
         && make release
 
-  - name: ghcr.io/gythialy/golang-cross:v1.22.5-0@sha256:5cf8fca7fe80392c8d1597fe89d291d49120507390f25507746f73d4b7f8a8f2
+  - name: ghcr.io/gythialy/golang-cross:v1.22.6-0@sha256:34ba9945085680b8966b78929e3520478ec9ea38a315fa13d8d5e0ce6355d0d2
     entrypoint: 'bash'
     dir: "go/src/sigstore/cosign"
     env: