diff --git a/.github/workflows/_reusable-docker-build-single.yml b/.github/workflows/_reusable-docker-build-single.yml
index dc4c669e82..8286f3fcfc 100644
--- a/.github/workflows/_reusable-docker-build-single.yml
+++ b/.github/workflows/_reusable-docker-build-single.yml
@@ -90,7 +90,7 @@ jobs:
           platforms: linux/${{ inputs.image_arch }}
           cache-from: type=registry,ref=${{ steps.ev.outputs.attestImageNames }}:buildcache-${{ inputs.image_arch }}
           cache-to: ${{ steps.ev.outputs.cacheTo }}
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         if: ${{ steps.ev.outputs.shouldPush == 'true' }}
         with:
diff --git a/.github/workflows/_reusable-docker-build.yml b/.github/workflows/_reusable-docker-build.yml
index 961b985cf2..0f60246f3d 100644
--- a/.github/workflows/_reusable-docker-build.yml
+++ b/.github/workflows/_reusable-docker-build.yml
@@ -97,7 +97,7 @@ jobs:
           sources: |
             ${{ steps.ev.outputs.attestImageNames }}@${{ needs.build-server-amd64.outputs.image-digest }}
             ${{ steps.ev.outputs.attestImageNames }}@${{ needs.build-server-arm64.outputs.image-digest }}
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         with:
           subject-name: ${{ steps.ev.outputs.attestImageNames }}
diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml
index 9d4e7bc74e..5d893a3f0e 100644
--- a/.github/workflows/ci-docs.yml
+++ b/.github/workflows/ci-docs.yml
@@ -102,7 +102,7 @@ jobs:
           context: .
           cache-from: type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache
           cache-to: ${{ steps.ev.outputs.shouldPush == 'true' && 'type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache,mode=max' || '' }}
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         if: ${{ steps.ev.outputs.shouldPush == 'true' }}
         with:
diff --git a/.github/workflows/ci-outpost.yml b/.github/workflows/ci-outpost.yml
index 094043a383..fd0dea5ce3 100644
--- a/.github/workflows/ci-outpost.yml
+++ b/.github/workflows/ci-outpost.yml
@@ -115,7 +115,7 @@ jobs:
           context: .
           cache-from: type=registry,ref=ghcr.io/goauthentik/dev-${{ matrix.type }}:buildcache
           cache-to: ${{ steps.ev.outputs.shouldPush == 'true' && format('type=registry,ref=ghcr.io/goauthentik/dev-{0}:buildcache,mode=max', matrix.type) || '' }}
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         if: ${{ steps.ev.outputs.shouldPush == 'true' }}
         with:
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index 869e05a767..0135817cb4 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -58,7 +58,7 @@ jobs:
           push: true
           platforms: linux/amd64,linux/arm64
           context: .
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         if: true
         with:
@@ -124,7 +124,7 @@ jobs:
           file: ${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
           context: .
-      - uses: actions/attest-build-provenance@v2
+      - uses: actions/attest-build-provenance@v3
         id: attest
         with:
           subject-name: ${{ steps.ev.outputs.attestImageNames }}