diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index c197b60..0b40867 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -98,7 +98,7 @@ jobs:
         actions: read # for detecting the Github Actions environment.
         id-token: write # for creating OIDC tokens for signing.
         packages: write # for uploading attestations.
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0
+      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
       with:
         image: ghcr.io/${{ github.repository }}
         # The image digest is used to prevent TOCTOU issues.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2427bf5..574d991 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -76,6 +76,6 @@ jobs:
       actions: read # Needed for detection of GitHub Actions environment.
       id-token: write # Needed for provenance signing and ID.
       contents: write # Needed for release uploads.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
     with:
       base64-subjects: "${{ needs.release.outputs.hashes }}"