diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5ad1997..1ccce7c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -13,7 +13,7 @@ jobs:
       - name: Checkout latest code
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # ratchet:actions/checkout@v3
       - name: Set up Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # ratchet:actions/setup-go@v4
         with:
           go-version: '1.20'
           check-latest: true
@@ -56,7 +56,7 @@ jobs:
         run: cosign verify --certificate-identity ${{ env.BASEIMG_IDENTITY }} --certificate-oidc-issuer ${{ env.BASEIMG_ISSUER }} ${{ env.BUILDER_IMG }}
       - name: Verify runner image
         run: cosign verify --certificate-identity ${{ env.BASEIMG_IDENTITY }} --certificate-oidc-issuer ${{ env.BASEIMG_ISSUER }} ${{ env.RUNNER_IMG }}
-      - uses: nais/platform-build-push-sign@a4d8dd01a8d6308f95403e28103066e44a40d61b # ratchet:nais/platform-build-push-sign@main
+      - uses: nais/platform-build-push-sign@3089e4707cf0721ccdc812ab218c6e061de59371 # ratchet:nais/platform-build-push-sign@main
         id: build_push_sign
         with:
           name: jwker