diff --git a/Earthfile b/Earthfile
index 44f9dd86..2b7de2b9 100644
--- a/Earthfile
+++ b/Earthfile
@@ -241,7 +241,7 @@ installer:
     SAVE ARTIFACT /out/bluebuild
 
 cosign:
-    FROM gcr.io/projectsigstore/cosign
+    FROM ghcr.io/sigstore/cosign/cosign:v2.4.1
     SAVE ARTIFACT /ko-app/cosign
 
 digest:
diff --git a/template/templates/stages.j2 b/template/templates/stages.j2
index 3fa08b69..a61075f9 100644
--- a/template/templates/stages.j2
+++ b/template/templates/stages.j2
@@ -24,7 +24,7 @@ COPY ./modules /modules
 # stage process so that adding the bins into the image
 # can be added to the ostree commits.
 FROM scratch AS stage-bins
-COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign
+COPY --from={{ blue_build_utils::constants::COSIGN_IMAGE }} /ko-app/cosign /bins/cosign
 COPY --from=ghcr.io/blue-build/cli:
 {%- if let Some(tag) = recipe.blue_build_tag -%}
 {{ tag }}
diff --git a/utils/src/constants.rs b/utils/src/constants.rs
index ef97b69c..90ff050f 100644
--- a/utils/src/constants.rs
+++ b/utils/src/constants.rs
@@ -74,7 +74,7 @@ pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR";
 
 // Misc
 pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts";
-pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest";
+pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:v2.4.1";
 pub const OCI_ARCHIVE: &str = "oci-archive";
 pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed";
 pub const OSTREE_UNVERIFIED_IMAGE: &str = "ostree-unverified-image";