diff --git a/.github/workflows/sigstore.yml b/.github/workflows/sigstore.yml
index 54af7e6..e650387 100644
--- a/.github/workflows/sigstore.yml
+++ b/.github/workflows/sigstore.yml
@@ -35,7 +35,14 @@ jobs:
           DIGEST=$(curl "https://hub.docker.com/v2/repositories/snyk/snyk-universal-broker/tags/${LATEST_TAG}" | jq '.digest' -r)
           # Sign the image, using GitHub as an OIDC provider
           cosign sign --yes snyk/snyk-universal-broker-helm@${DIGEST}
+          cosign sign --yes snyk/snyk-universal-broker-helm:${LATEST_TAG}
       - name: Verify signature
         run: |
-          cosign verify snyk/snyk-universal-broker-helm@${DIGEST}
-          cosign verify snyk/snyk-universal-broker-helm@${LATEST_TAG}
+          cosign verify \
+            snyk/snyk-universal-broker-helm@${DIGEST} \
+            --certificate-identity-regexp="https://github.com/snyk/snyk-universal-broker-helm/.*" \
+            --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
+          cosign verify \
+            snyk/snyk-universal-broker-helm:${LATEST_TAG} \
+            --certificate-identity-regexp="https://github.com/snyk/snyk-universal-broker-helm/.*" \
+            --certificate-oidc-issuer="https://token.actions.githubusercontent.com"