diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml
index 8ce055ca4..f594c5ec1 100644
--- a/.github/actions/container_sbom/action.yml
+++ b/.github/actions/container_sbom/action.yml
@@ -34,9 +34,9 @@ runs:
       run: |
         set -ex
         syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
-        cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json
+        cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
         cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
         # TODO: type should be auto-discovered after issue is resolved:
         # https://github.com/sigstore/cosign/issues/2264
-        cosign verify-attestation ${{ inputs.containerReference }} --type 'https://cyclonedx.org/bom' --key env://COSIGN_PUBLIC_KEY
+        cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
         grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none