diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..6c14dcd
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
index 8f4eaff..dbb9cb3 100644
--- a/.github/workflows/test-action.yml
+++ b/.github/workflows/test-action.yml
@@ -1,6 +1,7 @@
 name: test-chart-testing-action
 
-on: [pull_request]
+on:
+  pull_request:
 
 jobs:
   test_ct_action:
@@ -8,7 +9,7 @@ jobs:
 
     name: Install chart-testing and test presence in path
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install chart-testing
       uses: ./
     - name: Check install!
@@ -16,8 +17,8 @@ jobs:
         ct version
         CT_VERSION_OUTPUT=$(ct version 2>&1 /dev/null)
         ACTUAL_VERSION=$(echo "$CT_VERSION_OUTPUT" | grep Version | rev | cut -d ' ' -f1 | rev)
-        if [[ $ACTUAL_VERSION != 'v3.7.1' ]]; then
-          echo 'should be v3.7.1'
+        if [[ $ACTUAL_VERSION != 'v3.10.1' ]]; then
+          echo 'should be v3.10.1'
           exit 1
         else
           exit 0
@@ -37,11 +38,11 @@ jobs:
 
     name: Install Custom chart-testing and test presence in path
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install chart-testing
       uses: ./
       with:
-        version: 'v3.5.1'
+        version: 'v3.8.0'
         yamllint_version: '1.27.1'
         yamale_version: '3.0.4'
     - name: Check install!
@@ -49,8 +50,8 @@ jobs:
         ct version
         CT_VERSION_OUTPUT=$(ct version 2>&1 /dev/null)
         ACTUAL_VERSION=$(echo "$CT_VERSION_OUTPUT" | grep Version | rev | cut -d ' ' -f1 | rev)
-        if [[ $ACTUAL_VERSION != 'v3.5.1' ]]; then
-          echo 'should be v3.5.1'
+        if [[ $ACTUAL_VERSION != 'v3.8.0' ]]; then
+          echo 'should be v3.8.0'
           exit 1
         else
           exit 0
diff --git a/README.md b/README.md
index 788d667..55d92f9 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ A GitHub Action for installing the [helm/chart-testing](https://github.com/helm/
 
 For more information on inputs, see the [API Documentation](https://developer.github.com/v3/repos/releases/#input)
 
-- `version`: The chart-testing version to install (default: `v3.7.1`)
+- `version`: The chart-testing version to install (default: `3.9.0`)
 - `yamllint_version`: The chart-testing version to install (default: `1.27.1`)
 - `yamale_version`: The chart-testing version to install (default: `3.0.4`)
 
@@ -37,40 +37,42 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: Set up Helm
         uses: azure/setup-helm@v3
         with:
-          version: v3.10.0
+          version: v3.12.1
 
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.9'
+          python-version: '3.10'
           check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.3.1
+        uses: helm/chart-testing-action@v2.6.0
 
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
           changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
           if [[ -n "$changed" ]]; then
-            echo "::set-output name=changed::true"
+            echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.4.0
         if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@v1.8.0
 
       - name: Run chart-testing (install)
-        run: ct install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}
 ```
 
 This uses [`helm/kind-action`](https://www.github.com/helm/kind-action) GitHub Action to spin up a [kind](https://kind.sigs.k8s.io/) Kubernetes cluster,
diff --git a/action.yml b/action.yml
index b44dfa0..b4d131b 100644
--- a/action.yml
+++ b/action.yml
@@ -6,20 +6,21 @@ branding:
   icon: anchor
 inputs:
   version:
-    description: "The chart-testing version to install (default: v3.7.1)"
+    description: "The chart-testing version to install (default: 3.10.1)"
     required: false
-    default: v3.7.1
+    default: '3.10.1'
   yamllint_version:
     description: "The yamllint version to install (default: 1.27.1)"
     required: false
     default: '1.27.1'
   yamale_version:
-    description:  "The yamale version to install (default: 3.0.4)"
+    description: "The yamale version to install (default: 3.0.4)"
     required: false
     default: '3.0.4'
 runs:
   using: composite
   steps:
+    - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
     - run: |
         cd $GITHUB_ACTION_PATH \
         && ./ct.sh \
diff --git a/ct.sh b/ct.sh
index 4f776ed..4394de4 100755
--- a/ct.sh
+++ b/ct.sh
@@ -4,7 +4,7 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-DEFAULT_CHART_TESTING_VERSION=v3.7.1
+DEFAULT_CHART_TESTING_VERSION=3.10.1
 DEFAULT_YAMLLINT_VERSION=1.27.1
 DEFAULT_YAMALE_VERSION=3.0.4
 
@@ -13,14 +13,14 @@ cat << EOF
 Usage: $(basename "$0") <options>
 
     -h, --help          Display help
-    -v, --version       The chart-testing version to use (default: $DEFAULT_CHART_TESTING_VERSION)"
+    -v, --version       The chart-testing version to use (default: ${DEFAULT_CHART_TESTING_VERSION})"
 EOF
 }
 
 main() {
-    local version="$DEFAULT_CHART_TESTING_VERSION"
-    local yamllint_version="$DEFAULT_YAMLLINT_VERSION"
-    local yamale_version="$DEFAULT_YAMALE_VERSION"
+    local version="${DEFAULT_CHART_TESTING_VERSION}"
+    local yamllint_version="${DEFAULT_YAMLLINT_VERSION}"
+    local yamale_version="${DEFAULT_YAMALE_VERSION}"
 
     parse_command_line "$@"
 
@@ -36,7 +36,7 @@ parse_command_line() {
                 ;;
             -v|--version)
                 if [[ -n "${2:-}" ]]; then
-                    version="$2"
+                    version="${2#v}"
                     shift
                 else
                     echo "ERROR: '-v|--version' cannot be empty." >&2
@@ -74,30 +74,46 @@ parse_command_line() {
 }
 
 install_chart_testing() {
-    if [[ ! -d "$RUNNER_TOOL_CACHE" ]]; then
-        echo "Cache directory '$RUNNER_TOOL_CACHE' does not exist" >&2
+    if [[ ! -d "${RUNNER_TOOL_CACHE}" ]]; then
+        echo "Cache directory '${RUNNER_TOOL_CACHE}' does not exist" >&2
         exit 1
     fi
 
     local arch
-    arch=$(uname -m)
-    local cache_dir="$RUNNER_TOOL_CACHE/ct/$version/$arch"
-    local venv_dir="$cache_dir/venv"
-
-    if [[ ! -d "$cache_dir" ]]; then
-        mkdir -p "$cache_dir"
-
-        echo "Installing chart-testing..."
-        curl -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/$version/chart-testing_${version#v}_linux_amd64.tar.gz"
-        tar -xzf ct.tar.gz -C "$cache_dir"
+    if [[ $(uname -m) == "aarch64" ]]; then
+      arch=arm64
+    else
+      arch=amd64
+    fi
+    local cache_dir="${RUNNER_TOOL_CACHE}/ct/${version}/${arch}"
+    local venv_dir="${cache_dir}/venv"
+
+    if [[ ! -d "${cache_dir}" ]]; then
+        mkdir -p "${cache_dir}"
+
+        echo "Installing chart-testing v${version}..."
+        CT_CERT=https://github.com/helm/chart-testing/releases/download/v$version/chart-testing_${version#v}_linux_$arch.tar.gz.pem
+        CT_SIG=https://github.com/helm/chart-testing/releases/download/v$version/chart-testing_${version#v}_linux_$arch.tar.gz.sig
+
+        curl --retry 5 --retry-delay 1 -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/v$version/chart-testing_${version#v}_linux_$arch.tar.gz"
+        cosign verify-blob --certificate $CT_CERT --signature $CT_SIG \
+          --certificate-identity "https://github.com/helm/chart-testing/.github/workflows/release.yaml@refs/heads/main" \
+          --certificate-oidc-issuer "https://token.actions.githubusercontent.com" ct.tar.gz
+        retVal=$?
+        if [[ "${retVal}" -ne 0 ]]; then
+          log_error "Unable to validate chart-testing version: v${version}"
+          exit 1
+        fi
+
+        tar -xzf ct.tar.gz -C "${cache_dir}"
         rm -f ct.tar.gz
 
         echo 'Creating virtual Python environment...'
-        python3 -m venv "$venv_dir"
+        python3 -m venv "${venv_dir}"
 
         echo 'Activating virtual environment...'
         # shellcheck disable=SC1090
-        source "$venv_dir/bin/activate"
+        source "${venv_dir}/bin/activate"
 
         echo 'Installing yamllint...'
         pip3 install "yamllint==${yamllint_version}"
@@ -108,16 +124,16 @@ install_chart_testing() {
 
     # https://github.com/helm/chart-testing-action/issues/62
     echo 'Adding ct directory to PATH...'
-    echo "$cache_dir" >> "$GITHUB_PATH"
+    echo "${cache_dir}" >> "${GITHUB_PATH}"
 
     echo 'Setting CT_CONFIG_DIR...'
-    echo "CT_CONFIG_DIR=$cache_dir/etc" >> "$GITHUB_ENV"
+    echo "CT_CONFIG_DIR=${cache_dir}/etc" >> "${GITHUB_ENV}"
 
     echo 'Configuring environment variables for virtual environment for subsequent workflow steps...'
-    echo "VIRTUAL_ENV=$venv_dir" >> "$GITHUB_ENV"
-    echo "$venv_dir/bin" >> "$GITHUB_PATH"
+    echo "VIRTUAL_ENV=${venv_dir}" >> "${GITHUB_ENV}"
+    echo "${venv_dir}/bin" >> "${GITHUB_PATH}"
 
-    "$cache_dir/ct" version
+    "${cache_dir}/ct" version
 }
 
 main "$@"