diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index c3f02d07..9d423fcd 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -67,10 +67,11 @@ jobs:
         with:
           image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push.outputs.digest }}
           dependency-snapshot: true
-      - uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
+      - uses: actions/dependency-review-action@9f45b2463b475767b61721ccfef113fef513e6aa # v3.1.1
         if: ${{ github.event_name == 'pull_request' }}
         with:
-          comment-summary-in-pr: always
+          comment-summary-in-pr: on-failure
+          fail-on-severity: critical
       - name: Sign the image with GitHub OIDC token
         if: ${{ github.event_name != 'merge_group' }}
         # This step uses the GitHub OIDC identity token to provision an ephemeral certificate
@@ -78,4 +79,4 @@ jobs:
         env:
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
           TAGS: ${{ steps.meta.outputs.tags }}
-        run: cosign sign --yes "${TAGS}@${DIGEST}"
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 49c1b165..9d391913 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -16,7 +16,7 @@ jobs:
   create-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # v3.7.12
+      - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13
         with:
           command: manifest
           token: ${{ secrets.AMP_RELEASER_TOKEN }}
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index d4f6f299..ada7355e 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "3.0.0"
+  ".": "3.1.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe873581..719b1c03 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/) and this project adheres to [Semantic Versioning](https://semver.org/).
 
+## [3.1.0](https://github.com/philips-software/amp-devcontainer/compare/v3.0.0...v3.1.0) (2023-10-31)
+
+
+### Features
+
+* **deps:** Bump cmake from 3.26.4 to 3.27.7 in /.devcontainer ([#188](https://github.com/philips-software/amp-devcontainer/issues/188)) ([5cda3b8](https://github.com/philips-software/amp-devcontainer/commit/5cda3b8332fbb01110a9788f5eaf3b33e0fc388b))
+* Publish and review SBOM ([#186](https://github.com/philips-software/amp-devcontainer/issues/186)) ([317c6d6](https://github.com/philips-software/amp-devcontainer/commit/317c6d6d15e084dabcd6798a95978e90ed647c66))
+* Update cosign signing ([#175](https://github.com/philips-software/amp-devcontainer/issues/175)) ([1b1946a](https://github.com/philips-software/amp-devcontainer/commit/1b1946a322495f9d7413577e35c9a9061fa1b6b2))
+
+
+### Bug Fixes
+
+* Pr image cleanup ([#173](https://github.com/philips-software/amp-devcontainer/issues/173)) ([dc50228](https://github.com/philips-software/amp-devcontainer/commit/dc5022803c31054582f44fcb52d73c61b56e21c4))
+
 ## [3.0.0](https://github.com/philips-software/amp-devcontainer/compare/v2.6.0...v3.0.0) (2023-10-17)