diff --git a/.github/actions/sbom-generator-cyclonedx/action.yaml b/.github/actions/sbom-generator-cyclonedx/action.yaml
index db5468b..222eecc 100644
--- a/.github/actions/sbom-generator-cyclonedx/action.yaml
+++ b/.github/actions/sbom-generator-cyclonedx/action.yaml
@@ -30,7 +30,7 @@ runs:
     - name: Upload generated SBOM document as release asset
       uses: svenstaro/upload-release-action@v2
       with:
-        repo_token: ${{ secrets.GITHUB_TOKEN }}
+        repo_token: ${{ secrets.BOT_TOKEN }}
         file: ./fixtures/npm/sbom.cdx.json
         asset_name: sbom.cdx.json
         tag: ${{ github.ref }}
\ No newline at end of file
diff --git a/.github/workflows/build-and-release.yaml b/.github/workflows/build-and-release.yaml
index 16f19f8..553fa4c 100644
--- a/.github/workflows/build-and-release.yaml
+++ b/.github/workflows/build-and-release.yaml
@@ -9,6 +9,8 @@ jobs:
     steps:
       - name: Check out
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
       - name: Set up Node environment
         uses: actions/setup-node@v3
         with:
@@ -20,5 +22,5 @@ jobs:
       - name: Release
         working-directory: ./fixtures/npm
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: npx semantic-release