diff --git a/internal/builders/docker/README.md b/internal/builders/docker/README.md
index 94512c6052..51ecbfc878 100644
--- a/internal/builders/docker/README.md
+++ b/internal/builders/docker/README.md
@@ -42,6 +42,8 @@ type that provides the full details on the build process.
   - [The `build` subcommand](#the-build-subcommand)
   - [The `verify` command](#the-verify-command)
 - [Users](#users)
+- [Known Issues](#known-issues)
+  - [Compatibility with `actions/download-artifact`](#compatibility-with-actionsdownload-artifact)
 
 <!-- tocstop -->
 
@@ -403,3 +405,14 @@ The following project currently use the container-based workflow:
 
 We welcome any success stories. Please create a PR to add your project to the
 list, if you are using the container-based workflow.
+
+## Known Issues
+
+### Compatibility with `actions/download-artifact`
+
+To download provenance (e.g., if you don't use `upload-assets`) you have to
+use [`actions/download-artifact@v3`](https://github.com/actions/download-artifact).
+The workflow uses [`actions/upload-artifact@3`](https://github.com/actions/upload-artifact)
+which is
+[not compatible](https://github.com/actions/download-artifact?tab=readme-ov-file#breaking-changes)
+with `actions/download-artifact@v4`.
diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md
index 35dfa42514..af51c0224b 100644
--- a/internal/builders/generic/README.md
+++ b/internal/builders/generic/README.md
@@ -46,6 +46,7 @@ project simply generates provenance as a separate step in an existing workflow.
   - [Skip output 'hashes' since it may contain secret](#skip-output-hashes-since-it-may-contain-secret)
   - ['internal error' when using `upload-assets`](#internal-error-when-using-upload-assets)
   - [error updating to TUF remote mirror: tuf: invalid key](#error-updating-to-tuf-remote-mirror-tuf-invalid-key)
+  - [Compatibility with `actions/download-artifact`](#compatibility-with-actionsdownload-artifact)
 
 <!-- tocstop -->
 
@@ -1467,3 +1468,12 @@ using a release tag in order to allow verification by `slsa-verifier`.
 ```yaml
 uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
 ```
+
+### Compatibility with `actions/download-artifact`
+
+To download provenance (e.g., if you don't use `upload-assets`) you have to
+use [`actions/download-artifact@v3`](https://github.com/actions/download-artifact).
+The workflow uses [`actions/upload-artifact@3`](https://github.com/actions/upload-artifact)
+which is
+[not compatible](https://github.com/actions/download-artifact?tab=readme-ov-file#breaking-changes)
+with `actions/download-artifact@v4`.
diff --git a/internal/builders/go/README.md b/internal/builders/go/README.md
index 045ba2140b..2106c4d64d 100644
--- a/internal/builders/go/README.md
+++ b/internal/builders/go/README.md
@@ -22,6 +22,7 @@ This document explains how to use the builder for [Go](https://go.dev/) projects
   - [BuildConfig Format](#buildconfig-format)
 - [Known Issues](#known-issues)
   - [error updating to TUF remote mirror: tuf: invalid key](#error-updating-to-tuf-remote-mirror-tuf-invalid-key)
+  - [Compatibility with `actions/download-artifact`](#compatibility-with-actionsdownload-artifact)
 
 <!-- tocstop -->
 
@@ -421,3 +422,12 @@ release tag in order to allow verification by `slsa-verifier`.
 ```yaml
 uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0
 ```
+
+### Compatibility with `actions/download-artifact`
+
+To download provenance (e.g., if you don't use `upload-assets`) you have to
+use [`actions/download-artifact@v3`](https://github.com/actions/download-artifact).
+The workflow uses [`actions/upload-artifact@3`](https://github.com/actions/upload-artifact)
+which is
+[not compatible](https://github.com/actions/download-artifact?tab=readme-ov-file#breaking-changes)
+with `actions/download-artifact@v4`.