diff --git a/.github/actions/run-tests/Dockerfile b/.github/actions/run-tests/Dockerfile
index 05224f89f..45cfa79fe 100644
--- a/.github/actions/run-tests/Dockerfile
+++ b/.github/actions/run-tests/Dockerfile
@@ -1,10 +1,10 @@
-FROM golang:1.16-alpine3.14
+FROM golang:1.16-alpine3.15
 
 RUN apk add gcc pkgconfig libc-dev make
-RUN apk add --no-cache libgit2-dev~=1.1
+RUN apk add --no-cache libgit2-dev~=1.3
 
 # Use the GitHub Actions uid:gid combination for proper fs permissions
 RUN addgroup -g 116 -S test && adduser -u 1001 -S -g test test
 USER test
 
-ENTRYPOINT ["/bin/sh", "-c"]
\ No newline at end of file
+ENTRYPOINT ["/bin/sh", "-c"]
diff --git a/go.mod b/go.mod
index 941d8d49d..3d40f0048 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/google/go-containerregistry v0.6.0
 	github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20210610160139-c086c7f16d4e
 	github.com/jinzhu/gorm v1.9.12 // indirect
-	github.com/libgit2/git2go/v31 v31.4.14
+	github.com/libgit2/git2go/v33 v33.0.4
 	github.com/matthewmcnew/archtest v0.0.0-20191014222827-a111193b50ad
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
 	github.com/pkg/errors v0.9.1
diff --git a/go.sum b/go.sum
index d25ca678c..ed2311ff2 100644
--- a/go.sum
+++ b/go.sum
@@ -1187,8 +1187,8 @@ github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libgit2/git2go/v31 v31.4.14 h1:6GOd3965D9e/+gjxCwZF4eQ+vB9kKB4yKFqdQr6XZ2E=
-github.com/libgit2/git2go/v31 v31.4.14/go.mod h1:c/rkJcBcUFx6wHaT++UwNpKvIsmPNqCeQ/vzO4DrEec=
+github.com/libgit2/git2go/v33 v33.0.4 h1:37xovFBzibhDEdQRLbfWwx3a44JhOIY06UICn2teenc=
+github.com/libgit2/git2go/v33 v33.0.4/go.mod h1:KdpqkU+6+++4oHna/MIOgx4GCQ92IPCdpVRMRI80J+4=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
diff --git a/pkg/apis/build/v1alpha2/builder_conversion.go b/pkg/apis/build/v1alpha2/builder_conversion.go
index f7f7f1bf8..28a562ed5 100644
--- a/pkg/apis/build/v1alpha2/builder_conversion.go
+++ b/pkg/apis/build/v1alpha2/builder_conversion.go
@@ -3,6 +3,7 @@ package v1alpha2
 import (
 	"context"
 	"fmt"
+
 	"knative.dev/pkg/apis"
 
 	"github.com/pivotal/kpack/pkg/apis/build/v1alpha1"
diff --git a/pkg/apis/build/v1alpha2/source_resolver_conversion.go b/pkg/apis/build/v1alpha2/source_resolver_conversion.go
index 99b34023b..dbc4f3ab7 100644
--- a/pkg/apis/build/v1alpha2/source_resolver_conversion.go
+++ b/pkg/apis/build/v1alpha2/source_resolver_conversion.go
@@ -3,6 +3,7 @@ package v1alpha2
 import (
 	"context"
 	"fmt"
+
 	"knative.dev/pkg/apis"
 
 	"github.com/pivotal/kpack/pkg/apis/build/v1alpha1"
diff --git a/pkg/git/certificate_check_callback.go b/pkg/git/certificate_check_callback.go
index 9b039637c..1cf3b8378 100644
--- a/pkg/git/certificate_check_callback.go
+++ b/pkg/git/certificate_check_callback.go
@@ -1,40 +1,36 @@
 package git
 
 import (
-	git2go "github.com/libgit2/git2go/v31"
-
-	"log"
+	git2go "github.com/libgit2/git2go/v33"
+	"github.com/pkg/errors"
 )
 
-func certificateCheckCallback(logger *log.Logger) git2go.CertificateCheckCallback {
-	return func(cert *git2go.Certificate, valid bool, hostname string) git2go.ErrorCode {
+func certificateCheckCallback() git2go.CertificateCheckCallback {
+	return func(cert *git2go.Certificate, valid bool, hostname string) error {
 		if valid {
-			return git2go.ErrOk
+			return nil
 		}
 
 		if cert.Kind == git2go.CertificateX509 {
 			if cert.X509 != nil {
 				err := cert.X509.VerifyHostname(hostname)
 				if err != nil {
-					logger.Println("host name could not be verified")
-					return git2go.ErrAuth
+					return errors.Wrap(err, "host name could not be verified")
 				}
 			}
 		} else if cert.Kind == git2go.CertificateHostkey {
 			if cert.Hostkey.Kind == git2go.HostkeyMD5 {
 				if !isByteArrayEmpty(cert.Hostkey.HashMD5[:]) {
-					logger.Println("invalid host key MD5")
-					return git2go.ErrAuth
+					return errors.New("invalid host key MD5")
 				}
 			} else if cert.Hostkey.Kind == git2go.HostkeySHA1 {
 				if !isByteArrayEmpty(cert.Hostkey.HashSHA1[:]) {
-					logger.Println("invalid host key SHA1")
-					return git2go.ErrAuth
+					return errors.New("invalid host key SHA1")
 				}
 			}
 		}
 
-		return git2go.ErrorCodeOK
+		return nil
 	}
 
 }
diff --git a/pkg/git/fetch.go b/pkg/git/fetch.go
index 1b659f87a..ff94a8900 100644
--- a/pkg/git/fetch.go
+++ b/pkg/git/fetch.go
@@ -6,7 +6,7 @@ import (
 	"path"
 
 	"github.com/BurntSushi/toml"
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/pkg/errors"
 )
 
@@ -42,7 +42,7 @@ func (f Fetcher) Fetch(dir, gitURL, gitRevision, metadataDir string) error {
 		DownloadTags: git2go.DownloadTagsAll,
 		RemoteCallbacks: git2go.RemoteCallbacks{
 			CredentialsCallback:      keychainAsCredentialsCallback(f.Keychain),
-			CertificateCheckCallback: certificateCheckCallback(f.Logger),
+			CertificateCheckCallback: certificateCheckCallback(),
 		},
 		ProxyOptions: proxyOptions,
 	}, "")
diff --git a/pkg/git/fetch_test.go b/pkg/git/fetch_test.go
index 8fde10cd8..b0b6b3a72 100644
--- a/pkg/git/fetch_test.go
+++ b/pkg/git/fetch_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"
 
 	"github.com/BurntSushi/toml"
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/pkg/errors"
 	"github.com/sclevine/spec"
 	"github.com/stretchr/testify/require"
diff --git a/pkg/git/git_keychain.go b/pkg/git/git_keychain.go
index 845607397..e9070b989 100644
--- a/pkg/git/git_keychain.go
+++ b/pkg/git/git_keychain.go
@@ -4,7 +4,7 @@ import (
 	"sort"
 	"strings"
 
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/pkg/errors"
 	giturls "github.com/whilp/git-urls"
 	"golang.org/x/crypto/ssh"
diff --git a/pkg/git/git_keychain_test.go b/pkg/git/git_keychain_test.go
index 61b45ed26..5fd631bc4 100644
--- a/pkg/git/git_keychain_test.go
+++ b/pkg/git/git_keychain_test.go
@@ -6,7 +6,7 @@ import (
 	"path"
 	"testing"
 
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/sclevine/spec"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
diff --git a/pkg/git/k8s_git_keychain_test.go b/pkg/git/k8s_git_keychain_test.go
index 8849cdb3d..e17ef0e74 100644
--- a/pkg/git/k8s_git_keychain_test.go
+++ b/pkg/git/k8s_git_keychain_test.go
@@ -8,7 +8,7 @@ import (
 	"encoding/pem"
 	"testing"
 
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/sclevine/spec"
 	"github.com/stretchr/testify/require"
 	v1 "k8s.io/api/core/v1"
diff --git a/pkg/git/proxy.go b/pkg/git/proxy.go
index 2c2fb2515..1e6195062 100644
--- a/pkg/git/proxy.go
+++ b/pkg/git/proxy.go
@@ -1,7 +1,7 @@
 package git
 
 import (
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	giturls "github.com/whilp/git-urls"
 	"golang.org/x/net/http/httpproxy"
 )
diff --git a/pkg/git/proxy_test.go b/pkg/git/proxy_test.go
index efde88250..d2a8844c2 100644
--- a/pkg/git/proxy_test.go
+++ b/pkg/git/proxy_test.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"testing"
 
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/sclevine/spec"
 	"github.com/stretchr/testify/require"
 )
diff --git a/pkg/git/remote_git_resolver.go b/pkg/git/remote_git_resolver.go
index 1734cc972..1f525a1fa 100644
--- a/pkg/git/remote_git_resolver.go
+++ b/pkg/git/remote_git_resolver.go
@@ -7,7 +7,7 @@ import (
 	"os"
 	"strings"
 
-	git2go "github.com/libgit2/git2go/v31"
+	git2go "github.com/libgit2/git2go/v33"
 	"github.com/pkg/errors"
 
 	corev1alpha1 "github.com/pivotal/kpack/pkg/apis/core/v1alpha1"
@@ -49,7 +49,7 @@ func (*remoteGitResolver) Resolve(keychain GitKeychain, sourceConfig corev1alpha
 
 	err = remote.ConnectFetch(&git2go.RemoteCallbacks{
 		CredentialsCallback:      keychainAsCredentialsCallback(keychain),
-		CertificateCheckCallback: certificateCheckCallback(discardLogger),
+		CertificateCheckCallback: certificateCheckCallback(),
 	}, &proxyOptions, nil)
 	if err != nil {
 		return corev1alpha1.ResolvedSourceConfig{