diff --git a/cmd/cosign/cli/attest/attest.go b/cmd/cosign/cli/attest/attest.go
index 712d8a35294..6fee22583ef 100644
--- a/cmd/cosign/cli/attest/attest.go
+++ b/cmd/cosign/cli/attest/attest.go
@@ -35,6 +35,7 @@ import (
 	"github.com/sigstore/cosign/pkg/cosign/attestation"
 	cbundle "github.com/sigstore/cosign/pkg/cosign/bundle"
 	cremote "github.com/sigstore/cosign/pkg/cosign/remote"
+	"github.com/sigstore/cosign/pkg/cosign/tuf"
 	"github.com/sigstore/cosign/pkg/oci/mutate"
 	ociremote "github.com/sigstore/cosign/pkg/oci/remote"
 	"github.com/sigstore/cosign/pkg/oci/static"
@@ -159,6 +160,11 @@ func AttestCmd(ctx context.Context, ko sign.KeyOpts, regOpts options.RegistryOpt
 	opts := []static.Option{static.WithLayerMediaType(types.DssePayloadType)}
 	if sv.Cert != nil {
 		opts = append(opts, static.WithCertChain(sv.Cert, sv.Chain))
+		timestamp, err := tuf.GetTimestamp(ctx)
+		if err != nil {
+			return errors.Wrap(err, "reading tuf timestamp")
+		}
+		opts = append(opts, static.WithTimestamp(timestamp))
 	}
 
 	// Check whether we should be uploading to the transparency log
@@ -170,6 +176,11 @@ func AttestCmd(ctx context.Context, ko sign.KeyOpts, regOpts options.RegistryOpt
 			return err
 		}
 		opts = append(opts, static.WithBundle(bundle))
+		timestamp, err := tuf.GetTimestamp(ctx)
+		if err != nil {
+			return errors.Wrap(err, "reading tuf timestamp")
+		}
+		opts = append(opts, static.WithTimestamp(timestamp))
 	}
 
 	sig, err := static.NewAttestation(signedPayload, opts...)