Flavio Castelli

feat: allow to create static instances of some objects

1

Allow to create `static` instances of the `cosign::Client`, `sigstore::trust::ManualTrustRoot`. The ability to create `static` instances of these objects can simplify the downstream consumers of this library. The approach taken to...

Do not expose the `rustls_pki_types::CertificateDer` object inside of public API

3

**Description** The [`ManualTrustRoot`](https://docs.rs/sigstore/0.9.0/sigstore/trust/struct.ManualTrustRoot.html) struct leaks the `rustls_pki_types::CertificateDer` type inside of its public API. Should we use instead the [`sigstore::registry::config::Certificate`](https://docs.rs/sigstore/0.9.0/sigstore/registry/config/struct.Certificate.html) type? If we were to make this change, we would have...

Regression: TUF contents are not saved to disk anymore

2

**Description** Up to version 0.7.2, the [`SigstoreRepository::fetch`](https://docs.rs/sigstore/0.7.2/sigstore/tuf/struct.SigstoreRepository.html#method.fetch) method took care of synchronizing the contents of a local checkout of Sigstore's TUF repository. Now (v0.8.0 being latest stable release), the [`SigstoreTrustRoot::new`](https://docs.rs/sigstore/0.9.0/sigstore/trust/sigstore/struct.SigstoreTrustRoot.html#method.new)...

**Description** Currently (v0.8.0) the [`sigstore::trust::TrustRoot`] trait has two methods, both of them `async`. These methods have been made async because of internal implementation of [`sigstore::trust::sigstore::SigstoreTrustRoot`](https://docs.rs/sigstore/0.9.0/sigstore/trust/sigstore/struct.SigstoreTrustRoot.html). Internally `SigstoreTrustRoot` has to initialize...

We should stop pulling images from the docker hub, because tests can fail due to rate limiting. Instead, we should take them from registry.opensuse.org

Right now the remote CA bundle is used only when fetching the WASM module from a web server. The `wasm-to-oci` library doesn't allow to specify a CA bundle to be...

Feature Request: expose webhook `matchConditions`

4

### Is your feature request related to a problem? Starting from kubernetes 1.26, CEL support has been added into Kubernetes. On top of [`ValidatingAdmissionPolicy`](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/) the `ValidatingWebhookConfiguration` and the `MutatingWebhookConfiguration` CRDs...

Avoid sigstore-rs breaking because of change inside of sigstore TUF repository

1

Fix [this](https://github.com/awslabs/tough/issues/771) upstream issue inside of tough to prevent sigstore-rs from going completely broken in the near future as described by [this sigstore-rs](https://github.com/sigstore/sigstore-rs/issues/369) issue.

All our policies regularly undergo a process of dependency bumps. However, we seldom tag new patch releases of them. It would be great to have some automation in place that...

We would like to configure dependabot and renovatebot to automatically merge their PRs when the unit tests are green. Initially we plan to configure them in this way only with...