Query filtering

[colinmoynes]

📄 Summary

• Added --filter flag which accepts the (Package Search Syntax)[https://docs.cloudsmith.com/artifact-management/search-filter-sort-packages] string. e.g. --filter "downloads:>0".

🔍 Related Issues

Link to any related GitHub issues (e.g., Fixes #12, Closes #34):

🧪 Type of Change

Please check the relevant type tag for this PR title:

• [FIX] Bug fix
• [NEW] New thing
• [REFACTOR] Internal changes such as code restructuring or optimization that does not alter functionality
• [DOC] Documentation-only changes
• [CHORE] Maintenance, cleanup, or CI configuration

🧪 How Has This Been Tested?

Describe how you tested your changes. Include CI runs, local tests, manual verification, or screenshots if applicable.

📸 Screenshots (if applicable)

If UI or logs are affected, include before/after screenshots or output.

✅ Checklist

• I’ve read and followed the CONTRIBUTING.md.
• I’ve added or updated documentation as needed.
• I’ve verified the change is tested and works as intended.
• CI/CD checks pass and do not break existing functionality.
• My code follows the style guidelines of this project.

[Copilot]

Pull request overview

This PR adds a --filter flag to the Sonar Docker image inspector tool, enabling users to filter packages using Cloudsmith's Package Search Syntax (e.g., downloads:>0, uploaded:<'30 days ago'). The filtering capability works at two levels: identifying which images to scan when no specific image is provided, and filtering digests within tag manifests during analysis.

Changes:

• Added --filter command-line argument with filtering logic that queries Cloudsmith API using search syntax
• Modified fetch_tag_data() and get_image_analysis() functions to accept and process filter criteria based on matched digests
• Updated documentation in README.md and CHANGELOG.md to describe the new filtering feature

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
Docker/Sonar/sonar.py	Core implementation of filtering logic including new parameter handling, digest matching, parent lookup for filtered children, and query construction
Docker/Sonar/README.md	Added documentation for the --filter flag and usage example
CHANGELOG.md	Added changelog entry for the new filtering feature

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The markdown link syntax is incorrect. It should use square brackets for the text and parentheses for the URL, not the reverse.

Suggested change

	- Added `--filter` flag which accepts the (Package Search Syntax)[https://docs.cloudsmith.com/artifact-management/search-filter-sort-packages] string. e.g. `--filter "downloads:>0"`.
	- Added `--filter` flag which accepts the [Package Search Syntax](https://docs.cloudsmith.com/artifact-management/search-filter-sort-packages) string. e.g. `--filter "downloads:>0"`.

[Copilot]

The API query change from 'version:' to 'tag:' may have unintended consequences. In Docker image APIs, 'version' typically refers to the package version field (which for manifest lists is the digest), while 'tag' refers to the Docker tag. This change should be validated to ensure it correctly retrieves the parent package information for all scenarios, especially when filtering is not active. If the intent was only to support the new filtering feature, this change affects all queries and could break existing functionality.

Suggested change

	api_url = f"https://api.cloudsmith.io/v1/packages/{workspace}/{repo}/?query=tag:{ntag}"
	query_field = "tag" if filtering_digests is not None else "version"
	api_url = f"https://api.cloudsmith.io/v1/packages/{workspace}/{repo}/?query={query_field}:{ntag}"

[Copilot]

This file path comment appears to be development/debugging residue and should be removed. It doesn't serve a functional purpose in the code and looks like it was accidentally left from IDE or development tools.

Suggested change

# filepath: /Users/cmoynes/dev/support-engineering/Docker/Sonar/sonar.py