Ceng 728 add command to return vulnerability results

[colinmoynes]

Description

• Added vulnerabilities (-vuln) command to a retrieve security scan results against a package
  • Summary View (Default): Displays a high-level count of vulnerabilities broken down by severity (Critical, High, Medium, Low, Unknown).
  • Assessment View --show-assessment (-A): Provides a detailed breakdown where vulnerabilities are:
    • Grouped by the specific affected upstream package / dependency.
    • Sorted by severity (Critical first).
    • Richly formatted tables.
  • Filtering Capabilities:
    • By Severity: --severity Show only specific levels (e.g., just Critical and High).
    • By Status: --fixable | --non-fixable Filter to show only "Fixable" vulnerabilities (where a patch exists) or "Non-Fixable" ones.
  • Supports --output-format json | pretty_json for programmatic usage

General changes:

• Added "rich" to the setup.py which is used for rich formatting of tables.
• New rich_print_table() function added to utils.py.
• Test cases added.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Refactoring
• Other (please describe)

Additional Notes

[Copilot]

Pull request overview

Adds a new cloudsmith vulnerabilities CLI command that fetches and displays vulnerability scan results for a package, including summary/assessment views and filtering options.

Changes:

• Introduces vulnerabilities CLI command plus core API integration for fetching/formatting scan results.
• Adds Rich-based table rendering utility and new dependency on rich.
• Updates docs/changelog and adds CLI command tests.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
setup.py	Adds rich to runtime dependencies.
README.md	Documents the new vulnerabilities command in the CLI command list.
cloudsmith_cli/core/api/vulnerabilities.py	Implements vulnerability scan fetching, filtering, and table output logic.
cloudsmith_cli/cli/utils.py	Adds rich_print_table helper and Rich imports.
cloudsmith_cli/cli/tests/commands/test_vulnerabilities.py	Adds tests for the new CLI command argument/option handling.
cloudsmith_cli/cli/commands/vulnerabilities.py	Adds the new CLI command wiring/options/help text.
cloudsmith_cli/cli/commands/init.py	Registers the new command module for CLI import side-effects.
CHANGELOG.md	Adds release notes for the new vulnerabilities command.
.envrc	Tweaks uv venv creation and installs dev dependencies from requirements.in.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.