Reject/Filter out SBOM, Attestation and Sig Tags

[davidcollom]

This will help reduce some of the API Calls performed when attestation, sbom and sig tags are published, we don't care/need them so should also reduce the memory footprint along the way.

[ribbybibby]

It looks to me like there's only a few clients where this actually reduces the number of API calls we're making. For some we have to iterate through everything anyway.

Would it make sense to apply util.FilterSbomAttestationSigs higher up in pkg/client/client.go? Then we would only have to use it in the client implementations when it actually provides an optimisation.

[davidcollom]

So I agree that there's only a handful of clients that would affect API calls... But we also cache these image tag lists for additional containers that come along in the meantime time (i.e scaling up a replica). So if we have a considerable number of tags with attestations, Sig and sbom (looking at kyverno here too with their large numbers of tags) we should reduce that memory footprint too

[ribbybibby]

I think we would be able to avoid caching the tags if we filtered them further up the stack. I'm thinking here: https://github.com/jetstack/version-checker/blob/main/pkg/client/client.go#L108.

It just saves pushing the requirement to filter things into the individual client implementations (unless there's a reason to). It would mean you don't need to remember to apply this filter when you write a new client.

[ribbybibby]

I suppose more generally, it might be nice if we had a mechanism for passing the filters that version checker applies into the clients where it would save on API calls.