Add framework references to controls for Prometheus metrics

[Copilot]

Controls in the exported controls.json lacked framework membership information, preventing Kubescape from including framework labels in Prometheus metrics. This made it impossible to filter metrics by framework in Grafana and other observability tools.

Changes

• Export process: Added frameworks field to each control during export, containing a sorted list of all frameworks that include the control
• Error handling: Added validation for missing framework names and control IDs with appropriate logging
• Testing: Added test_export_framework_references.py to validate framework references are correctly populated
• Documentation: Updated README to document the auto-generated frameworks field

Example

Before:

{
  "controlID": "C-0056",
  "name": "Configured liveness probe",
  "baseScore": 4.0
}

After:

{
  "controlID": "C-0056",
  "name": "Configured liveness probe",
  "frameworks": ["AllControls", "DevOpsBest"],
  "baseScore": 4.0
}

This enables metrics like:

kubescape_control_complianceScore{name="Configured liveness probe",framework="DevOpsBest"} 50

The CSV mapping file (FWName_CID_CName.csv) continues to be generated for backward compatibility.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/kubernetes/kubernetes/releases
  • Triggering command: /usr/bin/python3 python3 scripts/validations.py -stringintconv -tests /tmp/go-build2199229742/b1091/vet.cfg kg_.a elemetry.io/cont-ifaceassert ux_amd64/vet OUTPUT /internal/future-atomic 168.63.129.16 ux_amd64/vet -o F_4oDsPWb .cfg ux_amd64/vet b.go g/grpc/credentia-atomic -lang=go1.21 ux_amd64/vet (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Include reference to frameworks in security controls metrics</issue_title>
<issue_description>## Overview
Currently, when exposing the kubescape results as prometheus-like metrics using the v1/metrics endpoint, the results regarding framework controls don't have any reference to the framework they belong.

Only CIS-ones show something in the name that can identify them. See examples below:

kubescape_control_complianceScore{name="Configured liveness probe",severity="Medium",link="https://hub.armosec.io/docs/c-0056"} 50
kubescape_control_complianceScore{name="CIS-4.2.13 Ensure that a limit is set on pod PIDs",severity="Low",link="https://hub.armosec.io/docs/c-0284"} 0

Problem

When graphing these results in tools like Grafana, is difficult to tell to which framework the control belongs.

Solution

Include either a reference in the name, or another variable related to the framework.
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Include reference to frameworks in security controls metrics #693

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.