Initial SOC2 framework support

type:

Enhancement

description:

This PR introduces an initial framework for SOC2 compliance. The new framework is defined in a JSON file and includes:

A description of the SOC2 compliance related controls.
Attributes for the framework.
Scanning scope for the framework.
Type tags for the framework.
Active controls for the framework, each with a unique control ID, name, description, long description, and remediation (where applicable).

main_files_walkthrough:

files:

- `frameworks/soc2.json`: Added a new JSON file to define the SOC2 compliance framework. This includes the framework's name, description, attributes, scanning scope, type tags, and active controls. Each active control has a unique control ID and provides a name, description, long description, and remediation (where applicable).

User Description:

Overview

Adding a framework for SOC2 compliance

PR Analysis

🎯 Main theme: Adding a new SOC2 compliance framework
📝 PR summary: This PR introduces a new SOC2 compliance framework defined in a JSON file. The framework includes a description of the SOC2 compliance related controls, attributes, scanning scope, type tags, and active controls. Each active control has a unique control ID, name, description, long description, and remediation (where applicable).
📌 Type of PR: Enhancement
🧪 Relevant tests added: No
⏱️ Estimated effort to review [1-5]: 2, because the PR is straightforward and only involves the addition of a JSON file. However, the reviewer needs to have knowledge about SOC2 compliance to validate the correctness of the controls.
🔒 Security concerns: No

PR Feedback
💡 General suggestions: The PR is well-structured and the JSON file is well-formatted. However, it would be beneficial to include tests that validate the correctness of the JSON file structure and the controls it contains.
🤖 Code feedback:
- **relevant file:** ``frameworks/soc2.json`` **suggestion:** Consider adding a version attribute to the JSON file to track changes and updates to the SOC2 framework over time. [medium] **relevant line:** [{](https://github.com/kubescape/regolibrary/pull/550/files#diff-3ad101b815b442a28e5e43128ec57ab2170b09fa5b7d79780f2e0f2e14181ac8R1)

How to use

Instructions

> To invoke the PR-Agent, add a comment using one of the following commands: > **/review**: Request a review of your Pull Request. > **/describe**: Update the PR title and description based on the contents of the PR. > **/improve [--extended]**: Suggest code improvements. Extended mode provides a higher quality feedback. > **/ask \**: Ask a question about the PR. > **/update_changelog**: Update the changelog based on the PR's contents. > **/add_docs**: Generate docstring for new components introduced in the PR. > **/generate_labels**: Generate labels for the PR based on the PR's contents. > see the [tools guide](https://github.com/Codium-ai/pr-agent/blob/main/docs/TOOLS_GUIDE.md) for more details. >To edit any configuration parameter from the [configuration.toml](https://github.com/Codium-ai/pr-agent/blob/main/pr_agent/settings/configuration.toml), add --config_path=new_value. >For example: /review --pr_reviewer.extra_instructions="focus on the file: ..." >To list the possible configuration parameters, add a **/config** comment.

kubescape / regolibrary