update cloud controls for result grouping support (#2150)

* update cloud controls add field category_hierarchy_short

* add api to get compliance results count by control_id

* update respose struct group by status

* cloud-node api support multiple compliance types

* support filed filters in compliance group counts api

deepfence_server/apiDocs/operation.go

@@ -609,6 +609,14 @@ func (d *OpenAPIDocs) AddScansOperations() {
 		"Group Malware Results By Class", "Group Malware Scans results by severity/class",
 		http.StatusOK, []string{tagMalwareScan}, bearerToken, nil, new(ResultGroupResp))
 
+	// compliance and cloud-compliance results count grouped by control_id
+	d.AddOperation("groupResultsCompliance", http.MethodPost, "/deepfence/scan/results/count/group/compliance",
+		"Count Compliance Results by Control ID", "Count Compliance Results grouped by Control ID",
+		http.StatusOK, []string{tagCompliance}, bearerToken, new(ComplinaceScanResultsGroupReq), new(ComplinaceScanResultsGroupResp))
+	d.AddOperation("groupResultsCloudCompliance", http.MethodPost, "/deepfence/scan/results/count/group/cloud-compliance",
+		"Count Cloud Compliance Results by Control ID", "Count Cloud Compliance Results grouped by Control ID",
+		http.StatusOK, []string{tagCompliance}, bearerToken, new(ComplinaceScanResultsGroupReq), new(ComplinaceScanResultsGroupResp))
+
 	d.AddOperation("getAllNodesInScanResults", http.MethodPost, "/deepfence/scan/nodes-in-result",
 		"Get all nodes in given scan result ids", "Get all nodes in given scan result ids",
 		http.StatusOK, []string{tagScanResults}, bearerToken, new(NodesInScanResultRequest), new([]ScanResultBasicNode))

deepfence_server/cloud_controls/kubernetes/nsa-cisa_benchmarks.json

@@ -10,7 +10,7 @@
       "service": "Kubernetes",
       "type": "Benchmark"
     },
-    "documentation": "To get the latest version of the official guide, please visit [here](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF).\n\n## Overview\n\nKubernetes is an open-source system that automates the deployment, scaling, and management of applications run in containers, and is often hosted in a cloud environment. The hardening guidance detailed in this report is designed to help organizations handle associated risks and enjoy the benefits of using this technology.\n\n## Control Categories\n\nThese are the available categories for Kubernetes Compliance controls. The category for a control reflects the security function that the control applies to.\n\n### Kubernetes Pod Security\n\nA Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.\n\n### Network Separation and Hardening\n\nCluster networking is a central concept of Kubernetes. Communication between containers, Pods, services, and external services must be taken into consideration. By default, there are few network policies in place to separate resources and prevent lateral movement or escalation if a cluster is compromised. Resource separation and encryption can be an effective way to limit a cyber actor’s movement and escalation within a cluster.\n",
+    "documentation": "To get the latest version of the official guide, please visit [here](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF).\n\n## Overview\n\nKubernetes is an open-source system that automates the deployment, scaling, and management of applications run in containers, and is often hosted in a cloud environment. The hardening guidance detailed in this report is designed to help organizations handle associated risks and enjoy the benefits of using this technology.\n\n## Control Categories\n\nThese are the available categories for Kubernetes Compliance controls. The category for a control reflects the security function that the control applies to.\n\n### Kubernetes Pod Security\n\nA Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.\n\n### Network Separation and Hardening\n\nCluster networking is a central concept of Kubernetes. Communication between containers, Pods, services, and external services must be taken into consideration. By default, there are few network policies in place to separate resources and prevent lateral movement or escalation if a cluster is compromised. Resource separation and encryption can be an effective way to limit a cyber actor’s movement and escalation within a cluster.\n",
     "children": [
       "kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security",
       "kubernetes_compliance.benchmark.nsa_cisa_v1_network_hardening"