docs(compliance): expand developer guide for new compliance frameworks

[HugoPBrito]

Context

The existing developer documentation for creating a new security compliance framework was incomplete and scattered. Contributors had no single reference explaining the directory structure, the JSON schema, how framework-specific attribute models work, how to build the output formatter, how to validate the framework locally, or how to submit the PR.

Refs: PROWLER-1359

Description

Expands docs/developer-guide/security-compliance-framework.mdx into a comprehensive, copy-paste-friendly guide that covers:

• Directory structure and file-naming conventions (<framework>_<version>_<provider>.json).
• The four-layer architecture: Pydantic schema, JSON catalog, output formatter, dispatchers.
• Full JSON schema reference for the top-level framework object and the Requirements entries.
• Per-framework attribute models (CIS, ENS, CCC, Generic, plus pointers to the rest).
• A minimal, working example of a new framework.
• Rules for mapping checks to requirements.
• How to support multiple providers (one file per provider, shared Framework/Version).
• Step-by-step output formatter implementation (CSV row model, transformer, summary table, dispatcher registration).
• Version handling gotchas (empty Version breaks CLI filtering).
• Local validation commands (--list-compliance, --compliance, CSV inspection, Prowler App).
• Testing guidance (schema tests and output tests).
• PR submission checklist.
• Troubleshooting section for the most common contribution failures.
• Reference links to representative JSON files and formatter packages in the codebase.

Also:

• Cross-links the new guide from CONTRIBUTING.md.
• Adds a 📚 Docs changelog entry under 5.25.0 in prowler/CHANGELOG.md.

Steps to review

1. Render the docs site locally (mintlify dev from docs/) and open Developer Guide → Creating a New Security Compliance Framework in Prowler.
2. Confirm every section renders correctly, including tables, code blocks, and the <Note> callouts.
3. Validate the schema reference against prowler/lib/check/compliance_models.py to confirm field names, types, and required/optional flags match.
4. Follow the minimal working example end to end against the local SDK: drop my_framework_1.0_aws.json under prowler/compliance/aws/, run poetry run python prowler-cli.py aws --list-compliance, and confirm the framework appears.
5. Verify the CONTRIBUTING.md link resolves to the published docs page.
6. Confirm the changelog entry is placed in the 5.25.0 unreleased section.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? No
  • No permission changes required.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
prowler	🟢 Ready	View Preview	Apr 23, 2026, 10:58 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler:565f6d7
Last scan: 2026-04-23 11:22:05 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[jfagoagas]

Please extend the documentation with a compliance page for Prowler Cloud / App. Thanks!