Merge branch 'master' of github.com:prowler-cloud/prowler into showdown-demo

fix(ui): call API with lighthouse-configuration
chore: docker compose dev for demo
2026-06-17 13:03:14 +00:00 · 2025-06-05 11:07:08 +02:00 · 2025-06-05 10:03:39 +02:00 · 2025-06-05 10:03:11 +02:00 · 2025-06-05 07:54:51 +02:00 · 2025-06-04 21:40:52 +02:00
922 changed files with 20225 additions and 67275 deletions
@@ -6,17 +6,11 @@
 PROWLER_UI_VERSION="stable"
 AUTH_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_BASE_URL=${API_BASE_URL}
 NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
-# Temp URL for feeds need to use actual
-RSS_FEED_URL=https://prowler.com/blog/rss
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
-# Google Tag Manager ID
-NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=""
-

 #### Prowler API Configuration ####
 PROWLER_API_VERSION="stable"
@@ -133,7 +127,7 @@ SENTRY_ENVIRONMENT=local
 SENTRY_RELEASE=local

 #### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.7.5
+NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.8.0 - DEMO

 # Social login credentials
 SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
@@ -144,10 +138,6 @@ SOCIAL_GITHUB_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/github"
 SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
 SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""

-# Single Sign-On (SSO)
-SAML_SSO_CALLBACK_URL="${AUTH_URL}/api/auth/callback/saml"
-
-# Lighthouse tracing
 LANGSMITH_TRACING=false
 LANGSMITH_ENDPOINT="https://api.smith.langchain.com"
 LANGSMITH_API_KEY=""
@@ -22,11 +22,6 @@ provider/kubernetes:
      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/**"

-provider/m365:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/m365/**"
-      - any-glob-to-any-file: "tests/providers/m365/**"
-
 provider/github:
  - changed-files:
      - any-glob-to-any-file: "prowler/providers/github/**"
@@ -6,7 +6,6 @@ on:
      - "master"
    paths:
      - "api/**"
-      - "prowler/**"
      - ".github/workflows/api-build-lint-push-containers.yml"

  # Uncomment the code below to test this action on PRs
@@ -77,12 +76,12 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
@@ -95,7 +94,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
@@ -48,12 +48,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -28,10 +28,6 @@ env:
  VALKEY_DB: 0
  API_WORKING_DIR: ./api
  IMAGE_NAME: prowler-api
-  IGNORE_FILES: |
-    api/docs/**
-    api/README.md
-    api/CHANGELOG.md

 jobs:
  test:
@@ -82,7 +78,12 @@ jobs:
        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
        with:
          files: api/**
-          files_ignore: ${{ env.IGNORE_FILES }}
+          files_ignore: |
+            api/.github/**
+            api/docs/**
+            api/permissions/**
+            api/README.md
+            api/mkdocs.yml

      - name: Replace @master with current branch in pyproject.toml
        working-directory: ./api
@@ -112,12 +113,6 @@ jobs:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"

-      - name: Install system dependencies for xmlsec
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libxml2-dev libxmlsec1-dev libxmlsec1-openssl pkg-config
-
      - name: Install dependencies
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -163,10 +158,8 @@ jobs:
      - name: Safety
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
        run: |
-          poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
+          poetry run safety check --ignore 70612,66963,74429

      - name: Vulture
        working-directory: ./api
@@ -188,7 +181,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -197,19 +190,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Test if changes are in not ignored paths
-        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: api/**
-          files_ignore: ${{ env.IGNORE_FILES }}
      - name: Set up Docker Buildx
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.API_WORKING_DIR }}
          push: false
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@a05cf0859455b5b16317ee22d809887a4043cdf0 # v3.90.2
+        uses: trufflesecurity/trufflehog@b06f6d72a3791308bb7ba59c2b8cb7a083bd17e4 # v3.88.26
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -1,266 +0,0 @@
-name: Prowler Release Preparation
-
-run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      prowler_version:
-        description: 'Prowler version to release (e.g., 5.9.0)'
-        required: true
-        type: string
-
-env:
-  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}
-
-jobs:
-  prepare-release:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        fetch-depth: 0
-        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-
-    - name: Set up Python
-      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-      with:
-        python-version: '3.12'
-
-    - name: Install Poetry
-      run: |
-        python3 -m pip install --user poetry
-        echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-    - name: Configure Git
-      run: |
-        git config --global user.name "prowler-bot"
-        git config --global user.email "179230569+prowler-bot@users.noreply.github.com"
-
-    - name: Parse version and determine branch
-      run: |
-        # Validate version format (reusing pattern from sdk-bump-version.yml)
-        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-          MAJOR_VERSION=${BASH_REMATCH[1]}
-          MINOR_VERSION=${BASH_REMATCH[2]}
-          PATCH_VERSION=${BASH_REMATCH[3]}
-
-          # Export version components to environment
-          echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-          echo "PATCH_VERSION=${PATCH_VERSION}" >> "${GITHUB_ENV}"
-
-          # Determine branch name (format: v5.9)
-          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
-          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"
-
-          # Calculate UI version (1.X.X format - matches Prowler minor version)
-          UI_VERSION="1.${MINOR_VERSION}.${PATCH_VERSION}"
-          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-
-          # Calculate API version (1.X.X format - one minor version ahead)
-          API_MINOR_VERSION=$((MINOR_VERSION + 1))
-          API_VERSION="1.${API_MINOR_VERSION}.${PATCH_VERSION}"
-          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Prowler version: $PROWLER_VERSION"
-          echo "Branch name: $BRANCH_NAME"
-          echo "UI version: $UI_VERSION"
-          echo "API version: $API_VERSION"
-          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
-        else
-          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
-          exit 1
-        fi
-
-    - name: Checkout existing branch for patch release
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
-          exit 1
-        fi
-
-    - name: Verify version in pyproject.toml
-      run: |
-        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ pyproject.toml version: $CURRENT_VERSION"
-
-    - name: Verify version in prowler/config/config.py
-      run: |
-        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in prowler/config/config.py (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"
-
-    - name: Verify version in api/pyproject.toml
-      run: |
-        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in api/pyproject.toml (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"
-
-    - name: Verify prowler dependency in api/pyproject.toml
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-        if [ "$CURRENT_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Prowler dependency mismatch in api/pyproject.toml (expected: '$BRANCH_NAME_TRIMMED', found: '$CURRENT_PROWLER_REF')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
-
-    - name: Verify version in api/src/backend/api/v1/views.py
-      run: |
-        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in views.py (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
-
-    - name: Create release branch for minor release
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        echo "Minor release detected (patch = 0), creating new branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME" || git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "ERROR: Branch $BRANCH_NAME already exists for minor release $PROWLER_VERSION"
-          exit 1
-        fi
-        git checkout -b "$BRANCH_NAME"
-        
-        # Push the new branch first so it exists remotely
-        git push origin "$BRANCH_NAME"
-
-    - name: Update prowler dependency in api/pyproject.toml
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-
-        # Minor release: update the dependency to use the new branch
-        echo "Minor release detected - updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
-        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
-
-        # Verify the change was made
-        UPDATED_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        if [ "$UPDATED_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Failed to update prowler dependency in api/pyproject.toml"
-          exit 1
-        fi
-
-        # Update poetry lock file
-        echo "Updating poetry.lock file..."
-        cd api
-        poetry lock
-        cd ..
-
-        # Commit and push the changes
-        git add api/pyproject.toml api/poetry.lock
-        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
-        git push origin "$BRANCH_NAME"
-
-        echo "✓ api/pyproject.toml prowler dependency updated to: $UPDATED_PROWLER_REF"
-
-    - name: Extract changelog entries
-      run: |
-        set -e
-
-        # Function to extract changelog for a specific version
-        extract_changelog() {
-          local file="$1"
-          local version="$2"
-          local output_file="$3"
-
-          if [ ! -f "$file" ]; then
-            echo "Warning: $file not found, skipping..."
-            touch "$output_file"
-            return
-          fi
-
-          # Extract changelog section for this version
-          awk -v version="$version" '
-            /^## \[v?'"$version"'\]/ { found=1; next }
-            found && /^## \[v?[0-9]+\.[0-9]+\.[0-9]+\]/ { found=0 }
-            found && !/^## \[v?'"$version"'\]/ { print }
-          ' "$file" > "$output_file"
-
-          # Remove --- separators
-          sed -i '/^---$/d' "$output_file"
-
-          # Remove trailing empty lines
-          sed -i '/^$/d' "$output_file"
-        }
-
-        # Extract changelogs
-        echo "Extracting changelog entries..."
-        extract_changelog "prowler/CHANGELOG.md" "$PROWLER_VERSION" "prowler_changelog.md"
-        extract_changelog "api/CHANGELOG.md" "$API_VERSION" "api_changelog.md"
-        extract_changelog "ui/CHANGELOG.md" "$UI_VERSION" "ui_changelog.md"
-
-        # Combine changelogs in order: UI, API, SDK
-        > combined_changelog.md
-
-        if [ -s "ui_changelog.md" ]; then
-          echo "## UI" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat ui_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "api_changelog.md" ]; then
-          echo "## API" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat api_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        if [ -s "prowler_changelog.md" ]; then
-          echo "## SDK" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat prowler_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        echo "Combined changelog preview:"
-        cat combined_changelog.md
-
-    - name: Create draft release
-      uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
-      with:
-        tag_name: ${{ env.PROWLER_VERSION }}
-        name: Prowler ${{ env.PROWLER_VERSION }}
-        body_path: combined_changelog.md
-        draft: true
-        target_commitish: ${{ env.PATCH_VERSION == '0' && 'master' || env.BRANCH_NAME }}
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Clean up temporary files
-      run: |
-        rm -f prowler_changelog.md api_changelog.md ui_changelog.md combined_changelog.md
@@ -1,77 +0,0 @@
-name: Check Changelog
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled, unlabeled]
-
-jobs:
-  check-changelog:
-    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    env:
-      MONITORED_FOLDERS: "api ui prowler"
-
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Get list of changed files
-        id: changed_files
-        run: |
-          git fetch origin ${{ github.base_ref }}
-          git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt
-          cat changed_files.txt
-
-      - name: Check for folder changes and changelog presence
-        id: check_folders
-        run: |
-          missing_changelogs=""
-
-          for folder in $MONITORED_FOLDERS; do
-            if grep -q "^${folder}/" changed_files.txt; then
-              echo "Detected changes in ${folder}/"
-              if ! grep -q "^${folder}/CHANGELOG.md$" changed_files.txt; then
-                echo "No changelog update found for ${folder}/"
-                missing_changelogs="${missing_changelogs}- \`${folder}\`\n"
-              fi
-            fi
-          done
-
-          echo "missing_changelogs<<EOF" >> $GITHUB_OUTPUT
-          echo -e "${missing_changelogs}" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        id: find_comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e #v3.1.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- changelog-check -->'
-
-      - name: Update PR comment with changelog status
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          edit-mode: replace
-          body: |
-            <!-- changelog-check -->
-            ${{ steps.check_folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
-
-            {0}
-
-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check_folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉' }}
-
-      - name: Fail if changelog is missing
-        if: steps.check_folders.outputs.missing_changelogs != ''
-        run: |
-          echo "ERROR: Missing changelog updates in some folders."
-          exit 1
@@ -27,12 +27,11 @@ jobs:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
          event-type: prowler-pull-request-merged
-          client-payload: |
-            {
-              "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
-              "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-              "PROWLER_PR_TITLE": ${{ toJson(github.event.pull_request.title) }},
-              "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
-              "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }}
-            }
+          client-payload: '{
+            "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
+            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
+            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
+            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
+            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
+            "PROWLER_PR_URL":${{ toJson(github.event.pull_request.html_url) }}
+          }'
@@ -123,11 +123,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
@@ -12,6 +12,7 @@ env:
 jobs:
  bump-version:
    name: Bump Version
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -96,7 +97,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -135,7 +135,6 @@ jobs:
            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            labels: no-changelog
            body: |
              ### Description

@@ -56,12 +56,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -102,15 +102,8 @@ jobs:
        run: |
          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .

-      - name: Dockerfile - Check if Dockerfile has changed
-        id: dockerfile-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            Dockerfile
-
      - name: Hadolint
-        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013

@@ -248,7 +241,7 @@ jobs:
      # Codecov
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
+        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -30,7 +30,6 @@ env:
  # Container Registries
  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1

 jobs:
  repository-check:
@@ -77,17 +76,16 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
          # Set push: false for testing
          push: true
          tags: |
@@ -98,12 +96,11 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
@@ -48,12 +48,12 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          category: "/language:${{matrix.language}}"
@@ -1,98 +0,0 @@
-name: UI - E2E Tests
-
-on:
-  pull_request:
-    branches:
-      - master
-      - "v5.*"
-    paths:
-      - '.github/workflows/ui-e2e-tests.yml'
-      - 'ui/**'
-
-jobs:
-  e2e-tests:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    env:
-      AUTH_SECRET: 'fallback-ci-secret-for-testing'
-      AUTH_TRUST_HOST: true
-      NEXTAUTH_URL: 'http://localhost:3000'
-      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Start API services
-        run: |
-          # Override docker-compose image tag to use latest instead of stable
-          # This overrides any PROWLER_API_VERSION set in .env file
-          export PROWLER_API_VERSION=latest
-          echo "Using PROWLER_API_VERSION=${PROWLER_API_VERSION}"
-          docker compose up -d api worker worker-beat
-      - name: Wait for API to be ready
-        run: |
-          echo "Waiting for prowler-api..."
-          timeout=150  # 5 minutes max
-          elapsed=0
-          while [ $elapsed -lt $timeout ]; do
-            if curl -s ${NEXT_PUBLIC_API_BASE_URL}/docs >/dev/null 2>&1; then
-              echo "Prowler API is ready!"
-              exit 0
-            fi
-            echo "Waiting for prowler-api... (${elapsed}s elapsed)"
-            sleep 5
-            elapsed=$((elapsed + 5))
-          done
-          echo "Timeout waiting for prowler-api to start"
-          exit 1
-      - name: Load database fixtures for E2E tests
-        run: |
-          docker compose exec -T api sh -c '
-            echo "Loading all fixtures from api/fixtures/dev/..."
-            for fixture in api/fixtures/dev/*.json; do
-              if [ -f "$fixture" ]; then
-                echo "Loading $fixture"
-                poetry run python manage.py loaddata "$fixture" --database admin
-              fi
-            done
-            echo "All database fixtures loaded successfully!"
-          '
-      - name: Setup Node.js environment
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: '20.x'
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
-      - name: Install UI dependencies
-        working-directory: ./ui
-        run: npm ci
-      - name: Build UI application
-        working-directory: ./ui
-        run: npm run build
-      - name: Cache Playwright browsers
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-        id: playwright-cache
-        with:
-          path: ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('ui/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-playwright-
-      - name: Install Playwright browsers
-        working-directory: ./ui
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        run: npm run test:e2e:install
-      - name: Run E2E tests
-        working-directory: ./ui
-        run: npm run test:e2e
-      - name: Upload test reports
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
-        if: failure()
-        with:
-          name: playwright-report
-          path: ui/playwright-report/
-          retention-days: 30
-      - name: Cleanup services
-        if: always()
-        run: |
-          echo "Shutting down services..."
-          docker compose down -v || true
-          echo "Cleanup completed"
@@ -34,26 +34,23 @@ jobs:
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: ${{ matrix.node-version }}
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
      - name: Install dependencies
        working-directory: ./ui
-        run: npm ci
+        run: npm install
      - name: Run Healthcheck
        working-directory: ./ui
        run: npm run healthcheck
      - name: Build the application
        working-directory: ./ui
        run: npm run build
-
  test-container-build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.UI_WORKING_DIR }}
          # Always build using `prod` target
@@ -44,16 +44,6 @@ junit-reports/

 # Cursor files
 .cursorignore
-.cursor/
-
-# RooCode files
-.roo/
-.rooignore
-.roomodes
-
-# Cline files
-.cline/
-.clineignore

 # Terraform
 .terraform*
@@ -115,8 +115,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
-        entry: bash -c 'safety check --ignore 70612,66963,74429,76352,76353,77744,77745'
+        entry: bash -c 'safety check --ignore 70612,66963,74429,76352,76353'
        language: system

      - id: vulture
@@ -1,4 +1,4 @@
-FROM python:3.12.11-slim-bookworm AS build
+FROM python:3.12.10-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
 LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
@@ -6,8 +6,7 @@ LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
 ARG POWERSHELL_VERSION=7.5.0

 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    wget libicu72 libunwind8 libssl3 libcurl4 ca-certificates apt-transport-https gnupg \
+RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
    && rm -rf /var/lib/apt/lists/*

 # Install PowerShell
@@ -47,6 +46,10 @@ ENV PATH="${HOME}/.local/bin:${PATH}"
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

+# By default poetry does not compile Python source files to bytecode during installation.
+# This speeds up the installation process, but the first execution may take a little more
+# time because Python then compiles source files to bytecode automatically. If you want to
+# compile source files to bytecode during installation, you can use the --compile option
 RUN poetry install --compile && \
    rm -rf ~/.cache/pip

@@ -87,11 +87,11 @@ prowler dashboard
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
 | AWS | 567 | 82 | 36 | 10 |
-| GCP | 79 | 13 | 10 | 3 |
-| Azure | 142 | 18 | 11 | 3 |
+| GCP | 79 | 13 | 9 | 3 |
+| Azure | 142 | 18 | 10 | 3 |
 | Kubernetes | 83 | 7 | 5 | 7 |
 | GitHub | 16 | 2 | 1 | 0 |
-| M365 | 69 | 7 | 3 | 2 |
+| M365 | 69 | 7 | 2 | 2 |
 | NHN (Unofficial) | 6 | 2 | 1 | 0 |

 > [!Note]
@@ -136,14 +136,6 @@ If your workstation's architecture is incompatible, you can resolve this by:

 > Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

-### Common Issues with Docker Pull Installation
-
-> [!Note]
-  If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.md) section for more details and examples.
-
-You can find more information in the [Troubleshooting](./docs/troubleshooting.md) section.
-
-
 ### From GitHub

 **Requirements**
@@ -0,0 +1,168 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.pyc
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+/_data/
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+*.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+.idea/
+
+# VSCode
+.vscode/
@@ -0,0 +1,91 @@
+repos:
+  ## GENERAL
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-yaml
+        args: ["--unsafe"]
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: no-commit-to-branch
+      - id: pretty-format-json
+        args: ["--autofix", "--no-sort-keys", "--no-ensure-ascii"]
+        exclude: 'src/backend/api/fixtures/dev/.*\.json$'
+
+  ## TOML
+  - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
+    rev: v2.13.0
+    hooks:
+      - id: pretty-format-toml
+        args: [--autofix]
+        files: pyproject.toml
+
+  ## BASH
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: v0.10.0
+    hooks:
+      - id: shellcheck
+        exclude: contrib
+  ## PYTHON
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    # Ruff version.
+    rev: v0.5.0
+    hooks:
+      # Run the linter.
+      - id: ruff
+        args: [ --fix ]
+      # Run the formatter.
+      - id: ruff-format
+
+  - repo: https://github.com/python-poetry/poetry
+    rev: 1.8.0
+    hooks:
+      - id: poetry-check
+        args: ["--directory=src"]
+      - id: poetry-lock
+        args: ["--no-update", "--directory=src"]
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.13.0-beta
+    hooks:
+      - id: hadolint
+        args: ["--ignore=DL3013", "Dockerfile"]
+
+  - repo: local
+    hooks:
+      - id: pylint
+        name: pylint
+        entry: bash -c 'poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/'
+        language: system
+        files: '.*\.py'
+
+      - id: trufflehog
+        name: TruffleHog
+        description: Detect secrets in your data.
+        entry: bash -c 'trufflehog --no-update git file://. --only-verified --fail'
+        # For running trufflehog in docker, use the following entry instead:
+        # entry: bash -c 'docker run -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --only-verified --fail'
+        language: system
+        stages: ["commit", "push"]
+
+      - id: bandit
+        name: bandit
+        description: "Bandit is a tool for finding common security issues in Python code"
+        entry: bash -c 'poetry run bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
+        language: system
+        files: '.*\.py'
+
+      - id: safety
+        name: safety
+        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
+        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429'
+        language: system
+
+      - id: vulture
+        name: vulture
+        description: "Vulture finds unused code in Python programs."
+        entry: bash -c 'poetry run vulture --exclude "contrib,.venv,tests,conftest.py" --min-confidence 100 .'
+        language: system
+        files: '.*\.py'
@@ -2,143 +2,57 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.11.0] (Prowler 5.10.0)
+## [v1.9.0] (Prowler UNRELEASED)

 ### Added
- Github provider support [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271)
- Integration with Amazon S3, enabling storage and retrieval of scan data via S3 buckets [(#8056)](https://github.com/prowler-cloud/prowler/pull/8056)
-
-### Fixed
- Avoid sending errors to Sentry in M365 provider when user authentication fails [(#8420)](https://github.com/prowler-cloud/prowler/pull/8420)
-
---
-
-## [1.10.2] (Prowler v5.9.2)
+- Support GCP Service Account key. [(#7824)](https://github.com/prowler-cloud/prowler/pull/7824)
+- Added new `GET /compliance-overviews` endpoints to retrieve compliance metadata and specific requirements statuses [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877).

 ### Changed
- Optimized queries for resources views [(#8336)](https://github.com/prowler-cloud/prowler/pull/8336)
-
---
-
-## [v1.10.1] (Prowler v5.9.1)
+- Renamed field encrypted_password to password for M365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784)
+- Reworked `GET /compliance-overviews` to return proper requirement metrics [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877).

 ### Fixed
- Calculate failed findings during scans to prevent heavy database queries [(#8322)](https://github.com/prowler-cloud/prowler/pull/8322)
-
---
-
-## [v1.10.0] (Prowler v5.9.0)
-
-### Added
- SSO with SAML support [(#8175)](https://github.com/prowler-cloud/prowler/pull/8175)
- `GET /resources/metadata`, `GET /resources/metadata/latest` and `GET /resources/latest` to expose resource metadata and latest scan results [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
-
-### Changed
- `/processors` endpoints to post-process findings. Currently, only the Mutelist processor is supported to allow to mute findings.
- Optimized the underlying queries for resources endpoints [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- Optimized include parameters for resources view [(#8229)](https://github.com/prowler-cloud/prowler/pull/8229)
- Optimized overview background tasks [(#8300)](https://github.com/prowler-cloud/prowler/pull/8300)
-
-### Fixed
- Search filter for findings and resources [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112)
- RBAC is now applied to `GET /overviews/providers` [(#8277)](https://github.com/prowler-cloud/prowler/pull/8277)
-
-### Changed
- `POST /schedules/daily` returns a `409 CONFLICT` if already created [(#8258)](https://github.com/prowler-cloud/prowler/pull/8258)
-
-### Security
- Enhanced password validation to enforce 12+ character passwords with special characters, uppercase, lowercase, and numbers [(#8225)](https://github.com/prowler-cloud/prowler/pull/8225)
-
---
-
-## [v1.9.1] (Prowler v5.8.1)
-
-### Added
- Custom exception for provider connection errors during scans [(#8234)](https://github.com/prowler-cloud/prowler/pull/8234)
-
-### Changed
- Summary and overview tasks now use a dedicated queue and no longer propagate errors to compliance tasks [(#8214)](https://github.com/prowler-cloud/prowler/pull/8214)
-
-### Fixed
- Scan with no resources will not trigger legacy code for findings metadata [(#8183)](https://github.com/prowler-cloud/prowler/pull/8183)
- Invitation email comparison case-insensitive [(#8206)](https://github.com/prowler-cloud/prowler/pull/8206)
-
-### Removed
- Validation of the provider's secret type during updates [(#8197)](https://github.com/prowler-cloud/prowler/pull/8197)
-
---
-
-## [v1.9.0] (Prowler v5.8.0)
-
-### Added
- Support GCP Service Account key [(#7824)](https://github.com/prowler-cloud/prowler/pull/7824)
- `GET /compliance-overviews` endpoints to retrieve compliance metadata and specific requirements statuses [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877)
- Lighthouse configuration support [(#7848)](https://github.com/prowler-cloud/prowler/pull/7848)
-
-### Changed
- Reworked `GET /compliance-overviews` to return proper requirement metrics [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877)
- Optional `user` and `password` for M365 provider [(#7992)](https://github.com/prowler-cloud/prowler/pull/7992)
-
-### Fixed
- Scheduled scans are no longer deleted when their daily schedule run is disabled [(#8082)](https://github.com/prowler-cloud/prowler/pull/8082)
-
---
-
-## [v1.8.5] (Prowler v5.7.5)
-
-### Fixed
- Normalize provider UID to ensure safe and unique export directory paths [(#8007)](https://github.com/prowler-cloud/prowler/pull/8007).
- Blank resource types in `/metadata` endpoints [(#8027)](https://github.com/prowler-cloud/prowler/pull/8027)
-
---
-
-## [v1.8.4] (Prowler v5.7.4)
-
-### Removed
- Reverted RLS transaction handling and DB custom backend [(#7994)](https://github.com/prowler-cloud/prowler/pull/7994)
+- Fixed the connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)

 ---

 ## [v1.8.3] (Prowler v5.7.3)

 ### Added
- Database backend to handle already closed connections [(#7935)](https://github.com/prowler-cloud/prowler/pull/7935)
-
-### Changed
- Renamed field encrypted_password to password for M365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784)
+- Database backend to handle already closed connections [(#7935)](https://github.com/prowler-cloud/prowler/pull/7935).

 ### Fixed
- Transaction persistence with RLS operations [(#7916)](https://github.com/prowler-cloud/prowler/pull/7916)
- Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932)
+- Fixed transaction persistence with RLS operations [(#7916)](https://github.com/prowler-cloud/prowler/pull/7916).
+- Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932).

 ---

 ## [v1.8.2] (Prowler v5.7.2)

 ### Fixed
- Task lookup to use task_kwargs instead of task_args for scan report resolution [(#7830)](https://github.com/prowler-cloud/prowler/pull/7830)
- Kubernetes UID validation to allow valid context names [(#7871)](https://github.com/prowler-cloud/prowler/pull/7871)
- Connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)
- Race condition when creating background tasks [(#7876)](https://github.com/prowler-cloud/prowler/pull/7876)
- Error when modifying or retrieving tenants due to missing user UUID in transaction context [(#7890)](https://github.com/prowler-cloud/prowler/pull/7890)
+- Fixed task lookup to use task_kwargs instead of task_args for scan report resolution. [(#7830)](https://github.com/prowler-cloud/prowler/pull/7830)
+- Fixed Kubernetes UID validation to allow valid context names [(#7871)](https://github.com/prowler-cloud/prowler/pull/7871)
+- Fixed a race condition when creating background tasks [(#7876)](https://github.com/prowler-cloud/prowler/pull/7876).
+- Fixed an error when modifying or retrieving tenants due to missing user UUID in transaction context [(#7890)](https://github.com/prowler-cloud/prowler/pull/7890).

 ---

 ## [v1.8.1] (Prowler v5.7.1)

 ### Fixed
- Added database index to improve performance on finding lookup [(#7800)](https://github.com/prowler-cloud/prowler/pull/7800)
+- Added database index to improve performance on finding lookup [(#7800)](https://github.com/prowler-cloud/prowler/pull/7800).

 ---

 ## [v1.8.0] (Prowler v5.7.0)

 ### Added
- Huge improvements to `/findings/metadata` and resource related filters for findings [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690)
- Improvements to `/overviews` endpoints [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690)
- Queue to perform backfill background tasks [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690)
- New endpoints to retrieve latest findings and metadata [(#7743)](https://github.com/prowler-cloud/prowler/pull/7743)
- Export support for Prowler ThreatScore in M365 [(7783)](https://github.com/prowler-cloud/prowler/pull/7783)
+- Added huge improvements to `/findings/metadata` and resource related filters for findings [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added improvements to `/overviews` endpoints [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added new queue to perform backfill background tasks [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added new endpoints to retrieve latest findings and metadata [(#7743)](https://github.com/prowler-cloud/prowler/pull/7743).
+- Added export support for Prowler ThreatScore in M365 [(7783)](https://github.com/prowler-cloud/prowler/pull/7783)

 ---

@@ -146,9 +60,9 @@ All notable changes to the **Prowler API** are documented in this file.

 ### Added

- M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563)
- `compliance/` folder and ZIP‐export functionality for all compliance reports [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653)
- API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653)
+- Added M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563).
+- Added a `compliance/` folder and ZIP‐export functionality for all compliance reports.[(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
+- Added a new API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).

 ---

@@ -156,42 +70,43 @@ All notable changes to the **Prowler API** are documented in this file.

 ### Added

- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167)
- HTTP Security Headers [(#7289)](https://github.com/prowler-cloud/prowler/pull/7289)
- New endpoint to get the compliance overviews metadata [(#7333)](https://github.com/prowler-cloud/prowler/pull/7333)
- Support for muted findings [(#7378)](https://github.com/prowler-cloud/prowler/pull/7378)
- Missing fields to API findings and resources [(#7318)](https://github.com/prowler-cloud/prowler/pull/7318)
+- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
+- HTTP Security Headers [(#7289)](https://github.com/prowler-cloud/prowler/pull/7289).
+- New endpoint to get the compliance overviews metadata [(#7333)](https://github.com/prowler-cloud/prowler/pull/7333).
+- Support for muted findings [(#7378)](https://github.com/prowler-cloud/prowler/pull/7378).
+- Added missing fields to API findings and resources [(#7318)](https://github.com/prowler-cloud/prowler/pull/7318).

 ---

 ## [v1.5.4] (Prowler v5.4.4)

 ### Fixed
- Bug with periodic tasks when trying to delete a provider [(#7466)](https://github.com/prowler-cloud/prowler/pull/7466)
+- Fixed a bug with periodic tasks when trying to delete a provider ([#7466])(https://github.com/prowler-cloud/prowler/pull/7466).

 ---

 ## [v1.5.3] (Prowler v5.4.3)

 ### Fixed
- Duplicated scheduled scans handling [(#7401)](https://github.com/prowler-cloud/prowler/pull/7401)
- Environment variable to configure the deletion task batch size [(#7423)](https://github.com/prowler-cloud/prowler/pull/7423)
+- Added duplicated scheduled scans handling ([#7401])(https://github.com/prowler-cloud/prowler/pull/7401).
+- Added environment variable to configure the deletion task batch size ([#7423])(https://github.com/prowler-cloud/prowler/pull/7423).

 ---

 ## [v1.5.2] (Prowler v5.4.2)

 ### Changed
- Refactored deletion logic and implemented retry mechanism for deletion tasks [(#7349)](https://github.com/prowler-cloud/prowler/pull/7349)
+- Refactored deletion logic and implemented retry mechanism for deletion tasks [(#7349)](https://github.com/prowler-cloud/prowler/pull/7349).

 ---

 ## [v1.5.1] (Prowler v5.4.1)

 ### Fixed
- Handle response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183)
- Race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172)
- Handle exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283)
+- Added a handled response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183).
+- Fixed a race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172).
+- Handled exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283).
+

 ---

@@ -199,20 +114,20 @@ All notable changes to the **Prowler API** are documented in this file.

 ### Added
 - Social login integration with Google and GitHub [(#6906)](https://github.com/prowler-cloud/prowler/pull/6906)
- API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats [(#6878)](https://github.com/prowler-cloud/prowler/pull/6878)
+- Add API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats [(#6878)](https://github.com/prowler-cloud/prowler/pull/6878).
 - Configurable Sentry integration [(#6874)](https://github.com/prowler-cloud/prowler/pull/6874)

 ### Changed
- Optimized `GET /findings` endpoint to improve response time and size [(#7019)](https://github.com/prowler-cloud/prowler/pull/7019)
+- Optimized `GET /findings` endpoint to improve response time and size [(#7019)](https://github.com/prowler-cloud/prowler/pull/7019).

 ---

 ## [v1.4.0] (Prowler v5.3.0)

 ### Changed
- Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700)
- Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800)
- Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863)
- Increased the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869)
+- Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700).
+- Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800).
+- Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863).
+- Increased the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869).

 ---
@@ -6,19 +6,7 @@ ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}

 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    wget \
-    libicu72 \
-    gcc \
-    g++ \
-    make \
-    libxml2-dev \
-    libxmlsec1-dev \
-    libxmlsec1-openssl \
-    pkg-config \
-    libtool \
-    libxslt1-dev \
-    python3-dev \
+RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
    && rm -rf /var/lib/apt/lists/*

 # Install PowerShell
@@ -44,25 +32,23 @@ USER prowler

 WORKDIR /home/prowler

-# Ensure output directory exists
-RUN mkdir -p /tmp/prowler_api_output
-
 COPY pyproject.toml ./

 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

+COPY src/backend/ ./backend/
+
 ENV PATH="/home/prowler/.local/bin:$PATH"

 # Add `--no-root` to avoid installing the current project as a package
 RUN poetry install --no-root && \
    rm -rf ~/.cache/pip

-RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"
-
-COPY src/backend/ ./backend/
 COPY docker-entrypoint.sh ./docker-entrypoint.sh

+RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"
+
 WORKDIR /home/prowler/backend

 # Development image
@@ -257,7 +257,7 @@ cd src/backend
 python manage.py loaddata api/fixtures/0_dev_users.json --database admin
 ```

-> The default credentials are `dev@prowler.com:Thisisapassword123@` or `dev2@prowler.com:Thisisapassword123@`
+> The default credentials are `dev@prowler.com:thisisapassword123` or `dev2@prowler.com:thisisapassword123`

 ## Run tests

@@ -0,0 +1,125 @@
+services:
+  api:
+    build:
+      dockerfile: Dockerfile
+    image: prowler-api
+    env_file:
+      - path: ./.env
+        required: false
+    ports:
+      - "${DJANGO_PORT:-8000}:${DJANGO_PORT:-8000}"
+    profiles:
+      - prod
+    depends_on:
+      postgres:
+        condition: service_healthy
+      valkey:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "prod"
+
+  api-dev:
+    build:
+      dockerfile: Dockerfile
+      target: dev
+    image: prowler-api-dev
+    environment:
+      - DJANGO_SETTINGS_MODULE=config.django.devel
+      - DJANGO_LOGGING_FORMATTER=human_readable
+    env_file:
+      - path: ./.env
+        required: false
+    ports:
+      - "${DJANGO_PORT:-8080}:${DJANGO_PORT:-8080}"
+    volumes:
+      - "./src/backend:/home/prowler/backend"
+      - "./pyproject.toml:/home/prowler/pyproject.toml"
+    profiles:
+      - dev
+    depends_on:
+      postgres:
+        condition: service_healthy
+      valkey:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "dev"
+
+  postgres:
+    image: postgres:16.3-alpine
+    ports:
+      - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
+    hostname: "postgres-db"
+    volumes:
+      - ./_data/postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=${POSTGRES_ADMIN_USER:-prowler}
+      - POSTGRES_PASSWORD=${POSTGRES_ADMIN_PASSWORD:-S3cret}
+      - POSTGRES_DB=${POSTGRES_DB:-prowler_db}
+    env_file:
+      - path: ./.env
+        required: false
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER:-prowler} -d ${POSTGRES_DB:-prowler_db}'"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  valkey:
+    image: valkey/valkey:7-alpine3.19
+    ports:
+      - "${VALKEY_PORT:-6379}:6379"
+    hostname: "valkey"
+    volumes:
+      - ./_data/valkey:/data
+    env_file:
+      - path: ./.env
+        required: false
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'valkey-cli ping'"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  worker:
+    build:
+      dockerfile: Dockerfile
+    image: prowler-worker
+    environment:
+      - DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE:-config.django.production}
+    env_file:
+      - path: ./.env
+        required: false
+    profiles:
+      - dev
+      - prod
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "worker"
+
+  worker-beat:
+    build:
+      dockerfile: Dockerfile
+    image: prowler-worker
+    environment:
+      - DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE:-config.django.production}
+    env_file:
+      - path: ./.env
+        required: false
+    profiles:
+      - dev
+      - prod
+    depends_on:
+      valkey:
+        condition: service_healthy
+      postgres:
+        condition: service_healthy
+    entrypoint:
+      - "../docker-entrypoint.sh"
+      - "beat"
@@ -3,10 +3,6 @@

 apply_migrations() {
  echo "Applying database migrations..."
-
-  # Fix Inconsistent migration history after adding sites app
-  poetry run python manage.py check_and_fix_socialaccount_sites_migration --database admin
-
  poetry run python manage.py migrate --database admin
 }

@@ -32,7 +28,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill,overview,integrations -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill -E --max-tasks-per-child 1
 }

 start_worker_beat() {
@@ -7,8 +7,8 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django==5.1.10",
-  "django-allauth[saml] (>=65.8.0,<66.0.0)",
+  "django==5.1.8",
+  "django-allauth==65.4.1",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
  "django-cors-headers==4.4.0",
@@ -23,14 +23,12 @@ dependencies = [
  "drf-spectacular==0.27.2",
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
-  "lxml==5.3.2",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.10",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
  "uuid6==2024.7.10",
-  "openai (>=1.82.0,<2.0.0)",
-  "xmlsec==1.3.14"
+  "openai (>=1.82.0,<2.0.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -38,7 +36,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.11.0"
+version = "1.9.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -17,8 +17,6 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
    def pre_social_login(self, request, sociallogin):
        # Link existing accounts with the same email address
        email = sociallogin.account.extra_data.get("email")
-        if sociallogin.provider.id == "saml":
-            email = sociallogin.user.email
        if email:
            existing_user = self.get_user_by_email(email)
            if existing_user:
@@ -31,41 +29,33 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
        """
        with transaction.atomic(using=MainRouter.admin_db):
            user = super().save_user(request, sociallogin, form)
-            provider = sociallogin.provider.id
-            extra = sociallogin.account.extra_data
-
-            if provider != "saml":
-                # Handle other providers (e.g., GitHub, Google)
+            user.save(using=MainRouter.admin_db)
+            social_account_name = sociallogin.account.extra_data.get("name")
+            if social_account_name:
+                user.name = social_account_name
                user.save(using=MainRouter.admin_db)
-                social_account_name = extra.get("name")
-                if social_account_name:
-                    user.name = social_account_name
-                    user.save(using=MainRouter.admin_db)

-                tenant = Tenant.objects.using(MainRouter.admin_db).create(
-                    name=f"{user.email.split('@')[0]} default tenant"
+            tenant = Tenant.objects.using(MainRouter.admin_db).create(
+                name=f"{user.email.split('@')[0]} default tenant"
+            )
+            with rls_transaction(str(tenant.id)):
+                Membership.objects.using(MainRouter.admin_db).create(
+                    user=user, tenant=tenant, role=Membership.RoleChoices.OWNER
+                )
+                role = Role.objects.using(MainRouter.admin_db).create(
+                    name="admin",
+                    tenant_id=tenant.id,
+                    manage_users=True,
+                    manage_account=True,
+                    manage_billing=True,
+                    manage_providers=True,
+                    manage_integrations=True,
+                    manage_scans=True,
+                    unlimited_visibility=True,
+                )
+                UserRoleRelationship.objects.using(MainRouter.admin_db).create(
+                    user=user,
+                    role=role,
+                    tenant_id=tenant.id,
                )
-                with rls_transaction(str(tenant.id)):
-                    Membership.objects.using(MainRouter.admin_db).create(
-                        user=user, tenant=tenant, role=Membership.RoleChoices.OWNER
-                    )
-                    role = Role.objects.using(MainRouter.admin_db).create(
-                        name="admin",
-                        tenant_id=tenant.id,
-                        manage_users=True,
-                        manage_account=True,
-                        manage_billing=True,
-                        manage_providers=True,
-                        manage_integrations=True,
-                        manage_scans=True,
-                        unlimited_visibility=True,
-                    )
-                    UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-                        user=user,
-                        role=role,
-                        tenant_id=tenant.id,
-                    )
-            else:
-                request.session["saml_user_created"] = str(user.id)
-
        return user
@@ -1,5 +1,4 @@
 from django.core.exceptions import ObjectDoesNotExist
-from django.db import transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
 from rest_framework.filters import SearchFilter
@@ -47,11 +46,9 @@ class BaseViewSet(ModelViewSet):


 class BaseRLSViewSet(BaseViewSet):
-    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            return super().dispatch(request, *args, **kwargs)
-
    def initial(self, request, *args, **kwargs):
+        super().initial(request, *args, **kwargs)
+
        # Ideally, this logic would be in the `.setup()` method but DRF view sets don't call it
        # https://docs.djangoproject.com/en/5.1/ref/class-based-views/base/#django.views.generic.base.View.setup
        if request.auth is None:
@@ -61,9 +58,19 @@ class BaseRLSViewSet(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
-            return super().initial(request, *args, **kwargs)
+        self.request.tenant_id = tenant_id
+
+        self._rls_cm = rls_transaction(tenant_id)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response

    def get_serializer_context(self):
        context = super().get_serializer_context()
@@ -73,8 +80,7 @@ class BaseRLSViewSet(BaseViewSet):

 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            tenant = super().dispatch(request, *args, **kwargs)
+        tenant = super().dispatch(request, *args, **kwargs)

        try:
            # If the request is a POST, create the admin role
@@ -109,6 +115,8 @@ class BaseTenantViewset(BaseViewSet):
                pass  # Tenant might not exist, handle gracefully

    def initial(self, request, *args, **kwargs):
+        super().initial(request, *args, **kwargs)
+
        if request.auth is None:
            raise NotAuthenticated

@@ -117,19 +125,27 @@ class BaseTenantViewset(BaseViewSet):
            raise NotAuthenticated("Tenant ID is not present in token")

        user_id = str(request.user.id)
-        with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
-            return super().initial(request, *args, **kwargs)
+
+        self._rls_cm = rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response


 class BaseUserViewset(BaseViewSet):
-    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            return super().dispatch(request, *args, **kwargs)
-
    def initial(self, request, *args, **kwargs):
+        super().initial(request, *args, **kwargs)
+
        # TODO refactor after improving RLS on users
        if request.stream is not None and request.stream.method == "POST":
-            return super().initial(request, *args, **kwargs)
+            return
        if request.auth is None:
            raise NotAuthenticated

@@ -137,6 +153,16 @@ class BaseUserViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
-            return super().initial(request, *args, **kwargs)
+        self.request.tenant_id = tenant_id
+
+        self._rls_cm = rls_transaction(tenant_id)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response
@@ -196,10 +196,6 @@ def generate_compliance_overview_template(prowler_compliance: dict):
                requirement_dict = {
                    "name": requirement.Name or requirement.Id,
                    "description": requirement.Description,
-                    "tactics": getattr(requirement, "Tactics", []),
-                    "subtechniques": getattr(requirement, "SubTechniques", []),
-                    "platforms": getattr(requirement, "Platforms", []),
-                    "technique_url": getattr(requirement, "TechniqueURL", ""),
                    "attributes": [
                        dict(attribute) for attribute in requirement.Attributes
                    ],
@@ -175,29 +175,6 @@ def create_objects_in_batches(
            model.objects.bulk_create(chunk, batch_size)


-def update_objects_in_batches(
-    tenant_id: str, model, objects: list, fields: list, batch_size: int = 500
-):
-    """
-    Bulk-update model instances in repeated, per-tenant RLS transactions.
-
-    All chunks execute in their own transaction, so no single transaction
-    grows too large.
-
-    Args:
-        tenant_id (str): UUID string of the tenant under which to set RLS.
-        model: Django model class whose `.objects.bulk_update()` will be called.
-        objects (list): List of model instances (saved) to bulk-update.
-        fields (list): List of field names to update.
-        batch_size (int): Maximum number of objects per bulk_update call.
-    """
-    total = len(objects)
-    for start in range(0, total, batch_size):
-        chunk = objects[start : start + batch_size]
-        with rls_transaction(value=tenant_id, parameter=POSTGRES_TENANT_VAR):
-            model.objects.bulk_update(chunk, fields, batch_size)
-
-
 # Postgres Enums


@@ -552,15 +529,3 @@ class IntegrationTypeEnum(EnumType):
 class IntegrationTypeEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("integration_type", *args, **kwargs)
-
-
-# Postgres enum definition for Processor type
-
-
-class ProcessorTypeEnum(EnumType):
-    enum_type_name = "processor_type"
-
-
-class ProcessorTypeEnumField(PostgresEnumField):
-    def __init__(self, *args, **kwargs):
-        super().__init__("processor_type", *args, **kwargs)
@@ -57,11 +57,6 @@ class TaskInProgressException(TaskManagementError):
        super().__init__()


-# Provider connection errors
-class ProviderConnectionError(Exception):
-    """Base exception for provider connection errors."""
-
-
 def custom_exception_handler(exc, context):
    if isinstance(exc, django_validation_error):
        if hasattr(exc, "error_dict"):
@@ -78,21 +73,3 @@ def custom_exception_handler(exc, context):
                message_item["message"] for message_item in exc.detail["messages"]
            ]
    return exception_handler(exc, context)
-
-
-class ConflictException(APIException):
-    status_code = status.HTTP_409_CONFLICT
-    default_detail = "A conflict occurred. The resource already exists."
-    default_code = "conflict"
-
-    def __init__(self, detail=None, code=None, pointer=None):
-        error_detail = {
-            "detail": detail or self.default_detail,
-            "status": self.status_code,
-            "code": self.default_code,
-        }
-
-        if pointer:
-            error_detail["source"] = {"pointer": pointer}
-
-        super().__init__(detail=[error_detail])
@@ -1,6 +1,5 @@
 from datetime import date, datetime, timedelta, timezone

-from dateutil.parser import parse
 from django.conf import settings
 from django.db.models import Q
 from django_filters.rest_framework import (
@@ -29,7 +28,6 @@ from api.models import (
    Invitation,
    Membership,
    PermissionChoices,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
@@ -340,8 +338,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
    tags = CharFilter(method="filter_tag")
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    scan = UUIDFilter(field_name="provider__scan", lookup_expr="exact")
-    scan__in = UUIDInFilter(field_name="provider__scan", lookup_expr="in")

    class Meta:
        model = Resource
@@ -356,82 +352,6 @@ class ResourceFilter(ProviderRelationshipFilterSet):
            "updated_at": ["gte", "lte"],
        }

-    def filter_queryset(self, queryset):
-        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
-            self.data.get("updated_at")
-            or self.data.get("updated_at__date")
-            or self.data.get("updated_at__gte")
-            or self.data.get("updated_at__lte")
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": "At least one date filter is required: filter[updated_at], filter[updated_at.gte], "
-                        "or filter[updated_at.lte].",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "required",
-                    }
-                ]
-            )
-
-        gte_date = (
-            parse(self.data.get("updated_at__gte")).date()
-            if self.data.get("updated_at__gte")
-            else datetime.now(timezone.utc).date()
-        )
-        lte_date = (
-            parse(self.data.get("updated_at__lte")).date()
-            if self.data.get("updated_at__lte")
-            else datetime.now(timezone.utc).date()
-        )
-
-        if abs(lte_date - gte_date) > timedelta(
-            days=settings.FINDINGS_MAX_DAYS_IN_RANGE
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"The date range cannot exceed {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/updated_at"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        return super().filter_queryset(queryset)
-
-    def filter_tag_key(self, queryset, name, value):
-        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))
-
-    def filter_tag_value(self, queryset, name, value):
-        return queryset.filter(Q(tags__value=value) | Q(tags__value__icontains=value))
-
-    def filter_tag(self, queryset, name, value):
-        # We won't know what the user wants to filter on just based on the value,
-        # and we don't want to build special filtering logic for every possible
-        # provider tag spec, so we'll just do a full text search
-        return queryset.filter(tags__text_search=value)
-
-
-class LatestResourceFilter(ProviderRelationshipFilterSet):
-    tag_key = CharFilter(method="filter_tag_key")
-    tag_value = CharFilter(method="filter_tag_value")
-    tag = CharFilter(method="filter_tag")
-    tags = CharFilter(method="filter_tag")
-
-    class Meta:
-        model = Resource
-        fields = {
-            "provider": ["exact", "in"],
-            "uid": ["exact", "icontains"],
-            "name": ["exact", "icontains"],
-            "region": ["exact", "icontains", "in"],
-            "service": ["exact", "icontains", "in"],
-            "type": ["exact", "icontains", "in"],
-        }
-
    def filter_tag_key(self, queryset, name, value):
        return queryset.filter(Q(tags__key=value) | Q(tags__key__icontains=value))

@@ -784,12 +704,3 @@ class IntegrationFilter(FilterSet):
        fields = {
            "inserted_at": ["date", "gte", "lte"],
        }
-
-
-class ProcessorFilter(FilterSet):
-    processor_type = ChoiceFilter(choices=Processor.ProcessorChoices.choices)
-    processor_type__in = ChoiceInFilter(
-        choices=Processor.ProcessorChoices.choices,
-        field_name="processor_type",
-        lookup_expr="in",
-    )
@@ -3,7 +3,7 @@
    "model": "api.user",
    "pk": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devie Prowlerson",
      "email": "dev@prowler.com",
@@ -16,7 +16,7 @@
    "model": "api.user",
    "pk": "b6493a3a-c997-489b-8b99-278bf74de9f6",
    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
+      "password": "pbkdf2_sha256$720000$vA62S78kog2c2ytycVQdke$Fp35GVLLMyy5fUq3krSL9I02A+ocQ+RVa4S22LIAO5s=",
      "last_login": null,
      "name": "Devietoo Prowlerson",
      "email": "dev2@prowler.com",
@@ -24,18 +24,5 @@
      "is_active": true,
      "date_joined": "2024-09-18T09:04:20.850Z"
    }
-  },
-  {
-    "model": "api.user",
-    "pk": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-    "fields": {
-      "password": "pbkdf2_sha256$870000$Z63pGJ7nre48hfcGbk5S0O$rQpKczAmijs96xa+gPVJifpT3Fetb8DOusl5Eq6gxac=",
-      "last_login": null,
-      "name": "E2E Test User",
-      "email": "e2e@prowler.com",
-      "company_name": "Prowler E2E Tests",
-      "is_active": true,
-      "date_joined": "2024-01-01T00:00:00.850Z"
-    }
  }
 ]
@@ -46,24 +46,5 @@
      "role": "member",
      "date_joined": "2024-09-19T11:03:59.712Z"
    }
-  },
-  {
-    "model": "api.tenant",
-    "pk": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-    "fields": {
-      "inserted_at": "2024-01-01T00:00:00Z",
-      "updated_at": "2024-01-01T00:00:00Z",
-      "name": "E2E Test Tenant"
-    }
-  },
-  {
-    "model": "api.membership",
-    "pk": "9b1a2c3d-4e5f-6789-abc1-23456789def0",
-    "fields": {
-      "user": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "role": "owner",
-      "date_joined": "2024-01-01T00:00:00.000Z"
-    }
  }
 ]
@@ -149,32 +149,5 @@
      "user": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
      "inserted_at": "2024-11-20T15:36:14.302Z"
    }
-  },
-  {
-    "model": "api.role",
-    "pk": "a5b6c7d8-9e0f-1234-5678-90abcdef1234",
-    "fields": {
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "name": "e2e_admin",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": true,
-      "manage_scans": true,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-01-01T00:00:00.000Z",
-      "updated_at": "2024-01-01T00:00:00.000Z"
-    }
-  },
-  {
-    "model": "api.userrolerelationship",
-    "pk": "f1e2d3c4-b5a6-9876-5432-10fedcba9876",
-    "fields": {
-      "tenant": "7c8f94a3-e2d1-4b3a-9f87-2c4d5e6f1a2b",
-      "role": "a5b6c7d8-9e0f-1234-5678-90abcdef1234",
-      "user": "6d4f8a91-3c2e-4b5a-8f7d-1e9c5b2a4d6f",
-      "inserted_at": "2024-01-01T00:00:00.000Z"
-    }
  }
 ]
@@ -1,80 +0,0 @@
-from django.contrib.sites.models import Site
-from django.core.management.base import BaseCommand
-from django.db import DEFAULT_DB_ALIAS, connection, connections, transaction
-from django.db.migrations.recorder import MigrationRecorder
-
-
-def table_exists(table_name):
-    with connection.cursor() as cursor:
-        cursor.execute(
-            """
-                SELECT EXISTS (
-                    SELECT 1 FROM information_schema.tables
-                    WHERE table_name = %s
-                )
-            """,
-            [table_name],
-        )
-        return cursor.fetchone()[0]
-
-
-class Command(BaseCommand):
-    help = "Fix migration inconsistency between socialaccount and sites"
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--database",
-            default=DEFAULT_DB_ALIAS,
-            help="Specifies the database to operate on.",
-        )
-
-    def handle(self, *args, **options):
-        db = options["database"]
-        connection = connections[db]
-        recorder = MigrationRecorder(connection)
-
-        applied = set(recorder.applied_migrations())
-
-        has_social = ("socialaccount", "0001_initial") in applied
-
-        with connection.cursor() as cursor:
-            cursor.execute(
-                """
-                SELECT EXISTS (
-                    SELECT FROM information_schema.tables
-                    WHERE table_name = 'django_site'
-                );
-            """
-            )
-            site_table_exists = cursor.fetchone()[0]
-
-        if has_social and not site_table_exists:
-            self.stdout.write(
-                f"Detected inconsistency in '{db}'. Creating 'django_site' table manually..."
-            )
-
-            with transaction.atomic(using=db):
-                with connection.schema_editor() as schema_editor:
-                    schema_editor.create_model(Site)
-
-                recorder.record_applied("sites", "0001_initial")
-                recorder.record_applied("sites", "0002_alter_domain_unique")
-
-            self.stdout.write(
-                "Fixed: 'django_site' table created and migrations registered."
-            )
-
-            # Ensure the relationship table also exists
-            if not table_exists("socialaccount_socialapp_sites"):
-                self.stdout.write(
-                    "Detected missing 'socialaccount_socialapp_sites' table. Creating manually..."
-                )
-                with connection.schema_editor() as schema_editor:
-                    from allauth.socialaccount.models import SocialApp
-
-                    schema_editor.create_model(
-                        SocialApp._meta.get_field("sites").remote_field.through
-                    )
-                self.stdout.write(
-                    "Fixed: 'socialaccount_socialapp_sites' table created."
-                )
@@ -1,5 +1,4 @@
-# Generated by Django 5.1.10 on 2025-06-12 12:45
-
+# Generated by Django 5.1.7 on 2025-04-10 14:54
 import uuid

 import django.core.validators
@@ -13,10 +12,9 @@ class Migration(migrations.Migration):
    dependencies = [
        ("api", "0029_findings_check_index_parent"),
    ]
-
    operations = [
        migrations.CreateModel(
-            name="LighthouseConfiguration",
+            name="LighthouseConfig",
            fields=[
                (
                    "id",
@@ -32,49 +30,20 @@ class Migration(migrations.Migration):
                (
                    "name",
                    models.CharField(
-                        help_text="Name of the configuration",
                        max_length=100,
                        validators=[django.core.validators.MinLengthValidator(3)],
                    ),
                ),
-                (
-                    "api_key",
-                    models.BinaryField(
-                        help_text="Encrypted API key for the LLM service"
-                    ),
-                ),
-                (
-                    "model",
-                    models.CharField(
-                        choices=[
-                            ("gpt-4o-2024-11-20", "GPT-4o v2024-11-20"),
-                            ("gpt-4o-2024-08-06", "GPT-4o v2024-08-06"),
-                            ("gpt-4o-2024-05-13", "GPT-4o v2024-05-13"),
-                            ("gpt-4o", "GPT-4o Default"),
-                            ("gpt-4o-mini-2024-07-18", "GPT-4o Mini v2024-07-18"),
-                            ("gpt-4o-mini", "GPT-4o Mini Default"),
-                        ],
-                        default="gpt-4o-2024-08-06",
-                        help_text="Must be one of the supported model names",
-                        max_length=50,
-                    ),
-                ),
-                (
-                    "temperature",
-                    models.FloatField(default=0, help_text="Must be between 0 and 1"),
-                ),
-                (
-                    "max_tokens",
-                    models.IntegerField(
-                        default=4000, help_text="Must be between 500 and 5000"
-                    ),
-                ),
+                ("api_key", models.BinaryField()),
+                ("model", models.CharField(default="gpt-4o", max_length=50)),
+                ("temperature", models.FloatField(default=0.7)),
+                ("max_tokens", models.IntegerField(default=4000)),
                (
                    "business_context",
                    models.TextField(
                        blank=True,
-                        default="",
                        help_text="Additional business context for this AI model configuration",
+                        null=True,
                    ),
                ),
                ("is_active", models.BooleanField(default=True)),
@@ -88,6 +57,12 @@ class Migration(migrations.Migration):
            options={
                "db_table": "lighthouse_configurations",
                "abstract": False,
+                "indexes": [
+                    models.Index(fields=["name"], name="lighthouse_config_name_idx"),
+                    models.Index(
+                        fields=["is_active"], name="lighthouse_config_active_idx"
+                    ),
+                ],
                "constraints": [
                    models.UniqueConstraint(
                        fields=("tenant_id",),
@@ -97,10 +72,10 @@ class Migration(migrations.Migration):
            },
        ),
        migrations.AddConstraint(
-            model_name="lighthouseconfiguration",
+            model_name="lighthouseconfig",
            constraint=api.rls.RowLevelSecurityConstraint(
                "tenant_id",
-                name="rls_on_lighthouseconfiguration",
+                name="rls_on_lighthouseconfig",
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ),
@@ -1,24 +0,0 @@
-# Generated by Django 5.1.10 on 2025-06-23 10:04
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0030_lighthouseconfiguration"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="scan",
-            name="scheduler_task",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                to="django_celery_beat.periodictask",
-            ),
-        ),
-    ]
@@ -1,150 +0,0 @@
-# Generated by Django 5.1.10 on 2025-07-02 15:47
-
-import uuid
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0031_scan_disable_on_cascade_periodic_tasks"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="integration",
-            name="integration_type",
-            field=api.db_utils.IntegrationTypeEnumField(
-                choices=[
-                    ("amazon_s3", "Amazon S3"),
-                    ("aws_security_hub", "AWS Security Hub"),
-                    ("jira", "JIRA"),
-                    ("slack", "Slack"),
-                ]
-            ),
-        ),
-        migrations.CreateModel(
-            name="SAMLToken",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("expires_at", models.DateTimeField(editable=False)),
-                ("token", models.JSONField(unique=True)),
-                (
-                    "user",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to=settings.AUTH_USER_MODEL,
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "saml_tokens",
-            },
-        ),
-        migrations.CreateModel(
-            name="SAMLConfiguration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                (
-                    "email_domain",
-                    models.CharField(
-                        help_text="Email domain used to identify the tenant, e.g. prowlerdemo.com",
-                        max_length=254,
-                        unique=True,
-                    ),
-                ),
-                (
-                    "metadata_xml",
-                    models.TextField(
-                        help_text="Raw IdP metadata XML to configure SingleSignOnService, certificates, etc."
-                    ),
-                ),
-                ("created_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "saml_configurations",
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="samlconfiguration",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_samlconfiguration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="samlconfiguration",
-            constraint=models.UniqueConstraint(
-                fields=("tenant",), name="unique_samlconfig_per_tenant"
-            ),
-        ),
-        migrations.CreateModel(
-            name="SAMLDomainIndex",
-            fields=[
-                (
-                    "id",
-                    models.BigAutoField(
-                        auto_created=True,
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                    ),
-                ),
-                ("email_domain", models.CharField(max_length=254, unique=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "saml_domain_index",
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="samldomainindex",
-            constraint=models.UniqueConstraint(
-                fields=("email_domain", "tenant"),
-                name="unique_resources_by_email_domain",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="samldomainindex",
-            constraint=api.rls.BaseSecurityConstraint(
-                name="statements_on_samldomainindex",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -1,34 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import PostgresEnumMigration, ProcessorTypeEnum, register_enum
-from api.models import Processor
-
-ProcessorTypeEnumMigration = PostgresEnumMigration(
-    enum_name="processor_type",
-    enum_values=tuple(
-        processor_type[0] for processor_type in Processor.ProcessorChoices.choices
-    ),
-)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0032_saml"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            ProcessorTypeEnumMigration.create_enum_type,
-            reverse_code=ProcessorTypeEnumMigration.drop_enum_type,
-        ),
-        migrations.RunPython(
-            partial(register_enum, enum_class=ProcessorTypeEnum),
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
@@ -1,88 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-26 13:04
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-from api.rls import RowLevelSecurityConstraint
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0033_processors_enum"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Processor",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "processor_type",
-                    api.db_utils.ProcessorTypeEnumField(
-                        choices=[("mutelist", "Mutelist")]
-                    ),
-                ),
-                ("configuration", models.JSONField(default=dict)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "processors",
-                "abstract": False,
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "id"], name="processor_tenant_id_idx"
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "processor_type"],
-                        name="processor_tenant_type_idx",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="processor",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_processor",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="scan",
-            name="processor",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="scans",
-                related_query_name="scan",
-                to="api.processor",
-            ),
-        ),
-    ]
@@ -1,22 +0,0 @@
-import django.core.validators
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0034_processors"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="muted_reason",
-            field=models.TextField(
-                blank=True,
-                max_length=500,
-                null=True,
-                validators=[django.core.validators.MinLengthValidator(3)],
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0035_finding_muted_reason"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-                columns="tenant_id, finding_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0036_rfm_tenant_finding_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-        ),
-    ]
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0037_rfm_tenant_finding_index_parent"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="resource",
-            name="failed_findings_count",
-            field=models.IntegerField(default=0),
-        )
-    ]
@@ -1,20 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0038_resource_failed_findings_count"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
-        ),
-    ]
@@ -1,30 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0039_resource_resources_failed_findings_idx"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-                columns="tenant_id, resource_id",
-                method="BTREE",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="resource_finding_mappings",
-                index_name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0040_rfm_tenant_resource_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="resourcefindingmapping",
-            index=models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ),
-    ]
@@ -1,23 +0,0 @@
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0041_rfm_tenant_resource_parent_partitions"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="scan",
-            index=models.Index(
-                condition=models.Q(("state", "completed")),
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                include=("id",),
-                name="scans_prov_ins_desc_idx",
-            ),
-        ),
-    ]
@@ -1,33 +0,0 @@
-# Generated by Django 5.1.7 on 2025-07-09 14:44
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0042_scan_scans_prov_ins_desc_idx"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'github';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,19 +0,0 @@
-# Generated by Django 5.1.10 on 2025-07-17 11:52
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0043_github_provider"),
-    ]
-
-    operations = [
-        migrations.AddConstraint(
-            model_name="integration",
-            constraint=models.UniqueConstraint(
-                fields=("configuration", "tenant"),
-                name="unique_configuration_per_tenant",
-            ),
-        ),
-    ]
@@ -1,17 +0,0 @@
-# Generated by Django 5.1.10 on 2025-07-21 16:08
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0044_integration_unique_configuration_per_tenant"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="scan",
-            name="output_location",
-            field=models.CharField(blank=True, max_length=4096, null=True),
-        ),
-    ]
@@ -1,21 +1,15 @@
 import json
 import logging
 import re
-import xml.etree.ElementTree as ET
-from datetime import datetime, timedelta, timezone
 from uuid import UUID, uuid4

-from allauth.socialaccount.models import SocialApp
 from config.custom_logging import BackendLogger
-from config.settings.social_login import SOCIALACCOUNT_PROVIDERS
 from cryptography.fernet import Fernet, InvalidToken
 from django.conf import settings
 from django.contrib.auth.models import AbstractBaseUser
 from django.contrib.postgres.fields import ArrayField
 from django.contrib.postgres.indexes import GinIndex
 from django.contrib.postgres.search import SearchVector, SearchVectorField
-from django.contrib.sites.models import Site
-from django.core.exceptions import ValidationError
 from django.core.validators import MinLengthValidator
 from django.db import models
 from django.db.models import Q
@@ -27,14 +21,12 @@ from psqlextra.models import PostgresPartitionedModel
 from psqlextra.types import PostgresPartitioningMethod
 from uuid6 import uuid7

-from api.db_router import MainRouter
 from api.db_utils import (
    CustomUserManager,
    FindingDeltaEnumField,
    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
-    ProcessorTypeEnumField,
    ProviderEnumField,
    ProviderSecretTypeEnumField,
    ScanTriggerEnumField,
@@ -205,7 +197,6 @@ class Provider(RowLevelSecurityProtectedModel):
        GCP = "gcp", _("GCP")
        KUBERNETES = "kubernetes", _("Kubernetes")
        M365 = "m365", _("M365")
-        GITHUB = "github", _("GitHub")

    @staticmethod
    def validate_aws_uid(value):
@@ -266,16 +257,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_github_uid(value):
-        if not re.match(r"^[a-zA-Z0-9][a-zA-Z0-9-]{0,38}$", value):
-            raise ModelValidationError(
-                detail="GitHub provider ID must be a valid GitHub username or organization name (1-39 characters, "
-                "starting with alphanumeric, containing only alphanumeric characters and hyphens).",
-                code="github-uid",
-                pointer="/data/attributes/uid",
-            )
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -421,6 +402,20 @@ class Scan(RowLevelSecurityProtectedModel):
    name = models.CharField(
        blank=True, null=True, max_length=100, validators=[MinLengthValidator(3)]
    )
+    provider = models.ForeignKey(
+        Provider,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+    )
+    task = models.ForeignKey(
+        Task,
+        on_delete=models.CASCADE,
+        related_name="scans",
+        related_query_name="scan",
+        null=True,
+        blank=True,
+    )
    trigger = ScanTriggerEnumField(
        choices=TriggerChoices.choices,
    )
@@ -436,31 +431,11 @@ class Scan(RowLevelSecurityProtectedModel):
    completed_at = models.DateTimeField(null=True, blank=True)
    next_scan_at = models.DateTimeField(null=True, blank=True)
    scheduler_task = models.ForeignKey(
-        PeriodicTask, on_delete=models.SET_NULL, null=True, blank=True
-    )
-    output_location = models.CharField(blank=True, null=True, max_length=4096)
-    provider = models.ForeignKey(
-        Provider,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-    )
-    task = models.ForeignKey(
-        Task,
-        on_delete=models.CASCADE,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
-    )
-    processor = models.ForeignKey(
-        "Processor",
-        on_delete=models.SET_NULL,
-        related_name="scans",
-        related_query_name="scan",
-        null=True,
-        blank=True,
+        PeriodicTask, on_delete=models.CASCADE, null=True, blank=True
    )
+    output_location = models.CharField(blank=True, null=True, max_length=200)
+
+    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "scans"
@@ -487,13 +462,6 @@ class Scan(RowLevelSecurityProtectedModel):
                condition=Q(state=StateChoices.COMPLETED),
                name="scans_prov_state_ins_desc_idx",
            ),
-            # TODO This might replace `scans_prov_state_ins_desc_idx` completely. Review usage
-            models.Index(
-                fields=["tenant_id", "provider_id", "-inserted_at"],
-                condition=Q(state=StateChoices.COMPLETED),
-                include=["id"],
-                name="scans_prov_ins_desc_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -579,8 +547,6 @@ class Resource(RowLevelSecurityProtectedModel):
    details = models.TextField(blank=True, null=True)
    partition = models.TextField(blank=True, null=True)

-    failed_findings_count = models.IntegerField(default=0)
-
    # Relationships
    tags = models.ManyToManyField(
        ResourceTag,
@@ -627,10 +593,6 @@ class Resource(RowLevelSecurityProtectedModel):
                fields=["tenant_id", "provider_id"],
                name="resources_tenant_provider_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "-failed_findings_count", "id"],
-                name="resources_failed_findings_idx",
-            ),
        ]

        constraints = [
@@ -729,9 +691,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    check_id = models.CharField(max_length=100, blank=False, null=False)
    check_metadata = models.JSONField(default=dict, null=False)
    muted = models.BooleanField(default=False, null=False)
-    muted_reason = models.TextField(
-        blank=True, null=True, validators=[MinLengthValidator(3)], max_length=500
-    )
    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Denormalize resource data for performance
@@ -873,16 +832,6 @@ class ResourceFindingMapping(PostgresPartitionedModel, RowLevelSecurityProtected
        #   - tenant_id
        #   - id

-        indexes = [
-            models.Index(
-                fields=["tenant_id", "finding_id"],
-                name="rfm_tenant_finding_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "resource_id"],
-                name="rfm_tenant_resource_idx",
-            ),
-        ]
        constraints = [
            models.UniqueConstraint(
                fields=("tenant_id", "resource_id", "finding_id"),
@@ -987,11 +936,6 @@ class Invitation(RowLevelSecurityProtectedModel):
        null=True,
    )

-    def save(self, *args, **kwargs):
-        if self.email:
-            self.email = self.email.strip().lower()
-        super().save(*args, **kwargs)
-
    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "invitations"

@@ -1346,7 +1290,8 @@ class ScanSummary(RowLevelSecurityProtectedModel):

 class Integration(RowLevelSecurityProtectedModel):
    class IntegrationChoices(models.TextChoices):
-        AMAZON_S3 = "amazon_s3", _("Amazon S3")
+        S3 = "amazon_s3", _("Amazon S3")
+        SAML = "saml", _("SAML")
        AWS_SECURITY_HUB = "aws_security_hub", _("AWS Security Hub")
        JIRA = "jira", _("JIRA")
        SLACK = "slack", _("Slack")
@@ -1372,10 +1317,6 @@ class Integration(RowLevelSecurityProtectedModel):
        db_table = "integrations"

        constraints = [
-            models.UniqueConstraint(
-                fields=("configuration", "tenant"),
-                name="unique_configuration_per_tenant",
-            ),
            RowLevelSecurityConstraint(
                field="tenant_id",
                name="rls_on_%(class)s",
@@ -1424,273 +1365,6 @@ class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
        ]


-class SAMLToken(models.Model):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    expires_at = models.DateTimeField(editable=False)
-    token = models.JSONField(unique=True)
-    user = models.ForeignKey(User, on_delete=models.CASCADE)
-
-    class Meta:
-        db_table = "saml_tokens"
-
-    def save(self, *args, **kwargs):
-        if not self.expires_at:
-            self.expires_at = datetime.now(timezone.utc) + timedelta(seconds=15)
-        super().save(*args, **kwargs)
-
-    def is_expired(self) -> bool:
-        return datetime.now(timezone.utc) >= self.expires_at
-
-
-class SAMLDomainIndex(models.Model):
-    """
-    Public index of SAML domains. No RLS. Used for fast lookup in SAML login flow.
-    """
-
-    email_domain = models.CharField(max_length=254, unique=True)
-    tenant = models.ForeignKey("Tenant", on_delete=models.CASCADE)
-
-    class Meta:
-        db_table = "saml_domain_index"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("email_domain", "tenant"),
-                name="unique_resources_by_email_domain",
-            ),
-            BaseSecurityConstraint(
-                name="statements_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-
-class SAMLConfiguration(RowLevelSecurityProtectedModel):
-    """
-    Stores per-tenant SAML settings, including email domain and IdP metadata.
-    Automatically syncs to a SocialApp instance on save.
-
-    Note:
-    This model exists to provide a tenant-aware abstraction over SAML configuration.
-    It supports row-level security, custom validation, and metadata parsing, enabling
-    Prowler to expose a clean API and admin interface for managing SAML integrations.
-
-    Although Django Allauth uses the SocialApp model to store provider configuration,
-    it is not designed for multi-tenant use. SocialApp lacks support for tenant scoping,
-    email domain mapping, and structured metadata handling.
-
-    By managing SAMLConfiguration separately, we ensure:
-        - Strong isolation between tenants via RLS.
-        - Ownership of raw IdP metadata and its validation.
-        - An explicit link between SAML config and business-level identifiers (e.g. email domain).
-        - Programmatic transformation into the SocialApp format used by Allauth.
-
-    In short, this model acts as a secure and user-friendly layer over Allauth's lower-level primitives.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    email_domain = models.CharField(
-        max_length=254,
-        unique=True,
-        help_text="Email domain used to identify the tenant, e.g. prowlerdemo.com",
-    )
-    metadata_xml = models.TextField(
-        help_text="Raw IdP metadata XML to configure SingleSignOnService, certificates, etc."
-    )
-    created_at = models.DateTimeField(auto_now_add=True)
-    updated_at = models.DateTimeField(auto_now=True)
-
-    class JSONAPIMeta:
-        resource_name = "saml-configurations"
-
-    class Meta:
-        db_table = "saml_configurations"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            # 1 config per tenant
-            models.UniqueConstraint(
-                fields=["tenant"],
-                name="unique_samlconfig_per_tenant",
-            ),
-        ]
-
-    def clean(self, old_email_domain=None, is_create=False):
-        # Domain must not contain @
-        if "@" in self.email_domain:
-            raise ValidationError({"email_domain": "Domain must not contain @"})
-
-        # Enforce at most one config per tenant
-        qs = SAMLConfiguration.objects.filter(tenant=self.tenant)
-        # Exclude ourselves in case of update
-        if self.pk:
-            qs = qs.exclude(pk=self.pk)
-        if qs.exists():
-            raise ValidationError(
-                {"tenant": "A SAML configuration already exists for this tenant."}
-            )
-
-        # The email domain must be unique in the entire system
-        qs = SAMLConfiguration.objects.using(MainRouter.admin_db).filter(
-            email_domain__iexact=self.email_domain
-        )
-        if qs.exists() and old_email_domain != self.email_domain:
-            raise ValidationError(
-                {"tenant": "There is a problem with your email domain."}
-            )
-
-        # The entityID must be unique in the system
-        idp_settings = self._parsed_metadata
-        entity_id = idp_settings.get("entity_id")
-
-        if entity_id:
-            # Find any SocialApp with this entityID
-            q = SocialApp.objects.filter(provider="saml", provider_id=entity_id)
-
-            # If updating, exclude our own SocialApp from the check
-            if not is_create:
-                q = q.exclude(client_id=old_email_domain)
-            else:
-                q = q.exclude(client_id=self.email_domain)
-
-            if q.exists():
-                raise ValidationError(
-                    {"metadata_xml": "There is a problem with your metadata."}
-                )
-
-    def save(self, *args, **kwargs):
-        self.email_domain = self.email_domain.strip().lower()
-        is_create = not SAMLConfiguration.objects.filter(pk=self.pk).exists()
-
-        if not is_create:
-            old = SAMLConfiguration.objects.get(pk=self.pk)
-            old_email_domain = old.email_domain
-            old_metadata_xml = old.metadata_xml
-        else:
-            old_email_domain = None
-            old_metadata_xml = None
-
-        self._parsed_metadata = self._parse_metadata()
-        self.clean(old_email_domain, is_create)
-        super().save(*args, **kwargs)
-
-        if is_create or (
-            old_email_domain != self.email_domain
-            or old_metadata_xml != self.metadata_xml
-        ):
-            self._sync_social_app(old_email_domain)
-
-        # Sync the public index
-        if not is_create and old_email_domain and old_email_domain != self.email_domain:
-            SAMLDomainIndex.objects.filter(email_domain=old_email_domain).delete()
-
-        # Create/update the new domain index
-        SAMLDomainIndex.objects.update_or_create(
-            email_domain=self.email_domain, defaults={"tenant": self.tenant}
-        )
-
-    def delete(self, *args, **kwargs):
-        super().delete(*args, **kwargs)
-
-        SocialApp.objects.filter(provider="saml", client_id=self.email_domain).delete()
-        SAMLDomainIndex.objects.filter(email_domain=self.email_domain).delete()
-
-    def _parse_metadata(self):
-        """
-        Parse the raw IdP metadata XML and extract:
-            - entity_id
-            - sso_url
-            - slo_url (may be None)
-            - x509cert (required)
-        """
-        ns = {
-            "md": "urn:oasis:names:tc:SAML:2.0:metadata",
-            "ds": "http://www.w3.org/2000/09/xmldsig#",
-        }
-        try:
-            root = ET.fromstring(self.metadata_xml)
-        except ET.ParseError as e:
-            raise ValidationError({"metadata_xml": f"Invalid XML: {e}"})
-
-        # Entity ID
-        entity_id = root.attrib.get("entityID")
-        if not entity_id:
-            raise ValidationError({"metadata_xml": "Missing entityID in metadata."})
-
-        # SSO endpoint (must exist)
-        sso = root.find(".//md:IDPSSODescriptor/md:SingleSignOnService", ns)
-        if sso is None or "Location" not in sso.attrib:
-            raise ValidationError(
-                {"metadata_xml": "Missing SingleSignOnService in metadata."}
-            )
-        sso_url = sso.attrib["Location"]
-
-        # SLO endpoint (optional)
-        slo = root.find(".//md:IDPSSODescriptor/md:SingleLogoutService", ns)
-        slo_url = slo.attrib.get("Location") if slo is not None else None
-
-        # X.509 certificate (required)
-        cert = root.find(
-            './/md:KeyDescriptor[@use="signing"]/ds:KeyInfo/ds:X509Data/ds:X509Certificate',
-            ns,
-        )
-        if cert is None or not cert.text or not cert.text.strip():
-            raise ValidationError(
-                {
-                    "metadata_xml": 'Metadata must include a <ds:X509Certificate> under <KeyDescriptor use="signing">.'
-                }
-            )
-        x509cert = cert.text.strip()
-
-        return {
-            "entity_id": entity_id,
-            "sso_url": sso_url,
-            "slo_url": slo_url,
-            "x509cert": x509cert,
-        }
-
-    def _sync_social_app(self, previous_email_domain=None):
-        """
-        Create or update the corresponding SocialApp based on email_domain.
-        If the domain changed, update the matching SocialApp.
-        """
-        settings_dict = SOCIALACCOUNT_PROVIDERS["saml"].copy()
-        settings_dict["idp"] = self._parsed_metadata
-
-        current_site = Site.objects.get(id=settings.SITE_ID)
-
-        social_app_qs = SocialApp.objects.filter(
-            provider="saml", client_id=previous_email_domain or self.email_domain
-        )
-
-        client_id = self.email_domain[:191]
-        name = f"SAML-{self.email_domain}"[:40]
-
-        if social_app_qs.exists():
-            social_app = social_app_qs.first()
-            social_app.client_id = client_id
-            social_app.name = name
-            social_app.settings = settings_dict
-            social_app.provider_id = self._parsed_metadata["entity_id"]
-            social_app.save()
-            social_app.sites.set([current_site])
-        else:
-            social_app = SocialApp.objects.create(
-                provider="saml",
-                client_id=client_id,
-                name=name,
-                settings=settings_dict,
-                provider_id=self._parsed_metadata["entity_id"],
-            )
-            social_app.sites.set([current_site])
-
-
 class ResourceScanSummary(RowLevelSecurityProtectedModel):
    scan_id = models.UUIDField(default=uuid7, db_index=True)
    resource_id = models.UUIDField(default=uuid4, db_index=True)
@@ -1772,7 +1446,6 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
        choices=ModelChoices.choices,
        blank=False,
        null=False,
-        default=ModelChoices.GPT_4O_2024_08_06,
        help_text="Must be one of the supported model names",
    )
    temperature = models.FloatField(default=0, help_text="Must be between 0 and 1")
@@ -1864,43 +1537,4 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
        ]

    class JSONAPIMeta:
-        resource_name = "lighthouse-configurations"
-
-
-class Processor(RowLevelSecurityProtectedModel):
-    class ProcessorChoices(models.TextChoices):
-        MUTELIST = "mutelist", _("Mutelist")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    processor_type = ProcessorTypeEnumField(choices=ProcessorChoices.choices)
-    configuration = models.JSONField(default=dict)
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "processors"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "processor_type"),
-                name="unique_processor_types_tenant",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "id"],
-                name="processor_tenant_id_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "processor_type"],
-                name="processor_tenant_type_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "processors"
+        resource_name = "lighthouse-configuration"
@@ -11,7 +11,7 @@ def test_basic_authentication():
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password@1"
+    test_password = "test_password"

    # Check that a 401 is returned when no basic authentication is provided
    no_auth_response = client.get(reverse("provider-list"))
@@ -108,7 +108,7 @@ def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fi
    user1_email = "user1@testing.com"
    user2_email = "user2@testing.com"

-    password = "Thisisapassword123@"
+    password = "thisisapassword123"

    user1_response = client.post(
        reverse("user-list"),
@@ -187,7 +187,7 @@ class TestTokenSwitchTenant:
        client = APIClient()

        test_user = "test_email@prowler.com"
-        test_password = "Test_password1@"
+        test_password = "test_password"

        # Check that we can create a new user without any kind of authentication
        user_creation_response = client.post(
@@ -17,7 +17,7 @@ def test_delete_provider_without_executing_task(
    client = APIClient()

    test_user = "test_email@prowler.com"
-    test_password = "Test_password1@"
+    test_password = "test_password"

    prowler_task = tasks_fixture[0]
    task_mock = Mock()
@@ -1,77 +0,0 @@
-from unittest.mock import MagicMock, patch
-
-import pytest
-from allauth.socialaccount.models import SocialLogin
-from django.contrib.auth import get_user_model
-
-from api.adapters import ProwlerSocialAccountAdapter
-
-User = get_user_model()
-
-
-@pytest.mark.django_db
-class TestProwlerSocialAccountAdapter:
-    def test_get_user_by_email_returns_user(self, create_test_user):
-        adapter = ProwlerSocialAccountAdapter()
-        user = adapter.get_user_by_email(create_test_user.email)
-        assert user == create_test_user
-
-    def test_get_user_by_email_returns_none_for_unknown_email(self):
-        adapter = ProwlerSocialAccountAdapter()
-        assert adapter.get_user_by_email("notfound@example.com") is None
-
-    def test_pre_social_login_links_existing_user(self, create_test_user, rf):
-        adapter = ProwlerSocialAccountAdapter()
-
-        sociallogin = MagicMock(spec=SocialLogin)
-        sociallogin.account = MagicMock()
-        sociallogin.provider = MagicMock()
-        sociallogin.provider.id = "saml"
-        sociallogin.account.extra_data = {}
-        sociallogin.user = create_test_user
-        sociallogin.connect = MagicMock()
-
-        adapter.pre_social_login(rf.get("/"), sociallogin)
-
-        call_args = sociallogin.connect.call_args
-        assert call_args is not None
-
-        called_request, called_user = call_args[0]
-        assert called_request.path == "/"
-        assert called_user.email == create_test_user.email
-
-    def test_pre_social_login_no_link_if_email_missing(self, rf):
-        adapter = ProwlerSocialAccountAdapter()
-
-        sociallogin = MagicMock(spec=SocialLogin)
-        sociallogin.account = MagicMock()
-        sociallogin.provider = MagicMock()
-        sociallogin.user = MagicMock()
-        sociallogin.provider.id = "saml"
-        sociallogin.account.extra_data = {}
-        sociallogin.connect = MagicMock()
-
-        adapter.pre_social_login(rf.get("/"), sociallogin)
-
-        sociallogin.connect.assert_not_called()
-
-    def test_save_user_saml_sets_session_flag(self, rf):
-        adapter = ProwlerSocialAccountAdapter()
-        request = rf.get("/")
-        request.session = {}
-
-        sociallogin = MagicMock(spec=SocialLogin)
-        sociallogin.provider = MagicMock()
-        sociallogin.provider.id = "saml"
-        sociallogin.account = MagicMock()
-        sociallogin.account.extra_data = {}
-
-        mock_user = MagicMock()
-        mock_user.id = 123
-
-        with patch("api.adapters.super") as mock_super:
-            with patch("api.adapters.transaction"):
-                with patch("api.adapters.MainRouter"):
-                    mock_super.return_value.save_user.return_value = mock_user
-                    adapter.save_user(request, sociallogin)
-                    assert request.session["saml_user_created"] == "123"
@@ -218,10 +218,6 @@ class TestCompliance:
            Description="Description of requirement 1",
            Attributes=[],
            Checks=["check1", "check2"],
-            Tactics=["tactic1"],
-            SubTechniques=["subtechnique1"],
-            Platforms=["platform1"],
-            TechniqueURL="https://example.com",
        )
        requirement2 = MagicMock(
            Id="requirement2",
@@ -229,10 +225,6 @@ class TestCompliance:
            Description="Description of requirement 2",
            Attributes=[],
            Checks=[],
-            Tactics=[],
-            SubTechniques=[],
-            Platforms=[],
-            TechniqueURL="",
        )
        compliance1 = MagicMock(
            Requirements=[requirement1, requirement2],
@@ -255,10 +247,6 @@ class TestCompliance:
                        "requirement1": {
                            "name": "Requirement 1",
                            "description": "Description of requirement 1",
-                            "tactics": ["tactic1"],
-                            "subtechniques": ["subtechnique1"],
-                            "platforms": ["platform1"],
-                            "technique_url": "https://example.com",
                            "attributes": [],
                            "checks": {"check1": None, "check2": None},
                            "checks_status": {
@@ -272,10 +260,6 @@ class TestCompliance:
                        "requirement2": {
                            "name": "Requirement 2",
                            "description": "Description of requirement 2",
-                            "tactics": [],
-                            "subtechniques": [],
-                            "platforms": [],
-                            "technique_url": "",
                            "attributes": [],
                            "checks": {},
                            "checks_status": {
@@ -13,7 +13,6 @@ from api.db_utils import (
    enum_to_choices,
    generate_random_token,
    one_week_from_now,
-    update_objects_in_batches,
 )
 from api.models import Provider

@@ -228,88 +227,3 @@ class TestCreateObjectsInBatches:

        qs = Provider.objects.filter(tenant=tenant)
        assert qs.count() == total
-
-
-@pytest.mark.django_db
-class TestUpdateObjectsInBatches:
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def make_provider_instances(self, tenant, count):
-        """
-        Return a list of `count` unsaved Provider instances for the given tenant.
-        """
-        base_uid = 2000
-        return [
-            Provider(
-                tenant=tenant,
-                uid=str(base_uid + i),
-                provider=Provider.ProviderChoices.AWS,
-            )
-            for i in range(count)
-        ]
-
-    def test_exact_multiple_of_batch(self, tenant):
-        total = 6
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        # Fetch them back, mutate the `uid` field, then update in batches
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_non_multiple_of_batch(self, tenant):
-        total = 7
-        batch_size = 3
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-            batch_size=batch_size,
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
-
-    def test_batch_size_default(self, tenant):
-        default_size = settings.DJANGO_DELETION_BATCH_SIZE
-        total = default_size + 2
-        objs = self.make_provider_instances(tenant, total)
-        create_objects_in_batches(str(tenant.id), Provider, objs)
-
-        providers = list(Provider.objects.filter(tenant=tenant))
-        for p in providers:
-            p.uid = f"{p.uid}_upd"
-
-        # Update without specifying batch_size (uses default)
-        update_objects_in_batches(
-            tenant_id=str(tenant.id),
-            model=Provider,
-            objects=providers,
-            fields=["uid"],
-        )
-
-        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
-        assert qs.count() == total
@@ -1,9 +1,6 @@
 import pytest
-from allauth.socialaccount.models import SocialApp
-from django.core.exceptions import ValidationError

-from api.db_router import MainRouter
-from api.models import Resource, ResourceTag, SAMLConfiguration, SAMLDomainIndex
+from api.models import Resource, ResourceTag


@pytest.mark.django_db
@@ -123,204 +120,3 @@ class TestResourceModel:
 #             compliance={},
 #         )
 #         assert Finding.objects.filter(uid=long_uid).exists()
-
-
-@pytest.mark.django_db
-class TestSAMLConfigurationModel:
-    VALID_METADATA = """<?xml version='1.0' encoding='UTF-8'?>
-    <md:EntityDescriptor entityID='TEST' xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'>
-    <md:IDPSSODescriptor WantAuthnRequestsSigned='false' protocolSupportEnumeration='urn:oasis:names:tc:SAML:2.0:protocol'>
-        <md:KeyDescriptor use='signing'>
-        <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
-            <ds:X509Data>
-            <ds:X509Certificate>FAKECERTDATA</ds:X509Certificate>
-            </ds:X509Data>
-        </ds:KeyInfo>
-        </md:KeyDescriptor>
-        <md:SingleSignOnService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' Location='https://idp.test/sso'/>
-    </md:IDPSSODescriptor>
-    </md:EntityDescriptor>
-    """
-
-    def test_creates_valid_configuration(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="ssoexample.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        assert config.email_domain == "ssoexample.com"
-        assert SocialApp.objects.filter(client_id="ssoexample.com").exists()
-
-    def test_email_domain_with_at_symbol_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        config = SAMLConfiguration(
-            email_domain="invalid@domain.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.clean()
-
-        errors = exc_info.value.message_dict
-        assert "email_domain" in errors
-        assert "Domain must not contain @" in errors["email_domain"][0]
-
-    def test_duplicate_email_domain_fails(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
-
-        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="duplicate.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant1,
-        )
-
-        config = SAMLConfiguration(
-            email_domain="duplicate.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant2,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.clean()
-
-        errors = exc_info.value.message_dict
-        assert "tenant" in errors
-        assert "There is a problem with your email domain." in errors["tenant"][0]
-
-    def test_duplicate_tenant_config_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-
-        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="unique1.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        config = SAMLConfiguration(
-            email_domain="unique2.com",
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.clean()
-
-        errors = exc_info.value.message_dict
-        assert "tenant" in errors
-        assert (
-            "A SAML configuration already exists for this tenant."
-            in errors["tenant"][0]
-        )
-
-    def test_invalid_metadata_xml_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        config = SAMLConfiguration(
-            email_domain="brokenxml.com",
-            metadata_xml="<bad<xml>",
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config._parse_metadata()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "Invalid XML" in errors["metadata_xml"][0]
-        assert "not well-formed" in errors["metadata_xml"][0]
-
-    def test_metadata_missing_sso_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-                <md:IDPSSODescriptor></md:IDPSSODescriptor>
-                </md:EntityDescriptor>"""
-        config = SAMLConfiguration(
-            email_domain="nosso.com",
-            metadata_xml=xml,
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config._parse_metadata()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "Missing SingleSignOnService" in errors["metadata_xml"][0]
-
-    def test_metadata_missing_certificate_fails(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
-                    <md:IDPSSODescriptor>
-                        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/sso"/>
-                    </md:IDPSSODescriptor>
-                </md:EntityDescriptor>"""
-        config = SAMLConfiguration(
-            email_domain="nocert.com",
-            metadata_xml=xml,
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config._parse_metadata()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "X509Certificate" in errors["metadata_xml"][0]
-
-    def test_deletes_saml_configuration_and_related_objects(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        email_domain = "deleteme.com"
-
-        # Create the configuration
-        config = SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain=email_domain,
-            metadata_xml=TestSAMLConfigurationModel.VALID_METADATA,
-            tenant=tenant,
-        )
-
-        # Verify that the SocialApp and SAMLDomainIndex exist
-        assert SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-        # Delete the configuration
-        config.delete()
-
-        # Verify that the configuration and its related objects are deleted
-        assert (
-            not SAMLConfiguration.objects.using(MainRouter.admin_db)
-            .filter(pk=config.pk)
-            .exists()
-        )
-        assert not SocialApp.objects.filter(client_id=email_domain).exists()
-        assert (
-            not SAMLDomainIndex.objects.using(MainRouter.admin_db)
-            .filter(email_domain=email_domain)
-            .exists()
-        )
-
-    def test_duplicate_entity_id_fails_on_creation(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
-        SAMLConfiguration.objects.using(MainRouter.admin_db).create(
-            email_domain="first.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant1,
-        )
-
-        config = SAMLConfiguration(
-            email_domain="second.com",
-            metadata_xml=self.VALID_METADATA,
-            tenant=tenant2,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config.save()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-        assert "There is a problem with your metadata." in errors["metadata_xml"][0]
@@ -1,7 +1,6 @@
 from unittest.mock import ANY, Mock, patch

 import pytest
-from conftest import TODAY
 from django.urls import reverse
 from rest_framework import status

@@ -61,7 +60,7 @@ class TestUserViewSet:
    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_rbac.post(
@@ -75,7 +74,7 @@ class TestUserViewSet:
    ):
        valid_user_payload = {
            "name": "test",
-            "password": "Newpassword123@",
+            "password": "newpassword123",
            "email": "new_user@test.com",
        }
        response = authenticated_client_no_permissions_rbac.post(
@@ -322,7 +321,7 @@ class TestProviderViewSet:
@pytest.mark.django_db
 class TestLimitedVisibility:
    TEST_EMAIL = "rbac@rbac.com"
-    TEST_PASSWORD = "Thisisapassword123@"
+    TEST_PASSWORD = "thisisapassword123"

    @pytest.fixture
    def limited_admin_user(
@@ -410,87 +409,3 @@ class TestLimitedVisibility:
        assert (
            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
        )
-
-    def test_overviews_providers(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(reverse("overview-providers"))
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-
-    @pytest.mark.parametrize(
-        "endpoint_name",
-        [
-            "findings",
-            "findings_severity",
-        ],
-    )
-    def test_overviews_findings(
-        self,
-        endpoint_name,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        values = response.json()["data"]["attributes"].values()
-        assert any(value > 0 for value in values)
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse(f"overview-{endpoint_name}")
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]["attributes"].values()
-        assert all(value == 0 for value in data)
-
-    def test_overviews_services(
-        self,
-        authenticated_client_rbac_limited,
-        scan_summaries_fixture,
-        providers_fixture,
-    ):
-        # By default, the associated provider is the one which has the overview data
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) > 0
-
-        # Changing the provider visibility, no data should be returned
-        # Only the associated provider to that group is changed
-        new_provider = providers_fixture[1]
-        ProviderGroupMembership.objects.all().update(provider=new_provider)
-
-        response = authenticated_client_rbac_limited.get(
-            reverse("overview-services"), {"filter[inserted_at]": TODAY}
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
@@ -1,80 +0,0 @@
-import logging
-from unittest.mock import MagicMock
-
-from config.settings.sentry import before_send
-
-
-def test_before_send_ignores_log_with_ignored_exception():
-    """Test that before_send ignores logs containing ignored exceptions."""
-    log_record = MagicMock()
-    log_record.msg = "Provider kubernetes is not connected"
-    log_record.levelno = logging.ERROR  # 40
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
-
-
-def test_before_send_ignores_exception_with_ignored_exception():
-    """Test that before_send ignores exceptions containing ignored exceptions."""
-    exc_info = (Exception, Exception("Provider kubernetes is not connected"), None)
-
-    hint = {"exc_info": exc_info}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
-
-
-def test_before_send_passes_through_non_ignored_log():
-    """Test that before_send passes through logs that don't contain ignored exceptions."""
-    log_record = MagicMock()
-    log_record.msg = "Some other error message"
-    log_record.levelno = logging.ERROR  # 40
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was passed through
-    assert result == event
-
-
-def test_before_send_passes_through_non_ignored_exception():
-    """Test that before_send passes through exceptions that don't contain ignored exceptions."""
-    exc_info = (Exception, Exception("Some other error message"), None)
-
-    hint = {"exc_info": exc_info}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was passed through
-    assert result == event
-
-
-def test_before_send_handles_warning_level():
-    """Test that before_send handles warning level logs."""
-    log_record = MagicMock()
-    log_record.msg = "Provider kubernetes is not connected"
-    log_record.levelno = logging.WARNING  # 30
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
@@ -1,100 +0,0 @@
-import pytest
-from rest_framework.exceptions import ValidationError
-
-from api.v1.serializer_utils.integrations import S3ConfigSerializer
-
-
-class TestS3ConfigSerializer:
-    """Test cases for S3ConfigSerializer validation."""
-
-    def test_validate_output_directory_valid_paths(self):
-        """Test that valid output directory paths are accepted."""
-        serializer = S3ConfigSerializer()
-
-        # Test normal paths
-        assert serializer.validate_output_directory("test") == "test"
-        assert serializer.validate_output_directory("test/folder") == "test/folder"
-        assert serializer.validate_output_directory("my-folder_123") == "my-folder_123"
-
-        # Test paths with leading slashes (should be normalized)
-        assert serializer.validate_output_directory("/test") == "test"
-        assert serializer.validate_output_directory("/test/folder") == "test/folder"
-
-        # Test paths with excessive slashes (should be normalized)
-        assert serializer.validate_output_directory("///test") == "test"
-        assert serializer.validate_output_directory("///////test") == "test"
-        assert serializer.validate_output_directory("test//folder") == "test/folder"
-        assert serializer.validate_output_directory("test///folder") == "test/folder"
-
-    def test_validate_output_directory_empty_values(self):
-        """Test that empty values raise validation errors."""
-        serializer = S3ConfigSerializer()
-
-        with pytest.raises(
-            ValidationError, match="Output directory cannot be empty or just"
-        ):
-            serializer.validate_output_directory(".")
-
-        with pytest.raises(
-            ValidationError, match="Output directory cannot be empty or just"
-        ):
-            serializer.validate_output_directory("/")
-
-    def test_validate_output_directory_invalid_characters(self):
-        """Test that invalid characters are rejected."""
-        serializer = S3ConfigSerializer()
-
-        invalid_chars = ["<", ">", ":", '"', "|", "?", "*"]
-
-        for char in invalid_chars:
-            with pytest.raises(
-                ValidationError, match="Output directory contains invalid characters"
-            ):
-                serializer.validate_output_directory(f"test{char}folder")
-
-    def test_validate_output_directory_too_long(self):
-        """Test that paths that are too long are rejected."""
-        serializer = S3ConfigSerializer()
-
-        # Create a path longer than 900 characters
-        long_path = "a" * 901
-
-        with pytest.raises(ValidationError, match="Output directory path is too long"):
-            serializer.validate_output_directory(long_path)
-
-    def test_validate_output_directory_edge_cases(self):
-        """Test edge cases for output directory validation."""
-        serializer = S3ConfigSerializer()
-
-        # Test path at the limit (900 characters)
-        path_at_limit = "a" * 900
-        assert serializer.validate_output_directory(path_at_limit) == path_at_limit
-
-        # Test complex normalization
-        assert serializer.validate_output_directory("//test/../folder//") == "folder"
-        assert serializer.validate_output_directory("/test/./folder/") == "test/folder"
-
-    def test_s3_config_serializer_full_validation(self):
-        """Test the full S3ConfigSerializer with valid data."""
-        data = {
-            "bucket_name": "my-test-bucket",
-            "output_directory": "///////test",  # This should be normalized
-        }
-
-        serializer = S3ConfigSerializer(data=data)
-        assert serializer.is_valid()
-
-        validated_data = serializer.validated_data
-        assert validated_data["bucket_name"] == "my-test-bucket"
-        assert validated_data["output_directory"] == "test"  # Normalized
-
-    def test_s3_config_serializer_invalid_data(self):
-        """Test the full S3ConfigSerializer with invalid data."""
-        data = {
-            "bucket_name": "my-test-bucket",
-            "output_directory": "test<invalid",  # Contains invalid character
-        }
-
-        serializer = S3ConfigSerializer(data=data)
-        assert not serializer.is_valid()
-        assert "output_directory" in serializer.errors
@@ -131,21 +131,6 @@ class TestInitializeProwlerProvider:
        initialize_prowler_provider(provider)
        mock_return_prowler_provider.return_value.assert_called_once_with(key="value")

-    @patch("api.utils.return_prowler_provider")
-    def test_initialize_prowler_provider_with_mutelist(
-        self, mock_return_prowler_provider
-    ):
-        provider = MagicMock()
-        provider.secret.secret = {"key": "value"}
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-        mock_return_prowler_provider.return_value = MagicMock()
-
-        initialize_prowler_provider(provider, mutelist_processor)
-        mock_return_prowler_provider.return_value.assert_called_once_with(
-            key="value", mutelist_content={"key": "value"}
-        )
-

 class TestProwlerProviderConnectionTest:
    @patch("api.utils.return_prowler_provider")
@@ -215,25 +200,6 @@ class TestGetProwlerProviderKwargs:
        expected_result = {**secret_dict, **expected_extra_kwargs}
        assert result == expected_result

-    def test_get_prowler_provider_kwargs_with_mutelist(self):
-        provider_uid = "provider_uid"
-        secret_dict = {"key": "value"}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.AWS.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider, mutelist_processor)
-
-        expected_result = {**secret_dict, "mutelist_content": {"key": "value"}}
-        assert result == expected_result
-
    def test_get_prowler_provider_kwargs_unsupported_provider(self):
        # Setup
        provider_uid = "provider_uid"
@@ -288,7 +254,7 @@ class TestValidateInvitation:

            assert result == invitation
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_validation_error(self):
@@ -303,7 +269,7 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_not_found_raises_not_found(self):
@@ -318,7 +284,7 @@ class TestValidateInvitation:

            assert exc_info.value.detail == "Invitation is not valid."
            mock_db.get.assert_called_once_with(
-                token="INVALID_TOKEN", email__iexact="user@example.com"
+                token="INVALID_TOKEN", email="user@example.com"
            )

    def test_invitation_expired(self, invitation):
@@ -366,27 +332,5 @@ class TestValidateInvitation:
                "invitation_token": "Invalid invitation code."
            }
            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="different@example.com"
-            )
-
-    def test_valid_invitation_uppercase_email(self):
-        """Test that validate_invitation works with case-insensitive email lookup."""
-        uppercase_email = "USER@example.com"
-
-        invitation = MagicMock(spec=Invitation)
-        invitation.token = "VALID_TOKEN"
-        invitation.email = uppercase_email
-        invitation.expires_at = datetime.now(timezone.utc) + timedelta(days=1)
-        invitation.state = Invitation.State.PENDING
-        invitation.tenant = MagicMock()
-
-        with patch("api.utils.Invitation.objects.using") as mock_using:
-            mock_db = mock_using.return_value
-            mock_db.get.return_value = invitation
-
-            result = validate_invitation("VALID_TOKEN", "user@example.com")
-
-            assert result == invitation
-            mock_db.get.assert_called_once_with(
-                token="VALID_TOKEN", email__iexact="user@example.com"
+                token="VALID_TOKEN", email="different@example.com"
            )
@@ -7,14 +7,12 @@ from rest_framework.exceptions import NotFound, ValidationError

 from api.db_router import MainRouter
 from api.exceptions import InvitationTokenExpiredException
-from api.models import Integration, Invitation, Processor, Provider, Resource
+from api.models import Invitation, Provider, Resource
 from api.v1.serializers import FindingMetadataSerializer
 from prowler.providers.aws.aws_provider import AwsProvider
-from prowler.providers.aws.lib.s3.s3 import S3
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
-from prowler.providers.github.github_provider import GithubProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider

@@ -57,21 +55,14 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> [
-    AwsProvider
-    | AzureProvider
-    | GcpProvider
-    | GithubProvider
-    | KubernetesProvider
-    | M365Provider
-]:
+) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -87,21 +78,16 @@ def return_prowler_provider(
            prowler_provider = KubernetesProvider
        case Provider.ProviderChoices.M365.value:
            prowler_provider = M365Provider
-        case Provider.ProviderChoices.GITHUB.value:
-            prowler_provider = GithubProvider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider


-def get_prowler_provider_kwargs(
-    provider: Provider, mutelist_processor: Processor | None = None
-) -> dict:
+def get_prowler_provider_kwargs(provider: Provider) -> dict:
    """Get the Prowler provider kwargs based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secret.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
        dict: The provider kwargs for the corresponding provider class.
@@ -119,39 +105,24 @@ def get_prowler_provider_kwargs(
        }
    elif provider.provider == Provider.ProviderChoices.KUBERNETES.value:
        prowler_provider_kwargs = {**prowler_provider_kwargs, "context": provider.uid}
-
-    if mutelist_processor:
-        mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
-        if mutelist_content:
-            prowler_provider_kwargs["mutelist_content"] = mutelist_content
-
    return prowler_provider_kwargs


 def initialize_prowler_provider(
    provider: Provider,
-    mutelist_processor: Processor | None = None,
-) -> (
-    AwsProvider
-    | AzureProvider
-    | GcpProvider
-    | GithubProvider
-    | KubernetesProvider
-    | M365Provider
-):
+) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.
-        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
-    prowler_provider_kwargs = get_prowler_provider_kwargs(provider, mutelist_processor)
+    prowler_provider_kwargs = get_prowler_provider_kwargs(provider)
    return prowler_provider(**prowler_provider_kwargs)


@@ -176,37 +147,6 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
    )


-def prowler_integration_connection_test(integration: Integration) -> Connection:
-    """Test the connection to a Prowler integration based on the given integration type.
-
-    Args:
-        integration (Integration): The integration object containing the integration type and associated credentials.
-
-    Returns:
-        Connection: A connection object representing the result of the connection test for the specified integration.
-    """
-    if integration.integration_type == Integration.IntegrationChoices.AMAZON_S3:
-        return S3.test_connection(
-            **integration.credentials,
-            bucket_name=integration.configuration["bucket_name"],
-            raise_on_exception=False,
-        )
-    # TODO: It is possible that we can unify the connection test for all integrations, but need refactoring
-    # to avoid code duplication. Actually the AWS integrations are similar, so SecurityHub and S3 can be unified making some changes in the SDK.
-    elif (
-        integration.integration_type == Integration.IntegrationChoices.AWS_SECURITY_HUB
-    ):
-        pass
-    elif integration.integration_type == Integration.IntegrationChoices.JIRA:
-        pass
-    elif integration.integration_type == Integration.IntegrationChoices.SLACK:
-        pass
-    else:
-        raise ValueError(
-            f"Integration type {integration.integration_type} not supported"
-        )
-
-
 def validate_invitation(
    invitation_token: str, email: str, raise_not_found=False
 ) -> Invitation:
@@ -247,7 +187,7 @@ def validate_invitation(
        # Admin DB connector is used to bypass RLS protection since the invitation belongs to a tenant the user
        # is not a member of yet
        invitation = Invitation.objects.using(MainRouter.admin_db).get(
-            token=invitation_token, email__iexact=email
+            token=invitation_token, email=email
        )
    except Invitation.DoesNotExist:
        if raise_not_found:
@@ -24,32 +24,20 @@ class PaginateByPkMixin:
        request,  # noqa: F841
        base_queryset,
        manager,
-        select_related: list | None = None,
-        prefetch_related: list | None = None,
+        select_related: list[str] | None = None,
+        prefetch_related: list[str] | None = None,
    ) -> Response:
-        """
-        Paginate a queryset by primary key.
-
-        This method is useful when you want to paginate a queryset that has been
-        filtered or annotated in a way that would be lost if you used the default
-        pagination method.
-        """
        pk_list = base_queryset.values_list("id", flat=True)
        page = self.paginate_queryset(pk_list)
        if page is None:
            return Response(self.get_serializer(base_queryset, many=True).data)

        queryset = manager.filter(id__in=page)
-
        if select_related:
            queryset = queryset.select_related(*select_related)
        if prefetch_related:
            queryset = queryset.prefetch_related(*prefetch_related)

-        # Optimize tags loading, if applicable
-        if hasattr(self, "_optimize_tags_loading"):
-            queryset = self._optimize_tags_loading(queryset)
-
        queryset = sorted(queryset, key=lambda obj: page.index(obj.id))

        serialized = self.get_serializer(queryset, many=True).data
@@ -1,23 +0,0 @@
-import yaml
-from rest_framework_json_api import serializers
-from rest_framework_json_api.serializers import ValidationError
-
-
-class BaseValidateSerializer(serializers.Serializer):
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
-
-
-class YamlOrJsonField(serializers.JSONField):
-    def to_internal_value(self, data):
-        if isinstance(data, str):
-            try:
-                data = yaml.safe_load(data)
-            except yaml.YAMLError as exc:
-                raise serializers.ValidationError("Invalid YAML format") from exc
-        return super().to_internal_value(data)
@@ -1,52 +1,24 @@
-import os
-import re
-
 from drf_spectacular.utils import extend_schema_field
 from rest_framework_json_api import serializers
+from rest_framework_json_api.serializers import ValidationError

-from api.v1.serializer_utils.base import BaseValidateSerializer
+
+class BaseValidateSerializer(serializers.Serializer):
+    def validate(self, data):
+        if hasattr(self, "initial_data"):
+            initial_data = set(self.initial_data.keys()) - {"id", "type"}
+            unknown_keys = initial_data - set(self.fields.keys())
+            if unknown_keys:
+                raise ValidationError(f"Invalid fields: {unknown_keys}")
+        return data
+
+
+# Integrations


 class S3ConfigSerializer(BaseValidateSerializer):
    bucket_name = serializers.CharField()
-    output_directory = serializers.CharField(allow_blank=True)
-
-    def validate_output_directory(self, value):
-        """
-        Validate the output_directory field to ensure it's a properly formatted path.
-        Prevents paths with excessive slashes like "///////test".
-        If empty, sets a default value.
-        """
-        # If empty or None, set default value
-        if not value:
-            return "output"
-
-        # Normalize the path to remove excessive slashes
-        normalized_path = os.path.normpath(value)
-
-        # Remove leading slashes for S3 paths
-        if normalized_path.startswith("/"):
-            normalized_path = normalized_path.lstrip("/")
-
-        # Check for invalid characters or patterns
-        if re.search(r'[<>:"|?*]', normalized_path):
-            raise serializers.ValidationError(
-                'Output directory contains invalid characters. Avoid: < > : " | ? *'
-            )
-
-        # Check for empty path after normalization
-        if not normalized_path or normalized_path == ".":
-            raise serializers.ValidationError(
-                "Output directory cannot be empty or just '.' or '/'."
-            )
-
-        # Check for paths that are too long (S3 key limit is 1024 characters, leave some room for filename)
-        if len(normalized_path) > 900:
-            raise serializers.ValidationError(
-                "Output directory path is too long (max 900 characters)."
-            )
-
-        return normalized_path
+    output_directory = serializers.CharField()

    class Meta:
        resource_name = "integrations"
@@ -138,13 +110,10 @@ class IntegrationCredentialField(serializers.JSONField):
                    },
                    "output_directory": {
                        "type": "string",
-                        "description": 'The directory path within the bucket where files will be saved. Optional - defaults to "output" if not provided. Path will be normalized to remove excessive slashes and invalid characters are not allowed (< > : " | ? *). Maximum length is 900 characters.',
-                        "maxLength": 900,
-                        "pattern": '^[^<>:"|?*]+$',
-                        "default": "output",
+                        "description": "The directory path within the bucket where files will be saved.",
                    },
                },
-                "required": ["bucket_name"],
+                "required": ["bucket_name", "output_directory"],
            },
        ]
    }
@@ -1,21 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-
-from api.v1.serializer_utils.base import YamlOrJsonField
-
-from prowler.lib.mutelist.mutelist import mutelist_schema
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "Mutelist",
-                "properties": {"Mutelist": mutelist_schema},
-                "additionalProperties": False,
-            },
-        ]
-    }
-)
-class ProcessorConfigField(YamlOrJsonField):
-    pass
@@ -176,43 +176,6 @@ from rest_framework_json_api import serializers
                },
                "required": ["kubeconfig_content"],
            },
-            {
-                "type": "object",
-                "title": "GitHub Personal Access Token",
-                "properties": {
-                    "personal_access_token": {
-                        "type": "string",
-                        "description": "GitHub personal access token for authentication.",
-                    }
-                },
-                "required": ["personal_access_token"],
-            },
-            {
-                "type": "object",
-                "title": "GitHub OAuth App Token",
-                "properties": {
-                    "oauth_app_token": {
-                        "type": "string",
-                        "description": "GitHub OAuth App token for authentication.",
-                    }
-                },
-                "required": ["oauth_app_token"],
-            },
-            {
-                "type": "object",
-                "title": "GitHub App Credentials",
-                "properties": {
-                    "github_app_id": {
-                        "type": "integer",
-                        "description": "GitHub App ID for authentication.",
-                    },
-                    "github_app_key": {
-                        "type": "string",
-                        "description": "Path to the GitHub App private key file.",
-                    },
-                },
-                "required": ["github_app_id", "github_app_key"],
-            },
        ]
    }
 )
@@ -1,4 +1,5 @@
 import json
+import re
 from datetime import datetime, timedelta, timezone

 from django.conf import settings
@@ -7,9 +8,7 @@ from django.contrib.auth.models import update_last_login
 from django.contrib.auth.password_validation import validate_password
 from drf_spectacular.utils import extend_schema_field
 from jwt.exceptions import InvalidKeyError
-from rest_framework.validators import UniqueTogetherValidator
 from rest_framework_json_api import serializers
-from rest_framework_json_api.relations import SerializerMethodResourceRelatedField
 from rest_framework_json_api.serializers import ValidationError
 from rest_framework_simplejwt.exceptions import TokenError
 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
@@ -23,7 +22,6 @@ from api.models import (
    InvitationRoleRelationship,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderGroupMembership,
@@ -32,7 +30,6 @@ from api.models import (
    ResourceTag,
    Role,
    RoleProviderGroupRelationship,
-    SAMLConfiguration,
    Scan,
    StateChoices,
    StatusChoices,
@@ -47,9 +44,7 @@ from api.v1.serializer_utils.integrations import (
    IntegrationCredentialField,
    S3ConfigSerializer,
 )
-from api.v1.serializer_utils.processors import ProcessorConfigField
 from api.v1.serializer_utils.providers import ProviderSecretField
-from prowler.lib.mutelist.mutelist import Mutelist

 # Tokens

@@ -135,12 +130,6 @@ class TokenSerializer(BaseTokenSerializer):

 class TokenSocialLoginSerializer(BaseTokenSerializer):
    email = serializers.EmailField(write_only=True)
-    tenant_id = serializers.UUIDField(
-        write_only=True,
-        required=False,
-        help_text="If not provided, the tenant ID of the first membership that was added"
-        " to the user will be used.",
-    )

    # Output tokens
    refresh = serializers.CharField(read_only=True)
@@ -862,7 +851,6 @@ class ScanSerializer(RLSSerializer):
            "completed_at",
            "scheduled_at",
            "next_scan_at",
-            "processor",
            "url",
        ]

@@ -1000,12 +988,8 @@ class ResourceSerializer(RLSSerializer):

    tags = serializers.SerializerMethodField()
    type_ = serializers.CharField(read_only=True)
-    failed_findings_count = serializers.IntegerField(read_only=True)

-    findings = SerializerMethodResourceRelatedField(
-        many=True,
-        read_only=True,
-    )
+    findings = serializers.ResourceRelatedField(many=True, read_only=True)

    class Meta:
        model = Resource
@@ -1021,7 +1005,6 @@ class ResourceSerializer(RLSSerializer):
            "tags",
            "provider",
            "findings",
-            "failed_findings_count",
            "url",
        ]
        extra_kwargs = {
@@ -1031,8 +1014,8 @@ class ResourceSerializer(RLSSerializer):
        }

    included_serializers = {
-        "findings": "api.v1.serializers.FindingIncludeSerializer",
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
+        "findings": "api.v1.serializers.FindingSerializer",
+        "provider": "api.v1.serializers.ProviderSerializer",
    }

    @extend_schema_field(
@@ -1043,10 +1026,6 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1056,17 +1035,10 @@ class ResourceSerializer(RLSSerializer):
        fields["type"] = type_
        return fields

-    def get_findings(self, obj):
-        return (
-            obj.latest_findings
-            if hasattr(obj, "latest_findings")
-            else obj.findings.all()
-        )
-

 class ResourceIncludeSerializer(RLSSerializer):
    """
-    Serializer for the included Resource model.
+    Serializer for the Resource model.
    """

    tags = serializers.SerializerMethodField()
@@ -1099,10 +1071,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        # Use prefetched tags if available to avoid N+1 queries
-        if hasattr(obj, "prefetched_tags"):
-            return {tag.key: tag.value for tag in obj.prefetched_tags}
-        # Fallback to the original method if prefetch is not available
        return obj.get_tags(self.context.get("tenant_id"))

    def get_fields(self):
@@ -1113,17 +1081,6 @@ class ResourceIncludeSerializer(RLSSerializer):
        return fields


-class ResourceMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    types = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    # Temporarily disabled until we implement tag filtering in the UI
-    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "resources-metadata"
-
-
 class FindingSerializer(RLSSerializer):
    """
    Serializer for the Finding model.
@@ -1147,7 +1104,6 @@ class FindingSerializer(RLSSerializer):
            "updated_at",
            "first_seen_at",
            "muted",
-            "muted_reason",
            "url",
            # Relationships
            "scan",
@@ -1160,28 +1116,6 @@ class FindingSerializer(RLSSerializer):
    }


-class FindingIncludeSerializer(RLSSerializer):
-    """
-    Serializer for the include Finding model.
-    """
-
-    class Meta:
-        model = Finding
-        fields = [
-            "id",
-            "uid",
-            "status",
-            "severity",
-            "check_id",
-            "check_metadata",
-            "inserted_at",
-            "updated_at",
-            "first_seen_at",
-            "muted",
-            "muted_reason",
-        ]
-
-
 # To be removed when the related endpoint is removed as well
 class FindingDynamicFilterSerializer(serializers.Serializer):
    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
@@ -1217,8 +1151,6 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = AzureProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.GCP.value:
                serializer = GCPProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.GITHUB.value:
-                serializer = GithubProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.M365.value:
@@ -1268,8 +1200,8 @@ class M365ProviderSecret(serializers.Serializer):
    client_id = serializers.CharField()
    client_secret = serializers.CharField()
    tenant_id = serializers.CharField()
-    user = serializers.EmailField(required=False)
-    password = serializers.CharField(required=False)
+    user = serializers.EmailField()
+    password = serializers.CharField()

    class Meta:
        resource_name = "provider-secrets"
@@ -1298,16 +1230,6 @@ class KubernetesProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class GithubProviderSecret(serializers.Serializer):
-    personal_access_token = serializers.CharField(required=False)
-    oauth_app_token = serializers.CharField(required=False)
-    github_app_id = serializers.IntegerField(required=False)
-    github_app_key_content = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
    external_id = serializers.CharField()
@@ -1387,13 +1309,12 @@ class ProviderSecretUpdateSerializer(BaseWriteProviderSecretSerializer):
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "provider": {"read_only": True},
-            "secret_type": {"required": False},
+            "secret_type": {"read_only": True},
        }

    def validate(self, attrs):
        provider = self.instance.provider
-        # To allow updating a secret with the same type without making the `secret_type` mandatory
-        secret_type = attrs.get("secret_type") or self.instance.secret_type
+        secret_type = self.instance.secret_type
        secret = attrs.get("secret")

        validated_attrs = super().validate(attrs)
@@ -1802,8 +1723,6 @@ class ComplianceOverviewDetailSerializer(serializers.Serializer):

 class ComplianceOverviewAttributesSerializer(serializers.Serializer):
    id = serializers.CharField()
-    framework_description = serializers.CharField()
-    name = serializers.CharField()
    framework = serializers.CharField()
    version = serializers.CharField()
    description = serializers.CharField()
@@ -1950,16 +1869,6 @@ class ScheduleDailyCreateSerializer(serializers.Serializer):


 class BaseWriteIntegrationSerializer(BaseWriteSerializer):
-    def validate(self, attrs):
-        if Integration.objects.filter(
-            configuration=attrs.get("configuration")
-        ).exists():
-            raise serializers.ValidationError(
-                {"name": "This integration already exists."}
-            )
-
-        return super().validate(attrs)
-
    @staticmethod
    def validate_integration_data(
        integration_type: str,
@@ -1967,7 +1876,7 @@ class BaseWriteIntegrationSerializer(BaseWriteSerializer):
        configuration: dict,
        credentials: dict,
    ):
-        if integration_type == Integration.IntegrationChoices.AMAZON_S3:
+        if integration_type == Integration.IntegrationChoices.S3:
            config_serializer = S3ConfigSerializer
            credentials_serializers = [AWSCredentialSerializer]
            # TODO: This will be required for AWS Security Hub
@@ -1985,11 +1894,7 @@ class BaseWriteIntegrationSerializer(BaseWriteSerializer):
                }
            )

-        serializer_instance = config_serializer(data=configuration)
-        serializer_instance.is_valid(raise_exception=True)
-
-        # Apply the validated (and potentially transformed) data back to configuration
-        configuration.update(serializer_instance.validated_data)
+        config_serializer(data=configuration).is_valid(raise_exception=True)

        for cred_serializer in credentials_serializers:
            try:
@@ -2068,6 +1973,7 @@ class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
            "connected": {"read_only": True},
+            "enabled": {"read_only": True},
            "connection_last_checked_at": {"read_only": True},
        }

@@ -2077,10 +1983,10 @@ class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
        configuration = attrs.get("configuration")
        credentials = attrs.get("credentials")

+        validated_attrs = super().validate(attrs)
        self.validate_integration_data(
            integration_type, providers, configuration, credentials
        )
-        validated_attrs = super().validate(attrs)
        return validated_attrs

    def create(self, validated_data):
@@ -2131,7 +2037,6 @@ class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
        }

    def validate(self, attrs):
-        super().validate(attrs)
        integration_type = self.instance.integration_type
        providers = attrs.get("providers")
        configuration = attrs.get("configuration") or self.instance.configuration
@@ -2158,150 +2063,6 @@ class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
        return super().update(instance, validated_data)


-# Processors
-
-
-class ProcessorSerializer(RLSSerializer):
-    """
-    Serializer for the Processor model.
-    """
-
-    configuration = ProcessorConfigField()
-
-    class Meta:
-        model = Processor
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-            "url",
-        ]
-
-
-class ProcessorCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "processor_type",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-        validators = [
-            UniqueTogetherValidator(
-                queryset=Processor.objects.all(),
-                fields=["processor_type"],
-                message="A processor with the same type already exists.",
-            )
-        ]
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = attrs.get("processor_type")
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
-class ProcessorUpdateSerializer(BaseWriteSerializer):
-    configuration = ProcessorConfigField(required=True)
-
-    class Meta:
-        model = Processor
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "configuration",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        validated_attrs = super().validate(attrs)
-        self.validate_processor_data(attrs)
-        return validated_attrs
-
-    def validate_processor_data(self, attrs):
-        processor_type = self.instance.processor_type
-        configuration = attrs.get("configuration")
-        if processor_type == "mutelist":
-            self.validate_mutelist_configuration(configuration)
-
-    def validate_mutelist_configuration(self, configuration):
-        if not isinstance(configuration, dict):
-            raise serializers.ValidationError("Invalid Mutelist configuration.")
-
-        mutelist_configuration = configuration.get("Mutelist", {})
-
-        if not mutelist_configuration:
-            raise serializers.ValidationError(
-                "Invalid Mutelist configuration: 'Mutelist' is a required property."
-            )
-
-        try:
-            Mutelist.validate_mutelist(mutelist_configuration, raise_on_exception=True)
-            return
-        except Exception as error:
-            raise serializers.ValidationError(
-                f"Invalid Mutelist configuration: {error}"
-            )
-
-
-# SSO
-
-
-class SamlInitiateSerializer(serializers.Serializer):
-    email_domain = serializers.CharField()
-
-    class JSONAPIMeta:
-        resource_name = "saml-initiate"
-
-
-class SamlMetadataSerializer(serializers.Serializer):
-    class JSONAPIMeta:
-        resource_name = "saml-meta"
-
-
-class SAMLConfigurationSerializer(RLSSerializer):
-    class Meta:
-        model = SAMLConfiguration
-        fields = ["id", "email_domain", "metadata_xml", "created_at", "updated_at"]
-        read_only_fields = ["id", "created_at", "updated_at"]
-
-
 class LighthouseConfigSerializer(RLSSerializer):
    """
    Serializer for the LighthouseConfig model.
@@ -2326,7 +2087,6 @@ class LighthouseConfigSerializer(RLSSerializer):
        ]
        extra_kwargs = {
            "id": {"read_only": True},
-            "is_active": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
        }
@@ -2367,7 +2127,6 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
        ]
        extra_kwargs = {
            "id": {"read_only": True},
-            "is_active": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
        }
@@ -2384,17 +2143,23 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):

    def create(self, validated_data):
        api_key = validated_data.pop("api_key")
+
+        # Validate API key format before creating the instance
+        if not api_key:
+            raise serializers.ValidationError({"api_key": "API key is required"})
+
+        # Validate OpenAI API key format
+        openai_key_pattern = r"^sk-[\w-]+T3BlbkFJ[\w-]+$"
+        if not re.match(openai_key_pattern, api_key):
+            raise serializers.ValidationError(
+                {"api_key": "Invalid OpenAI API key format."}
+            )
+
        instance = super().create(validated_data)
        instance.api_key_decoded = api_key
        instance.save()
        return instance

-    def to_representation(self, instance):
-        data = super().to_representation(instance)
-        # Always mask the API key in the response
-        data["api_key"] = "*" * len(instance.api_key) if instance.api_key else None
-        return data
-

 class LighthouseConfigUpdateSerializer(BaseWriteSerializer):
    """
@@ -2417,7 +2182,6 @@ class LighthouseConfigUpdateSerializer(BaseWriteSerializer):
        ]
        extra_kwargs = {
            "id": {"read_only": True},
-            "is_active": {"read_only": True},
            "name": {"required": False},
            "model": {"required": False},
            "temperature": {"required": False},
@@ -1,11 +1,9 @@
-from allauth.socialaccount.providers.saml.views import ACSView, MetadataView, SLSView
 from django.urls import include, path
 from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers

 from api.v1.views import (
    ComplianceOverviewViewSet,
-    CustomSAMLLoginView,
    CustomTokenObtainView,
    CustomTokenRefreshView,
    CustomTokenSwitchTenantView,
@@ -18,7 +16,6 @@ from api.v1.views import (
    LighthouseConfigViewSet,
    MembershipViewSet,
    OverviewViewSet,
-    ProcessorViewSet,
    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
    ProviderSecretViewSet,
@@ -26,14 +23,10 @@ from api.v1.views import (
    ResourceViewSet,
    RoleProviderGroupRelationshipView,
    RoleViewSet,
-    SAMLConfigurationViewSet,
-    SAMLInitiateAPIView,
-    SAMLTokenValidateView,
    ScanViewSet,
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
-    TenantFinishACSView,
    TenantMembersViewSet,
    TenantViewSet,
    UserRoleRelationshipView,
@@ -57,10 +50,8 @@ router.register(
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
 router.register(r"integrations", IntegrationViewSet, basename="integration")
-router.register(r"processors", ProcessorViewSet, basename="processor")
-router.register(r"saml-config", SAMLConfigurationViewSet, basename="saml-config")
 router.register(
-    r"lighthouse-configurations",
+    r"lighthouse-configuration",
    LighthouseConfigViewSet,
    basename="lighthouseconfiguration",
 )
@@ -127,36 +118,6 @@ urlpatterns = [
        ),
        name="provider_group-providers-relationship",
    ),
-    # API endpoint to start SAML SSO flow
-    path(
-        "auth/saml/initiate/", SAMLInitiateAPIView.as_view(), name="api_saml_initiate"
-    ),
-    path(
-        "accounts/saml/<organization_slug>/login/",
-        CustomSAMLLoginView.as_view(),
-        name="saml_login",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/acs/",
-        ACSView.as_view(),
-        name="saml_acs",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/acs/finish/",
-        TenantFinishACSView.as_view(),
-        name="saml_finish_acs",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/sls/",
-        SLSView.as_view(),
-        name="saml_sls",
-    ),
-    path(
-        "accounts/saml/<organization_slug>/metadata/",
-        MetadataView.as_view(),
-        name="saml_metadata",
-    ),
-    path("tokens/saml", SAMLTokenValidateView.as_view(), name="token-saml"),
    path("tokens/google", GoogleSocialLoginView.as_view(), name="token-google"),
    path("tokens/github", GithubSocialLoginView.as_view(), name="token-github"),
    path("", include(router.urls)),
@@ -1,5 +1,3 @@
-import string
-
 from django.core.exceptions import ValidationError
 from django.utils.translation import gettext as _

@@ -22,89 +20,3 @@ class MaximumLengthValidator:
        return _(
            f"Your password must contain no more than {self.max_length} characters."
        )
-
-
-class SpecialCharactersValidator:
-    def __init__(self, special_characters=None, min_special_characters=1):
-        # Use string.punctuation if no custom characters provided
-        self.special_characters = special_characters or string.punctuation
-        self.min_special_characters = min_special_characters
-
-    def validate(self, password, user=None):
-        if (
-            sum(1 for char in password if char in self.special_characters)
-            < self.min_special_characters
-        ):
-            raise ValidationError(
-                _("This password must contain at least one special character."),
-                code="password_no_special_characters",
-                params={
-                    "special_characters": self.special_characters,
-                    "min_special_characters": self.min_special_characters,
-                },
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least one special character from: {self.special_characters}"
-        )
-
-
-class UppercaseValidator:
-    def __init__(self, min_uppercase=1):
-        self.min_uppercase = min_uppercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isupper()) < self.min_uppercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_uppercase)d uppercase letter."
-                ),
-                code="password_no_uppercase_letters",
-                params={"min_uppercase": self.min_uppercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_uppercase} uppercase letter."
-        )
-
-
-class LowercaseValidator:
-    def __init__(self, min_lowercase=1):
-        self.min_lowercase = min_lowercase
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.islower()) < self.min_lowercase:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_lowercase)d lowercase letter."
-                ),
-                code="password_no_lowercase_letters",
-                params={"min_lowercase": self.min_lowercase},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_lowercase} lowercase letter."
-        )
-
-
-class NumericValidator:
-    def __init__(self, min_numeric=1):
-        self.min_numeric = min_numeric
-
-    def validate(self, password, user=None):
-        if sum(1 for char in password if char.isdigit()) < self.min_numeric:
-            raise ValidationError(
-                _(
-                    "This password must contain at least %(min_numeric)d numeric character."
-                ),
-                code="password_no_numeric_characters",
-                params={"min_numeric": self.min_numeric},
-            )
-
-    def get_help_text(self):
-        return _(
-            f"Your password must contain at least {self.min_numeric} numeric character."
-        )
@@ -1,13 +1,6 @@
-import warnings
-
 from celery import Celery, Task
 from config.env import env

-# Suppress specific warnings from django-rest-auth: https://github.com/iMerica/dj-rest-auth/issues/684
-warnings.filterwarnings(
-    "ignore", category=UserWarning, module="dj_rest_auth.registration.serializers"
-)
-
 BROKER_VISIBILITY_TIMEOUT = env.int("DJANGO_BROKER_VISIBILITY_TIMEOUT", default=86400)

 celery_app = Celery("tasks")
@@ -10,8 +10,6 @@ from config.settings.social_login import *  # noqa
 SECRET_KEY = env("SECRET_KEY", default="secret")
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
-SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
-USE_X_FORWARDED_HOST = True

 # Application definition

@@ -35,12 +33,10 @@ INSTALLED_APPS = [
    "django_celery_beat",
    "rest_framework_simplejwt.token_blacklist",
    "allauth",
-    "django.contrib.sites",
    "allauth.account",
    "allauth.socialaccount",
    "allauth.socialaccount.providers.google",
    "allauth.socialaccount.providers.github",
-    "allauth.socialaccount.providers.saml",
    "dj_rest_auth.registration",
    "rest_framework.authtoken",
 ]
@@ -132,6 +128,7 @@ DJANGO_GUID = {
 }

 DATABASE_ROUTERS = ["api.db_router.MainRouter"]
+POSTGRES_EXTRA_DB_BACKEND_BASE = "database_backend"


 # Password validation
@@ -159,30 +156,6 @@ AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
-    {
-        "NAME": "api.validators.SpecialCharactersValidator",
-        "OPTIONS": {
-            "min_special_characters": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.UppercaseValidator",
-        "OPTIONS": {
-            "min_uppercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.LowercaseValidator",
-        "OPTIONS": {
-            "min_lowercase": 1,
-        },
-    },
-    {
-        "NAME": "api.validators.NumericValidator",
-        "OPTIONS": {
-            "min_numeric": 1,
-        },
-    },
 ]

 SIMPLE_JWT = {
@@ -273,7 +246,3 @@ X_FRAME_OPTIONS = "DENY"
 SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"

 DJANGO_DELETION_BATCH_SIZE = env.int("DJANGO_DELETION_BATCH_SIZE", 5000)
-
-# SAML requirement
-CSRF_COOKIE_SECURE = True
-SESSION_COOKIE_SECURE = True
@@ -4,7 +4,6 @@ from config.env import env
 IGNORED_EXCEPTIONS = [
    # Provider is not connected due to credentials errors
    "is not connected",
-    "ProviderConnectionError",
    # Authentication Errors from AWS
    "InvalidToken",
    "AccessDeniedException",
@@ -17,7 +16,7 @@ IGNORED_EXCEPTIONS = [
    "InternalServerErrorException",
    "AccessDenied",
    "No Shodan API Key",  # Shodan Check
-    "RequestLimitExceeded",  # For now, we don't want to log the RequestLimitExceeded errors
+    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
    "ThrottlingException",
    "Rate exceeded",
    "SubscriptionRequiredException",
@@ -43,9 +42,7 @@ IGNORED_EXCEPTIONS = [
    "AWSAccessKeyIDInvalidError",
    "AWSSessionTokenExpiredError",
    "EndpointConnectionError",  # AWS Service is not available in a region
-    # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an
-    # unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    "Pool is closed",
+    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
    # Authentication Errors from GCP
    "ClientAuthenticationError",
    "AuthorizationFailed",
@@ -69,15 +66,12 @@ IGNORED_EXCEPTIONS = [
    "AzureClientIdAndClientSecretNotBelongingToTenantIdError",
    "AzureHTTPResponseError",
    "Error with credentials provided",
-    # PowerShell Errors in User Authentication
-    "Microsoft Teams User Auth connection failed: Please check your permissions and try again.",
-    "Exchange Online User Auth connection failed: Please check your permissions and try again.",
 ]


 def before_send(event, hint):
    """
-    before_send handles the Sentry events in order to send them or not
+    before_send handles the Sentry events in order to sent them or not
    """
    # Ignore logs with the ignored_exceptions
    # https://docs.python.org/3/library/logging.html#logrecord-objects
@@ -85,16 +79,9 @@ def before_send(event, hint):
        log_msg = hint["log_record"].msg
        log_lvl = hint["log_record"].levelno

-        # Handle Error and Critical events and discard the rest
-        if log_lvl <= 40 and any(ignored in log_msg for ignored in IGNORED_EXCEPTIONS):
-            return None  # Explicitly return None to drop the event
-
-    # Ignore exceptions with the ignored_exceptions
-    if "exc_info" in hint and hint["exc_info"]:
-        exc_value = str(hint["exc_info"][1])
-        if any(ignored in exc_value for ignored in IGNORED_EXCEPTIONS):
-            return None  # Explicitly return None to drop the event
-
+        # Handle Error events and discard the rest
+        if log_lvl == 40 and any(ignored in log_msg for ignored in IGNORED_EXCEPTIONS):
+            return
    return event


@@ -11,7 +11,8 @@ GITHUB_OAUTH_CALLBACK_URL = env("SOCIAL_GITHUB_OAUTH_CALLBACK_URL", default="")

 # Allauth settings
 ACCOUNT_LOGIN_METHODS = {"email"}  # Use Email / Password authentication
-ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
+ACCOUNT_USERNAME_REQUIRED = False
+ACCOUNT_EMAIL_REQUIRED = True
 ACCOUNT_EMAIL_VERIFICATION = "none"  # Do not require email confirmation
 ACCOUNT_USER_MODEL_USERNAME_FIELD = None
 REST_AUTH = {
@@ -24,20 +25,6 @@ SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
 # Connect local account and social account if local account with that email address already exists
 SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
 SOCIALACCOUNT_ADAPTER = "api.adapters.ProwlerSocialAccountAdapter"
-
-
-# def inline(pem: str) -> str:
-#     return "".join(
-#         line.strip()
-#         for line in pem.splitlines()
-#         if "CERTIFICATE" not in line and "KEY" not in line
-#     )
-
-
-# # SAML keys (TODO: Validate certificates)
-# SAML_PUBLIC_CERT = inline(env("SAML_PUBLIC_CERT", default=""))
-# SAML_PRIVATE_KEY = inline(env("SAML_PRIVATE_KEY", default=""))
-
 SOCIALACCOUNT_PROVIDERS = {
    "google": {
        "APP": {
@@ -63,20 +50,4 @@ SOCIALACCOUNT_PROVIDERS = {
            "read:org",
        ],
    },
-    "saml": {
-        "use_nameid_for_email": True,
-        "sp": {
-            "entity_id": "urn:prowler.com:sp",
-        },
-        "advanced": {
-            # TODO: Validate certificates
-            # "x509cert": SAML_PUBLIC_CERT,
-            # "private_key": SAML_PRIVATE_KEY,
-            # "authn_request_signed": True,
-            # "want_message_signed": True,
-            # "want_assertion_signed": True,
-            "reject_idp_initiated_sso": False,
-            "name_id_format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
-        },
-    },
 }
@@ -1,9 +1,8 @@
 import logging
 from datetime import datetime, timedelta, timezone
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch

 import pytest
-from allauth.socialaccount.models import SocialLogin
 from django.conf import settings
 from django.db import connection as django_connection
 from django.db import connections as django_connections
@@ -23,16 +22,12 @@ from api.models import (
    Invitation,
    LighthouseConfiguration,
    Membership,
-    Processor,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
-    ResourceTagMapping,
    Role,
-    SAMLConfiguration,
-    SAMLDomainIndex,
    Scan,
    ScanSummary,
    StateChoices,
@@ -46,19 +41,12 @@ from api.v1.serializers import TokenSerializer
 from prowler.lib.check.models import Severity
 from prowler.lib.outputs.finding import Status

-TODAY = str(datetime.today().date())
 API_JSON_CONTENT_TYPE = "application/vnd.api+json"
 NO_TENANT_HTTP_STATUS = status.HTTP_401_UNAUTHORIZED
 TEST_USER = "dev@prowler.com"
 TEST_PASSWORD = "testing_psswd"


-def today_after_n_days(n_days: int) -> str:
-    return datetime.strftime(
-        datetime.today().date() + timedelta(days=n_days), "%Y-%m-%d"
-    )
-
-
@pytest.fixture(scope="module")
 def enforce_test_user_db_connection(django_db_setup, django_db_blocker):
    """Ensure tests use the test user for database connections."""
@@ -390,27 +378,8 @@ def providers_fixture(tenants_fixture):
        tenant_id=tenant.id,
        scanner_args={"key1": "value1", "key2": {"key21": "value21"}},
    )
-    provider6 = Provider.objects.create(
-        provider="m365",
-        uid="m365.test.com",
-        alias="m365_testing",
-        tenant_id=tenant.id,
-    )

-    return provider1, provider2, provider3, provider4, provider5, provider6
-
-
-@pytest.fixture
-def processor_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-    processor = Processor.objects.create(
-        tenant_id=tenant.id,
-        processor_type="mutelist",
-        configuration="Mutelist:\n  Accounts:\n    *:\n      Checks:\n        iam_user_hardware_mfa_enabled:\n         "
-        " Regions:\n            - *\n          Resources:\n            - *",
-    )
-
-    return processor
+    return provider1, provider2, provider3, provider4, provider5


@pytest.fixture
@@ -662,7 +631,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
-            "servicename": "ec2",
        },
        first_seen_at="2024-01-02T00:00:00Z",
    )
@@ -689,7 +657,6 @@ def findings_fixture(scans_fixture, resources_fixture):
        check_metadata={
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
-            "servicename": "s3",
        },
        first_seen_at="2024-01-02T00:00:00Z",
        muted=True,
@@ -911,22 +878,6 @@ def compliance_requirements_overviews_fixture(scans_fixture, tenants_fixture):
        total_checks=3,
    )

-    # Create another compliance framework for testing MITRE ATT&CK
-    requirement_overview7 = ComplianceRequirementOverview.objects.create(
-        tenant=tenant,
-        scan=scan1,
-        compliance_id="mitre_attack_aws",
-        framework="MITRE-ATTACK",
-        version="1.0",
-        description="MITRE ATT&CK",
-        region="eu-west-1",
-        requirement_id="mitre_requirement1",
-        requirement_status=StatusChoices.FAIL,
-        passed_checks=0,
-        failed_checks=0,
-        total_checks=0,
-    )
-
    return (
        requirement_overview1,
        requirement_overview2,
@@ -934,7 +885,6 @@ def compliance_requirements_overviews_fixture(scans_fixture, tenants_fixture):
        requirement_overview4,
        requirement_overview5,
        requirement_overview6,
-        requirement_overview7,
    )


@@ -1065,7 +1015,7 @@ def integrations_fixture(providers_fixture):
        enabled=True,
        connected=True,
        integration_type="amazon_s3",
-        configuration={"key": "value1"},
+        configuration={"key": "value"},
        credentials={"psswd": "1234"},
    )
    IntegrationProviderRelationship.objects.create(
@@ -1145,127 +1095,6 @@ def latest_scan_finding(authenticated_client, providers_fixture, resources_fixtu
    return finding


-@pytest.fixture(scope="function")
-def latest_scan_resource(authenticated_client, providers_fixture):
-    provider = providers_fixture[0]
-    tenant_id = str(providers_fixture[0].tenant_id)
-    scan = Scan.objects.create(
-        name="latest completed scan for resource",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant_id=tenant_id,
-    )
-    resource = Resource.objects.create(
-        tenant_id=tenant_id,
-        provider=provider,
-        uid="latest_resource_uid",
-        name="Latest Resource",
-        region="us-east-1",
-        service="ec2",
-        type="instance",
-        metadata='{"test": "metadata"}',
-        details='{"test": "details"}',
-    )
-
-    resource_tag = ResourceTag.objects.create(
-        tenant_id=tenant_id,
-        key="environment",
-        value="test",
-    )
-    ResourceTagMapping.objects.create(
-        tenant_id=tenant_id,
-        resource=resource,
-        tag=resource_tag,
-    )
-
-    finding = Finding.objects.create(
-        tenant_id=tenant_id,
-        uid="test_finding_uid_latest",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status extended ",
-        impact=Severity.critical,
-        impact_extended="test impact extended",
-        severity=Severity.critical,
-        raw_result={
-            "status": Status.FAIL,
-            "impact": Severity.critical,
-            "severity": Severity.critical,
-        },
-        tags={"test": "latest"},
-        check_id="test_check_id_latest",
-        check_metadata={
-            "CheckId": "test_check_id_latest",
-            "Description": "test description latest",
-        },
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-
-    backfill_resource_scan_summaries(tenant_id, str(scan.id))
-    return resource
-
-
-@pytest.fixture
-def saml_setup(tenants_fixture):
-    tenant_id = tenants_fixture[0].id
-    domain = "prowler.com"
-
-    SAMLDomainIndex.objects.create(email_domain=domain, tenant_id=tenant_id)
-
-    metadata_xml = """<?xml version='1.0' encoding='UTF-8'?>
-    <md:EntityDescriptor entityID='TEST' xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'>
-    <md:IDPSSODescriptor WantAuthnRequestsSigned='false' protocolSupportEnumeration='urn:oasis:names:tc:SAML:2.0:protocol'>
-        <md:KeyDescriptor use='signing'>
-        <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
-            <ds:X509Data>
-            <ds:X509Certificate>TEST</ds:X509Certificate>
-            </ds:X509Data>
-        </ds:KeyInfo>
-        </md:KeyDescriptor>
-        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
-        <md:SingleSignOnService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' Location='https://TEST/sso/saml'/>
-        <md:SingleSignOnService Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' Location='https://TEST/sso/saml'/>
-    </md:IDPSSODescriptor>
-    </md:EntityDescriptor>
-    """
-    SAMLConfiguration.objects.create(
-        tenant_id=str(tenant_id),
-        email_domain=domain,
-        metadata_xml=metadata_xml,
-    )
-
-    return {
-        "email": f"user@{domain}",
-        "domain": domain,
-        "tenant_id": tenant_id,
-    }
-
-
-@pytest.fixture
-def saml_sociallogin(users_fixture):
-    user = users_fixture[0]
-    user.email = "samlsso@acme.com"
-    extra_data = {
-        "firstName": ["Test"],
-        "lastName": ["User"],
-        "organization": ["Prowler"],
-        "userType": ["member"],
-    }
-
-    account = MagicMock()
-    account.provider = "saml"
-    account.extra_data = extra_data
-
-    sociallogin = MagicMock(spec=SocialLogin)
-    sociallogin.account = account
-    sociallogin.user = user
-
-    return sociallogin
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

@@ -0,0 +1,15 @@
+import django.db
+from django.db.backends.postgresql.base import (
+    DatabaseWrapper as BuiltinPostgresDatabaseWrapper,
+)
+from psycopg2 import InterfaceError
+
+
+class DatabaseWrapper(BuiltinPostgresDatabaseWrapper):
+    def create_cursor(self, name=None):
+        try:
+            return super().create_cursor(name=name)
+        except InterfaceError:
+            django.db.close_old_connections()
+            django.db.connection.connect()
+            return super().create_cursor(name=name)
@@ -3,12 +3,6 @@

 import os
 import sys
-import warnings
-
-# Suppress specific warnings from django-rest-auth: https://github.com/iMerica/dj-rest-auth/issues/684
-warnings.filterwarnings(
-    "ignore", category=UserWarning, module="dj_rest_auth.registration.serializers"
-)


 def main():
@@ -2,10 +2,10 @@ import json
 from datetime import datetime, timedelta, timezone

 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.tasks import perform_scheduled_scan_task

 from api.db_utils import rls_transaction
-from api.exceptions import ConflictException
 from api.models import Provider, Scan, StateChoices


@@ -24,9 +24,15 @@ def schedule_provider_scan(provider_instance: Provider):
    if PeriodicTask.objects.filter(
        interval=schedule, name=task_name, task="scan-perform-scheduled"
    ).exists():
-        raise ConflictException(
-            detail="There is already a scheduled scan for this provider.",
-            pointer="/data/attributes/provider_id",
+        raise ValidationError(
+            [
+                {
+                    "detail": "There is already a scheduled scan for this provider.",
+                    "status": 400,
+                    "source": {"pointer": "/data/attributes/provider_id"},
+                    "code": "invalid",
+                }
+            ]
        )

    with rls_transaction(tenant_id):
@@ -1,13 +1,9 @@
 from datetime import datetime, timezone

-import openai
 from celery.utils.log import get_task_logger

-from api.models import Integration, LighthouseConfiguration, Provider
-from api.utils import (
-    prowler_integration_connection_test,
-    prowler_provider_connection_test,
-)
+from api.models import Provider
+from api.utils import prowler_provider_connection_test

 logger = get_task_logger(__name__)

@@ -43,78 +39,3 @@ def check_provider_connection(provider_id: str):

    connection_error = f"{connection_result.error}" if connection_result.error else None
    return {"connected": connection_result.is_connected, "error": connection_error}
-
-
-def check_lighthouse_connection(lighthouse_config_id: str):
-    """
-    Business logic to check the connection status of a Lighthouse configuration.
-
-    Args:
-        lighthouse_config_id (str): The primary key of the LighthouseConfiguration instance to check.
-
-    Returns:
-        dict: A dictionary containing:
-            - 'connected' (bool): Indicates whether the connection is successful.
-            - 'error' (str or None): The error message if the connection failed, otherwise `None`.
-            - 'available_models' (list): List of available models if connection is successful.
-
-    Raises:
-        Model.DoesNotExist: If the lighthouse configuration does not exist.
-    """
-    lighthouse_config = LighthouseConfiguration.objects.get(pk=lighthouse_config_id)
-
-    if not lighthouse_config.api_key_decoded:
-        lighthouse_config.is_active = False
-        lighthouse_config.save()
-        return {
-            "connected": False,
-            "error": "API key is invalid or missing.",
-            "available_models": [],
-        }
-
-    try:
-        client = openai.OpenAI(api_key=lighthouse_config.api_key_decoded)
-        models = client.models.list()
-        lighthouse_config.is_active = True
-        lighthouse_config.save()
-        return {
-            "connected": True,
-            "error": None,
-            "available_models": [model.id for model in models.data],
-        }
-    except Exception as e:
-        lighthouse_config.is_active = False
-        lighthouse_config.save()
-        return {"connected": False, "error": str(e), "available_models": []}
-
-
-def check_integration_connection(integration_id: str):
-    """
-    Business logic to check the connection status of an integration.
-
-    Args:
-        integration_id (str): The primary key of the Integration instance to check.
-    """
-    integration = Integration.objects.filter(pk=integration_id, enabled=True).first()
-
-    if not integration:
-        logger.info(f"Integration {integration_id} is not enabled")
-        return {"connected": False, "error": "Integration is not enabled"}
-
-    try:
-        result = prowler_integration_connection_test(integration)
-    except Exception as e:
-        logger.warning(
-            f"Unexpected exception checking {integration.integration_type} integration connection: {str(e)}"
-        )
-        raise e
-
-    # Update integration connection status
-    integration.connected = result.is_connected
-    integration.connection_last_checked_at = datetime.now(tz=timezone.utc)
-    integration.save()
-
-    return {
-        "connected": result.is_connected,
-        "error": str(result.error) if result.error else None,
-    }
@@ -1,5 +1,4 @@
 import os
-import re
 import zipfile

 import boto3
@@ -8,12 +7,11 @@ from botocore.exceptions import ClientError, NoCredentialsError, ParamValidation
 from celery.utils.log import get_task_logger
 from django.conf import settings

-from api.db_utils import rls_transaction
-from api.models import Scan
 from prowler.config.config import (
    csv_file_suffix,
    html_file_suffix,
    json_ocsf_file_suffix,
+    output_file_timestamp,
 )
 from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
    AWSWellArchitected,
@@ -21,7 +19,6 @@ from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected im
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
-from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
 from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
@@ -33,7 +30,6 @@ from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
 from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
    KubernetesISO27001,
 )
-from prowler.lib.outputs.compliance.iso27001.iso27001_m365 import M365ISO27001
 from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
@@ -93,10 +89,6 @@ COMPLIANCE_CLASS_MAP = {
    "m365": [
        (lambda name: name.startswith("cis_"), M365CIS),
        (lambda name: name == "prowler_threatscore_m365", ProwlerThreatScoreM365),
-        (lambda name: name.startswith("iso27001_"), M365ISO27001),
-    ],
-    "github": [
-        (lambda name: name.startswith("cis_"), GithubCIS),
    ],
 }

@@ -172,7 +164,7 @@ def get_s3_client():
    return s3_client


-def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
+def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str:
    """
    Upload the specified ZIP file to an S3 bucket.
    If the S3 bucket environment variables are not configured,
@@ -189,7 +181,7 @@ def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
    """
    bucket = base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET
    if not bucket:
-        return
+        return None

    try:
        s3 = get_s3_client()
@@ -246,22 +238,15 @@ def _generate_output_directory(
        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
    """
-    # Sanitize the prowler provider name to ensure it is a valid directory name
-    prowler_provider_sanitized = re.sub(r"[^\w\-]", "-", prowler_provider)
-
-    with rls_transaction(tenant_id):
-        started_at = Scan.objects.get(id=scan_id).started_at
-
-    timestamp = started_at.strftime("%Y%m%d%H%M%S")
    path = (
        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
+        f"{prowler_provider}-{output_file_timestamp}"
    )
    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)

    compliance_path = (
        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
+        f"{prowler_provider}-{output_file_timestamp}"
    )
    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)

@@ -1,156 +0,0 @@
-import os
-from glob import glob
-
-from celery.utils.log import get_task_logger
-
-from api.db_utils import rls_transaction
-from api.models import Integration
-from prowler.lib.outputs.asff.asff import ASFF
-from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
-from prowler.lib.outputs.csv.csv import CSV
-from prowler.lib.outputs.html.html import HTML
-from prowler.lib.outputs.ocsf.ocsf import OCSF
-from prowler.providers.aws.lib.s3.s3 import S3
-from prowler.providers.common.models import Connection
-
-logger = get_task_logger(__name__)
-
-
-def get_s3_client_from_integration(
-    integration: Integration,
-) -> tuple[bool, S3 | Connection]:
-    """
-    Create and return a boto3 S3 client using AWS credentials from an integration.
-
-    Args:
-        integration (Integration): The integration to get the S3 client from.
-
-    Returns:
-        tuple[bool, S3 | Connection]: A tuple containing a boolean indicating if the connection was successful and the S3 client or connection object.
-    """
-    s3 = S3(
-        **integration.credentials,
-        bucket_name=integration.configuration["bucket_name"],
-        output_directory=integration.configuration["output_directory"],
-    )
-
-    connection = s3.test_connection(
-        **integration.credentials,
-        bucket_name=integration.configuration["bucket_name"],
-    )
-
-    if connection.is_connected:
-        return True, s3
-
-    return False, connection
-
-
-def upload_s3_integration(
-    tenant_id: str, provider_id: str, output_directory: str
-) -> bool:
-    """
-    Upload the specified output files to an S3 bucket from an integration.
-    Reconstructs output objects from files in the output directory instead of using serialized data.
-
-    Args:
-        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
-        provider_id (str): The provider identifier, used as part of the S3 key prefix.
-        output_directory (str): Path to the directory containing output files.
-
-    Returns:
-        bool: True if all integrations were executed, False otherwise.
-
-    Raises:
-        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
-    """
-    logger.info(f"Processing S3 integrations for provider {provider_id}")
-
-    try:
-        with rls_transaction(tenant_id):
-            integrations = list(
-                Integration.objects.filter(
-                    integrationproviderrelationship__provider_id=provider_id,
-                    integration_type=Integration.IntegrationChoices.AMAZON_S3,
-                    enabled=True,
-                )
-            )
-
-        if not integrations:
-            logger.error(f"No S3 integrations found for provider {provider_id}")
-            return False
-
-        integration_executions = 0
-        for integration in integrations:
-            try:
-                connected, s3 = get_s3_client_from_integration(integration)
-            except Exception as e:
-                logger.info(
-                    f"S3 connection failed for integration {integration.id}: {e}"
-                )
-                integration.connected = False
-                integration.save()
-                continue
-
-            if connected:
-                try:
-                    # Reconstruct generated_outputs from files in output directory
-                    # This approach scans the output directory for files and creates the appropriate
-                    # output objects based on file extensions and naming patterns.
-                    generated_outputs = {"regular": [], "compliance": []}
-
-                    # Find and recreate regular outputs (CSV, HTML, OCSF)
-                    output_file_patterns = {
-                        ".csv": CSV,
-                        ".html": HTML,
-                        ".ocsf.json": OCSF,
-                        ".asff.json": ASFF,
-                    }
-
-                    base_dir = os.path.dirname(output_directory)
-                    for extension, output_class in output_file_patterns.items():
-                        pattern = f"{output_directory}*{extension}"
-                        for file_path in glob(pattern):
-                            if os.path.exists(file_path):
-                                output = output_class(findings=[], file_path=file_path)
-                                output.create_file_descriptor(file_path)
-                                generated_outputs["regular"].append(output)
-
-                    # Find and recreate compliance outputs
-                    compliance_pattern = os.path.join(base_dir, "compliance", "*.csv")
-                    for file_path in glob(compliance_pattern):
-                        if os.path.exists(file_path):
-                            output = GenericCompliance(
-                                findings=[],
-                                compliance=None,
-                                file_path=file_path,
-                                file_extension=".csv",
-                            )
-                            output.create_file_descriptor(file_path)
-                            generated_outputs["compliance"].append(output)
-
-                    # Use send_to_bucket with recreated generated_outputs objects
-                    s3.send_to_bucket(generated_outputs)
-                except Exception as e:
-                    logger.error(
-                        f"S3 upload failed for integration {integration.id}: {e}"
-                    )
-                    continue
-                integration_executions += 1
-            else:
-                integration.connected = False
-                integration.save()
-                logger.error(
-                    f"S3 upload failed, connection failed for integration {integration.id}: {s3.error}"
-                )
-
-        result = integration_executions == len(integrations)
-        if result:
-            logger.info(
-                f"All the S3 integrations completed successfully for provider {provider_id}"
-            )
-        else:
-            logger.info(f"Some S3 integrations failed for provider {provider_id}")
-        return result
-    except Exception as e:
-        logger.error(f"S3 integrations failed for provider {provider_id}: {str(e)}")
-        return False
@@ -1,29 +1,22 @@
 import json
 import time
-from collections import defaultdict
 from copy import deepcopy
 from datetime import datetime, timezone

 from celery.utils.log import get_task_logger
 from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
 from django.db import IntegrityError, OperationalError
-from django.db.models import Case, Count, IntegerField, Prefetch, Sum, When
+from django.db.models import Case, Count, IntegerField, Sum, When
 from tasks.utils import CustomEncoder

 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import (
-    create_objects_in_batches,
-    rls_transaction,
-    update_objects_in_batches,
-)
-from api.exceptions import ProviderConnectionError
+from api.db_utils import create_objects_in_batches, rls_transaction
 from api.models import (
    ComplianceRequirementOverview,
    Finding,
-    Processor,
    Provider,
    Resource,
    ResourceScanSummary,
@@ -33,7 +26,7 @@ from api.models import (
    StateChoices,
 )
 from api.models import StatusChoices as FindingStatus
-from api.utils import initialize_prowler_provider, return_prowler_provider
+from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
 from prowler.lib.outputs.finding import Finding as ProwlerFinding
 from prowler.lib.scan.scan import Scan as ProwlerScan
@@ -108,10 +101,7 @@ def _store_resources(


 def perform_prowler_scan(
-    tenant_id: str,
-    scan_id: str,
-    provider_id: str,
-    checks_to_execute: list[str] | None = None,
+    tenant_id: str, scan_id: str, provider_id: str, checks_to_execute: list[str] = None
 ):
    """
    Perform a scan using Prowler and store the findings and resources in the database.
@@ -142,28 +132,14 @@ def perform_prowler_scan(
        scan_instance.started_at = datetime.now(tz=timezone.utc)
        scan_instance.save()

-    # Find the mutelist processor if it exists
-    with rls_transaction(tenant_id):
-        try:
-            mutelist_processor = Processor.objects.get(
-                tenant_id=tenant_id, processor_type=Processor.ProcessorChoices.MUTELIST
-            )
-        except Processor.DoesNotExist:
-            mutelist_processor = None
-        except Exception as e:
-            logger.error(f"Error processing mutelist rules: {e}")
-            mutelist_processor = None
-
    try:
        with rls_transaction(tenant_id):
            try:
-                prowler_provider = initialize_prowler_provider(
-                    provider_instance, mutelist_processor
-                )
+                prowler_provider = initialize_prowler_provider(provider_instance)
                provider_instance.connected = True
            except Exception as e:
                provider_instance.connected = False
-                exc = ProviderConnectionError(
+                exc = ValueError(
                    f"Provider {provider_instance.provider} is not connected: {e}"
                )
            finally:
@@ -173,8 +149,7 @@ def perform_prowler_scan(
                provider_instance.save()

        # If the provider is not connected, raise an exception outside the transaction.
-        # If raised within the transaction, the transaction will be rolled back and the provider will not be marked
-        # as not connected.
+        # If raised within the transaction, the transaction will be rolled back and the provider will not be marked as not connected.
        if exc:
            raise exc

@@ -183,7 +158,6 @@ def perform_prowler_scan(
        resource_cache = {}
        tag_cache = {}
        last_status_cache = {}
-        resource_failed_findings_cache = defaultdict(int)

        for progress, findings in prowler_scan.scan():
            for finding in findings:
@@ -209,9 +183,6 @@ def perform_prowler_scan(
                                    },
                                )
                                resource_cache[resource_uid] = resource_instance
-
-                                # Initialize all processed resources in the cache
-                                resource_failed_findings_cache[resource_uid] = 0
                            else:
                                resource_instance = resource_cache[resource_uid]

@@ -302,9 +273,6 @@ def perform_prowler_scan(
                    if not last_first_seen_at:
                        last_first_seen_at = datetime.now(tz=timezone.utc)

-                    # If the finding is muted at this time the reason must be the configured Mutelist
-                    muted_reason = "Muted by mutelist" if finding.muted else None
-
                    # Create the finding
                    finding_instance = Finding.objects.create(
                        tenant_id=tenant_id,
@@ -320,16 +288,10 @@ def perform_prowler_scan(
                        scan=scan_instance,
                        first_seen_at=last_first_seen_at,
                        muted=finding.muted,
-                        muted_reason=muted_reason,
                        compliance=finding.compliance,
                    )
                    finding_instance.add_resources([resource_instance])

-                    # Increment failed_findings_count cache if the finding status is FAIL and not muted
-                    if status == FindingStatus.FAIL and not finding.muted:
-                        resource_uid = finding.resource_uid
-                        resource_failed_findings_cache[resource_uid] += 1
-
                # Update scan resource summaries
                scan_resource_cache.add(
                    (
@@ -347,24 +309,6 @@ def perform_prowler_scan(

        scan_instance.state = StateChoices.COMPLETED

-        # Update failed_findings_count for all resources in batches if scan completed successfully
-        if resource_failed_findings_cache:
-            resources_to_update = []
-            for resource_uid, failed_count in resource_failed_findings_cache.items():
-                if resource_uid in resource_cache:
-                    resource_instance = resource_cache[resource_uid]
-                    resource_instance.failed_findings_count = failed_count
-                    resources_to_update.append(resource_instance)
-
-            if resources_to_update:
-                update_objects_in_batches(
-                    tenant_id=tenant_id,
-                    model=Resource,
-                    objects=resources_to_update,
-                    fields=["failed_findings_count"],
-                    batch_size=1000,
-                )
-
    except Exception as e:
        logger.error(f"Error performing scan {scan_id}: {e}")
        exception = e
@@ -417,9 +361,6 @@ def aggregate_findings(tenant_id: str, scan_id: str):
    changed, unchanged). The results are grouped by `check_id`, `service`, `severity`, and `region`.
    These aggregated metrics are then stored in the `ScanSummary` table.

-    Additionally, it updates the failed_findings_count field for each resource based on the most
-    recent findings for each finding.uid.
-
    Args:
        tenant_id (str): The ID of the tenant to which the scan belongs.
        scan_id (str): The ID of the scan for which findings need to be aggregated.
@@ -585,30 +526,21 @@ def create_compliance_requirements(tenant_id: str, scan_id: str):
        with rls_transaction(tenant_id):
            scan_instance = Scan.objects.get(pk=scan_id)
            provider_instance = scan_instance.provider
-            prowler_provider = return_prowler_provider(provider_instance)
+            prowler_provider = initialize_prowler_provider(provider_instance)

        # Get check status data by region from findings
-        findings = (
-            Finding.all_objects.filter(scan_id=scan_id, muted=False)
-            .only("id", "check_id", "status")
-            .prefetch_related(
-                Prefetch(
-                    "resources",
-                    queryset=Resource.objects.only("id", "region"),
-                    to_attr="small_resources",
-                )
-            )
-            .iterator(chunk_size=1000)
-        )
-
        check_status_by_region = {}
        with rls_transaction(tenant_id):
+            findings = Finding.objects.filter(scan_id=scan_id, muted=False)
            for finding in findings:
-                for resource in finding.small_resources:
+                # Get region from resources
+                for resource in finding.resources.all():
                    region = resource.region
-                    current_status = check_status_by_region.setdefault(region, {})
-                    if current_status.get(finding.check_id) != "FAIL":
-                        current_status[finding.check_id] = finding.status
+                    region_dict = check_status_by_region.setdefault(region, {})
+                    current_status = region_dict.get(finding.check_id)
+                    if current_status == "FAIL":
+                        continue
+                    region_dict[finding.check_id] = finding.status

        try:
            # Try to get regions from provider
@@ -2,17 +2,13 @@ from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from shutil import rmtree

-from celery import chain, group, shared_task
+from celery import chain, shared_task
 from celery.utils.log import get_task_logger
 from config.celery import RLSTask
 from config.django.base import DJANGO_FINDINGS_BATCH_SIZE, DJANGO_TMP_OUTPUT_DIRECTORY
 from django_celery_beat.models import PeriodicTask
 from tasks.jobs.backfill import backfill_resource_scan_summaries
-from tasks.jobs.connection import (
-    check_integration_connection,
-    check_lighthouse_connection,
-    check_provider_connection,
-)
+from tasks.jobs.connection import check_provider_connection
 from tasks.jobs.deletion import delete_provider, delete_tenant
 from tasks.jobs.export import (
    COMPLIANCE_CLASS_MAP,
@@ -21,7 +17,6 @@ from tasks.jobs.export import (
    _generate_output_directory,
    _upload_to_s3,
 )
-from tasks.jobs.integrations import upload_s3_integration
 from tasks.jobs.scan import (
    aggregate_findings,
    create_compliance_requirements,
@@ -32,7 +27,7 @@ from tasks.utils import batched, get_next_execution_datetime
 from api.compliance import get_compliance_frameworks
 from api.db_utils import rls_transaction
 from api.decorators import set_tenant
-from api.models import Finding, Integration, Provider, Scan, ScanSummary, StateChoices
+from api.models import Finding, Provider, Scan, ScanSummary, StateChoices
 from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
 from prowler.lib.check.compliance_models import Compliance
@@ -42,30 +37,6 @@ from prowler.lib.outputs.finding import Finding as FindingOutput
 logger = get_task_logger(__name__)


-def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str):
-    """
-    Helper function to perform tasks after a scan is completed.
-
-    Args:
-        tenant_id (str): The tenant ID under which the scan was performed.
-        scan_id (str): The ID of the scan that was performed.
-        provider_id (str): The primary key of the Provider instance that was scanned.
-    """
-    create_compliance_requirements_task.apply_async(
-        kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
-    )
-    chain(
-        perform_scan_summary_task.si(tenant_id=tenant_id, scan_id=scan_id),
-        generate_outputs_task.si(
-            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
-        ),
-        check_integrations_task.si(
-            tenant_id=tenant_id,
-            provider_id=provider_id,
-        ),
-    ).apply_async()
-
-
@shared_task(base=RLSTask, name="provider-connection-check")
@set_tenant
 def check_provider_connection_task(provider_id: str):
@@ -83,18 +54,6 @@ def check_provider_connection_task(provider_id: str):
    return check_provider_connection(provider_id=provider_id)


-@shared_task(base=RLSTask, name="integration-connection-check")
-@set_tenant
-def check_integration_connection_task(integration_id: str):
-    """
-    Task to check the connection status of an integration.
-
-    Args:
-        integration_id (str): The primary key of the Integration instance to check.
-    """
-    return check_integration_connection(integration_id=integration_id)
-
-
@shared_task(
    base=RLSTask, name="provider-deletion", queue="deletion", autoretry_for=(Exception,)
 )
@@ -144,7 +103,13 @@ def perform_scan_task(
        checks_to_execute=checks_to_execute,
    )

-    _perform_scan_complete_tasks(tenant_id, scan_id, provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_id),
+        create_compliance_requirements_task.si(tenant_id=tenant_id, scan_id=scan_id),
+        generate_outputs.si(
+            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result

@@ -249,12 +214,20 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
                scheduler_task_id=periodic_task_instance.id,
            )

-    _perform_scan_complete_tasks(tenant_id, str(scan_instance.id), provider_id)
+    chain(
+        perform_scan_summary_task.si(tenant_id, scan_instance.id),
+        create_compliance_requirements_task.si(
+            tenant_id=tenant_id, scan_id=str(scan_instance.id)
+        ),
+        generate_outputs.si(
+            scan_id=str(scan_instance.id), provider_id=provider_id, tenant_id=tenant_id
+        ),
+    ).apply_async()

    return result


-@shared_task(name="scan-summary", queue="overview")
+@shared_task(name="scan-summary")
 def perform_scan_summary_task(tenant_id: str, scan_id: str):
    return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)

@@ -270,7 +243,7 @@ def delete_tenant_task(tenant_id: str):
    queue="scan-reports",
 )
@set_tenant(keep_tenant=True)
-def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
+def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
    """
    Process findings in batches and generate output files in multiple formats.

@@ -382,34 +355,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
    compressed = _compress_output_files(out_dir)
    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)

-    # S3 integrations (need output_directory)
-    with rls_transaction(tenant_id):
-        s3_integrations = Integration.objects.filter(
-            integrationproviderrelationship__provider_id=provider_id,
-            integration_type=Integration.IntegrationChoices.AMAZON_S3,
-            enabled=True,
-        )
-
-    if s3_integrations:
-        # Pass the output directory path to S3 integration task to reconstruct objects from files
-        s3_integration_task.apply_async(
-            kwargs={
-                "tenant_id": tenant_id,
-                "provider_id": provider_id,
-                "output_directory": out_dir,
-            }
-        ).get(
-            disable_sync_subtasks=False
-        )  # TODO: This synchronous execution is NOT recommended
-        # We're forced to do this because we need the files to exist before deletion occurs.
-        # Once we have the periodic file cleanup task implemented, we should:
-        # 1. Remove this .get() call and make it fully async
-        # 2. For Cloud deployments, develop a secondary approach where outputs are stored
-        #    directly in S3 and read from there, eliminating local file dependencies
-
    if upload_uri:
-        # TODO: We need to create a new periodic task to delete the output files
-        # This task shouldn't be responsible for deleting the output files
        try:
            rmtree(Path(compressed).parent, ignore_errors=True)
        except Exception as e:
@@ -420,10 +366,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):

    Scan.all_objects.filter(id=scan_id).update(output_location=final_location)
    logger.info(f"Scan outputs at {final_location}")
-
-    return {
-        "upload": did_upload,
-    }
+    return {"upload": did_upload}


@shared_task(name="backfill-scan-resource-summaries", queue="backfill")
@@ -438,7 +381,7 @@ def backfill_scan_resource_summaries_task(tenant_id: str, scan_id: str):
    return backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(base=RLSTask, name="scan-compliance-overviews", queue="overview")
+@shared_task(base=RLSTask, name="scan-compliance-overviews")
 def create_compliance_requirements_task(tenant_id: str, scan_id: str):
    """
    Creates detailed compliance requirement records for a scan.
@@ -452,92 +395,3 @@ def create_compliance_requirements_task(tenant_id: str, scan_id: str):
        scan_id (str): The ID of the scan for which to create records.
    """
    return create_compliance_requirements(tenant_id=tenant_id, scan_id=scan_id)
-
-
-@shared_task(base=RLSTask, name="lighthouse-connection-check")
-@set_tenant
-def check_lighthouse_connection_task(lighthouse_config_id: str, tenant_id: str = None):
-    """
-    Task to check the connection status of a Lighthouse configuration.
-
-    Args:
-        lighthouse_config_id (str): The primary key of the LighthouseConfiguration instance to check.
-        tenant_id (str): The tenant ID for the task.
-
-    Returns:
-        dict: A dictionary containing:
-            - 'connected' (bool): Indicates whether the connection is successful.
-            - 'error' (str or None): The error message if the connection failed, otherwise `None`.
-            - 'available_models' (list): List of available models if connection is successful.
-    """
-    return check_lighthouse_connection(lighthouse_config_id=lighthouse_config_id)
-
-
-@shared_task(name="integration-check")
-def check_integrations_task(tenant_id: str, provider_id: str):
-    """
-    Check and execute all configured integrations for a provider.
-
-    Args:
-        tenant_id (str): The tenant identifier
-        provider_id (str): The provider identifier
-    """
-    logger.info(f"Checking integrations for provider {provider_id}")
-
-    try:
-        with rls_transaction(tenant_id):
-            integrations = Integration.objects.filter(
-                integrationproviderrelationship__provider_id=provider_id,
-                enabled=True,
-            )
-
-            if not integrations.exists():
-                logger.info(f"No integrations configured for provider {provider_id}")
-                return {"integrations_processed": 0}
-
-        integration_tasks = []
-
-        # TODO: Add other integration types here
-        # slack_integrations = integrations.filter(
-        #     integration_type=Integration.IntegrationChoices.SLACK
-        # )
-        # if slack_integrations.exists():
-        #     integration_tasks.append(
-        #        slack_integration_task.s(
-        #            tenant_id=tenant_id,
-        #            provider_id=provider_id,
-        #        )
-        #     )
-
-    except Exception as e:
-        logger.error(f"Integration check failed for provider {provider_id}: {str(e)}")
-        return {"integrations_processed": 0, "error": str(e)}
-
-    # Execute all integration tasks in parallel if any were found
-    if integration_tasks:
-        job = group(integration_tasks)
-        job.apply_async()
-        logger.info(f"Launched {len(integration_tasks)} integration task(s)")
-
-    return {"integrations_processed": len(integration_tasks)}
-
-
-@shared_task(
-    base=RLSTask,
-    name="integration-s3",
-    queue="integrations",
-)
-def s3_integration_task(
-    tenant_id: str,
-    provider_id: str,
-    output_directory: str,
-):
-    """
-    Process S3 integrations for a provider.
-
-    Args:
-        tenant_id (str): The tenant identifier
-        provider_id (str): The provider identifier
-        output_directory (str): Path to the directory containing output files
-    """
-    return upload_s3_integration(tenant_id, provider_id, output_directory)
@@ -3,9 +3,9 @@ from unittest.mock import patch

 import pytest
 from django_celery_beat.models import IntervalSchedule, PeriodicTask
+from rest_framework_json_api.serializers import ValidationError
 from tasks.beat import schedule_provider_scan

-from api.exceptions import ConflictException
 from api.models import Scan


@@ -48,29 +48,10 @@ class TestScheduleProviderScan:
        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
            schedule_provider_scan(provider_instance)

-        # Now, try scheduling again, should raise ConflictException
-        with pytest.raises(ConflictException) as exc_info:
+        # Now, try scheduling again, should raise ValidationError
+        with pytest.raises(ValidationError) as exc_info:
            schedule_provider_scan(provider_instance)

        assert "There is already a scheduled scan for this provider." in str(
            exc_info.value
        )
-
-    def test_remove_periodic_task(self, providers_fixture):
-        provider_instance = providers_fixture[0]
-
-        assert Scan.objects.count() == 0
-        with patch("tasks.tasks.perform_scheduled_scan_task.apply_async"):
-            schedule_provider_scan(provider_instance)
-
-        assert Scan.objects.count() == 1
-        scan = Scan.objects.first()
-        periodic_task = scan.scheduler_task
-        assert periodic_task is not None
-
-        periodic_task.delete()
-
-        scan.refresh_from_db()
-        # Assert the scan still exists but its scheduler_task is set to None
-        # Otherwise, Scan.DoesNotExist would be raised
-        assert Scan.objects.get(id=scan.id).scheduler_task is None
@@ -1,15 +1,10 @@
-import uuid
 from datetime import datetime, timezone
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch, MagicMock

 import pytest
-from tasks.jobs.connection import (
-    check_integration_connection,
-    check_lighthouse_connection,
-    check_provider_connection,
-)

-from api.models import Integration, LighthouseConfiguration, Provider
+from api.models import Provider
+from tasks.jobs.connection import check_provider_connection


@pytest.mark.parametrize(
@@ -75,185 +70,3 @@ def test_check_provider_connection_exception(

    mock_provider_instance.save.assert_called_once()
    assert mock_provider_instance.connected is False
-
-
-@pytest.mark.parametrize(
-    "lighthouse_data",
-    [
-        {
-            "name": "OpenAI",
-            "api_key_decoded": "sk-test1234567890T3BlbkFJtest1234567890",
-            "model": "gpt-4o",
-            "temperature": 0,
-            "max_tokens": 4000,
-            "business_context": "Test business context",
-            "is_active": True,
-        },
-    ],
-)
-@patch("tasks.jobs.connection.openai.OpenAI")
-@pytest.mark.django_db
-def test_check_lighthouse_connection(
-    mock_openai_client, tenants_fixture, lighthouse_data
-):
-    lighthouse_config = LighthouseConfiguration.objects.create(
-        **lighthouse_data, tenant_id=tenants_fixture[0].id
-    )
-
-    mock_models = MagicMock()
-    mock_models.data = [MagicMock(id="gpt-4o"), MagicMock(id="gpt-4o-mini")]
-    mock_openai_client.return_value.models.list.return_value = mock_models
-
-    result = check_lighthouse_connection(
-        lighthouse_config_id=str(lighthouse_config.id),
-    )
-    lighthouse_config.refresh_from_db()
-
-    mock_openai_client.assert_called_once_with(
-        api_key=lighthouse_data["api_key_decoded"]
-    )
-    assert lighthouse_config.is_active is True
-    assert result["connected"] is True
-    assert result["error"] is None
-    assert result["available_models"] == ["gpt-4o", "gpt-4o-mini"]
-
-
-@patch("tasks.jobs.connection.LighthouseConfiguration.objects.get")
-@pytest.mark.django_db
-def test_check_lighthouse_connection_missing_api_key(mock_lighthouse_get):
-    mock_lighthouse_instance = MagicMock()
-    mock_lighthouse_instance.api_key_decoded = None
-    mock_lighthouse_get.return_value = mock_lighthouse_instance
-
-    result = check_lighthouse_connection("lighthouse_config_id")
-
-    assert result["connected"] is False
-    assert result["error"] == "API key is invalid or missing."
-    assert result["available_models"] == []
-    assert mock_lighthouse_instance.is_active is False
-    mock_lighthouse_instance.save.assert_called_once()
-
-
-@pytest.mark.django_db
-class TestCheckIntegrationConnection:
-    def setup_method(self):
-        self.integration_id = str(uuid.uuid4())
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_success(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test successful integration connection check with enabled=True filter."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-        mock_integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        mock_connection_result = MagicMock()
-        mock_connection_result.is_connected = True
-        mock_connection_result.error = None
-        mock_prowler_test.return_value = mock_connection_result
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-        mock_prowler_test.assert_called_once_with(mock_integration)
-
-        # Verify the integration properties were updated
-        assert mock_integration.connected is True
-        assert mock_integration.connection_last_checked_at is not None
-        mock_integration.save.assert_called_once()
-
-        # Verify the return value
-        assert result["connected"] is True
-        assert result["error"] is None
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_failure(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test failed integration connection check."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        test_error = Exception("Connection failed")
-        mock_connection_result = MagicMock()
-        mock_connection_result.is_connected = False
-        mock_connection_result.error = test_error
-        mock_prowler_test.return_value = mock_connection_result
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-
-        # Verify the integration properties were updated
-        assert mock_integration.connected is False
-        assert mock_integration.connection_last_checked_at is not None
-        mock_integration.save.assert_called_once()
-
-        # Verify the return value
-        assert result["connected"] is False
-        assert result["error"] == str(test_error)
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    def test_check_integration_connection_not_enabled(self, mock_integration_filter):
-        """Test that disabled integrations return proper error response."""
-        # Mock that no enabled integration is found
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = None
-        mock_integration_filter.return_value = mock_queryset
-
-        result = check_integration_connection(integration_id=self.integration_id)
-
-        # Verify the filter was called with enabled=True
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-
-        # Verify the return value matches the expected error response
-        assert result["connected"] is False
-        assert result["error"] == "Integration is not enabled"
-
-    @patch("tasks.jobs.connection.Integration.objects.filter")
-    @patch("tasks.jobs.connection.prowler_integration_connection_test")
-    def test_check_integration_connection_exception(
-        self, mock_prowler_test, mock_integration_filter
-    ):
-        """Test integration connection check when prowler test raises exception."""
-        mock_integration = MagicMock()
-        mock_integration.id = self.integration_id
-
-        mock_queryset = MagicMock()
-        mock_queryset.first.return_value = mock_integration
-        mock_integration_filter.return_value = mock_queryset
-
-        test_exception = Exception("Unexpected error during connection test")
-        mock_prowler_test.side_effect = test_exception
-
-        with pytest.raises(Exception, match="Unexpected error during connection test"):
-            check_integration_connection(integration_id=self.integration_id)
-
-        # Verify that Integration.objects.filter was called with enabled=True filter
-        mock_integration_filter.assert_called_once_with(
-            pk=self.integration_id, enabled=True
-        )
-        mock_queryset.first.assert_called_once()
-        mock_prowler_test.assert_called_once_with(mock_integration)
@@ -1,7 +1,5 @@
 import os
-import uuid
 import zipfile
-from datetime import datetime
 from pathlib import Path
 from unittest.mock import MagicMock, patch

@@ -129,26 +127,14 @@ class TestOutputs:
        _upload_to_s3("tenant", str(zip_path), "scan")
        mock_logger.assert_called()

-    @patch("tasks.jobs.export.rls_transaction")
-    @patch("tasks.jobs.export.Scan")
-    def test_generate_output_directory_creates_paths(
-        self, mock_scan, mock_rls_transaction, tmpdir
-    ):
-        # Mock the scan object with a started_at timestamp
-        mock_scan_instance = MagicMock()
-        mock_scan_instance.started_at = datetime(2023, 6, 15, 10, 30, 45)
-        mock_scan.objects.get.return_value = mock_scan_instance
-
-        # Mock rls_transaction as a context manager
-        mock_rls_transaction.return_value.__enter__ = MagicMock()
-        mock_rls_transaction.return_value.__exit__ = MagicMock(return_value=False)
+    def test_generate_output_directory_creates_paths(self, tmpdir):
+        from prowler.config.config import output_file_timestamp

        base_tmp = Path(str(tmpdir.mkdir("generate_output")))
        base_dir = str(base_tmp)
-        tenant_id = str(uuid.uuid4())
-        scan_id = str(uuid.uuid4())
+        tenant_id = "t1"
+        scan_id = "s1"
        provider = "aws"
-        expected_timestamp = "20230615103045"

        path, compliance = _generate_output_directory(
            base_dir, provider, tenant_id, scan_id
@@ -157,36 +143,5 @@ class TestOutputs:
        assert os.path.isdir(os.path.dirname(path))
        assert os.path.isdir(os.path.dirname(compliance))

-        assert path.endswith(f"{provider}-{expected_timestamp}")
-        assert compliance.endswith(f"{provider}-{expected_timestamp}")
-
-    @patch("tasks.jobs.export.rls_transaction")
-    @patch("tasks.jobs.export.Scan")
-    def test_generate_output_directory_invalid_character(
-        self, mock_scan, mock_rls_transaction, tmpdir
-    ):
-        # Mock the scan object with a started_at timestamp
-        mock_scan_instance = MagicMock()
-        mock_scan_instance.started_at = datetime(2023, 6, 15, 10, 30, 45)
-        mock_scan.objects.get.return_value = mock_scan_instance
-
-        # Mock rls_transaction as a context manager
-        mock_rls_transaction.return_value.__enter__ = MagicMock()
-        mock_rls_transaction.return_value.__exit__ = MagicMock(return_value=False)
-
-        base_tmp = Path(str(tmpdir.mkdir("generate_output")))
-        base_dir = str(base_tmp)
-        tenant_id = str(uuid.uuid4())
-        scan_id = str(uuid.uuid4())
-        provider = "aws/test@check"
-        expected_timestamp = "20230615103045"
-
-        path, compliance = _generate_output_directory(
-            base_dir, provider, tenant_id, scan_id
-        )
-
-        assert os.path.isdir(os.path.dirname(path))
-        assert os.path.isdir(os.path.dirname(compliance))
-
-        assert path.endswith(f"aws-test-check-{expected_timestamp}")
-        assert compliance.endswith(f"aws-test-check-{expected_timestamp}")
+        assert path.endswith(f"{provider}-{output_file_timestamp}")
+        assert compliance.endswith(f"{provider}-{output_file_timestamp}")
@@ -1,475 +0,0 @@
-from unittest.mock import MagicMock, patch
-
-import pytest
-from tasks.jobs.integrations import (
-    get_s3_client_from_integration,
-    upload_s3_integration,
-)
-
-from api.models import Integration
-from api.utils import prowler_integration_connection_test
-from prowler.providers.common.models import Connection
-
-
-@pytest.mark.django_db
-class TestS3IntegrationUploads:
-    @patch("tasks.jobs.integrations.S3")
-    def test_get_s3_client_from_integration_success(self, mock_s3_class):
-        mock_integration = MagicMock()
-        mock_integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test-prefix",
-        }
-
-        mock_s3 = MagicMock()
-        mock_connection = MagicMock()
-        mock_connection.is_connected = True
-        mock_s3.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3
-
-        connected, s3 = get_s3_client_from_integration(mock_integration)
-
-        assert connected is True
-        assert s3 == mock_s3
-        mock_s3_class.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-            output_directory="test-prefix",
-        )
-        mock_s3.test_connection.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-        )
-
-    @patch("tasks.jobs.integrations.S3")
-    def test_get_s3_client_from_integration_failure(self, mock_s3_class):
-        mock_integration = MagicMock()
-        mock_integration.credentials = {}
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test-prefix",
-        }
-
-        from prowler.providers.common.models import Connection
-
-        mock_connection = Connection()
-        mock_connection.is_connected = False
-        mock_connection.error = Exception("test error")
-
-        mock_s3 = MagicMock()
-        mock_s3.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3
-
-        connected, connection = get_s3_client_from_integration(mock_integration)
-
-        assert connected is False
-        assert isinstance(connection, Connection)
-        assert str(connection.error) == "test error"
-
-    @patch("tasks.jobs.integrations.GenericCompliance")
-    @patch("tasks.jobs.integrations.ASFF")
-    @patch("tasks.jobs.integrations.OCSF")
-    @patch("tasks.jobs.integrations.HTML")
-    @patch("tasks.jobs.integrations.CSV")
-    @patch("tasks.jobs.integrations.glob")
-    @patch("tasks.jobs.integrations.get_s3_client_from_integration")
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    def test_upload_s3_integration_uploads_serialized_outputs(
-        self,
-        mock_integration_model,
-        mock_rls,
-        mock_get_s3,
-        mock_glob,
-        mock_csv,
-        mock_html,
-        mock_ocsf,
-        mock_asff,
-        mock_compliance,
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.configuration = {
-            "bucket_name": "bucket",
-            "output_directory": "prefix",
-        }
-        mock_integration_model.objects.filter.return_value = [integration]
-
-        mock_s3 = MagicMock()
-        mock_get_s3.return_value = (True, mock_s3)
-
-        # Mock the output classes to return mock instances
-        mock_csv_instance = MagicMock()
-        mock_html_instance = MagicMock()
-        mock_ocsf_instance = MagicMock()
-        mock_asff_instance = MagicMock()
-        mock_compliance_instance = MagicMock()
-
-        mock_csv.return_value = mock_csv_instance
-        mock_html.return_value = mock_html_instance
-        mock_ocsf.return_value = mock_ocsf_instance
-        mock_asff.return_value = mock_asff_instance
-        mock_compliance.return_value = mock_compliance_instance
-
-        # Mock glob to return test files
-        output_directory = "/tmp/prowler_output/scan123"
-        mock_glob.side_effect = [
-            ["/tmp/prowler_output/scan123.csv"],
-            ["/tmp/prowler_output/scan123.html"],
-            ["/tmp/prowler_output/scan123.ocsf.json"],
-            ["/tmp/prowler_output/scan123.asff.json"],
-            ["/tmp/prowler_output/compliance/compliance.csv"],
-        ]
-
-        with patch("os.path.exists", return_value=True):
-            with patch("os.getenv", return_value="/tmp/prowler_api_output"):
-                result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is True
-        mock_s3.send_to_bucket.assert_called_once()
-
-    @patch("tasks.jobs.integrations.get_s3_client_from_integration")
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_fails_connection_logs_error(
-        self, mock_logger, mock_integration_model, mock_rls, mock_get_s3
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.connected = True
-        mock_s3_client = MagicMock()
-        mock_s3_client.error = "Connection failed"
-
-        mock_integration_model.objects.filter.return_value = [integration]
-        mock_get_s3.return_value = (False, mock_s3_client)
-
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        integration.save.assert_called_once()
-        assert integration.connected is False
-        mock_logger.error.assert_any_call(
-            "S3 upload failed, connection failed for integration i-1: Connection failed"
-        )
-
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_logs_if_no_integrations(
-        self, mock_logger, mock_integration_model, mock_rls
-    ):
-        mock_integration_model.objects.filter.return_value = []
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration("tenant", "provider", output_directory)
-
-        assert result is False
-        mock_logger.error.assert_called_once_with(
-            "No S3 integrations found for provider provider"
-        )
-
-    @patch(
-        "tasks.jobs.integrations.get_s3_client_from_integration",
-        side_effect=Exception("failed"),
-    )
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration")
-    @patch("tasks.jobs.integrations.logger")
-    def test_upload_s3_integration_logs_connection_exception_and_continues(
-        self, mock_logger, mock_integration_model, mock_rls, mock_get_s3
-    ):
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-
-        integration = MagicMock()
-        integration.id = "i-1"
-        integration.configuration = {
-            "bucket_name": "bucket",
-            "output_directory": "prefix",
-        }
-        mock_integration_model.objects.filter.return_value = [integration]
-
-        output_directory = "/tmp/prowler_output/scan123"
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        mock_logger.info.assert_any_call(
-            "S3 connection failed for integration i-1: failed"
-        )
-
-    @patch("tasks.jobs.integrations.rls_transaction")
-    @patch("tasks.jobs.integrations.Integration.objects.filter")
-    def test_upload_s3_integration_filters_enabled_only(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that upload_s3_integration only processes enabled integrations."""
-        tenant_id = "tenant-id"
-        provider_id = "provider-id"
-        output_directory = "/tmp/prowler_output/scan123"
-
-        # Mock that no enabled integrations are found
-        mock_integration_filter.return_value = []
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = upload_s3_integration(tenant_id, provider_id, output_directory)
-
-        assert result is False
-        # Verify the filter includes the correct parameters including enabled=True
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=provider_id,
-            integration_type=Integration.IntegrationChoices.AMAZON_S3,
-            enabled=True,
-        )
-
-    def test_s3_integration_validates_and_normalizes_output_directory(self):
-        """Test that S3 integration validation normalizes output_directory paths."""
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "///////test",  # This should be normalized
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        # Should not raise an exception and should normalize the path
-        BaseWriteIntegrationSerializer.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-
-        # Verify that the path was normalized
-        assert configuration["output_directory"] == "test"
-
-    def test_s3_integration_rejects_invalid_output_directory_characters(self):
-        """Test that S3 integration validation rejects invalid characters."""
-        from rest_framework.exceptions import ValidationError
-
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "test<invalid",  # Contains invalid character
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        with pytest.raises(ValidationError) as exc_info:
-            BaseWriteIntegrationSerializer.validate_integration_data(
-                integration_type, providers, configuration, credentials
-            )
-
-        # Should contain validation error about invalid characters
-        assert "Output directory contains invalid characters" in str(exc_info.value)
-
-    def test_s3_integration_rejects_empty_output_directory(self):
-        """Test that S3 integration validation rejects empty directories."""
-        from rest_framework.exceptions import ValidationError
-
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "/////",  # This becomes empty after normalization
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        with pytest.raises(ValidationError) as exc_info:
-            BaseWriteIntegrationSerializer.validate_integration_data(
-                integration_type, providers, configuration, credentials
-            )
-
-        # Should contain validation error about empty directory
-        assert "Output directory cannot be empty" in str(exc_info.value)
-
-    def test_s3_integration_normalizes_complex_paths(self):
-        """Test that S3 integration validation handles complex path normalization."""
-        from api.models import Integration
-        from api.v1.serializers import BaseWriteIntegrationSerializer
-
-        integration_type = Integration.IntegrationChoices.AMAZON_S3
-        providers = []
-        configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "//test//folder///subfolder//",
-        }
-        credentials = {
-            "aws_access_key_id": "AKIATEST",
-            "aws_secret_access_key": "secret123",
-        }
-
-        BaseWriteIntegrationSerializer.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-
-        # Verify complex path normalization
-        assert configuration["output_directory"] == "test/folder/subfolder"
-
-    @patch("tasks.jobs.integrations.S3")
-    def test_s3_client_uses_output_directory_in_object_paths(self, mock_s3_class):
-        """Test that S3 client uses output_directory correctly when generating object paths."""
-        mock_integration = MagicMock()
-        mock_integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        mock_integration.configuration = {
-            "bucket_name": "test-bucket",
-            "output_directory": "my-custom-prefix/scan-results",
-        }
-
-        mock_s3_instance = MagicMock()
-        mock_connection = MagicMock()
-        mock_connection.is_connected = True
-        mock_s3_instance.test_connection.return_value = mock_connection
-        mock_s3_class.return_value = mock_s3_instance
-
-        connected, s3 = get_s3_client_from_integration(mock_integration)
-
-        assert connected is True
-        # Verify S3 was initialized with the correct output_directory
-        mock_s3_class.assert_called_once_with(
-            **mock_integration.credentials,
-            bucket_name="test-bucket",
-            output_directory="my-custom-prefix/scan-results",
-        )
-
-
-@pytest.mark.django_db
-class TestProwlerIntegrationConnectionTest:
-    @patch("api.utils.S3")
-    def test_s3_integration_connection_success(self, mock_s3_class):
-        """Test successful S3 integration connection."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        mock_connection = Connection(is_connected=True)
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is True
-        mock_s3_class.test_connection.assert_called_once_with(
-            **integration.credentials,
-            bucket_name="test-bucket",
-            raise_on_exception=False,
-        )
-
-    @patch("api.utils.S3")
-    def test_aws_provider_exception_handling(self, mock_s3_class):
-        """Test S3 connection exception is properly caught and returned."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "invalid",
-            "aws_secret_access_key": "credentials",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        test_exception = Exception("Invalid credentials")
-        mock_connection = Connection(is_connected=False, error=test_exception)
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is False
-        assert result.error == test_exception
-        mock_s3_class.test_connection.assert_called_once_with(
-            aws_access_key_id="invalid",
-            aws_secret_access_key="credentials",
-            bucket_name="test-bucket",
-            raise_on_exception=False,
-        )
-
-    @patch("api.utils.AwsProvider")
-    @patch("api.utils.S3")
-    def test_s3_integration_connection_failure(self, mock_s3_class, mock_aws_provider):
-        """Test S3 integration connection failure."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AMAZON_S3
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"bucket_name": "test-bucket"}
-
-        mock_session = MagicMock()
-        mock_aws_provider.return_value.session.current_session = mock_session
-
-        mock_connection = Connection(
-            is_connected=False, error=Exception("Bucket not found")
-        )
-        mock_s3_class.test_connection.return_value = mock_connection
-
-        result = prowler_integration_connection_test(integration)
-
-        assert result.is_connected is False
-        assert str(result.error) == "Bucket not found"
-
-    @patch("api.utils.AwsProvider")
-    @patch("api.utils.S3")
-    def test_aws_security_hub_integration_connection(
-        self, mock_s3_class, mock_aws_provider
-    ):
-        """Test AWS Security Hub integration only validates AWS session."""
-        integration = MagicMock()
-        integration.integration_type = Integration.IntegrationChoices.AWS_SECURITY_HUB
-        integration.credentials = {
-            "aws_access_key_id": "AKIA...",
-            "aws_secret_access_key": "SECRET",
-        }
-        integration.configuration = {"region": "us-east-1"}
-
-        mock_session = MagicMock()
-        mock_aws_provider.return_value.session.current_session = mock_session
-
-        # For AWS Security Hub, the function should return early after AWS session validation
-        result = prowler_integration_connection_test(integration)
-
-        # The function should not reach S3 test_connection for AWS_SECURITY_HUB
-        mock_s3_class.test_connection.assert_not_called()
-        # Since no exception was raised during AWS session creation, return None (success)
-        assert result is None
-
-    def test_unsupported_integration_type(self):
-        """Test unsupported integration type raises ValueError."""
-        integration = MagicMock()
-        integration.integration_type = "UNSUPPORTED_TYPE"
-        integration.credentials = {}
-        integration.configuration = {}
-
-        with pytest.raises(
-            ValueError, match="Integration type UNSUPPORTED_TYPE not supported"
-        ):
-            prowler_integration_connection_test(integration)
@@ -1,18 +1,11 @@
 import uuid
+from pathlib import Path
 from unittest.mock import MagicMock, patch

 import pytest
-from tasks.tasks import (
-    _perform_scan_complete_tasks,
-    check_integrations_task,
-    generate_outputs_task,
-    s3_integration_task,
-)
-
-from api.models import Integration
+from tasks.tasks import generate_outputs


-# TODO Move this to outputs/reports jobs
@pytest.mark.django_db
 class TestGenerateOutputs:
    def setup_method(self):
@@ -24,7 +17,7 @@ class TestGenerateOutputs:
        with patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter:
            mock_filter.return_value.exists.return_value = False

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -33,6 +26,7 @@ class TestGenerateOutputs:
            assert result == {"upload": False}
            mock_filter.assert_called_once_with(scan_id=self.scan_id)

+    @patch("tasks.tasks.rmtree")
    @patch("tasks.tasks._upload_to_s3")
    @patch("tasks.tasks._compress_output_files")
    @patch("tasks.tasks.get_compliance_frameworks")
@@ -51,6 +45,7 @@ class TestGenerateOutputs:
        mock_get_available_frameworks,
        mock_compress,
        mock_upload,
+        mock_rmtree,
    ):
        mock_scan_summary_filter.return_value.exists.return_value = True

@@ -100,12 +95,11 @@ class TestGenerateOutputs:
                return_value=("out-dir", "comp-dir"),
            ),
            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
-            patch("tasks.tasks.rmtree"),
        ):
            mock_compress.return_value = "/tmp/zipped.zip"
            mock_upload.return_value = "s3://bucket/zipped.zip"

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -115,6 +109,9 @@ class TestGenerateOutputs:
            mock_scan_update.return_value.update.assert_called_once_with(
                output_location="s3://bucket/zipped.zip"
            )
+            mock_rmtree.assert_called_once_with(
+                Path("/tmp/zipped.zip").parent, ignore_errors=True
+            )

    def test_generate_outputs_fails_upload(self):
        with (
@@ -146,7 +143,6 @@ class TestGenerateOutputs:
            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
            patch("tasks.tasks._upload_to_s3", return_value=None),
            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
-            patch("tasks.tasks.rmtree"),
        ):
            mock_filter.return_value.exists.return_value = True
            mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -154,9 +150,9 @@ class TestGenerateOutputs:
                True,
            ]

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id="scan",
-                provider_id=self.provider_id,
+                provider_id="provider",
                tenant_id=self.tenant_id,
            )

@@ -188,7 +184,6 @@ class TestGenerateOutputs:
            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/f.zip"),
            patch("tasks.tasks.Scan.all_objects.filter"),
-            patch("tasks.tasks.rmtree"),
        ):
            mock_filter.return_value.exists.return_value = True
            mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -213,7 +208,7 @@ class TestGenerateOutputs:
                    {"aws": [(lambda x: True, MagicMock())]},
                ),
            ):
-                generate_outputs_task(
+                generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -259,8 +254,8 @@ class TestGenerateOutputs:
            ),
            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
-            patch("tasks.tasks.Scan.all_objects.filter"),
            patch("tasks.tasks.rmtree"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
            patch(
                "tasks.tasks.batched",
                return_value=[
@@ -281,7 +276,7 @@ class TestGenerateOutputs:
                    }
                },
            ):
-                result = generate_outputs_task(
+                result = generate_outputs(
                    scan_id=self.scan_id,
                    provider_id=self.provider_id,
                    tenant_id=self.tenant_id,
@@ -337,13 +332,13 @@ class TestGenerateOutputs:
            ),
            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
            patch(
                "tasks.tasks.Scan.all_objects.filter",
                return_value=MagicMock(update=lambda **kw: None),
            ),
            patch("tasks.tasks.batched", return_value=two_batches),
            patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
-            patch("tasks.tasks.rmtree"),
            patch(
                "tasks.tasks.COMPLIANCE_CLASS_MAP",
                {"aws": [(lambda name: True, TrackingComplianceWriter)]},
@@ -351,7 +346,7 @@ class TestGenerateOutputs:
        ):
            mock_summary.return_value.exists.return_value = True

-            result = generate_outputs_task(
+            result = generate_outputs(
                scan_id=self.scan_id,
                provider_id=self.provider_id,
                tenant_id=self.tenant_id,
@@ -362,7 +357,6 @@ class TestGenerateOutputs:
        assert writer.transform_calls == [([raw2], compliance_obj, "cis")]
        assert result == {"upload": True}

-    # TODO: We need to add a periodic task to delete old output files
    def test_generate_outputs_logs_rmtree_exception(self, caplog):
        mock_finding_output = MagicMock()
        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
@@ -413,188 +407,9 @@ class TestGenerateOutputs:
                ),
            ):
                with caplog.at_level("ERROR"):
-                    generate_outputs_task(
+                    generate_outputs(
                        scan_id=self.scan_id,
                        provider_id=self.provider_id,
                        tenant_id=self.tenant_id,
                    )
                    assert "Error deleting output files" in caplog.text
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_generate_outputs_filters_enabled_s3_integrations(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that generate_outputs_task only processes enabled S3 integrations."""
-        with (
-            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
-            patch("tasks.tasks.Provider.objects.get"),
-            patch("tasks.tasks.initialize_prowler_provider"),
-            patch("tasks.tasks.Compliance.get_bulk"),
-            patch("tasks.tasks.get_compliance_frameworks", return_value=[]),
-            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
-            patch(
-                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
-            ),
-            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
-            patch("tasks.tasks.FindingOutput.transform_api_finding"),
-            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
-            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/file.zip"),
-            patch("tasks.tasks.Scan.all_objects.filter"),
-            patch("tasks.tasks.rmtree"),
-            patch("tasks.tasks.s3_integration_task.apply_async") as mock_s3_task,
-        ):
-            mock_summary.return_value.exists.return_value = True
-            mock_findings.return_value.order_by.return_value.iterator.return_value = [
-                [MagicMock()],
-                True,
-            ]
-            mock_integration_filter.return_value = [MagicMock()]
-            mock_rls.return_value.__enter__.return_value = None
-
-            with (
-                patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
-                patch("tasks.tasks.COMPLIANCE_CLASS_MAP", {"aws": []}),
-            ):
-                generate_outputs_task(
-                    scan_id=self.scan_id,
-                    provider_id=self.provider_id,
-                    tenant_id=self.tenant_id,
-                )
-
-            # Verify the S3 integrations filters
-            mock_integration_filter.assert_called_once_with(
-                integrationproviderrelationship__provider_id=self.provider_id,
-                integration_type=Integration.IntegrationChoices.AMAZON_S3,
-                enabled=True,
-            )
-            mock_s3_task.assert_called_once()
-
-
-class TestScanCompleteTasks:
-    @patch("tasks.tasks.create_compliance_requirements_task.apply_async")
-    @patch("tasks.tasks.perform_scan_summary_task.si")
-    @patch("tasks.tasks.generate_outputs_task.si")
-    def test_scan_complete_tasks(
-        self, mock_outputs_task, mock_scan_summary_task, mock_compliance_tasks
-    ):
-        _perform_scan_complete_tasks("tenant-id", "scan-id", "provider-id")
-        mock_compliance_tasks.assert_called_once_with(
-            kwargs={"tenant_id": "tenant-id", "scan_id": "scan-id"},
-        )
-        mock_scan_summary_task.assert_called_once_with(
-            scan_id="scan-id",
-            tenant_id="tenant-id",
-        )
-        mock_outputs_task.assert_called_once_with(
-            scan_id="scan-id",
-            provider_id="provider-id",
-            tenant_id="tenant-id",
-        )
-
-
-@pytest.mark.django_db
-class TestCheckIntegrationsTask:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-        self.output_directory = "/tmp/some-output-dir"
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_no_integrations(
-        self, mock_integration_filter, mock_rls
-    ):
-        mock_integration_filter.return_value.exists.return_value = False
-        # Ensure rls_transaction is mocked
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-
-    @patch("tasks.tasks.group")
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_s3_success(
-        self, mock_integration_filter, mock_rls, mock_group
-    ):
-        # Mock that we have some integrations
-        mock_integration_filter.return_value.exists.return_value = True
-        # Ensure rls_transaction is mocked
-        mock_rls.return_value.__enter__.return_value = None
-
-        # Since the current implementation doesn't actually create tasks yet (TODO comment),
-        # we test that no tasks are created but the function returns the correct count
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-        # group should not be called since no integration tasks are created yet
-        mock_group.assert_not_called()
-
-    @patch("tasks.tasks.rls_transaction")
-    @patch("tasks.tasks.Integration.objects.filter")
-    def test_check_integrations_disabled_integrations_ignored(
-        self, mock_integration_filter, mock_rls
-    ):
-        """Test that disabled integrations are not processed."""
-        mock_integration_filter.return_value.exists.return_value = False
-        mock_rls.return_value.__enter__.return_value = None
-
-        result = check_integrations_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"integrations_processed": 0}
-        mock_integration_filter.assert_called_once_with(
-            integrationproviderrelationship__provider_id=self.provider_id,
-            enabled=True,
-        )
-
-    @patch("tasks.tasks.upload_s3_integration")
-    def test_s3_integration_task_success(self, mock_upload):
-        mock_upload.return_value = True
-        output_directory = "/tmp/prowler_api_output/test"
-
-        result = s3_integration_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-            output_directory=output_directory,
-        )
-
-        assert result is True
-        mock_upload.assert_called_once_with(
-            self.tenant_id, self.provider_id, output_directory
-        )
-
-    @patch("tasks.tasks.upload_s3_integration")
-    def test_s3_integration_task_failure(self, mock_upload):
-        mock_upload.return_value = False
-        output_directory = "/tmp/prowler_api_output/test"
-
-        result = s3_integration_task(
-            tenant_id=self.tenant_id,
-            provider_id=self.provider_id,
-            output_directory=output_directory,
-        )
-
-        assert result is False
-        mock_upload.assert_called_once_with(
-            self.tenant_id, self.provider_id, output_directory
-        )
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pepe Fagoaga	37d9da55d3	Merge branch 'master' of github.com:prowler-cloud/prowler into showdown-demo	2025-06-05 11:07:08 +02:00
Pepe Fagoaga	23389d011a	fix(ui): call API with lighthouse-configuration	2025-06-05 10:03:39 +02:00
Pepe Fagoaga	47d5de2b82	chore: docker compose dev for demo	2025-06-05 10:03:11 +02:00
Pepe Fagoaga	b827ed9267	fix: api json body type	2025-06-05 07:54:51 +02:00
Pepe Fagoaga	3dff1a9d7a	Merge branch 'showdown-demo' of github.com:prowler-cloud/prowler into showdown-demo	2025-06-04 21:40:52 +02:00
César Arroba	370da650ee	chore: add missing migrations	2025-06-04 19:43:53 +02:00
Pepe Fagoaga	6694736ff9	fix: lock	2025-06-04 18:04:42 +02:00
Pepe Fagoaga	3b36ac63c5	fix: version	2025-06-04 16:01:33 +02:00
Pepe Fagoaga	65e0b94e21	fix: deps	2025-06-04 14:58:49 +02:00
Pepe Fagoaga	40fda374a8	fix: rename payload type	2025-06-04 14:45:18 +02:00
Pepe Fagoaga	4489d2c7f8	chore: rename api endpoints for lighthouse	2025-06-04 14:25:44 +02:00
Pepe Fagoaga	5e64618189	chore: rename migration	2025-06-04 13:44:31 +02:00
Pepe Fagoaga	e0819be942	Merge branch 'master' of github.com:prowler-cloud/prowler into showdown-demo	2025-06-04 13:44:15 +02:00
Chandrapal Badshah	baaf3fea13	Add resources file	2025-06-04 13:16:50 +02:00
Pepe Fagoaga	78de7354cf	chore(ui): lint	2025-06-04 13:12:20 +02:00
Pepe Fagoaga	4210b0fab0	Merge branch 'master' of github.com:prowler-cloud/prowler into showdown-demo	2025-06-04 13:01:23 +02:00
Pepe Fagoaga	d98a28e7f9	chore(ui): lint	2025-06-04 12:46:14 +02:00
Pepe Fagoaga	5ea74fbeb2	chore: ignore log error	2025-06-04 12:38:29 +02:00
Chandrapal Badshah	6259df4f8c	Add actions to fetch data from Prowler Hub	2025-06-04 12:17:55 +02:00
Chandrapal Badshah	788b092dff	Use CustomTextarea component	2025-06-04 12:17:48 +02:00
Chandrapal Badshah	b8538e6ac5	Use CustomButton component	2025-06-04 12:17:39 +02:00
Pepe Fagoaga	d89cb3cced	fix: comment not found modules	2025-06-04 11:52:14 +02:00
Pepe Fagoaga	14c8afd131	Merge remote-tracking branch 'origin/PRWLR-7300-create-ia-c-provider' into showdown-demo	2025-06-04 11:47:29 +02:00
Pepe Fagoaga	15ad7f1284	Merge remote-tracking branch 'origin/PRWLR-7160-findings-page-scan-id-filter-improvement' into showdown-demo	2025-06-04 11:47:14 +02:00
Pepe Fagoaga	dfecc6eed7	Merge remote-tracking branch 'origin/feature/add-resource-inventory' into showdown-demo	2025-06-04 11:43:26 +02:00
Pepe Fagoaga	b100043c8b	Merge remote-tracking branch 'origin/PRWLR-7297-django-endpoint' into showdown-demo	2025-06-04 11:41:36 +02:00
Pepe Fagoaga	a71271f429	Merge remote-tracking branch 'origin/PRWLR-7302-nextjs-analyst' into showdown-demo	2025-06-04 11:39:48 +02:00
Chandrapal Badshah	8b41dceb1c	Revert changes to package-lock	2025-06-04 15:03:04 +05:30
Pablo Lara	8a8586f298	chore: scan attributes are always available in compliance-scan-info component	2025-06-04 11:26:41 +02:00
Chandrapal Badshah	15f98d79e0	Integrate Prowler Hub	2025-06-04 13:44:53 +05:30
Chandrapal Badshah	67fe87cfd4	Move layout to lighthouse config page	2025-06-04 13:18:42 +05:30
Pablo Lara	e9a22c1513	Merge branch 'master' into PRWLR-7160-findings-page-scan-id-filter-improvement	2025-06-03 15:59:52 +02:00
Pablo Lara	5b22dcb7ac	chore: remove unused types	2025-06-03 12:19:13 +02:00
sumit_chaturvedi	d8683630a9	srn Lint fix	2025-06-03 12:18:53 +05:30
sumit_chaturvedi	d2d68ded2b	Merge branch 'master' into PRWLR-7160-findings-page-scan-id-filter-improvement # Conflicts: # ui/CHANGELOG.md # ui/app/(prowler)/compliance/page.tsx # ui/types/components.ts	2025-06-03 12:17:29 +05:30
sumit_chaturvedi	fe19fdf1fa	srn Lint fixes	2025-06-03 12:06:22 +05:30
sumit_chaturvedi	caef85e771	srn Provider details UI update	2025-06-03 12:03:52 +05:30
sumit_chaturvedi	eebb64a25b	srn Updated chips to be round	2025-06-03 11:57:23 +05:30
sumit_chaturvedi	cf6e6ac03d	srn updated check	2025-06-03 11:51:00 +05:30
sumit_chaturvedi	f8d485e868	Merge branch 'master' into feature/add-resource-inventory # Conflicts: # ui/types/index.ts	2025-06-03 11:44:58 +05:30
Chandrapal Badshah	430939c02e	Update lighthouse serializer	2025-06-03 11:31:30 +05:30
Chandrapal Badshah	a9ed8d1fd0	Fix view tests	2025-06-02 21:02:12 +05:30
Chandrapal Badshah	0689326c28	Fix Lighthouse PR review comments	2025-06-02 20:31:10 +05:30
Chandrapal Badshah	9e62a5398f	Add Lighthouse chat interface	2025-06-02 13:50:28 +05:30
sumit_chaturvedi	9c19f9bc0c	srn build fix	2025-06-02 09:03:31 +05:30
sumit_chaturvedi	c17001bb4f	srn refactoring	2025-06-02 08:53:29 +05:30
sumit_chaturvedi	1dc8636276	Merge branch 'master' into PRWLR-7160-findings-page-scan-id-filter-improvement # Conflicts: # ui/CHANGELOG.md # ui/components/ui/custom/custom-dropdown-filter.tsx	2025-06-02 08:33:33 +05:30
Andoni A.	330903dc27	fix(iac): fix tests	2025-05-29 19:02:51 +02:00
Andoni A.	d24f395f44	fix(iac): return checkov stderr as error log	2025-05-29 17:58:34 +02:00
MrCloudSec	469bc13e5f	fix: iac test	2025-05-29 14:28:30 +02:00
MrCloudSec	0928f47b35	chore: improve checkov error	2025-05-29 12:49:58 +02:00
Andoni Alonso	7ec9f6572f	chore(iac): add iac provider tests (#7874 )	2025-05-29 12:39:58 +02:00
MrCloudSec	e6ec364bdb	Merge branch 'master' into PRWLR-7300-create-ia-c-provider	2025-05-29 12:39:19 +02:00
pedrooot	d79ee1c5f6	feat(compliance): update profile validation from CIS	2025-05-29 10:57:59 +02:00
MrCloudSec	fdff4f4cde	fix: use v1 basemodel of pydantic	2025-05-29 10:50:46 +02:00
MrCloudSec	66e0b6a0b2	fix: m365 test	2025-05-29 10:47:11 +02:00
MrCloudSec	cafb7d544e	chore: add github action for iac	2025-05-29 10:43:48 +02:00
MrCloudSec	34078df65b	fix: nhn tests	2025-05-29 10:42:23 +02:00
MrCloudSec	0a30ecaaaf	fix: azure tests	2025-05-29 10:35:13 +02:00
MrCloudSec	d6fbd14baa	fix: tests k8s	2025-05-29 10:23:08 +02:00
MrCloudSec	00f031e99b	fix: gcp tests	2025-05-29 10:21:32 +02:00
MrCloudSec	ba225b3882	chore: add preview label	2025-05-28 17:43:29 +02:00
MrCloudSec	e12edc7ea3	chore: handle checkov errors	2025-05-28 16:19:43 +02:00
Andoni Alonso	3393908208	feat(IaC): handling output for IaC Provider POC (#7861 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-28 15:54:33 +02:00
sumit_chaturvedi	97d216c49f	Merge branch 'master' into PRWLR-7160-findings-page-scan-id-filter-improvement # Conflicts: # ui/CHANGELOG.md # ui/app/(prowler)/findings/page.tsx # ui/components/ui/custom/custom-dropdown-filter.tsx # ui/types/filters.ts	2025-05-28 17:58:39 +05:30
MrCloudSec	c0fe90b0c9	chore: add label	2025-05-27 17:53:29 +02:00
MrCloudSec	d6566f2da7	fix: poetry lock	2025-05-27 17:51:57 +02:00
MrCloudSec	a71ec4711b	chore: revision	2025-05-27 17:43:27 +02:00
MrCloudSec	4ed803331a	fix: tests	2025-05-27 17:41:51 +02:00
MrCloudSec	01e47d6c8b	fix: tests	2025-05-27 17:15:10 +02:00
MrCloudSec	a75452df03	fix: models	2025-05-27 16:48:56 +02:00
MrCloudSec	290a54ce21	fix: remove unnecessary file	2025-05-27 16:20:48 +02:00
MrCloudSec	daaa26bb20	feat(IaC): POC for IaC Provider	2025-05-27 16:17:43 +02:00
Chandrapal Badshah	f4febf9e08	Fix regex check in creation of config	2025-05-27 16:28:57 +05:30
Chandrapal Badshah	57acb43251	Add Lighthouse django endpoints	2025-05-27 16:28:57 +05:30
sumit_chaturvedi	f87eaeac6b	docs: changelog update	2025-05-23 13:39:29 +05:30
sumit_chaturvedi	ff995e7750	fix(ui): Improved the findings page scan Id filter	2025-05-23 13:17:26 +05:30
Pablo Lara	50f5efb462	feat: add feedback-banner component	2025-05-22 10:41:01 +02:00
Pablo Lara	a75788921c	chore: tweak styles	2025-05-22 09:45:56 +02:00
Pablo Lara	6bbf651895	chore: tweak styles	2025-05-22 09:24:23 +02:00
sumit_chaturvedi	13fae4a300	Merge branch 'master' into feature/add-resource-inventory	2025-05-21 21:56:57 +05:30
sumit_chaturvedi	c1380e397c	srn Helper method correction	2025-05-21 21:56:32 +05:30
sumit_chaturvedi	0206674fc9	srn Updated failed findings count	2025-05-21 21:39:48 +05:30
sumit_chaturvedi	b9c5fa71a7	srn lint fix	2025-05-21 20:51:53 +05:30
sumit_chaturvedi	8afd3f9b2b	srn Fixed PR comments	2025-05-21 20:46:56 +05:30
sumit_chaturvedi	38a72da08b	Merge branch 'master' into feature/add-resource-inventory	2025-05-21 08:52:59 +05:30
sumit_chaturvedi	7545bba889	Merge branch 'master' into feature/add-resource-inventory	2025-05-16 22:59:31 +05:30
Pablo Lara	72137590fe	refactor: remove getScansByFields and use getScans with flexible filters	2025-05-16 13:36:16 +02:00
Pablo Lara	9365eaf3da	fix: fix import for ProviderType	2025-05-16 11:58:32 +02:00
Pablo Lara	ac68119705	Merge branch 'master' into feature/add-resource-inventory	2025-05-16 11:53:47 +02:00
sumit_chaturvedi	1a7ae2c7bb	Merge branch 'upstream/master' into feature/add-resource-inventory	2025-05-06 09:44:33 +05:30
sumit_chaturvedi	9639082e20	srn Fix lint	2025-04-28 10:25:04 +05:30
sumit_chaturvedi	a2f9f54edd	feat(ui): Add resources view as inventory	2025-04-28 08:53:00 +05:30