Merge branch 'v5.13' into backport/v5.13/pr-9208

fix: split file_name not working on Windows (#9269 )
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>
2026-04-07 07:57:11 +00:00 · 2025-11-19 14:29:11 +01:00 · 2025-11-18 14:49:49 +01:00 · 2025-11-17 12:29:49 +01:00 · 2025-11-13 09:29:17 -05:00 · 2025-11-12 08:12:30 +00:00
61 changed files with 2847 additions and 1063 deletions
--- a/.github/ISSUE_TEMPLATE/feature-request.yml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yml
@@ -8,7 +8,7 @@ body:
    attributes:
      label: Feature search
      options:
-        - label: I have searched the existing issues and this feature has not been requested yet
+        - label: I have searched the existing issues and this feature has not been requested yet or is already in our [Public Roadmap](https://roadmap.prowler.com/roadmap)
          required: true
  - type: dropdown
    id: component
--- a/.github/actions/slack-notification/README.md
+++ b/.github/actions/slack-notification/README.md
@@ -0,0 +1,198 @@
+# Slack Notification Action
+
+A generic and flexible GitHub composite action for sending Slack notifications using JSON template files. Supports both standalone messages and message updates, with automatic status detection.
+
+## Features
+
+- **Template-based**: All messages use JSON template files for consistency
+- **Automatic status detection**: Pass `step-outcome` to auto-calculate success/failure
+- **Message updates**: Supports updating existing messages (using `chat.update`)
+- **Simple API**: Clean and minimal interface
+- **Reusable**: Use across all workflows and scenarios
+- **Maintainable**: Centralized message templates
+
+## Use Cases
+
+1. **Container releases**: Track push start and completion with automatic status
+2. **Deployments**: Track deployment progress with rich Block Kit formatting
+3. **Custom notifications**: Any scenario where you need to notify Slack
+
+## Inputs
+
+| Input | Description | Required | Default |
+|-------|-------------|----------|---------|
+| `slack-bot-token` | Slack bot token for authentication | Yes | - |
+| `payload-file-path` | Path to JSON file with the Slack message payload | Yes | - |
+| `update-ts` | Message timestamp to update (leave empty for new messages) | No | `''` |
+| `step-outcome` | Step outcome for automatic status detection (sets STATUS_EMOJI and STATUS_TEXT env vars) | No | `''` |
+
+## Outputs
+
+| Output | Description |
+|--------|-------------|
+| `ts` | Timestamp of the Slack message (use for updates) |
+
+## Usage Examples
+
+### Example 1: Container Release with Automatic Status Detection
+
+Using JSON template files with automatic status detection:
+
+```yaml
+# Send start notification
+- name: Notify container push started
+  if: github.event_name == 'release'
+  uses: ./.github/actions/slack-notification
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    RELEASE_TAG: ${{ env.RELEASE_TAG }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
+# Do the work
+- name: Build and push container
+  if: github.event_name == 'release'
+  id: container-push
+  uses: docker/build-push-action@...
+  with:
+    push: true
+    tags: ...
+
+# Send completion notification with automatic status detection
+- name: Notify container push completed
+  if: github.event_name == 'release' && always()
+  uses: ./.github/actions/slack-notification
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    RELEASE_TAG: ${{ env.RELEASE_TAG }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+    step-outcome: ${{ steps.container-push.outcome }}
+```
+
+**Benefits:**
+- No status calculation needed in workflow
+- Reusable template files
+- Clean and concise
+- Automatic `STATUS_EMOJI` and `STATUS_TEXT` env vars set by action
+- Consistent message format across all workflows
+
+### Example 2: Deployment with Message Update Pattern
+
+```yaml
+# Send initial deployment message
+- name: Notify deployment started
+  id: slack-start
+  uses: ./.github/actions/slack-notification
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    ENVIRONMENT: PRODUCTION
+    COMMIT_HASH: ${{ github.sha }}
+    VERSION_DEPLOYED: latest
+    GITHUB_ACTOR: ${{ github.actor }}
+    GITHUB_WORKFLOW: ${{ github.workflow }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
+
+# Run deployment
+- name: Deploy
+  id: deploy
+  run: terraform apply -auto-approve
+
+# Determine additional status variables
+- name: Determine deployment status
+  if: always()
+  id: deploy-status
+  run: |
+    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
+      echo "STATUS_COLOR=28a745" >> $GITHUB_ENV
+      echo "STATUS=Completed" >> $GITHUB_ENV
+    else
+      echo "STATUS_COLOR=fc3434" >> $GITHUB_ENV
+      echo "STATUS=Failed" >> $GITHUB_ENV
+    fi
+
+# Update the same message with final status
+- name: Update deployment notification
+  if: always()
+  uses: ./.github/actions/slack-notification
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    MESSAGE_TS: ${{ steps.slack-start.outputs.ts }}
+    COMPONENT: API
+    ENVIRONMENT: PRODUCTION
+    COMMIT_HASH: ${{ github.sha }}
+    VERSION_DEPLOYED: latest
+    GITHUB_ACTOR: ${{ github.actor }}
+    GITHUB_WORKFLOW: ${{ github.workflow }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+    STATUS: ${{ env.STATUS }}
+    STATUS_COLOR: ${{ env.STATUS_COLOR }}
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    update-ts: ${{ steps.slack-start.outputs.ts }}
+    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
+    step-outcome: ${{ steps.deploy.outcome }}
+```
+
+## Automatic Status Detection
+
+When you provide `step-outcome` input, the action automatically sets these environment variables:
+
+| Outcome | STATUS_EMOJI | STATUS_TEXT |
+|---------|--------------|-------------|
+| success | `[✓]` | `completed successfully!` |
+| failure | `[✗]` | `failed` |
+
+These variables are then available in your payload template files.
+
+## Template File Format
+
+All template files must be valid JSON and support environment variable substitution. Example:
+
+```json
+{
+  "channel": "$SLACK_CHANNEL_ID",
+  "text": "$STATUS_EMOJI $COMPONENT container release $RELEASE_TAG push $STATUS_TEXT <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|View run>"
+}
+```
+
+See available templates in [`.github/scripts/slack-messages/`](../../scripts/slack-messages/).
+
+## Requirements
+
+- Slack Bot Token with scopes: `chat:write`, `chat:write.public`
+- Slack Channel ID where messages will be posted
+- JSON template files for your messages
+
+## Benefits
+
+- **Consistency**: All notifications use standardized templates
+- **Automatic status handling**: No need to calculate success/failure in workflows
+- **Clean workflows**: Minimal boilerplate code
+- **Reusable templates**: One template for all components
+- **Easy to maintain**: Change template once, applies everywhere
+- **Version controlled**: All message formats in git
+
+## Related Resources
+
+- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
+- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
+- [Message templates documentation](../../scripts/slack-messages/README.md)
--- a/.github/actions/slack-notification/action.yml
+++ b/.github/actions/slack-notification/action.yml
@@ -0,0 +1,74 @@
+name: 'Slack Notification'
+description: 'Generic action to send Slack notifications with optional message updates and automatic status detection'
+inputs:
+  slack-bot-token:
+    description: 'Slack bot token for authentication'
+    required: true
+  payload-file-path:
+    description: 'Path to JSON file with the Slack message payload'
+    required: true
+  update-ts:
+    description: 'Message timestamp to update (only for updates, leave empty for new messages)'
+    required: false
+    default: ''
+  step-outcome:
+    description: 'Outcome of a step to determine status (success/failure) - automatically sets STATUS_TEXT and STATUS_COLOR env vars'
+    required: false
+    default: ''
+outputs:
+  ts:
+    description: 'Timestamp of the Slack message'
+    value: ${{ steps.slack-notification.outputs.ts }}
+runs:
+  using: 'composite'
+  steps:
+    - name: Determine status
+      id: status
+      shell: bash
+      run: |
+        if [[ "${{ inputs.step-outcome }}" == "success" ]]; then
+          echo "STATUS_TEXT=Completed" >> $GITHUB_ENV
+          echo "STATUS_COLOR=#6aa84f" >> $GITHUB_ENV
+        elif [[ "${{ inputs.step-outcome }}" == "failure" ]]; then
+          echo "STATUS_TEXT=Failed" >> $GITHUB_ENV
+          echo "STATUS_COLOR=#fc3434" >> $GITHUB_ENV
+        else
+          # No outcome provided - pending/in progress state
+          echo "STATUS_COLOR=#dbab09" >> $GITHUB_ENV
+        fi
+
+    - name: Send Slack notification (new message)
+      if: inputs.update-ts == ''
+      id: slack-notification-post
+      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      env:
+        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
+      with:
+        method: chat.postMessage
+        token: ${{ inputs.slack-bot-token }}
+        payload-file-path: ${{ inputs.payload-file-path }}
+        payload-templated: true
+        errors: true
+
+    - name: Update Slack notification
+      if: inputs.update-ts != ''
+      id: slack-notification-update
+      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      env:
+        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
+      with:
+        method: chat.update
+        token: ${{ inputs.slack-bot-token }}
+        payload-file-path: ${{ inputs.payload-file-path }}
+        payload-templated: true
+        errors: true
+
+    - name: Set output
+      id: slack-notification
+      shell: bash
+      run: |
+        if [[ "${{ inputs.update-ts }}" == "" ]]; then
+          echo "ts=${{ steps.slack-notification-post.outputs.ts }}" >> $GITHUB_OUTPUT
+        else
+          echo "ts=${{ inputs.update-ts }}" >> $GITHUB_OUTPUT
+        fi
--- a/.github/codeql/sdk-codeql-config.yml
+++ b/.github/codeql/sdk-codeql-config.yml
@@ -1,4 +1,18 @@
-name: "SDK - CodeQL Config"
+name: 'SDK: CodeQL Config'
+paths:
+  - 'prowler/'
+
 paths-ignore:
-  - "api/"
-  - "ui/"
+  - 'api/'
+  - 'ui/'
+  - 'dashboard/'
+  - 'mcp_server/'
+  - 'tests/**'
+  - 'util/**'
+  - 'contrib/**'
+  - 'examples/**'
+  - 'prowler/**/__pycache__/**'
+  - 'prowler/**/*.md'
+
+queries:
+  - uses: security-and-quality
--- a/.github/codeql/ui-codeql-config.yml
+++ b/.github/codeql/ui-codeql-config.yml
@@ -1,3 +1,17 @@
-name: "UI - CodeQL Config"
+name: 'UI: CodeQL Config'
 paths:
-  - "ui/"
+  - 'ui/'
+
+paths-ignore:
+  - 'ui/node_modules/**'
+  - 'ui/.next/**'
+  - 'ui/out/**'
+  - 'ui/tests/**'
+  - 'ui/**/*.test.ts'
+  - 'ui/**/*.test.tsx'
+  - 'ui/**/*.spec.ts'
+  - 'ui/**/*.spec.tsx'
+  - 'ui/**/*.md'
+
+queries:
+  - uses: security-and-quality
--- a/.github/scripts/slack-messages/README.md
+++ b/.github/scripts/slack-messages/README.md
@@ -0,0 +1,462 @@
+# Slack Message Templates
+
+This directory contains reusable message templates for Slack notifications sent from GitHub Actions workflows.
+
+## Usage
+
+These JSON templates are used with the `slackapi/slack-github-action` using the Slack API method (`chat.postMessage` and `chat.update`). All templates support rich Block Kit formatting and message updates.
+
+### Available Templates
+
+**Container Releases**
+- `container-release-started.json`: Simple one-line notification when container push starts
+- `container-release-completed.json`: Simple one-line notification when container release completes
+
+**Deployments**
+- `deployment-started.json`: Deployment start notification with Block Kit formatting
+- `deployment-completed.json`: Deployment completion notification (updates the start message)
+
+All templates use the Slack API method and require a Slack Bot Token.
+
+## Setup Requirements
+
+1. Create a Slack App (or use existing)
+2. Add Bot Token Scopes: `chat:write`, `chat:write.public`
+3. Install the app to your workspace
+4. Get the Bot Token from OAuth & Permissions page
+5. Add secrets:
+   - `SLACK_BOT_TOKEN`: Your bot token
+   - `SLACK_CHANNEL_ID`: The channel ID where messages will be posted
+
+Reference: [Sending data using a Slack API method](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
+
+## Environment Variables
+
+### Required Secrets (GitHub Secrets)
+- `SLACK_BOT_TOKEN`: Passed as `token` parameter to the action (not as env variable)
+- `SLACK_CHANNEL_ID`: Used in payload as env variable
+
+### Container Release Variables (configured as env)
+- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
+- `RELEASE_TAG` / `PROWLER_VERSION`: The release tag or version being deployed
+- `GITHUB_SERVER_URL`: Provided by GitHub context
+- `GITHUB_REPOSITORY`: Provided by GitHub context
+- `GITHUB_RUN_ID`: Provided by GitHub context
+- `STATUS_EMOJI`: Status symbol (calculated: `[✓]` for success, `[✗]` for failure)
+- `STATUS_TEXT`: Status text (calculated: "completed successfully!" or "failed")
+
+### Deployment Variables (configured as env)
+- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
+- `ENVIRONMENT`: Environment name (e.g., "DEVELOPMENT", "PRODUCTION")
+- `COMMIT_HASH`: Commit hash being deployed
+- `VERSION_DEPLOYED`: Version being deployed
+- `GITHUB_ACTOR`: User who triggered the workflow
+- `GITHUB_WORKFLOW`: Workflow name
+- `GITHUB_SERVER_URL`: Provided by GitHub context
+- `GITHUB_REPOSITORY`: Provided by GitHub context
+- `GITHUB_RUN_ID`: Provided by GitHub context
+
+All other variables (MESSAGE_TS, STATUS, STATUS_COLOR, STATUS_EMOJI, etc.) are calculated internally within the workflow and should NOT be configured as environment variables.
+
+## Example Workflow Usage
+
+### Using the Generic Slack Notification Action (Recommended)
+
+**Recommended approach**: Use the generic reusable action `.github/actions/slack-notification` which provides maximum flexibility:
+
+#### Example 1: Container Release (Start + Completion)
+
+```yaml
+# Send start notification
+- name: Notify container push started
+  if: github.event_name == 'release'
+  uses: ./.github/actions/slack-notification
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload: |
+      {
+        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
+        "text": "API container release ${{ env.RELEASE_TAG }} push started... <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
+      }
+
+# Build and push container
+- name: Build and push container
+  if: github.event_name == 'release'
+  id: container-push
+  uses: docker/build-push-action@...
+  with:
+    push: true
+    tags: ...
+
+# Calculate status
+- name: Determine push status
+  if: github.event_name == 'release' && always()
+  id: push-status
+  run: |
+    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
+      echo "emoji=[✓]" >> $GITHUB_OUTPUT
+      echo "text=completed successfully!" >> $GITHUB_OUTPUT
+    else
+      echo "emoji=[✗]" >> $GITHUB_OUTPUT
+      echo "text=failed" >> $GITHUB_OUTPUT
+    fi
+
+# Send completion notification
+- name: Notify container push completed
+  if: github.event_name == 'release' && always()
+  uses: ./.github/actions/slack-notification
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload: |
+      {
+        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
+        "text": "${{ steps.push-status.outputs.emoji }} API container release ${{ env.RELEASE_TAG }} push ${{ steps.push-status.outputs.text }} <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
+      }
+```
+
+#### Example 2: Simple One-Time Message
+
+```yaml
+- name: Send notification
+  uses: ./.github/actions/slack-notification
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload: |
+      {
+        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
+        "text": "Deployment completed successfully!"
+      }
+```
+
+#### Example 3: Deployment with Message Update Pattern
+
+```yaml
+# Send initial deployment message
+- name: Notify deployment started
+  id: slack-start
+  uses: ./.github/actions/slack-notification
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload: |
+      {
+        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
+        "text": "API deployment to PRODUCTION started",
+        "attachments": [
+          {
+            "color": "dbab09",
+            "blocks": [
+              {
+                "type": "header",
+                "text": {
+                  "type": "plain_text",
+                  "text": "API | Deployment to PRODUCTION"
+                }
+              },
+              {
+                "type": "section",
+                "fields": [
+                  {
+                    "type": "mrkdwn",
+                    "text": "*Status:*\nIn Progress"
+                  }
+                ]
+              }
+            ]
+          }
+        ]
+      }
+
+# Run deployment
+- name: Deploy
+  id: deploy
+  run: terraform apply -auto-approve
+
+# Calculate status
+- name: Determine status
+  if: always()
+  id: status
+  run: |
+    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
+      echo "color=28a745" >> $GITHUB_OUTPUT
+      echo "emoji=[✓]" >> $GITHUB_OUTPUT
+      echo "status=Completed" >> $GITHUB_OUTPUT
+    else
+      echo "color=fc3434" >> $GITHUB_OUTPUT
+      echo "emoji=[✗]" >> $GITHUB_OUTPUT
+      echo "status=Failed" >> $GITHUB_OUTPUT
+    fi
+
+# Update the same message with final status
+- name: Update deployment notification
+  if: always()
+  uses: ./.github/actions/slack-notification
+  with:
+    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+    update-ts: ${{ steps.slack-start.outputs.ts }}
+    payload: |
+      {
+        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
+        "ts": "${{ steps.slack-start.outputs.ts }}",
+        "text": "${{ steps.status.outputs.emoji }} API deployment to PRODUCTION ${{ steps.status.outputs.status }}",
+        "attachments": [
+          {
+            "color": "${{ steps.status.outputs.color }}",
+            "blocks": [
+              {
+                "type": "header",
+                "text": {
+                  "type": "plain_text",
+                  "text": "API | Deployment to PRODUCTION"
+                }
+              },
+              {
+                "type": "section",
+                "fields": [
+                  {
+                    "type": "mrkdwn",
+                    "text": "*Status:*\n${{ steps.status.outputs.emoji }} ${{ steps.status.outputs.status }}"
+                  }
+                ]
+              }
+            ]
+          }
+        ]
+      }
+```
+
+**Benefits of using the generic action:**
+- Maximum flexibility: Build any payload you need directly in the workflow
+- No template files needed: Everything inline
+- Supports all scenarios: one-time messages, start/update patterns, rich Block Kit
+- Easy to customize per use case
+- Generic: Works for containers, deployments, or any notification type
+
+For more details, see [Slack Notification Action](../../actions/slack-notification/README.md).
+
+### Using Message Templates (Alternative Approach)
+
+Simple one-line notifications for container releases:
+
+```yaml
+# Step 1: Notify when push starts
+- name: Notify container push started
+  if: github.event_name == 'release'
+  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    RELEASE_TAG: ${{ env.RELEASE_TAG }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+  with:
+    method: chat.postMessage
+    token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
+# Step 2: Build and push container
+- name: Build and push container
+  id: container-push
+  uses: docker/build-push-action@...
+  with:
+    push: true
+    tags: ...
+
+# Step 3: Determine push status
+- name: Determine push status
+  if: github.event_name == 'release' && always()
+  id: push-status
+  run: |
+    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
+      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
+      echo "status-text=completed successfully!" >> $GITHUB_OUTPUT
+    else
+      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
+      echo "status-text=failed" >> $GITHUB_OUTPUT
+    fi
+
+# Step 4: Notify when push completes (success or failure)
+- name: Notify container push completed
+  if: github.event_name == 'release' && always()
+  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    RELEASE_TAG: ${{ env.RELEASE_TAG }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+    STATUS_EMOJI: ${{ steps.push-status.outputs.status-emoji }}
+    STATUS_TEXT: ${{ steps.push-status.outputs.status-text }}
+  with:
+    method: chat.postMessage
+    token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+```
+
+### Deployment with Update Pattern
+
+For deployments that start with one message and update it with the final status:
+
+```yaml
+# Step 1: Send deployment start notification
+- name: Notify Deployment Start
+  id: slack-notification-start
+  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    COMPONENT: API
+    ENVIRONMENT: PRODUCTION
+    COMMIT_HASH: ${{ github.sha }}
+    VERSION_DEPLOYED: latest
+    GITHUB_ACTOR: ${{ github.actor }}
+    GITHUB_WORKFLOW: ${{ github.workflow }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+  with:
+    method: chat.postMessage
+    token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
+
+# Step 2: Run your deployment steps
+- name: Terraform Plan
+  id: terraform-plan
+  run: terraform plan
+
+- name: Terraform Apply
+  id: terraform-apply
+  run: terraform apply -auto-approve
+
+# Step 3: Determine status (calculated internally, not configured)
+- name: Determine Status
+  if: always()
+  id: determine-status
+  run: |
+    if [[ "${{ steps.terraform-apply.outcome }}" == "success" ]]; then
+      echo "status=Completed" >> $GITHUB_OUTPUT
+      echo "status-color=28a745" >> $GITHUB_OUTPUT
+      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
+      echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
+      echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
+    elif [[ "${{ steps.terraform-plan.outcome }}" == "failure" || "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
+      echo "status=Failed" >> $GITHUB_OUTPUT
+      echo "status-color=fc3434" >> $GITHUB_OUTPUT
+      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
+      if [[ "${{ steps.terraform-plan.outcome }}" == "failure" ]]; then
+        echo "plan-emoji=[✗]" >> $GITHUB_OUTPUT
+      else
+        echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
+      fi
+      if [[ "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
+        echo "apply-emoji=[✗]" >> $GITHUB_OUTPUT
+      else
+        echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
+      fi
+    else
+      echo "status=Failed" >> $GITHUB_OUTPUT
+      echo "status-color=fc3434" >> $GITHUB_OUTPUT
+      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
+      echo "plan-emoji=[?]" >> $GITHUB_OUTPUT
+      echo "apply-emoji=[?]" >> $GITHUB_OUTPUT
+    fi
+
+# Step 4: Update the same Slack message (using calculated values)
+- name: Notify Deployment Result
+  if: always()
+  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+  env:
+    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
+    MESSAGE_TS: ${{ steps.slack-notification-start.outputs.ts }}
+    COMPONENT: API
+    ENVIRONMENT: PRODUCTION
+    COMMIT_HASH: ${{ github.sha }}
+    VERSION_DEPLOYED: latest
+    GITHUB_ACTOR: ${{ github.actor }}
+    GITHUB_WORKFLOW: ${{ github.workflow }}
+    GITHUB_SERVER_URL: ${{ github.server_url }}
+    GITHUB_REPOSITORY: ${{ github.repository }}
+    GITHUB_RUN_ID: ${{ github.run_id }}
+    STATUS: ${{ steps.determine-status.outputs.status }}
+    STATUS_COLOR: ${{ steps.determine-status.outputs.status-color }}
+    STATUS_EMOJI: ${{ steps.determine-status.outputs.status-emoji }}
+    PLAN_EMOJI: ${{ steps.determine-status.outputs.plan-emoji }}
+    APPLY_EMOJI: ${{ steps.determine-status.outputs.apply-emoji }}
+    TERRAFORM_PLAN_OUTCOME: ${{ steps.terraform-plan.outcome }}
+    TERRAFORM_APPLY_OUTCOME: ${{ steps.terraform-apply.outcome }}
+  with:
+    method: chat.update
+    token: ${{ secrets.SLACK_BOT_TOKEN }}
+    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
+```
+
+**Note**: Variables like `STATUS`, `STATUS_COLOR`, `STATUS_EMOJI`, `PLAN_EMOJI`, `APPLY_EMOJI` are calculated by the `determine-status` step based on the outcomes of previous steps. They should NOT be manually configured.
+
+## Key Features
+
+### Benefits of Using Slack API Method
+
+- **Rich Block Kit Formatting**: Full support for Slack's Block Kit including headers, sections, fields, colors, and attachments
+- **Message Updates**: Update the same message instead of posting multiple messages (using `chat.update` with `ts`)
+- **Consistent Experience**: Same look and feel as Prowler Cloud notifications
+- **Flexible**: Easy to customize message appearance by editing JSON templates
+
+### Differences from Webhook Method
+
+| Feature | webhook-trigger | Slack API (chat.postMessage) |
+|---------|-----------------|------------------------------|
+| Setup | Workflow Builder webhook | Slack Bot Token + Channel ID |
+| Formatting | Plain text/simple | Full Block Kit support |
+| Message Update | No | Yes (with chat.update) |
+| Authentication | Webhook URL | Bot Token |
+| Scopes Required | None | chat:write, chat:write.public |
+
+## Message Appearance
+
+### Container Release (Simple One-Line)
+
+**Start message:**
+```
+API container release 4.5.0 push started... View run
+```
+
+**Completion message (success):**
+```
+[✓] API container release 4.5.0 push completed successfully! View run
+```
+
+**Completion message (failure):**
+```
+[✗] API container release 4.5.0 push failed View run
+```
+
+All messages are simple one-liners with a clickable "View run" link. The completion message adapts to show success `[✓]` or failure `[✗]` based on the outcome of the container push.
+
+### Deployment Start
+- Header: Component and environment
+- Yellow bar (color: `dbab09`)
+- Status: In Progress
+- Details: Commit, version, actor, workflow
+- Link: Direct link to deployment run
+
+### Deployment Completion
+- Header: Component and environment
+- Green bar for success (color: `28a745`) / Red bar for failure (color: `fc3434`)
+- Status: [✓] Completed or [✗] Failed
+- Details: All deployment info plus terraform outcomes
+- Link: Direct link to deployment run
+
+## Adding New Templates
+
+1. Create a new JSON file with Block Kit structure
+2. Use environment variable placeholders (e.g., `$VAR_NAME`)
+3. Include `channel` and `text` fields (required)
+4. Add `blocks` or `attachments` for rich formatting
+5. For update templates, include `ts` field as `$MESSAGE_TS`
+6. Document the template in this README
+7. Reference it in your workflow using `payload-file-path`
+
+## Reference
+
+- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
+- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
--- a/.github/scripts/slack-messages/container-release-completed.json
+++ b/.github/scripts/slack-messages/container-release-completed.json
@@ -0,0 +1,17 @@
+{
+  "channel": "${{ env.SLACK_CHANNEL_ID }}",
+  "attachments": [
+    {
+      "color": "${{ env.STATUS_COLOR }}",
+      "blocks": [
+        {
+          "type": "section",
+          "text": {
+            "type": "mrkdwn",
+            "text": "*Status:*\n${{ env.STATUS_TEXT }}\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push ${{ env.STATUS_TEXT }}\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
+          }
+        }
+      ]
+    }
+  ]
+}
--- a/.github/scripts/slack-messages/container-release-started.json
+++ b/.github/scripts/slack-messages/container-release-started.json
@@ -0,0 +1,17 @@
+{
+  "channel": "${{ env.SLACK_CHANNEL_ID }}",
+  "attachments": [
+    {
+      "color": "${{ env.STATUS_COLOR }}",
+      "blocks": [
+        {
+          "type": "section",
+          "text": {
+            "type": "mrkdwn",
+            "text": "*Status:*\nStarted\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push started...\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
+          }
+        }
+      ]
+    }
+  ]
+}
--- a/.github/workflows/api-build-lint-push-containers.yml
+++ b/.github/workflows/api-build-lint-push-containers.yml
@@ -1,115 +0,0 @@
-name: API - Build and Push containers
-
-on:
-  push:
-    branches:
-      - "master"
-    paths:
-      - "api/**"
-      - "prowler/**"
-      - ".github/workflows/api-build-lint-push-containers.yml"
-
-  # Uncomment the code below to test this action on PRs
-  # pull_request:
-  #   branches:
-  #     - "master"
-  #   paths:
-  #     - "api/**"
-  #     - ".github/workflows/api-build-lint-push-containers.yml"
-
-  release:
-    types: [published]
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-
-  WORKING_DIRECTORY: ./api
-
-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
-
-jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
-  # Build Prowler OSS container
-  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set short git commit SHA
-        id: vars
-        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push container image (latest)
-        # Comment the following line for testing
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          # Set push: false for testing
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push container image (release)
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-api-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/api-container-build-push.yml
+++ b/.github/workflows/api-container-build-push.yml
@@ -0,0 +1,135 @@
+name: 'API: Container Build and Push'
+
+on:
+  push:
+    branches:
+      - 'master'
+    paths:
+      - 'api/**'
+      - 'prowler/**'
+      - '.github/workflows/api-build-lint-push-containers.yml'
+  release:
+    types:
+      - 'published'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+  WORKING_DIRECTORY: ./api
+
+  # Container registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
+
+jobs:
+  setup:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
+    steps:
+      - name: Calculate short SHA
+        id: set-short-sha
+        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+
+  container-build-push:
+    needs: setup
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push API container (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push started
+        if: github.event_name == 'release'
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: API
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
+      - name: Build and push API container (release)
+        if: github.event_name == 'release'
+        id: container-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push completed
+        if: github.event_name == 'release' && always()
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: API
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+          step-outcome: ${{ steps.container-push.outcome }}
+
+  trigger-deployment:
+    if: github.event_name == 'push'
+    needs: [setup, container-build-push]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+
+    steps:
+      - name: Trigger API deployment
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: api-prowler-deployment
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -7,8 +7,6 @@ on:
    types:
      - 'labeled'
      - 'closed'
-    paths:
-      - '.github/workflows/backport.yml'

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
--- a/.github/workflows/labeler-community.yml
+++ b/.github/workflows/labeler-community.yml
@@ -0,0 +1,45 @@
+name: Community PR labelling
+
+on:
+  # We need "write" permissions on the PR to be able to add a label.
+  pull_request_target: # We need this to have labelling permissions. There are no user inputs here, so we should be fine.
+    types:
+      - opened
+
+permissions: {}
+
+jobs:
+  label-if-community:
+    name: Add 'community' label if the PR is from a community contributor
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Check if author is org member
+        id: check_membership
+        env:
+          GH_TOKEN: ${{ github.token }}
+          AUTHOR: ${{ github.event.pull_request.user.login }}
+          ORG: ${{ github.repository_owner }}
+        run: |
+          echo "Checking if $AUTHOR is a member of $ORG"
+          if gh api --method GET "orgs/$ORG/members/$AUTHOR" >/dev/null 2>&1; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+            echo "$AUTHOR is an organization member"
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+            echo "$AUTHOR is not an organization member"
+          fi
+
+      - name: Add community label
+        if: steps.check_membership.outputs.is_member == 'false'
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          echo "Adding 'community' label to PR #$PR_NUMBER"
+          gh api /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \
+            -X POST \
+            -f labels[]='community'
--- a/.github/workflows/mcp-container-build-push.yml
+++ b/.github/workflows/mcp-container-build-push.yml
@@ -16,7 +16,7 @@ permissions:

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: false

 env:
  # Tags
@@ -80,8 +80,23 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

+      - name: Notify container push started
+        if: github.event_name == 'release'
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: MCP
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
      - name: Build and push MCP container (release)
        if: github.event_name == 'release'
+        id: container-push
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
@@ -100,8 +115,31 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

+      - name: Notify container push completed
+        if: github.event_name == 'release' && always()
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: MCP
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+          step-outcome: ${{ steps.container-push.outcome }}
+
+  trigger-deployment:
+    if: github.event_name == 'push'
+    needs: [setup, container-build-push]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+
+    steps:
      - name: Trigger MCP deployment
-        if: github.event_name == 'push'
        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -47,7 +47,7 @@ jobs:
        git config --global user.name 'prowler-bot'
        git config --global user.email '179230569+prowler-bot@users.noreply.github.com'

-    - name: Parse version and read changelogs
+    - name: Parse version and determine branch
      run: |
        # Validate version format (reusing pattern from sdk-bump-version.yml)
        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
@@ -64,66 +64,83 @@ jobs:
          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"

-          # Function to extract the latest version from changelog
-          extract_latest_version() {
-            local changelog_file="$1"
-            if [ -f "$changelog_file" ]; then
-              # Extract the first version entry (most recent) from changelog
-              # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
-              local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
-              echo "$version"
-            else
-              echo ""
-            fi
-          }
-
-          # Read actual versions from changelogs (source of truth)
-          UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
-          API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
-          SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
-          MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
-
-          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-          echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
-          echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
-
-          if [ -n "$UI_VERSION" ]; then
-            echo "Read UI version from changelog: $UI_VERSION"
-          else
-            echo "Warning: No UI version found in ui/CHANGELOG.md"
-          fi
-
-          if [ -n "$API_VERSION" ]; then
-            echo "Read API version from changelog: $API_VERSION"
-          else
-            echo "Warning: No API version found in api/CHANGELOG.md"
-          fi
-
-          if [ -n "$SDK_VERSION" ]; then
-            echo "Read SDK version from changelog: $SDK_VERSION"
-          else
-            echo "Warning: No SDK version found in prowler/CHANGELOG.md"
-          fi
-
-          if [ -n "$MCP_VERSION" ]; then
-            echo "Read MCP version from changelog: $MCP_VERSION"
-          else
-            echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
-          fi
-
          echo "Prowler version: $PROWLER_VERSION"
          echo "Branch name: $BRANCH_NAME"
-          echo "UI version: $UI_VERSION"
-          echo "API version: $API_VERSION"
-          echo "SDK version: $SDK_VERSION"
-          echo "MCP version: $MCP_VERSION"
          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
        else
          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
          exit 1
        fi

+    - name: Checkout release branch
+      run: |
+        echo "Checking out branch $BRANCH_NAME for release $PROWLER_VERSION..."
+        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists locally, checking out..."
+          git checkout "$BRANCH_NAME"
+        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
+        else
+          echo "ERROR: Branch $BRANCH_NAME does not exist. For minor releases (X.Y.0), create it manually first. For patch releases (X.Y.Z), the branch should already exist."
+          exit 1
+        fi
+
+    - name: Read changelog versions from release branch
+      run: |
+        # Function to extract the latest version from changelog
+        extract_latest_version() {
+          local changelog_file="$1"
+          if [ -f "$changelog_file" ]; then
+            # Extract the first version entry (most recent) from changelog
+            # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
+            local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
+            echo "$version"
+          else
+            echo ""
+          fi
+        }
+
+        # Read actual versions from changelogs (source of truth)
+        UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
+        API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
+        SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
+        MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
+
+        echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
+        echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
+        echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
+        echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
+
+        if [ -n "$UI_VERSION" ]; then
+          echo "Read UI version from changelog: $UI_VERSION"
+        else
+          echo "Warning: No UI version found in ui/CHANGELOG.md"
+        fi
+
+        if [ -n "$API_VERSION" ]; then
+          echo "Read API version from changelog: $API_VERSION"
+        else
+          echo "Warning: No API version found in api/CHANGELOG.md"
+        fi
+
+        if [ -n "$SDK_VERSION" ]; then
+          echo "Read SDK version from changelog: $SDK_VERSION"
+        else
+          echo "Warning: No SDK version found in prowler/CHANGELOG.md"
+        fi
+
+        if [ -n "$MCP_VERSION" ]; then
+          echo "Read MCP version from changelog: $MCP_VERSION"
+        else
+          echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
+        fi
+
+        echo "UI version: $UI_VERSION"
+        echo "API version: $API_VERSION"
+        echo "SDK version: $SDK_VERSION"
+        echo "MCP version: $MCP_VERSION"
+
    - name: Extract and combine changelog entries
      run: |
        set -e
@@ -150,8 +167,8 @@ jobs:
          # Remove --- separators
          sed -i '/^---$/d' "$output_file"

-          # Remove trailing empty lines
-          sed -i '/^$/d' "$output_file"
+          # Remove only trailing empty lines (not all empty lines)
+          sed -i -e :a -e '/^\s*$/d;N;ba' "$output_file"
        }

        # Calculate expected versions for this release
@@ -247,24 +264,14 @@ jobs:
          echo "" >> combined_changelog.md
        fi

+        # Add fallback message if no changelogs were added
+        if [ ! -s combined_changelog.md ]; then
+          echo "No component changes detected for this release." >> combined_changelog.md
+        fi
+
        echo "Combined changelog preview:"
        cat combined_changelog.md

-    - name: Checkout release branch for patch release
-      if: ${{ env.PATCH_VERSION != '0' }}
-      run: |
-        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
-          exit 1
-        fi
-
    - name: Verify SDK version in pyproject.toml
      run: |
        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
@@ -318,31 +325,12 @@ jobs:
        fi
        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"

-    - name: Checkout release branch for minor release
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        echo "Minor release detected (patch = 0), checking out existing branch $BRANCH_NAME..."
-        if git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME should exist for minor release $PROWLER_VERSION. Please create it manually first."
-          exit 1
-        fi
-
    - name: Update API prowler dependency for minor release
      if: ${{ env.PATCH_VERSION == '0' }}
      run: |
        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')

-        # Create a temporary branch for the PR from the minor version branch
-        TEMP_BRANCH="update-api-dependency-$BRANCH_NAME_TRIMMED-$(date +%s)"
-        echo "TEMP_BRANCH=$TEMP_BRANCH" >> $GITHUB_ENV
-
-        # Create temp branch from the current minor version branch
-        git checkout -b "$TEMP_BRANCH"
-
        # Minor release: update the dependency to use the release branch
        echo "Updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
@@ -360,11 +348,6 @@ jobs:
        poetry lock
        cd ..

-        # Commit and push the temporary branch
-        git add api/pyproject.toml api/poetry.lock
-        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
-        git push origin "$TEMP_BRANCH"
-
        echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"

    - name: Create PR for API dependency update
@@ -372,8 +355,12 @@ jobs:
      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-        branch: ${{ env.TEMP_BRANCH }}
+        commit-message: 'chore(api): update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}'
+        branch: update-api-dependency-${{ env.BRANCH_NAME }}-${{ github.run_number }}
        base: ${{ env.BRANCH_NAME }}
+        add-paths: |
+          api/pyproject.toml
+          api/poetry.lock
        title: "chore(api): Update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}"
        body: |
          ### Description
@@ -406,5 +393,6 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Clean up temporary files
+      if: always()
      run: |
        rm -f prowler_changelog.md api_changelog.md ui_changelog.md mcp_changelog.md combined_changelog.md
--- a/.github/workflows/sdk-build-lint-push-containers.yml
+++ b/.github/workflows/sdk-build-lint-push-containers.yml
@@ -1,202 +0,0 @@
-name: SDK - Build and Push containers
-
-on:
-  push:
-    branches:
-      # For `v3-latest`
-      - "v3"
-      # For `v4-latest`
-      - "v4.6"
-      # For `latest`
-      - "master"
-    paths-ignore:
-      - ".github/**"
-      - "README.md"
-      - "docs/**"
-      - "ui/**"
-      - "api/**"
-
-  release:
-    types: [published]
-
-env:
-  # AWS Configuration
-  AWS_REGION_STG: eu-west-1
-  AWS_REGION_PLATFORM: eu-west-1
-  AWS_REGION: us-east-1
-
-  # Container's configuration
-  IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Tags
-  LATEST_TAG: latest
-  STABLE_TAG: stable
-  # The RELEASE_TAG is set during runtime in releases
-  RELEASE_TAG: ""
-  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
-  PROWLER_VERSION: ""
-  PROWLER_VERSION_MAJOR: ""
-  # TEMPORARY_TAG: temporary
-
-  # Python configuration
-  PYTHON_VERSION: 3.12
-
-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
-
-jobs:
-  # Build Prowler OSS container
-  container-build-push:
-    # needs: dockerfile-linter
-    runs-on: ubuntu-latest
-    outputs:
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
-      prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
-    env:
-      POETRY_VIRTUALENVS_CREATE: "false"
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Setup Python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        run: |
-          pipx install poetry==2.*
-          pipx inject poetry poetry-bumpversion
-
-      - name: Get Prowler version
-        id: get-prowler-version
-        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Store prowler version major just for the release
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-
-          case ${PROWLER_VERSION_MAJOR} in
-          3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              ;;
-
-
-          4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
-              ;;
-
-          5)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              ;;
-
-          *)
-              # Fallback if any other version is present
-              echo "Releasing another Prowler major version, aborting..."
-              exit 1
-              ;;
-          esac
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Public ECR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
-        env:
-          AWS_REGION: ${{ env.AWS_REGION }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push container image (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-          file: ${{ env.DOCKERFILE_PATH }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push container image (release)
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          # Use local context to get changes
-          # https://github.com/docker/build-push-action#path-context
-          context: .
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          file: ${{ env.DOCKERFILE_PATH }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-#      - name: Push README to Docker Hub (toniblyx)
-#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
-#        with:
-#          username: ${{ secrets.DOCKERHUB_USERNAME }}
-#          password: ${{ secrets.DOCKERHUB_TOKEN }}
-#          repository: ${{ env.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}
-#          readme-filepath: ./README.md
-#
-#      - name: Push README to Docker Hub (prowlercloud)
-#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
-#        with:
-#          username: ${{ secrets.DOCKERHUB_USERNAME }}
-#          password: ${{ secrets.DOCKERHUB_TOKEN }}
-#          repository: ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}
-#          readme-filepath: ./README.md
-
-  dispatch-action:
-    needs: container-build-push
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get latest commit info (latest)
-        if: github.event_name == 'push'
-        run: |
-          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
-          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
-
-      - name: Dispatch event (latest)
-        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
-        run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
-
-      - name: Dispatch event (release)
-        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
-        run: |
-          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
--- a/.github/workflows/sdk-bump-version.yml
+++ b/.github/workflows/sdk-bump-version.yml
@@ -1,146 +1,218 @@
-name: SDK - Bump Version
+name: 'SDK: Bump Version'

 on:
  release:
-    types: [published]
+    types:
+      - 'published'

+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
+  cancel-in-progress: false

 env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

 jobs:
-  bump-version:
-    name: Bump Version
+  detect-release-type:
    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    outputs:
+      is_minor: ${{ steps.detect.outputs.is_minor }}
+      is_patch: ${{ steps.detect.outputs.is_patch }}
+      major_version: ${{ steps.detect.outputs.major_version }}
+      minor_version: ${{ steps.detect.outputs.minor_version }}
+      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Get Prowler version
-        shell: bash
+      - name: Detect release type and parse version
+        id: detect
        run: |
          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
            MAJOR_VERSION=${BASH_REMATCH[1]}
            MINOR_VERSION=${BASH_REMATCH[2]}
-            FIX_VERSION=${BASH_REMATCH[3]}
+            PATCH_VERSION=${BASH_REMATCH[3]}

-            # Export version components to GitHub environment
-            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"
+            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
+            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
+            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"

-            if (( MAJOR_VERSION == 5 )); then
-                if (( FIX_VERSION == 0 )); then
-                  echo "Minor Release: $PROWLER_VERSION"
+            if (( MAJOR_VERSION != 5 )); then
+              echo "::error::Releasing another Prowler major version, aborting..."
+              exit 1
+            fi

-                  # Set up next minor version for master
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=${BASE_BRANCH}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  # Set up patch version for version branch
-                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
-                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
-                else
-                  echo "Patch Release: $PROWLER_VERSION"
-
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                fi
+            if (( PATCH_VERSION == 0 )); then
+              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
+              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
+              echo "✓ Minor release detected: $PROWLER_VERSION"
            else
-                echo "Releasing another Prowler major version, aborting..."
-                exit 1
+              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
+              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
+              echo "✓ Patch release detected: $PROWLER_VERSION"
            fi
          else
-            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
+            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
            exit 1
          fi

-      - name: Bump versions in files
+  bump-minor-version:
+    needs: detect-release-type
+    if: needs.detect-release-type.outputs.is_minor == 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Calculate next minor version
        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"
+          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
+          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}

-            set -e
+          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
+          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"

-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml
+          echo "Current version: $PROWLER_VERSION"
+          echo "Next minor version: $NEXT_MINOR_VERSION"

-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py
+      - name: Bump versions in files for master
+        run: |
+          set -e

-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env
+          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_MINOR_VERSION}\"|" pyproject.toml
+          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_MINOR_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env

-            git --no-pager diff
+          echo "Files modified:"
+          git --no-pager diff

-      - name: Create Pull Request
+      - name: Create PR for next minor version to master
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.TARGET_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            labels: no-changelog
-            body: |
-              ### Description
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          base: master
+          commit-message: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
+          branch: version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
+          title: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
+          labels: no-changelog
+          body: |
+            ### Description

-              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}
+            Bump Prowler version to v${{ env.NEXT_MINOR_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.

-              ### License
+            ### License

-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

-      - name: Handle patch version for minor release
-        if: env.FIX_VERSION == '0'
+      - name: Checkout version branch
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
+
+      - name: Calculate first patch version
        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"
+          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
+          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}

-            set -e
+          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
+          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}

-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml
+          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
+          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"

-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py
+          echo "First patch version: $FIRST_PATCH_VERSION"
+          echo "Version branch: $VERSION_BRANCH"

-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env
+      - name: Bump versions in files for version branch
+        run: |
+          set -e

-            git --no-pager diff
+          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${FIRST_PATCH_VERSION}\"|" pyproject.toml
+          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${FIRST_PATCH_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env

-      - name: Create Pull Request for patch version
-        if: env.FIX_VERSION == '0'
+          echo "Files modified:"
+          git --no-pager diff
+
+      - name: Create PR for first patch version to version branch
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.VERSION_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            labels: no-changelog
-            body: |
-              ### Description
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          base: ${{ env.VERSION_BRANCH }}
+          commit-message: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
+          branch: version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
+          title: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
+          labels: no-changelog
+          body: |
+            ### Description

-              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}
+            Bump Prowler version to v${{ env.FIRST_PATCH_VERSION }} in version branch after releasing v${{ env.PROWLER_VERSION }}.

-              ### License
+            ### License

-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+
+  bump-patch-version:
+    needs: detect-release-type
+    if: needs.detect-release-type.outputs.is_patch == 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Calculate next patch version
+        run: |
+          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
+          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
+
+          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
+          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+
+          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
+          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
+          echo "Current version: $PROWLER_VERSION"
+          echo "Next patch version: $NEXT_PATCH_VERSION"
+          echo "Target branch: $VERSION_BRANCH"
+
+      - name: Bump versions in files for version branch
+        run: |
+          set -e
+
+          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_PATCH_VERSION}\"|" pyproject.toml
+          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_PATCH_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
+
+          echo "Files modified:"
+          git --no-pager diff
+
+      - name: Create PR for next patch version to version branch
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          base: ${{ env.VERSION_BRANCH }}
+          commit-message: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
+          branch: version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
+          title: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
+          labels: no-changelog
+          body: |
+            ### Description
+
+            Bump Prowler version to v${{ env.NEXT_PATCH_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
+
+            ### License
+
+            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/sdk-codeql.yml
+++ b/.github/workflows/sdk-codeql.yml
@@ -1,45 +1,41 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: SDK - CodeQL
+name: 'SDK: CodeQL'

 on:
  push:
    branches:
-      - "master"
-      - "v3"
-      - "v4.*"
-      - "v5.*"
-    paths-ignore:
-      - 'ui/**'
-      - 'api/**'
-      - '.github/**'
+      - 'master'
+      - 'v5.*'
+    paths:
+      - 'prowler/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - '.github/workflows/sdk-codeql.yml'
+      - '.github/codeql/sdk-codeql-config.yml'
+      - '!prowler/CHANGELOG.md'
  pull_request:
    branches:
-      - "master"
-      - "v3"
-      - "v4.*"
-      - "v5.*"
-    paths-ignore:
-      - 'ui/**'
-      - 'api/**'
-      - '.github/**'
+      - 'master'
+      - 'v5.*'
+    paths:
+      - 'prowler/**'
+      - 'tests/**'
+      - 'pyproject.toml'
+      - '.github/workflows/sdk-codeql.yml'
+      - '.github/codeql/sdk-codeql-config.yml'
+      - '!prowler/CHANGELOG.md'
  schedule:
    - cron: '00 12 * * *'

+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  sdk-analyze:
    if: github.repository == 'prowler-cloud/prowler'
    name: CodeQL Security Analysis
    runs-on: ubuntu-latest
+    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -48,21 +44,20 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: [ 'python' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        language:
+          - 'python'

    steps:
-    - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-      with:
-        languages: ${{ matrix.language }}
-        config-file: ./.github/codeql/sdk-codeql-config.yml
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/sdk-codeql-config.yml

-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        with:
+          category: '/language:${{ matrix.language }}'
--- a/.github/workflows/sdk-container-build-push.yml
+++ b/.github/workflows/sdk-container-build-push.yml
@@ -0,0 +1,217 @@
+name: 'SDK: Container Build and Push'
+
+on:
+  push:
+    branches:
+      - 'v3'      # For v3-latest
+      - 'v4.6'    # For v4-latest
+      - 'master'  # For latest
+    paths-ignore:
+      - '.github/**'
+      - '!.github/workflows/sdk-container-build-push.yml'
+      - 'README.md'
+      - 'docs/**'
+      - 'ui/**'
+      - 'api/**'
+  release:
+    types:
+      - 'published'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  # Container configuration
+  IMAGE_NAME: prowler
+  DOCKERFILE_PATH: ./Dockerfile
+
+  # Python configuration
+  PYTHON_VERSION: '3.12'
+
+  # Tags (dynamically set based on version)
+  LATEST_TAG: latest
+  STABLE_TAG: stable
+
+  # Container registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
+
+  # AWS configuration (for ECR)
+  AWS_REGION: us-east-1
+
+jobs:
+  container-build-push:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      prowler_version: ${{ steps.get-prowler-version.outputs.prowler_version }}
+      prowler_version_major: ${{ steps.get-prowler-version.outputs.prowler_version_major }}
+    env:
+      POETRY_VIRTUALENVS_CREATE: 'false'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install Poetry
+        run: |
+          pipx install poetry==2.1.1
+          pipx inject poetry poetry-bumpversion
+
+      - name: Get Prowler version and set tags
+        id: get-prowler-version
+        run: |
+          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
+          echo "prowler_version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
+
+          # Extract major version
+          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
+          echo "prowler_version_major=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
+
+          # Set version-specific tags
+          case ${PROWLER_VERSION_MAJOR} in
+            3)
+              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
+              echo "✓ Prowler v3 detected - tags: v3-latest, v3-stable"
+              ;;
+            4)
+              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
+              echo "✓ Prowler v4 detected - tags: v4-latest, v4-stable"
+              ;;
+            5)
+              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
+              echo "✓ Prowler v5 detected - tags: latest, stable"
+              ;;
+            *)
+              echo "::error::Unsupported Prowler major version: ${PROWLER_VERSION_MAJOR}"
+              exit 1
+              ;;
+          esac
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push SDK container (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: ${{ env.DOCKERFILE_PATH }}
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push started
+        if: github.event_name == 'release'
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: SDK
+          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
+      - name: Build and push SDK container (release)
+        if: github.event_name == 'release'
+        id: container-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: .
+          file: ${{ env.DOCKERFILE_PATH }}
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push completed
+        if: github.event_name == 'release' && always()
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: SDK
+          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+          step-outcome: ${{ steps.container-push.outcome }}
+
+  dispatch-v3-deployment:
+    if: needs.container-build-push.outputs.prowler_version_major == '3'
+    needs: container-build-push
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+
+    steps:
+      - name: Calculate short SHA
+        id: short-sha
+        run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+
+      - name: Dispatch v3 deployment (latest)
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
+          event-type: dispatch
+          client-payload: '{"version":"v3-latest","tag":"${{ steps.short-sha.outputs.short_sha }}"}'
+
+      - name: Dispatch v3 deployment (release)
+        if: github.event_name == 'release'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
+          event-type: dispatch
+          client-payload: '{"version":"release","tag":"${{ needs.container-build-push.outputs.prowler_version }}"}'
--- a/.github/workflows/sdk-pypi-release.yml
+++ b/.github/workflows/sdk-pypi-release.yml
@@ -1,98 +1,119 @@
-name: SDK - PyPI release
+name: 'SDK: PyPI Release'

 on:
  release:
-    types: [published]
+    types:
+      - 'published'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
+  cancel-in-progress: false

 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: 3.11
-  # CACHE: "poetry"
+  PYTHON_VERSION: '3.12'

 jobs:
-  repository-check:
-    name: Repository check
+  validate-release:
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
+      prowler_version: ${{ steps.parse-version.outputs.version }}
+      major_version: ${{ steps.parse-version.outputs.major }}

-  release-prowler-job:
-    runs-on: ubuntu-latest
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
-    env:
-      POETRY_VIRTUALENVS_CREATE: "false"
-    name: Release Prowler to PyPI
    steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
-                  echo "This action only runs for prowler-cloud/prowler"
-                  exit 1
-              fi
-
-      - name: Get Prowler version
+      - name: Parse and validate version
+        id: parse-version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
+          echo "version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"

-          case ${PROWLER_VERSION%%.*} in
-          3)
-              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
+          # Extract major version
+          MAJOR_VERSION="${PROWLER_VERSION%%.*}"
+          echo "major=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
+
+          # Validate major version
+          case ${MAJOR_VERSION} in
+            3|4|5)
+              echo "✓ Releasing Prowler v${MAJOR_VERSION} with tag ${PROWLER_VERSION}"
              ;;
-          4)
-              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
-              ;;
-          5)
-              echo "Releasing Prowler v5 with tag ${PROWLER_VERSION}"
-              ;;
-          *)
-              echo "Releasing another Prowler major version, aborting..."
+            *)
+              echo "::error::Unsupported Prowler major version: ${MAJOR_VERSION}"
              exit 1
              ;;
          esac

-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+  publish-prowler:
+    needs: validate-release
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      id-token: write
+    environment:
+      name: pypi-prowler
+      url: https://pypi.org/project/prowler/${{ needs.validate-release.outputs.prowler_version }}/

-      - name: Install dependencies
-        run: |
-          pipx install poetry==2.1.1
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      - name: Setup Python
+      - name: Install Poetry
+        run: pipx install poetry==2.1.1
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          # cache: ${{ env.CACHE }}
+          cache: 'poetry'

      - name: Build Prowler package
-        run: |
-          poetry build
+        run: poetry build

      - name: Publish Prowler package to PyPI
-        run: |
-          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
-          poetry publish
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        with:
+          print-hash: true

-      - name: Replicate PyPI package
+  publish-prowler-cloud:
+    needs: validate-release
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      id-token: write
+    environment:
+      name: pypi-prowler-cloud
+      url: https://pypi.org/project/prowler-cloud/${{ needs.validate-release.outputs.prowler_version }}/
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Install Poetry
+        run: pipx install poetry==2.1.1
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'poetry'
+
+      - name: Install toml package
+        run: pip install toml
+
+      - name: Replicate PyPI package for prowler-cloud
        run: |
-          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
-          pip install toml
+          rm -rf ./dist ./build prowler.egg-info
          python util/replicate_pypi_package.py
-          poetry build
+
+      - name: Build prowler-cloud package
+        run: poetry build

      - name: Publish prowler-cloud package to PyPI
-        run: |
-          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
-          poetry publish
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        with:
+          print-hash: true
--- a/.github/workflows/sdk-refresh-aws-services-regions.yml
+++ b/.github/workflows/sdk-refresh-aws-services-regions.yml
@@ -1,68 +1,90 @@
-# This is a basic workflow to help you get started with Actions
-
-name: SDK - Refresh AWS services' regions
+name: 'SDK: Refresh AWS Regions'

 on:
  schedule:
-    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday
+    - cron: '0 9 * * 1' # Every Monday at 09:00 UTC
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false

 env:
-  GITHUB_BRANCH: "master"
-  AWS_REGION_DEV: us-east-1
+  PYTHON_VERSION: '3.12'
+  AWS_REGION: 'us-east-1'

-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
-  build:
-    # The type of runner that the job will run on
+  refresh-aws-regions:
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
+    timeout-minutes: 15
    permissions:
      id-token: write
      pull-requests: write
      contents: write
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ env.GITHUB_BRANCH }}

-      - name: setup python
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: 'master'
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
-          python-version: 3.9 #install the python needed
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip'

      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install boto3
+        run: pip install boto3

-      - name: Configure AWS Credentials -- DEV
+      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
        with:
-          aws-region: ${{ env.AWS_REGION_DEV }}
+          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
-          role-session-name: refresh-AWS-regions-dev
+          role-session-name: prowler-refresh-aws-regions

-      # Runs a single command using the runners shell
-      - name: Run a one-line script
-        run: python3 util/update_aws_services_regions.py
+      - name: Update AWS services regions
+        run: python util/update_aws_services_regions.py

-      # Create pull request
-      - name: Create Pull Request
+      - name: Create pull request
+        id: create-pr
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          commit-message: "feat(regions_update): Update regions for AWS services"
-          branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws, no-changelog"
-          title: "chore(regions_update): Changes in regions for AWS services"
+          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
+          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
+          commit-message: 'feat(aws): update regions for AWS services'
+          branch: 'aws-regions-update-${{ github.run_number }}'
+          title: 'feat(aws): Update regions for AWS services'
+          labels: |
+            status/waiting-for-revision
+            severity/low
+            provider/aws
+            no-changelog
          body: |
            ### Description

-            This PR updates the regions for AWS services.
+            Automated update of AWS service regions from the official AWS IP ranges.
+
+            **Trigger:** ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || github.event_name == 'workflow_dispatch' && 'Manual' || 'Workflow update' }}
+            **Run:** [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
+
+            ### Checklist
+
+            - [x] This is an automated update from AWS official sources
+            - [x] No manual review of region data required

            ### License

            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+
+      - name: PR creation result
+        run: |
+          if [[ "${{ steps.create-pr.outputs.pull-request-number }}" ]]; then
+            echo "✓ Pull request #${{ steps.create-pr.outputs.pull-request-number }} created successfully"
+            echo "URL: ${{ steps.create-pr.outputs.pull-request-url }}"
+          else
+            echo "✓ No changes detected - AWS regions are up to date"
+          fi
--- a/.github/workflows/ui-build-lint-push-containers.yml
+++ b/.github/workflows/ui-build-lint-push-containers.yml
@@ -1,121 +0,0 @@
-name: UI - Build and Push containers
-
-on:
-  push:
-    branches:
-      - "master"
-    paths:
-      - "ui/**"
-      - ".github/workflows/ui-build-lint-push-containers.yml"
-
-  # Uncomment the below code to test this action on PRs
-  # pull_request:
-  #   branches:
-  #     - "master"
-  #   paths:
-  #     - "ui/**"
-  #     - ".github/workflows/ui-build-lint-push-containers.yml"
-
-  release:
-    types: [published]
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-
-  WORKING_DIRECTORY: ./ui
-
-  # Container Registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
-
-jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
-  # Build Prowler OSS container
-  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set short git commit SHA
-        id: vars
-        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push container image (latest)
-        # Comment the following line for testing
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          # Set push: false for testing
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Build and push container image (release)
-        if: github.event_name == 'release'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-ui-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -1,37 +1,37 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: UI - CodeQL
+name: 'UI: CodeQL'

 on:
  push:
    branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
    paths:
-      - "ui/**"
+      - 'ui/**'
+      - '.github/workflows/ui-codeql.yml'
+      - '.github/codeql/ui-codeql-config.yml'
+      - '!ui/CHANGELOG.md'
  pull_request:
    branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
    paths:
-      - "ui/**"
+      - 'ui/**'
+      - '.github/workflows/ui-codeql.yml'
+      - '.github/codeql/ui-codeql-config.yml'
+      - '!ui/CHANGELOG.md'
  schedule:
-    - cron: "00 12 * * *"
+    - cron: '00 12 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

 jobs:
  ui-analyze:
    if: github.repository == 'prowler-cloud/prowler'
    name: CodeQL Security Analysis
    runs-on: ubuntu-latest
+    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -40,14 +40,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language: ["javascript"]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        language:
+          - 'javascript-typescript'

    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
@@ -57,4 +56,4 @@ jobs:
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
-          category: "/language:${{matrix.language}}"
+          category: '/language:${{ matrix.language }}'
--- a/.github/workflows/ui-container-build-push.yml
+++ b/.github/workflows/ui-container-build-push.yml
@@ -0,0 +1,143 @@
+name: 'UI: Container Build and Push'
+
+on:
+  push:
+    branches:
+      - 'master'
+    paths:
+      - 'ui/**'
+      - '.github/workflows/ui-container-build-push.yml'
+  release:
+    types:
+      - 'published'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+  WORKING_DIRECTORY: ./ui
+
+  # Container registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
+
+  # Build args
+  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
+
+jobs:
+  setup:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
+    steps:
+      - name: Calculate short SHA
+        id: set-short-sha
+        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
+
+  container-build-push:
+    needs: setup
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push UI container (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ needs.setup.outputs.short-sha }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push started
+        if: github.event_name == 'release'
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: UI
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
+
+      - name: Build and push UI container (release)
+        if: github.event_name == 'release'
+        id: container-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Notify container push completed
+        if: github.event_name == 'release' && always()
+        uses: ./.github/actions/slack-notification
+        env:
+          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
+          COMPONENT: UI
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+          GITHUB_SERVER_URL: ${{ github.server_url }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_RUN_ID: ${{ github.run_id }}
+        with:
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
+          step-outcome: ${{ steps.container-push.outcome }}
+
+  trigger-deployment:
+    if: github.event_name == 'push'
+    needs: [setup, container-build-push]
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+
+    steps:
+      - name: Trigger UI deployment
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: ui-prowler-deployment
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
--- a/.github/workflows/ui-e2e-tests.yml
+++ b/.github/workflows/ui-e2e-tests.yml
@@ -18,6 +18,22 @@ jobs:
      AUTH_TRUST_HOST: true
      NEXTAUTH_URL: 'http://localhost:3000'
      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
+      E2E_ADMIN_USER: ${{ secrets.E2E_ADMIN_USER }}
+      E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
+      E2E_AWS_PROVIDER_ACCOUNT_ID: ${{ secrets.E2E_AWS_PROVIDER_ACCOUNT_ID }}
+      E2E_AWS_PROVIDER_ACCESS_KEY: ${{ secrets.E2E_AWS_PROVIDER_ACCESS_KEY }}
+      E2E_AWS_PROVIDER_SECRET_KEY: ${{ secrets.E2E_AWS_PROVIDER_SECRET_KEY }}
+      E2E_AWS_PROVIDER_ROLE_ARN: ${{ secrets.E2E_AWS_PROVIDER_ROLE_ARN }}
+      E2E_AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
+      E2E_AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID }}
+      E2E_AZURE_SECRET_ID: ${{ secrets.E2E_AZURE_SECRET_ID }}
+      E2E_AZURE_TENANT_ID: ${{ secrets.E2E_AZURE_TENANT_ID }}
+      E2E_M365_DOMAIN_ID: ${{ secrets.E2E_M365_DOMAIN_ID }}
+      E2E_M365_CLIENT_ID: ${{ secrets.E2E_M365_CLIENT_ID }}
+      E2E_M365_SECRET_ID: ${{ secrets.E2E_M365_SECRET_ID }}
+      E2E_M365_TENANT_ID: ${{ secrets.E2E_M365_TENANT_ID }}
+      E2E_M365_CERTIFICATE_CONTENT: ${{ secrets.E2E_M365_CERTIFICATE_CONTENT }}
+      E2E_NEW_PASSWORD: ${{ secrets.E2E_NEW_PASSWORD }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -2,6 +2,35 @@

 All notable changes to the **Prowler API** are documented in this file.

+<<<<<<< HEAD
+=======
+## [1.15.0] (Prowler UNRELEASED)
+
+### Added
+- IaC (Infrastructure as Code) provider support for remote repositories [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751)
+- Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
+- New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
+- Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
+- Support C5 compliance framework for Azure provider [(#9081)](https://github.com/prowler-cloud/prowler/pull/9081)
+- Support for Oracle Cloud Infrastructure (OCI) provider [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
+- Support muting findings based on simple rules with custom reason [(#9051)](https://github.com/prowler-cloud/prowler/pull/9051)
+- Support C5 compliance framework for the GCP provider [(#9097)](https://github.com/prowler-cloud/prowler/pull/9097)
+- Support for Amazon Bedrock and OpenAI compatible providers in Lighthouse AI [(#8957)](https://github.com/prowler-cloud/prowler/pull/8957)
+- Tenant-wide ThreatScore overview aggregation and snapshot persistence with backfill support [(#9148)](https://github.com/prowler-cloud/prowler/pull/9148)
+- Support for MongoDB Atlas provider [(#9167)](https://github.com/prowler-cloud/prowler/pull/9167)
+
+### Security
+- Django updated to the latest 5.1 security release, 5.1.14, due to problems with potential [SQL injection](https://github.com/prowler-cloud/prowler/security/dependabot/113) and [denial-of-service vulnerability](https://github.com/prowler-cloud/prowler/security/dependabot/114) [(#9176)](https://github.com/prowler-cloud/prowler/pull/9176)
+
+---
+
+## [1.14.2] (Prowler UNRELEASED)
+
+### Fixed
+- Update unique constraint for `Provider` model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers.[(#9054)](https://github.com/prowler-cloud/prowler/pull/9054)
+- Remove compliance generation for providers without compliance frameworks [(#9208)](https://github.com/prowler-cloud/prowler/pull/9208)
+
+>>>>>>> 427dab681 (fix(compliance): handle check_id not in Prowler Checks (#9208))
 ## [1.14.1] (Prowler 5.13.1)

 ### Fixed
--- a/api/src/backend/api/compliance.py
+++ b/api/src/backend/api/compliance.py
@@ -144,6 +144,7 @@ def generate_scan_compliance(
    Returns:
        None: This function modifies the compliance_overview in place.
    """
+
    for compliance_id in PROWLER_CHECKS[provider_type][check_id]:
        for requirement in compliance_overview[compliance_id]["requirements"].values():
            if check_id in requirement["checks"]:
--- a/api/src/backend/tasks/jobs/scan.py
+++ b/api/src/backend/tasks/jobs/scan.py
@@ -735,9 +735,9 @@ def create_compliance_requirements(tenant_id: str, scan_id: str):
            provider_instance = scan_instance.provider
            prowler_provider = return_prowler_provider(provider_instance)

-        compliance_template = PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE[
-            provider_instance.provider
-        ]
+        compliance_template = PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE.get(
+            provider_instance.provider, {}
+        )
        modeled_threatscore_compliance_id = "ProwlerThreatScore-1.0"
        threatscore_requirements_by_check: dict[str, set[str]] = {}
        threatscore_framework = compliance_template.get(
@@ -809,63 +809,68 @@ def create_compliance_requirements(tenant_id: str, scan_id: str):
            region: deepcopy(compliance_template) for region in regions
        }

-        # Apply check statuses to compliance data
-        for region, check_status in check_status_by_region.items():
-            compliance_data = compliance_overview_by_region.setdefault(
-                region, deepcopy(compliance_template)
-            )
-            for check_name, status in check_status.items():
-                generate_scan_compliance(
-                    compliance_data,
-                    provider_instance.provider,
-                    check_name,
-                    status,
-                )
-
-        # Prepare compliance requirement rows
        compliance_requirement_rows: list[dict[str, Any]] = []
-        utc_datetime_now = datetime.now(tz=timezone.utc)
-        for region, compliance_data in compliance_overview_by_region.items():
-            for compliance_id, compliance in compliance_data.items():
-                modeled_compliance_id = _normalized_compliance_key(
-                    compliance["framework"], compliance["version"]
+
+        # Skip if provider has no compliance frameworks
+        if compliance_template:
+            # Apply check statuses to compliance data
+            for region, check_status in check_status_by_region.items():
+                compliance_data = compliance_overview_by_region.setdefault(
+                    region, deepcopy(compliance_template)
                )
-                # Create an overview record for each requirement within each compliance framework
-                for requirement_id, requirement in compliance["requirements"].items():
-                    checks_status = requirement["checks_status"]
-                    compliance_requirement_rows.append(
-                        {
-                            "id": uuid.uuid4(),
-                            "tenant_id": tenant_id,
-                            "inserted_at": utc_datetime_now,
-                            "compliance_id": compliance_id,
-                            "framework": compliance["framework"],
-                            "version": compliance["version"] or "",
-                            "description": requirement.get("description") or "",
-                            "region": region,
-                            "requirement_id": requirement_id,
-                            "requirement_status": requirement["status"],
-                            "passed_checks": checks_status["pass"],
-                            "failed_checks": checks_status["fail"],
-                            "total_checks": checks_status["total"],
-                            "scan_id": scan_instance.id,
-                            "passed_findings": findings_count_by_compliance.get(
-                                region, {}
-                            )
-                            .get(modeled_compliance_id, {})
-                            .get(requirement_id, {})
-                            .get("pass", 0),
-                            "total_findings": findings_count_by_compliance.get(
-                                region, {}
-                            )
-                            .get(modeled_compliance_id, {})
-                            .get(requirement_id, {})
-                            .get("total", 0),
-                        }
+                for check_name, status in check_status.items():
+                    generate_scan_compliance(
+                        compliance_data,
+                        provider_instance.provider,
+                        check_name,
+                        status,
                    )

-        # Bulk create requirement records using PostgreSQL COPY
-        _persist_compliance_requirement_rows(tenant_id, compliance_requirement_rows)
+            # Prepare compliance requirement rows
+            utc_datetime_now = datetime.now(tz=timezone.utc)
+            for region, compliance_data in compliance_overview_by_region.items():
+                for compliance_id, compliance in compliance_data.items():
+                    modeled_compliance_id = _normalized_compliance_key(
+                        compliance["framework"], compliance["version"]
+                    )
+                    # Create an overview record for each requirement within each compliance framework
+                    for requirement_id, requirement in compliance[
+                        "requirements"
+                    ].items():
+                        checks_status = requirement["checks_status"]
+                        compliance_requirement_rows.append(
+                            {
+                                "id": uuid.uuid4(),
+                                "tenant_id": tenant_id,
+                                "inserted_at": utc_datetime_now,
+                                "compliance_id": compliance_id,
+                                "framework": compliance["framework"],
+                                "version": compliance["version"] or "",
+                                "description": requirement.get("description") or "",
+                                "region": region,
+                                "requirement_id": requirement_id,
+                                "requirement_status": requirement["status"],
+                                "passed_checks": checks_status["pass"],
+                                "failed_checks": checks_status["fail"],
+                                "total_checks": checks_status["total"],
+                                "scan_id": scan_instance.id,
+                                "passed_findings": findings_count_by_compliance.get(
+                                    region, {}
+                                )
+                                .get(modeled_compliance_id, {})
+                                .get(requirement_id, {})
+                                .get("pass", 0),
+                                "total_findings": findings_count_by_compliance.get(
+                                    region, {}
+                                )
+                                .get(modeled_compliance_id, {})
+                                .get(requirement_id, {})
+                                .get("total", 0),
+                            }
+                        )
+
+            # Bulk create requirement records using PostgreSQL COPY
+            _persist_compliance_requirement_rows(tenant_id, compliance_requirement_rows)

        return {
            "requirements_created": len(compliance_requirement_rows),
--- a/docs/user-guide/cli/tutorials/compliance.mdx
+++ b/docs/user-guide/cli/tutorials/compliance.mdx
@@ -24,7 +24,7 @@ Standard results will be shown and additionally the framework information as the
 **If Prowler can't find a resource related with a check from a compliance requirement, this requirement won't appear on the output**
 </Note>

-## List Available Compliance Frameworks
+## List Available Compliance Frameworks

 To see which compliance frameworks are covered by Prowler, use the `--list-compliance` option:

@@ -34,7 +34,7 @@ prowler <provider> --list-compliance

 Or you can visit [Prowler Hub](https://hub.prowler.com/compliance).

-## List Requirements of Compliance Frameworks
+## List Requirements of Compliance Frameworks
 To list requirements for a compliance framework, use the `--list-compliance-requirements` option:

 ```sh
--- a/docs/user-guide/cli/tutorials/configuration_file.mdx
+++ b/docs/user-guide/cli/tutorials/configuration_file.mdx
@@ -94,7 +94,7 @@ The following list includes all the Azure checks with configurable variables tha

 ### Configurable Checks

-## Kubernetes
+## Kubernetes

 ### Configurable Checks
 The following list includes all the Kubernetes checks with configurable variables that can be changed in the configuration yaml file:
--- a/docs/user-guide/cli/tutorials/integrations.mdx
+++ b/docs/user-guide/cli/tutorials/integrations.mdx
@@ -2,7 +2,7 @@
 title: 'Integrations'
 ---

-## Integration with Slack
+## Integration with Slack

 Prowler can be integrated with [Slack](https://slack.com/) to send a summary of the execution having configured a Slack APP in your channel with the following command:

--- a/docs/user-guide/cli/tutorials/misc.mdx
+++ b/docs/user-guide/cli/tutorials/misc.mdx
@@ -14,7 +14,7 @@ prowler <provider> -V/-v/--version

 Prowler provides various execution settings.

-### Verbose Execution
+### Verbose Execution

 To enable verbose mode in Prowler, similar to Version 2, use:

@@ -54,7 +54,7 @@ To run Prowler without color formatting:
 prowler <provider> --no-color
 ```

-### Checks in Prowler
+### Checks in Prowler

 Prowler provides various security checks per cloud provider. Use the following options to list, execute, or exclude specific checks:

@@ -96,7 +96,7 @@ prowler <provider> -e/--excluded-checks ec2 rds
 prowler <provider> -C/--checks-file <checks_list>.json
 ```

-## Custom Checks in Prowler
+## Custom Checks in Prowler

 Prowler supports custom security checks, allowing users to define their own logic.

--- a/docs/user-guide/cli/tutorials/mutelist.mdx
+++ b/docs/user-guide/cli/tutorials/mutelist.mdx
@@ -27,7 +27,7 @@ If any of the criteria do not match, the check is not muted.
 Remember that mutelist can be used with regular expressions.

 </Note>
-## Mutelist Specification
+## Mutelist Specification

 <Note>
 - For Azure provider, the Account ID is the Subscription Name and the Region is the Location.
@@ -40,9 +40,10 @@ The Mutelist file uses the [YAML](https://en.wikipedia.org/wiki/YAML) format wit
 ```yaml
 ### Account, Check and/or Region can be * to apply for all the cases.
 ### Resources and tags are lists that can have either Regex or Keywords.
-### Tags is an optional list that matches on tuples of 'key=value' and are "ANDed" together.
-### Use an alternation Regex to match one of multiple tags with "ORed" logic.
-### For each check you can except Accounts, Regions, Resources and/or Tags.
+### Multiple tags in the list are "ANDed" together (ALL must match).
+### Use regex alternation (|) within a single tag for "OR" logic (e.g., "env=dev|env=stg").
+### For each check you can use Exceptions to unmute specific Accounts, Regions, Resources and/or Tags.
+### All conditions (Account, Check, Region, Resource, Tags) are ANDed together.
 ###########################  MUTELIST EXAMPLE  ###########################
 Mutelist:
  Accounts:
--- a/docs/user-guide/cli/tutorials/parallel-execution.mdx
+++ b/docs/user-guide/cli/tutorials/parallel-execution.mdx
@@ -10,7 +10,7 @@ This can help for really large accounts, but please be aware of AWS API rate lim
 2. **API Rate Limits**: Most of the rate limits in AWS are applied at the API level. Each API call to an AWS service counts towards the rate limit for that service.
 3. **Throttling Responses**: When you exceed the rate limit for a service, AWS responds with a throttling error. In AWS SDKs, these are typically represented as `ThrottlingException` or `RateLimitExceeded` errors.

-For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.cloud/en/latest/tutorials/aws/boto3-configuration/).
+For information on Prowler's retrier configuration please refer to this [page](https://docs.prowler.com/user-guide/providers/aws/boto3-configuration/).

 <Note>
 You might need to increase the `--aws-retries-max-attempts` parameter from the default value of 3. The retrier follows an exponential backoff strategy.
--- a/docs/user-guide/cli/tutorials/quick-inventory.mdx
+++ b/docs/user-guide/cli/tutorials/quick-inventory.mdx
@@ -24,6 +24,6 @@ By default, it extracts resources from all the regions, you could use `-f`/`--fi

 ![Quick Inventory Example](/images/quick-inventory.jpg)

-## Objections
+## Objections

 The inventorying process is carried out with `resourcegroupstaggingapi` calls, which means that only resources they have or have had tags will appear (except for the IAM and S3 resources which are done with Boto3 API calls).
--- a/docs/user-guide/cli/tutorials/reporting.mdx
+++ b/docs/user-guide/cli/tutorials/reporting.mdx
@@ -22,7 +22,7 @@ prowler <provider> --output-formats json-asff

 All compliance-related reports are automatically generated when Prowler is executed. These outputs are stored in the `/output/compliance` directory.

-## Custom Output Flags
+## Custom Output Flags

 By default, Prowler creates a file inside the `output` directory named: `prowler-output-ACCOUNT_NUM-OUTPUT_DATE.format`.

@@ -53,7 +53,7 @@ Both flags can be used simultaneously to provide a custom directory and filename

 By default, the timestamp format of the output files is ISO 8601. This can be changed with the flag `--unix-timestamp` generating the timestamp fields in pure unix timestamp format.

-## Supported Output Formats
+## Supported Output Formats

 Prowler natively supports the following reporting output formats:

--- a/docs/user-guide/cli/tutorials/scan-unused-services.mdx
+++ b/docs/user-guide/cli/tutorials/scan-unused-services.mdx
@@ -14,7 +14,7 @@ prowler <provider> --scan-unused-services

 ## Services Ignored

-### AWS
+### AWS

 #### ACM (AWS Certificate Manager)

@@ -22,21 +22,21 @@ Certificates stored in ACM without active usage in AWS resources are excluded. B

 - `acm_certificates_expiration_check`

-#### Athena
+#### Athena

 Upon AWS account creation, Athena provisions a default primary workgroup for the user. Prowler verifies if this workgroup is enabled and used by checking for queries within the last 45 days. If Athena is unused, findings related to its checks will not appear.

 - `athena_workgroup_encryption`
 - `athena_workgroup_enforce_configuration`

-#### AWS CloudTrail
+#### AWS CloudTrail

 AWS CloudTrail should have at least one trail with a data event to record all S3 object-level API operations. Before flagging this issue, Prowler verifies if S3 buckets exist in the account.

 - `cloudtrail_s3_dataevents_read_enabled`
 - `cloudtrail_s3_dataevents_write_enabled`

-#### AWS Elastic Compute Cloud (EC2)
+#### AWS Elastic Compute Cloud (EC2)

 If Amazon Elastic Block Store (EBS) default encyption is not enabled, sensitive data at rest will remain unprotected in EC2. However, Prowler will only generate a finding if EBS volumes exist where default encryption could be enforced.

@@ -56,7 +56,7 @@ Prowler scans only attached security groups to report vulnerabilities in activel

    - `ec2_networkacl_allow_ingress_X_port`

-#### AWS Glue
+#### AWS Glue

 AWS Glue best practices recommend encrypting metadata and connection passwords in Data Catalogs.

@@ -71,7 +71,7 @@ Amazon Inspector is a vulnerability discovery service that automates continuous

 - `inspector2_is_enabled`

-#### Amazon Macie
+#### Amazon Macie

 Amazon Macie leverages machine learning to automatically discover, classify, and protect sensitive data in S3 buckets. Prowler only generates findings if Macie is disabled and there are S3 buckets in the AWS account.

@@ -83,7 +83,7 @@ A network firewall is essential for monitoring and controlling traffic within a

 - `networkfirewall_in_all_vpc`

-#### Amazon S3
+#### Amazon S3

 To prevent unintended data exposure:

@@ -91,7 +91,7 @@ Public Access Block should be enabled at the account level. Prowler only checks

 - `s3_account_level_public_access_blocks`

-#### Virtual Private Cloud (VPC)
+#### Virtual Private Cloud (VPC)

 VPC settings directly impact network security and availability.

--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -2,6 +2,18 @@

 All notable changes to the **Prowler SDK** are documented in this file.

+## [v5.13.2] (Prowler UNRELEASED)
+
+### Fixed
+- Check `check_name` has no `resource_name` error for GCP provider [(#9169)](https://github.com/prowler-cloud/prowler/pull/9169)
+- Depth Truncation and parsing error in PowerShell queries [(#9181)](https://github.com/prowler-cloud/prowler/pull/9181)
+- False negative in `iam_role_cross_service_confused_deputy_prevention` check [(#9213)](https://github.com/prowler-cloud/prowler/pull/9213)
+- Fix M365 Teams `--sp-env-auth` connection error and enhanced timeout logging [(#9191)](https://github.com/prowler-cloud/prowler/pull/9191)
+- Rename `get_oci_assessment_summary` to `get_oraclecloud_assessment_summary` in HTML output [(#9200)](https://github.com/prowler-cloud/prowler/pull/9200)
+- Fix Validation and other errors in Azure provider [(#8915)](https://github.com/prowler-cloud/prowler/pull/8915)
+- Update documentation URLs from docs.prowler.cloud to docs.prowler.com [(#9240)](https://github.com/prowler-cloud/prowler/pull/9240)
+- Fix file name parsing for checks on Windows [(#9268)](https://github.com/prowler-cloud/prowler/pull/9268)
+
 ## [v5.13.1] (Prowler v5.13.1)

 ### Fixed
--- a/prowler/main.py
+++ b/prowler/main.py
@@ -422,7 +422,7 @@ def prowler():
        else:
            # Refactor(CLI)
            logger.critical(
-                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack)."
+                "Slack integration needs SLACK_API_TOKEN and SLACK_CHANNEL_NAME environment variables (see more in https://docs.prowler.com/user-guide/cli/tutorials/integrations#configuration-of-the-integration-with-slack)."
            )
            sys.exit(1)

--- a/prowler/config/config.py
+++ b/prowler/config/config.py
@@ -12,7 +12,7 @@ from prowler.lib.logger import logger

 timestamp = datetime.today()
 timestamp_utc = datetime.now(timezone.utc).replace(tzinfo=timezone.utc)
-prowler_version = "5.13.1"
+prowler_version = "5.13.2"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 square_logo_img = "https://prowler.com/wp-content/uploads/logo-html.png"
 aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
--- a/prowler/lib/check/models.py
+++ b/prowler/lib/check/models.py
@@ -457,7 +457,8 @@ class Check(ABC, CheckMetadata):
        # Verify names consistency
        check_id = self.CheckID
        class_name = self.__class__.__name__
-        file_name = file_path.split(sep="/")[-1]
+        # os.path.basename handles Windows and POSIX paths reliably
+        file_name = os.path.basename(file_path)

        errors = []
        if check_id != class_name:
@@ -588,8 +589,17 @@ class Check_Report_GCP(Check_Report):
            or getattr(resource, "name", None)
            or ""
        )
+
+        # Prefer the explicit resource_name argument, otherwise look for a name attribute on the resource
+        resource_name_candidate = resource_name or getattr(resource, "name", None)
+        if not resource_name_candidate and isinstance(resource, dict):
+            # Some callers pass a dict, so fall back to the dict entry if available
+            resource_name_candidate = resource.get("name")
+        if isinstance(resource_name_candidate, str):
+            # Trim whitespace so empty strings collapse to the default
+            resource_name_candidate = resource_name_candidate.strip()
        self.resource_name = (
-            resource_name or getattr(resource, "name", "") or "GCP Project"
+            str(resource_name_candidate) if resource_name_candidate else "GCP Project"
        )
        self.project_id = project_id or getattr(resource, "project_id", "")
        self.location = (
--- a/prowler/lib/cli/parser.py
+++ b/prowler/lib/cli/parser.py
@@ -301,7 +301,7 @@ Detailed documentation at https://docs.prowler.com
            "--checks-folder",
            "-x",
            nargs="?",
-            help="Specify external directory with custom checks (each check must have a folder with the required files, see more in https://docs.prowler.cloud/en/latest/tutorials/misc/#custom-checks).",
+            help="Specify external directory with custom checks (each check must have a folder with the required files, see more in https://docs.prowler.com/user-guide/cli/tutorials/misc#custom-checks-in-prowler).",
        )

    def __init_list_checks_parser__(self):
@@ -354,7 +354,7 @@ Detailed documentation at https://docs.prowler.com
            "--mutelist-file",
            "-w",
            nargs="?",
-            help="Path for mutelist YAML file. See example prowler/config/<provider>_mutelist.yaml for reference and format. For AWS provider, it also accepts AWS DynamoDB Table, Lambda ARNs or S3 URIs, see more in https://docs.prowler.cloud/en/latest/tutorials/mutelist/",
+            help="Path for mutelist YAML file. See example prowler/config/<provider>_mutelist.yaml for reference and format. For AWS provider, it also accepts AWS DynamoDB Table, Lambda ARNs or S3 URIs, see more in https://docs.prowler.com/user-guide/cli/tutorials/mutelist",
        )

    def __init_config_parser__(self):
@@ -381,7 +381,7 @@ Detailed documentation at https://docs.prowler.com
            "--custom-checks-metadata-file",
            nargs="?",
            default=None,
-            help="Path for the custom checks metadata YAML file. See example prowler/config/custom_checks_metadata_example.yaml for reference and format. See more in https://docs.prowler.cloud/en/latest/tutorials/custom-checks-metadata/",
+            help="Path for the custom checks metadata YAML file. See example prowler/config/custom_checks_metadata_example.yaml for reference and format. See more in https://docs.prowler.com/user-guide/cli/tutorials/custom-checks-metadata/",
        )

    def __init_third_party_integrations_parser__(self):
@@ -399,5 +399,5 @@ Detailed documentation at https://docs.prowler.com
        third_party_subparser.add_argument(
            "--slack",
            action="store_true",
-            help="Send a summary of the execution with a Slack APP in your channel. Environment variables SLACK_API_TOKEN and SLACK_CHANNEL_NAME are required (see more in https://docs.prowler.cloud/en/latest/tutorials/integrations/#slack).",
+            help="Send a summary of the execution with a Slack APP in your channel. Environment variables SLACK_API_TOKEN and SLACK_CHANNEL_NAME are required (see more in https://docs.prowler.com/user-guide/cli/tutorials/integrations#configuration-of-the-integration-with-slack/).",
        )
--- a/prowler/lib/outputs/html/html.py
+++ b/prowler/lib/outputs/html/html.py
@@ -974,18 +974,20 @@ class HTML(Output):
            return ""

    @staticmethod
-    def get_oci_assessment_summary(provider: Provider) -> str:
+    def get_oraclecloud_assessment_summary(provider: Provider) -> str:
        """
-        get_oci_assessment_summary gets the HTML assessment summary for the OCI provider
+        get_oraclecloud_assessment_summary gets the HTML assessment summary for the OracleCloud provider

        Args:
-            provider (Provider): the OCI provider object
+            provider (Provider): the OracleCloud provider object

        Returns:
-            str: HTML assessment summary for the OCI provider
+            str: HTML assessment summary for the OracleCloud provider
        """
        try:
            profile = getattr(provider.session, "profile", "default")
+            if profile is None:
+                profile = "instance-principal"
            tenancy_name = getattr(provider.identity, "tenancy_name", "unknown")
            tenancy_id = getattr(provider.identity, "tenancy_id", "unknown")

@@ -993,11 +995,11 @@ class HTML(Output):
                <div class="col-md-2">
                    <div class="card">
                        <div class="card-header">
-                            OCI Assessment Summary
+                            OracleCloud Assessment Summary
                        </div>
                        <ul class="list-group list-group-flush">
                            <li class="list-group-item">
-                                <b>OCI Tenancy:</b> {tenancy_name if tenancy_name != "unknown" else tenancy_id}
+                                <b>OracleCloud Tenancy:</b> {tenancy_name if tenancy_name != "unknown" else tenancy_id}
                            </li>
                        </ul>
                    </div>
@@ -1005,7 +1007,7 @@ class HTML(Output):
                <div class="col-md-4">
                    <div class="card">
                        <div class="card-header">
-                            OCI Credentials
+                            OracleCloud Credentials
                        </div>
                        <ul class="list-group list-group-flush">
                            <li class="list-group-item">
--- a/prowler/lib/powershell/powershell.py
+++ b/prowler/lib/powershell/powershell.py
@@ -220,18 +220,19 @@ class PowerShellSession:
        if output == "":
            return {}

-        json_match = re.search(r"(\[.*\]|\{.*\})", output, re.DOTALL)
-        if not json_match:
-            logger.error(
-                f"Unexpected PowerShell output: {output}\n",
-            )
-        else:
+        decoder = json.JSONDecoder()
+        for index, character in enumerate(output):
+            if character not in ("{", "["):
+                continue
            try:
-                return json.loads(json_match.group(1))
-            except json.JSONDecodeError as error:
-                logger.error(
-                    f"Error parsing PowerShell output as JSON: {str(error)}\n",
-                )
+                parsed_json, _ = decoder.raw_decode(output[index:])
+                return parsed_json
+            except json.JSONDecodeError:
+                continue
+
+        logger.error(
+            f"Unexpected PowerShell output: {output}\n",
+        )

        return {}

--- a/prowler/lib/utils/utils.py
+++ b/prowler/lib/utils/utils.py
@@ -64,7 +64,7 @@ def open_file(input_file: str, mode: str = "r") -> TextIOWrapper:
    except OSError as os_error:
        if os_error.strerror == "Too many open files":
            logger.critical(
-                "Ooops! You reached your user session maximum open files. To solve this issue, increase the shell session limit by running this command `ulimit -n 4096`. For more info visit https://docs.prowler.cloud/en/latest/troubleshooting/"
+                "Ooops! You reached your user session maximum open files. To solve this issue, increase the shell session limit by running this command `ulimit -n 4096`. For more info visit https://docs.prowler.com/troubleshooting/"
            )
        else:
            logger.critical(
--- a/prowler/providers/aws/lib/quick_inventory/quick_inventory.py
+++ b/prowler/providers/aws/lib/quick_inventory/quick_inventory.py
@@ -297,7 +297,7 @@ def create_output(resources: list, provider: AwsProvider, args):

        csv_file.close()
        print(
-            f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.cloud/en/latest/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
+            f"\n{Fore.YELLOW}WARNING: Only resources that have or have had tags will appear (except for IAM and S3).\nSee more in https://docs.prowler.com/user-guide/cli/tutorials/quick-inventory/#objections{Style.RESET_ALL}"
        )
        print("\nMore details in files:")
        print(f" - CSV: {args.output_directory}/{output_file + csv_file_suffix}")
--- a/prowler/providers/aws/lib/security_hub/security_hub.py
+++ b/prowler/providers/aws/lib/security_hub/security_hub.py
@@ -256,7 +256,7 @@ class SecurityHub:
                security_hub_client.list_enabled_products_for_import()
            ):
                logger.warning(
-                    f"Security Hub is enabled in {region} but Prowler integration does not accept findings. More info: https://docs.prowler.cloud/en/latest/tutorials/aws/securityhub/"
+                    f"Security Hub is enabled in {region} but Prowler integration does not accept findings. More info: https://docs.prowler.com/user-guide/providers/aws/securityhub#aws-security-hub-integration-with-prowler"
                )
                return region, None
            else:
--- a/prowler/providers/aws/services/iam/lib/policy.py
+++ b/prowler/providers/aws/services/iam/lib/policy.py
@@ -427,25 +427,33 @@ def is_policy_public(
                        has_public_access = True

                    # Check for cross-service confused deputy
-                    if check_cross_service_confused_deputy and (
+                    if check_cross_service_confused_deputy:
                        # Check if function can be invoked by other AWS services if check_cross_service_confused_deputy is True
-                        (
-                            ".amazonaws.com" in principal.get("Service", "")
-                            or ".amazon.com" in principal.get("Service", "")
-                            or "*" in principal.get("Service", "")
+
+                        svc = principal.get("Service", [])
+                        if isinstance(svc, str):
+                            services = [svc]
+                        elif isinstance(svc, list):
+                            services = [s for s in svc if isinstance(s, str)]
+                        else:
+                            services = []
+
+                        is_cross_service = any(
+                            s == "*"
+                            or s.endswith(".amazonaws.com")
+                            or s.endswith(".amazon.com")
+                            for s in services
                        )
-                        and (
-                            "secretsmanager.amazonaws.com"
-                            not in principal.get(
-                                "Service", ""
-                            )  # AWS ensures that resources called by SecretsManager are executed in the same AWS account
-                            or "eks.amazonaws.com"
-                            not in principal.get(
-                                "Service", ""
-                            )  # AWS ensures that resources called by EKS are executed in the same AWS account
+
+                        # AWS ensures that resources called by SecretsManager are executed in the same AWS account
+                        # AWS ensures that resources called by EKS are executed in the same AWS account
+                        is_exempt = any(
+                            s in {"secretsmanager.amazonaws.com", "eks.amazonaws.com"}
+                            for s in services
                        )
-                    ):
-                        has_public_access = True
+
+                        if is_cross_service and not is_exempt:
+                            has_public_access = True

                if has_public_access and (
                    not not_allowed_actions  # If not_allowed_actions is empty, the function will not consider the actions in the policy
--- a/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py
+++ b/prowler/providers/azure/services/cosmosdb/cosmosdb_service.py
@@ -36,9 +36,14 @@ class CosmosDB(AzureService):
                                    name=private_endpoint_connection.name,
                                    type=private_endpoint_connection.type,
                                )
-                                for private_endpoint_connection in account.private_endpoint_connections
+                                for private_endpoint_connection in getattr(
+                                    account, "private_endpoint_connections", []
+                                )
+                                if private_endpoint_connection
                            ],
-                            disable_local_auth=account.disable_local_auth,
+                            disable_local_auth=getattr(
+                                account, "disable_local_auth", False
+                            ),
                        )
                    )
            except Exception as error:
--- a/prowler/providers/azure/services/defender/defender_service.py
+++ b/prowler/providers/azure/services/defender/defender_service.py
@@ -112,7 +112,9 @@ class Defender(AzureService):
                            assessment.display_name: Assesment(
                                resource_id=assessment.id,
                                resource_name=assessment.name,
-                                status=assessment.status.code,
+                                status=getattr(
+                                    getattr(assessment, "status", None), "code", None
+                                ),
                            )
                        }
                    )
@@ -304,7 +306,7 @@ class AutoProvisioningSetting(BaseModel):
 class Assesment(BaseModel):
    resource_id: str
    resource_name: str
-    status: str
+    status: Optional[str] = None


 class Setting(BaseModel):
--- a/prowler/providers/azure/services/storage/storage_service.py
+++ b/prowler/providers/azure/services/storage/storage_service.py
@@ -141,10 +141,12 @@ class Storage(AzureService):
                                    container_delete_retention_policy,
                                    "enabled",
                                    False,
-                                ),
+                                )
+                                or False,
                                days=getattr(
                                    container_delete_retention_policy, "days", 0
-                                ),
+                                )
+                                or 0,
                            ),
                            versioning_enabled=versioning_enabled,
                        )
@@ -220,12 +222,14 @@ class Storage(AzureService):
                                share_delete_retention_policy,
                                "enabled",
                                False,
-                            ),
+                            )
+                            or False,
                            days=getattr(
                                share_delete_retention_policy,
                                "days",
                                0,
-                            ),
+                            )
+                            or 0,
                        ),
                        smb_protocol_settings=SMBProtocolSettings(
                            channel_encryption=(
@@ -241,6 +245,11 @@ class Storage(AzureService):
                        ),
                    )
                except Exception as error:
+                    if "File is not supported for the account." in str(error).strip():
+                        logger.warning(
+                            f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                        )
+                        continue
                    logger.error(
                        f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
--- a/prowler/providers/azure/services/vm/vm_service.py
+++ b/prowler/providers/azure/services/vm/vm_service.py
@@ -1,4 +1,3 @@
-from dataclasses import dataclass
 from enum import Enum
 from typing import List, Optional

@@ -294,16 +293,14 @@ class VirtualMachines(AzureService):
        return vm_instance_ids


-@dataclass
-class UefiSettings:
+class UefiSettings(BaseModel):
    secure_boot_enabled: bool
    v_tpm_enabled: bool


-@dataclass
-class SecurityProfile:
-    security_type: str
-    uefi_settings: Optional[UefiSettings]
+class SecurityProfile(BaseModel):
+    security_type: Optional[str] = None
+    uefi_settings: Optional[UefiSettings] = None


 class OperatingSystemType(Enum):
--- a/prowler/providers/m365/lib/powershell/m365_powershell.py
+++ b/prowler/providers/m365/lib/powershell/m365_powershell.py
@@ -6,7 +6,7 @@ from prowler.providers.m365.exceptions.exceptions import (
    M365CertificateCreationError,
    M365GraphConnectionError,
 )
-from prowler.providers.m365.lib.jwt.jwt_decoder import decode_jwt, decode_msal_token
+from prowler.providers.m365.lib.jwt.jwt_decoder import decode_msal_token
 from prowler.providers.m365.models import M365Credentials, M365IdentityInfo


@@ -123,6 +123,21 @@ class M365PowerShell(PowerShellSession):
                '$graphToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $graphtokenBody | Select-Object -ExpandProperty Access_Token'
            )

+    def execute_connect(self, command: str) -> str:
+        """
+        Execute a PowerShell connect command ensuring empty responses surface as timeouts.
+
+        Args:
+            command (str): PowerShell connect command to run.
+            timeout (Optional[int]): Timeout in seconds for the command execution.
+
+        Returns:
+            str: Command output or 'Timeout' if the command produced no output.
+        """
+        connect_timeout = 15
+        result = self.execute(command, timeout=connect_timeout)
+        return result or "'execute_connect' command timeout reached"
+
    def test_credentials(self, credentials: M365Credentials) -> bool:
        """
        Test Microsoft 365 credentials by attempting to authenticate against Entra ID.
@@ -141,24 +156,32 @@ class M365PowerShell(PowerShellSession):
        # Test Certificate Auth
        if credentials.certificate_content and credentials.client_id:
            try:
-                self.test_teams_certificate_connection() or self.test_exchange_certificate_connection()
+                logger.info("Testing  Microsoft Graph Certificate connection...")
+                self.test_graph_certificate_connection()
+                logger.info("Microsoft Graph Certificate connection successful")
+                teams_connection_successful = self.test_teams_certificate_connection()
+                if not teams_connection_successful:
+                    self.test_exchange_certificate_connection()
                return True
            except Exception as e:
-                logger.error(f"Exchange Online Certificate connection failed: {e}")
-
-        else:
-            # Test Microsoft Graph connection
-            try:
-                logger.info("Testing Microsoft Graph connection...")
-                self.test_graph_connection()
-                logger.info("Microsoft Graph connection successful")
-                return True
-            except Exception as e:
-                logger.error(f"Microsoft Graph connection failed: {e}")
+                logger.error(f"Microsoft Graph Cer connection failed: {e}")
                raise M365GraphConnectionError(
                    file=os.path.basename(__file__),
                    original_exception=e,
-                    message="Check your Microsoft Application credentials and ensure the app has proper permissions",
+                    message="Check your Microsoft Application Certificate and ensure the app has proper permissions",
+                )
+        else:
+            try:
+                logger.info("Testing Microsoft Graph Client Secret connection...")
+                self.test_graph_connection()
+                logger.info("Microsoft Graph Client Secret connection successful")
+                return True
+            except Exception as e:
+                logger.error(f"Microsoft Graph Client Secret connection failed: {e}")
+                raise M365GraphConnectionError(
+                    file=os.path.basename(__file__),
+                    original_exception=e,
+                    message="Check your Microsoft Application Client Secret and ensure the app has proper permissions",
                )

    def test_graph_connection(self) -> bool:
@@ -178,24 +201,29 @@ class M365PowerShell(PowerShellSession):
                message=f"Failed to connect to Microsoft Graph API: {str(e)}",
            )

+    def test_graph_certificate_connection(self) -> bool:
+        """Test Microsoft Graph API connection using certificate and raise exception if it fails."""
+        result = self.execute_connect(
+            "Connect-Graph -Certificate $certificate -AppId $clientID -TenantId $tenantID"
+        )
+        if "Welcome to Microsoft Graph!" not in result:
+            logger.error(f"Microsoft Graph Certificate connection failed: {result}")
+            return False
+        return True
+
    def test_teams_connection(self) -> bool:
        """Test Microsoft Teams API connection and raise exception if it fails."""
        try:
            self.execute(
                '$teamstokenBody = @{ Grant_Type = "client_credentials"; Scope = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"; Client_Id = $clientID; Client_Secret = $clientSecret }'
            )
-            self.execute(
+            result = self.execute(
                '$teamsToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantID/oauth2/v2.0/token" -Method POST -Body $teamstokenBody | Select-Object -ExpandProperty Access_Token'
            )
-            permissions = decode_jwt(self.execute("Write-Output $teamsToken")).get(
-                "roles", []
-            )
-            if "application_access" not in permissions:
-                logger.error(
-                    "Microsoft Teams connection failed: Please check your permissions and try again."
-                )
+            if result != "":
+                logger.error(f"Microsoft Teams connection failed: {result}")
                return False
-            self.execute(
+            self.execute_connect(
                'Connect-MicrosoftTeams -AccessTokens @("$graphToken","$teamsToken")'
            )
            return True
@@ -207,7 +235,7 @@ class M365PowerShell(PowerShellSession):

    def test_teams_certificate_connection(self) -> bool:
        """Test Microsoft Teams API connection using certificate and raise exception if it fails."""
-        result = self.execute(
+        result = self.execute_connect(
            "Connect-MicrosoftTeams -Certificate $certificate -ApplicationId $clientID -TenantId $tenantID"
        )
        if self.tenant_identity.identity_id not in result:
@@ -231,7 +259,7 @@ class M365PowerShell(PowerShellSession):
                    "Exchange Online connection failed: Please check your permissions and try again."
                )
                return False
-            self.execute(
+            self.execute_connect(
                'Connect-ExchangeOnline -AccessToken $exchangeToken.AccessToken -Organization "$tenantID"'
            )
            return True
@@ -243,7 +271,7 @@ class M365PowerShell(PowerShellSession):

    def test_exchange_certificate_connection(self) -> bool:
        """Test Exchange Online API connection using certificate and raise exception if it fails."""
-        result = self.execute(
+        result = self.execute_connect(
            "Connect-ExchangeOnline -Certificate $certificate -AppId $clientID -Organization $tenantDomain"
        )
        if "https://aka.ms/exov3-module" not in result:
@@ -290,7 +318,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-CsTeamsClientConfiguration | ConvertTo-Json", json_parse=True
+            "Get-CsTeamsClientConfiguration | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_global_meeting_policy(self) -> dict:
@@ -309,7 +338,7 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-CsTeamsMeetingPolicy -Identity Global | ConvertTo-Json",
+            "Get-CsTeamsMeetingPolicy -Identity Global | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

@@ -329,7 +358,7 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-CsTeamsMessagingPolicy -Identity Global | ConvertTo-Json",
+            "Get-CsTeamsMessagingPolicy -Identity Global | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

@@ -349,7 +378,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-CsTenantFederationConfiguration | ConvertTo-Json", json_parse=True
+            "Get-CsTenantFederationConfiguration | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def connect_exchange_online(self) -> dict:
@@ -389,7 +419,7 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled | ConvertTo-Json",
+            "Get-AdminAuditLogConfig | Select-Object UnifiedAuditLogIngestionEnabled | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

@@ -409,7 +439,9 @@ class M365PowerShell(PowerShellSession):
                "Identity": "Default"
            }
        """
-        return self.execute("Get-MalwareFilterPolicy | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-MalwareFilterPolicy | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_malware_filter_rule(self) -> dict:
        """
@@ -427,7 +459,9 @@ class M365PowerShell(PowerShellSession):
                "State": "Enabled"
            }
        """
-        return self.execute("Get-MalwareFilterRule | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-MalwareFilterRule | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_outbound_spam_filter_policy(self) -> dict:
        """
@@ -448,7 +482,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-HostedOutboundSpamFilterPolicy | ConvertTo-Json", json_parse=True
+            "Get-HostedOutboundSpamFilterPolicy | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_outbound_spam_filter_rule(self) -> dict:
@@ -467,7 +502,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-HostedOutboundSpamFilterRule | ConvertTo-Json", json_parse=True
+            "Get-HostedOutboundSpamFilterRule | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_antiphishing_policy(self) -> dict:
@@ -493,7 +529,9 @@ class M365PowerShell(PowerShellSession):
                "IsDefault": false
            }
        """
-        return self.execute("Get-AntiPhishPolicy | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-AntiPhishPolicy | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_antiphishing_rules(self) -> dict:
        """
@@ -511,7 +549,9 @@ class M365PowerShell(PowerShellSession):
                "State": Enabled,
            }
        """
-        return self.execute("Get-AntiPhishRule | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-AntiPhishRule | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_organization_config(self) -> dict:
        """
@@ -530,7 +570,9 @@ class M365PowerShell(PowerShellSession):
                "AuditDisabled": false
            }
        """
-        return self.execute("Get-OrganizationConfig | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-OrganizationConfig | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_mailbox_audit_config(self) -> dict:
        """
@@ -550,7 +592,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-MailboxAuditBypassAssociation | ConvertTo-Json", json_parse=True
+            "Get-MailboxAuditBypassAssociation | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_mailbox_policy(self) -> dict:
@@ -569,7 +612,9 @@ class M365PowerShell(PowerShellSession):
                "AdditionalStorageProvidersAvailable": True
            }
        """
-        return self.execute("Get-OwaMailboxPolicy | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-OwaMailboxPolicy | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_external_mail_config(self) -> dict:
        """
@@ -587,7 +632,9 @@ class M365PowerShell(PowerShellSession):
                "ExternalMailTagEnabled": true
            }
        """
-        return self.execute("Get-ExternalInOutlook | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-ExternalInOutlook | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_transport_rules(self) -> dict:
        """
@@ -606,7 +653,9 @@ class M365PowerShell(PowerShellSession):
                "SenderDomainIs": ["example.com"]
            }
        """
-        return self.execute("Get-TransportRule | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-TransportRule | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_connection_filter_policy(self) -> dict:
        """
@@ -625,7 +674,7 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-HostedConnectionFilterPolicy -Identity Default | ConvertTo-Json",
+            "Get-HostedConnectionFilterPolicy -Identity Default | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

@@ -645,7 +694,9 @@ class M365PowerShell(PowerShellSession):
                "Enabled": true
            }
        """
-        return self.execute("Get-DkimSigningConfig | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-DkimSigningConfig | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_inbound_spam_filter_policy(self) -> dict:
        """
@@ -664,7 +715,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-HostedContentFilterPolicy | ConvertTo-Json", json_parse=True
+            "Get-HostedContentFilterPolicy | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_inbound_spam_filter_rule(self) -> dict:
@@ -684,7 +736,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-HostedContentFilterRule | ConvertTo-Json", json_parse=True
+            "Get-HostedContentFilterRule | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_report_submission_policy(self) -> dict:
@@ -715,7 +768,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-ReportSubmissionPolicy | ConvertTo-Json", json_parse=True
+            "Get-ReportSubmissionPolicy | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_role_assignment_policies(self) -> dict:
@@ -736,7 +790,8 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-RoleAssignmentPolicy | ConvertTo-Json", json_parse=True
+            "Get-RoleAssignmentPolicy | ConvertTo-Json -Depth 10",
+            json_parse=True,
        )

    def get_mailbox_audit_properties(self) -> dict:
@@ -801,7 +856,7 @@ class M365PowerShell(PowerShellSession):
            }
        """
        return self.execute(
-            "Get-EXOMailbox -PropertySets Audit -ResultSize Unlimited | ConvertTo-Json",
+            "Get-EXOMailbox -PropertySets Audit -ResultSize Unlimited | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

@@ -820,7 +875,9 @@ class M365PowerShell(PowerShellSession):
                "SmtpClientAuthenticationDisabled": True,
            }
        """
-        return self.execute("Get-TransportConfig | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-TransportConfig | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_sharing_policy(self) -> dict:
        """
@@ -838,7 +895,9 @@ class M365PowerShell(PowerShellSession):
                "Enabled": true
            }
        """
-        return self.execute("Get-SharingPolicy | ConvertTo-Json", json_parse=True)
+        return self.execute(
+            "Get-SharingPolicy | ConvertTo-Json -Depth 10", json_parse=True
+        )

    def get_user_account_status(self) -> dict:
        """
@@ -850,7 +909,7 @@ class M365PowerShell(PowerShellSession):
            dict: User account status settings in JSON format.
        """
        return self.execute(
-            "$dict=@{}; Get-User -ResultSize Unlimited | ForEach-Object { $dict[$_.Id] = @{ AccountDisabled = $_.AccountDisabled } }; $dict | ConvertTo-Json",
+            "$dict=@{}; Get-User -ResultSize Unlimited | ForEach-Object { $dict[$_.Id] = @{ AccountDisabled = $_.AccountDisabled } }; $dict | ConvertTo-Json -Depth 10",
            json_parse=True,
        )

--- a/pyproject.toml
+++ b/pyproject.toml
@@ -76,14 +76,14 @@ maintainers = [{name = "Prowler Engineering", email = "engineering@prowler.com"}
 name = "prowler"
 readme = "README.md"
 requires-python = ">3.9.1,<3.13"
-version = "5.13.1"
+version = "5.13.2"

 [project.scripts]
 prowler = "prowler.__main__:prowler"

 [project.urls]
 "Changelog" = "https://github.com/prowler-cloud/prowler/releases"
-"Documentation" = "https://docs.prowler.cloud"
+"Documentation" = "https://docs.prowler.com"
 "Homepage" = "https://github.com/prowler-cloud/prowler"
 "Issue tracker" = "https://github.com/prowler-cloud/prowler/issues"

--- a/tests/lib/powershell/powershell_test.py
+++ b/tests/lib/powershell/powershell_test.py
@@ -216,6 +216,14 @@ class TestPowerShellSession:
        result = session.json_parse_output('prefix [{"key": "value"}] suffix')
        assert result == [{"key": "value"}]

+        result = session.json_parse_output(
+            'INFO {context data} {"key": "value", "list": [1, 2]} extra'
+        )
+        assert result == {"key": "value", "list": [1, 2]}
+
+        result = session.json_parse_output('{"key": "value"} trailing {log}')
+        assert result == {"key": "value"}
+
        # Test non-JSON text returns empty dict
        result = session.json_parse_output("just some text")
        assert result == {}
--- a/tests/providers/aws/lib/security_hub/security_hub_test.py
+++ b/tests/providers/aws/lib/security_hub/security_hub_test.py
@@ -133,7 +133,7 @@ class TestSecurityHub:
                (
                    "root",
                    WARNING,
-                    f"Security Hub is enabled in {AWS_REGION_EU_WEST_1} but Prowler integration does not accept findings. More info: https://docs.prowler.cloud/en/latest/tutorials/aws/securityhub/",
+                    f"Security Hub is enabled in {AWS_REGION_EU_WEST_1} but Prowler integration does not accept findings. More info: https://docs.prowler.com/user-guide/providers/aws/securityhub#aws-security-hub-integration-with-prowler",
                )
            ]

@@ -1376,7 +1376,7 @@ class TestSecurityHub:
                (
                    "root",
                    WARNING,
-                    f"Security Hub is enabled in {AWS_REGION_EU_WEST_1} but Prowler integration does not accept findings. More info: https://docs.prowler.cloud/en/latest/tutorials/aws/securityhub/",
+                    f"Security Hub is enabled in {AWS_REGION_EU_WEST_1} but Prowler integration does not accept findings. More info: https://docs.prowler.com/user-guide/providers/aws/securityhub#aws-security-hub-integration-with-prowler",
                ),
            ]

--- a/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py
+++ b/tests/providers/aws/services/iam/iam_role_cross_service_confused_deputy_prevention/iam_role_cross_service_confused_deputy_prevention_test.py
@@ -338,3 +338,55 @@ class Test_iam_role_cross_service_confused_deputy_prevention:
            )
            assert result[0].resource_id == "test"
            assert result[0].resource_arn == response["Role"]["Arn"]
+
+    @mock_aws
+    def test_iam_service_role_with_cross_service_confused_deputy_prevention_service_list(
+        self,
+    ):
+        iam_client = client("iam", region_name=AWS_REGION)
+        policy_document = {
+            "Version": "2008-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Principal": {
+                        "Service": ["scheduler.amazonaws.com", "events.amazonaws.com"]
+                    },
+                    "Action": "sts:AssumeRole",
+                }
+            ],
+        }
+        response = iam_client.create_role(
+            RoleName="test",
+            AssumeRolePolicyDocument=dumps(policy_document),
+        )
+
+        from prowler.providers.aws.services.iam.iam_service import IAM
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+        aws_provider.identity.account = AWS_ACCOUNT_ID
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.iam.iam_role_cross_service_confused_deputy_prevention.iam_role_cross_service_confused_deputy_prevention.iam_client",
+                new=IAM(aws_provider),
+            ),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.iam.iam_role_cross_service_confused_deputy_prevention.iam_role_cross_service_confused_deputy_prevention import (
+                iam_role_cross_service_confused_deputy_prevention,
+            )
+
+            check = iam_role_cross_service_confused_deputy_prevention()
+            result = check.execute()
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert (
+                result[0].status_extended
+                == "IAM Service Role test does not prevent against a cross-service confused deputy attack."
+            )
+            assert result[0].resource_id == "test"
+            assert result[0].resource_arn == response["Role"]["Arn"]
--- a/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py
+++ b/tests/providers/azure/services/cosmosdb/cosmosdb_service_test.py
@@ -53,3 +53,83 @@ class Test_CosmosDB_Service:
            is None
        )
        assert account.accounts[AZURE_SUBSCRIPTION_ID][0].disable_local_auth is None
+
+
+def mock_cosmosdb_get_accounts_with_none(_):
+    """Mock CosmosDB accounts with None private_endpoint_connections"""
+    from prowler.providers.azure.services.cosmosdb.cosmosdb_service import (
+        PrivateEndpointConnection,
+    )
+
+    return {
+        AZURE_SUBSCRIPTION_ID: [
+            Account(
+                id="/subscriptions/test/account1",
+                name="cosmosdb-none-pec",
+                kind="GlobalDocumentDB",
+                location="eastus",
+                type="Microsoft.DocumentDB/databaseAccounts",
+                tags={},
+                is_virtual_network_filter_enabled=False,
+                disable_local_auth=False,
+                private_endpoint_connections=[],  # Empty list from getattr default
+            ),
+            Account(
+                id="/subscriptions/test/account2",
+                name="cosmosdb-with-pec",
+                kind="MongoDB",
+                location="westus",
+                type="Microsoft.DocumentDB/databaseAccounts",
+                tags={"env": "test"},
+                is_virtual_network_filter_enabled=True,
+                disable_local_auth=True,
+                private_endpoint_connections=[
+                    PrivateEndpointConnection(
+                        id="/subscriptions/test/pec1",
+                        name="pec-1",
+                        type="Microsoft.Network/privateEndpoints",
+                    )
+                ],
+            ),
+        ]
+    }
+
+
+@patch(
+    "prowler.providers.azure.services.cosmosdb.cosmosdb_service.CosmosDB._get_accounts",
+    new=mock_cosmosdb_get_accounts_with_none,
+)
+class Test_CosmosDB_Service_None_Handling:
+    """Test CosmosDB service handling of None values"""
+
+    def test_account_with_none_private_endpoint_connections(self):
+        """Test that CosmosDB handles None private_endpoint_connections gracefully"""
+        cosmosdb = CosmosDB(set_mocked_azure_provider())
+
+        # Find account with no connections
+        account = next(
+            acc
+            for acc in cosmosdb.accounts[AZURE_SUBSCRIPTION_ID]
+            if acc.name == "cosmosdb-none-pec"
+        )
+        assert account.private_endpoint_connections == []
+        assert account.disable_local_auth is False
+
+    def test_account_with_valid_private_endpoint_connections(self):
+        """Test that CosmosDB handles valid private_endpoint_connections"""
+        cosmosdb = CosmosDB(set_mocked_azure_provider())
+
+        # Find account with connections
+        account = next(
+            acc
+            for acc in cosmosdb.accounts[AZURE_SUBSCRIPTION_ID]
+            if acc.name == "cosmosdb-with-pec"
+        )
+        assert len(account.private_endpoint_connections) == 1
+        assert account.private_endpoint_connections[0].id == "/subscriptions/test/pec1"
+        assert account.private_endpoint_connections[0].name == "pec-1"
+        assert (
+            account.private_endpoint_connections[0].type
+            == "Microsoft.Network/privateEndpoints"
+        )
+        assert account.disable_local_auth is True
--- a/tests/providers/azure/services/defender/defender_service_test.py
+++ b/tests/providers/azure/services/defender/defender_service_test.py
@@ -283,3 +283,77 @@ class Test_Defender_Service:
        assert policy1.name == "JITPolicy1"
        assert policy1.location == "eastus"
        assert set(policy1.vm_ids) == {"vm-1", "vm-2"}
+
+
+def mock_defender_get_assessments_with_none(_):
+    """Mock Defender assessments with None and valid statuses"""
+    return {
+        AZURE_SUBSCRIPTION_ID: {
+            "Assessment None": Assesment(
+                resource_id="/subscriptions/test/assessment1",
+                resource_name="assessment-none",
+                status=None,  # None status
+            ),
+            "Assessment Healthy": Assesment(
+                resource_id="/subscriptions/test/assessment2",
+                resource_name="assessment-healthy",
+                status="Healthy",
+            ),
+            "Assessment Unhealthy": Assesment(
+                resource_id="/subscriptions/test/assessment3",
+                resource_name="assessment-unhealthy",
+                status="Unhealthy",
+            ),
+        }
+    }
+
+
+@patch(
+    "prowler.providers.azure.services.defender.defender_service.Defender._get_assessments",
+    new=mock_defender_get_assessments_with_none,
+)
+class Test_Defender_Service_Assessments_None_Handling:
+    """Test Defender service handling of None values in assessments"""
+
+    def test_assessment_with_none_status(self):
+        """Test that Defender handles assessments with None status gracefully"""
+        defender = Defender(set_mocked_azure_provider())
+
+        # Check assessment with None status
+        assessment = defender.assessments[AZURE_SUBSCRIPTION_ID]["Assessment None"]
+        assert assessment.resource_id == "/subscriptions/test/assessment1"
+        assert assessment.resource_name == "assessment-none"
+        assert assessment.status is None
+
+    def test_assessment_with_valid_status(self):
+        """Test that Defender handles assessments with valid status"""
+        defender = Defender(set_mocked_azure_provider())
+
+        # Check assessment with Healthy status
+        assessment = defender.assessments[AZURE_SUBSCRIPTION_ID]["Assessment Healthy"]
+        assert assessment.resource_id == "/subscriptions/test/assessment2"
+        assert assessment.resource_name == "assessment-healthy"
+        assert assessment.status == "Healthy"
+
+    def test_assessment_with_multiple_mixed_statuses(self):
+        """Test that Defender handles mix of None and valid statuses"""
+        defender = Defender(set_mocked_azure_provider())
+
+        # Should have all 3 assessments
+        assert len(defender.assessments[AZURE_SUBSCRIPTION_ID]) == 3
+
+        # Check None status
+        assessment_none = defender.assessments[AZURE_SUBSCRIPTION_ID]["Assessment None"]
+        assert assessment_none.status is None
+
+        # Check Healthy status
+        assessment_healthy = defender.assessments[AZURE_SUBSCRIPTION_ID][
+            "Assessment Healthy"
+        ]
+        assert assessment_healthy.status == "Healthy"
+
+        # Check Unhealthy status
+        assessment_unhealthy = defender.assessments[AZURE_SUBSCRIPTION_ID][
+            "Assessment Unhealthy"
+        ]
+        assert assessment_unhealthy.status == "Unhealthy"
--- a/tests/providers/azure/services/storage/storage_service_test.py
+++ b/tests/providers/azure/services/storage/storage_service_test.py
@@ -224,3 +224,161 @@ class Test_Storage_Service:
            account.file_service_properties.smb_protocol_settings.supported_versions
            == []
        )
+
+
+def mock_storage_get_storage_accounts_with_none(_):
+    """Mock storage accounts with None values in retention policies"""
+    blob_properties_none_days = BlobProperties(
+        id="id-none-days",
+        name="name-none-days",
+        type="type",
+        default_service_version="2019-07-07",
+        container_delete_retention_policy=DeleteRetentionPolicy(
+            enabled=True, days=0  # None converted to 0
+        ),
+        versioning_enabled=False,
+    )
+    blob_properties_none_enabled = BlobProperties(
+        id="id-none-enabled",
+        name="name-none-enabled",
+        type="type",
+        default_service_version=None,
+        container_delete_retention_policy=DeleteRetentionPolicy(
+            enabled=False, days=30  # None enabled converted to False
+        ),
+        versioning_enabled=True,
+    )
+    file_service_properties_none_days = FileServiceProperties(
+        id="id-file-none",
+        name="name-file-none",
+        type="type",
+        share_delete_retention_policy=DeleteRetentionPolicy(
+            enabled=False, days=0  # None converted to 0
+        ),
+        smb_protocol_settings=SMBProtocolSettings(
+            channel_encryption=[], supported_versions=[]
+        ),
+    )
+    return {
+        AZURE_SUBSCRIPTION_ID: [
+            Account(
+                id="id-none-days",
+                name="storage-none-days",
+                resouce_group_name="rg",
+                enable_https_traffic_only=True,
+                infrastructure_encryption=False,
+                allow_blob_public_access=False,
+                network_rule_set=NetworkRuleSet(
+                    bypass="AzureServices", default_action="Allow"
+                ),
+                encryption_type="Microsoft.Storage",
+                minimum_tls_version="TLS1_2",
+                key_expiration_period_in_days=None,
+                private_endpoint_connections=[],
+                location="eastus",
+                blob_properties=blob_properties_none_days,
+                default_to_entra_authorization=False,
+                replication_settings="Standard_LRS",
+                allow_cross_tenant_replication=True,
+                allow_shared_key_access=True,
+                file_service_properties=None,
+            ),
+            Account(
+                id="id-none-enabled",
+                name="storage-none-enabled",
+                resouce_group_name="rg2",
+                enable_https_traffic_only=True,
+                infrastructure_encryption=False,
+                allow_blob_public_access=True,
+                network_rule_set=NetworkRuleSet(bypass="None", default_action="Deny"),
+                encryption_type="Microsoft.Storage",
+                minimum_tls_version="TLS1_2",
+                key_expiration_period_in_days=None,
+                private_endpoint_connections=[],
+                location="northeurope",
+                blob_properties=blob_properties_none_enabled,
+                default_to_entra_authorization=False,
+                replication_settings="Premium_LRS",
+                allow_cross_tenant_replication=False,
+                allow_shared_key_access=False,
+                file_service_properties=None,
+            ),
+            Account(
+                id="id-file-none",
+                name="storage-file-none",
+                resouce_group_name="rg3",
+                enable_https_traffic_only=True,
+                infrastructure_encryption=True,
+                allow_blob_public_access=False,
+                network_rule_set=NetworkRuleSet(
+                    bypass="AzureServices", default_action="Deny"
+                ),
+                encryption_type="Microsoft.Keyvault",
+                minimum_tls_version="TLS1_2",
+                key_expiration_period_in_days=None,
+                private_endpoint_connections=[],
+                location="westus",
+                blob_properties=None,
+                default_to_entra_authorization=False,
+                replication_settings="Standard_GRS",
+                allow_cross_tenant_replication=True,
+                allow_shared_key_access=True,
+                file_service_properties=file_service_properties_none_days,
+            ),
+        ]
+    }
+
+
+@patch(
+    "prowler.providers.azure.services.storage.storage_service.Storage._get_storage_accounts",
+    new=mock_storage_get_storage_accounts_with_none,
+)
+class Test_Storage_Service_Retention_Policy_None_Handling:
+    """Test Storage service handling of None values in retention policies"""
+
+    def test_blob_properties_with_none_retention_days(self):
+        """Test that Storage handles None days in container_delete_retention_policy"""
+        storage = Storage(set_mocked_azure_provider())
+
+        # Find account with None days converted to 0
+        account = next(
+            acc
+            for acc in storage.storage_accounts[AZURE_SUBSCRIPTION_ID]
+            if acc.name == "storage-none-days"
+        )
+        assert account.blob_properties is not None
+        assert account.blob_properties.container_delete_retention_policy.enabled is True
+        assert account.blob_properties.container_delete_retention_policy.days == 0
+
+    def test_blob_properties_with_none_retention_enabled(self):
+        """Test that Storage handles None enabled in retention policy"""
+        storage = Storage(set_mocked_azure_provider())
+
+        # Find account with None enabled converted to False
+        account = next(
+            acc
+            for acc in storage.storage_accounts[AZURE_SUBSCRIPTION_ID]
+            if acc.name == "storage-none-enabled"
+        )
+        assert account.blob_properties is not None
+        assert (
+            account.blob_properties.container_delete_retention_policy.enabled is False
+        )
+        assert account.blob_properties.container_delete_retention_policy.days == 30
+
+    def test_file_service_properties_with_none_retention_days(self):
+        """Test that Storage handles None days in share_delete_retention_policy"""
+        storage = Storage(set_mocked_azure_provider())
+
+        # Find account with None days in file service
+        account = next(
+            acc
+            for acc in storage.storage_accounts[AZURE_SUBSCRIPTION_ID]
+            if acc.name == "storage-file-none"
+        )
+        assert account.file_service_properties is not None
+        assert (
+            account.file_service_properties.share_delete_retention_policy.enabled
+            is False
+        )
+        assert account.file_service_properties.share_delete_retention_policy.days == 0
--- a/tests/providers/azure/services/vm/vm_service_test.py
+++ b/tests/providers/azure/services/vm/vm_service_test.py
@@ -1,4 +1,4 @@
-from unittest.mock import patch
+from unittest.mock import MagicMock, patch

 from prowler.providers.azure.services.vm.vm_service import (
    Disk,
@@ -226,3 +226,242 @@ def test_virtual_machine_with_linux_configuration():
    vm = virtual_machines.virtual_machines[AZURE_SUBSCRIPTION_ID]["vm_id-linux"]
    assert vm.linux_configuration is not None
    assert vm.linux_configuration.disable_password_authentication is True
+
+
+class Test_VirtualMachine_SecurityProfile_Validation:
+    """Test VirtualMachine SecurityProfile Pydantic validation"""
+
+    def test_security_profile_with_all_fields(self):
+        """Test that SecurityProfile with all fields validates correctly"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm1",
+            resource_name="test-vm",
+            location="eastus",
+            security_profile=SecurityProfile(
+                security_type="TrustedLaunch",
+                uefi_settings=UefiSettings(
+                    secure_boot_enabled=True,
+                    v_tpm_enabled=True,
+                ),
+            ),
+            extensions=[],
+        )
+
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type == "TrustedLaunch"
+        assert vm.security_profile.uefi_settings is not None
+        assert vm.security_profile.uefi_settings.secure_boot_enabled is True
+        assert vm.security_profile.uefi_settings.v_tpm_enabled is True
+
+    def test_security_profile_with_none_uefi_settings(self):
+        """Test that SecurityProfile with None uefi_settings validates correctly"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm2",
+            resource_name="test-vm-2",
+            location="westus",
+            security_profile=SecurityProfile(
+                security_type="Standard",
+                uefi_settings=None,
+            ),
+            extensions=[],
+        )
+
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type == "Standard"
+        assert vm.security_profile.uefi_settings is None
+
+    def test_security_profile_with_none_security_type(self):
+        """Test that SecurityProfile with None security_type validates correctly"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm3",
+            resource_name="test-vm-3",
+            location="northeurope",
+            security_profile=SecurityProfile(
+                security_type=None,
+                uefi_settings=UefiSettings(
+                    secure_boot_enabled=False,
+                    v_tpm_enabled=False,
+                ),
+            ),
+            extensions=[],
+        )
+
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type is None
+        assert vm.security_profile.uefi_settings is not None
+        assert vm.security_profile.uefi_settings.secure_boot_enabled is False
+
+    def test_security_profile_with_all_none(self):
+        """Test that SecurityProfile with all None values validates correctly"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm4",
+            resource_name="test-vm-4",
+            location="southeastasia",
+            security_profile=SecurityProfile(
+                security_type=None,
+                uefi_settings=None,
+            ),
+            extensions=[],
+        )
+
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type is None
+        assert vm.security_profile.uefi_settings is None
+
+    def test_virtual_machine_with_none_security_profile(self):
+        """Test that VirtualMachine with None security_profile validates correctly"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm5",
+            resource_name="test-vm-5",
+            location="japaneast",
+            security_profile=None,
+            extensions=[],
+        )
+
+        assert vm.security_profile is None
+
+    def test_security_profile_creation_from_azure_sdk_simulation(self):
+        """
+        Test that SecurityProfile can be created from Azure SDK-like objects
+        This simulates the conversion that happens in _get_virtual_machines
+        """
+        # Simulate Azure SDK SecurityProfile object
+        mock_azure_security_profile = MagicMock()
+        mock_azure_security_profile.security_type = "TrustedLaunch"
+
+        mock_azure_uefi_settings = MagicMock()
+        mock_azure_uefi_settings.secure_boot_enabled = True
+        mock_azure_uefi_settings.v_tpm_enabled = True
+
+        # Simulate the conversion that happens in the service
+        security_type = getattr(mock_azure_security_profile, "security_type", None)
+        uefi_settings = UefiSettings(
+            secure_boot_enabled=getattr(
+                mock_azure_uefi_settings, "secure_boot_enabled", False
+            ),
+            v_tpm_enabled=getattr(mock_azure_uefi_settings, "v_tpm_enabled", False),
+        )
+        security_profile = SecurityProfile(
+            security_type=security_type,
+            uefi_settings=uefi_settings,
+        )
+
+        # Create VirtualMachine with converted SecurityProfile
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm6",
+            resource_name="test-vm-6",
+            location="uksouth",
+            security_profile=security_profile,
+            extensions=[],
+        )
+
+        # Verify no ValidationError is raised and data is correct
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type == "TrustedLaunch"
+        assert vm.security_profile.uefi_settings.secure_boot_enabled is True
+        assert vm.security_profile.uefi_settings.v_tpm_enabled is True
+
+    def test_security_profile_with_dict_input(self):
+        """Test that SecurityProfile can be created from dictionary (Pydantic feature)"""
+        vm = VirtualMachine(
+            resource_id="/subscriptions/test/vm7",
+            resource_name="test-vm-7",
+            location="canadacentral",
+            security_profile={
+                "security_type": "ConfidentialVM",
+                "uefi_settings": {
+                    "secure_boot_enabled": True,
+                    "v_tpm_enabled": True,
+                },
+            },
+            extensions=[],
+        )
+
+        assert vm.security_profile is not None
+        assert vm.security_profile.security_type == "ConfidentialVM"
+        assert vm.security_profile.uefi_settings.secure_boot_enabled is True
+
+    def test_uefi_settings_boolean_values(self):
+        """Test that UefiSettings properly handles boolean values"""
+        uefi_true = UefiSettings(secure_boot_enabled=True, v_tpm_enabled=True)
+        assert uefi_true.secure_boot_enabled is True
+        assert uefi_true.v_tpm_enabled is True
+
+        uefi_false = UefiSettings(secure_boot_enabled=False, v_tpm_enabled=False)
+        assert uefi_false.secure_boot_enabled is False
+        assert uefi_false.v_tpm_enabled is False
+
+        uefi_mixed = UefiSettings(secure_boot_enabled=True, v_tpm_enabled=False)
+        assert uefi_mixed.secure_boot_enabled is True
+        assert uefi_mixed.v_tpm_enabled is False
+
+    def test_security_profile_full_service_simulation(self):
+        """
+        Full integration test simulating the complete VM service flow
+        This tests the actual scenario where Azure SDK objects are converted
+        """
+
+        def mock_list_vms(*args, **kwargs):
+            # Simulate Azure SDK VM object with security_profile
+            mock_vm = MagicMock()
+            mock_vm.id = "/subscriptions/test/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/test-vm"
+            mock_vm.name = "test-vm-full-sim"
+            mock_vm.location = "eastus"
+
+            # Simulate Azure SDK SecurityProfile (this was causing the ValidationError)
+            mock_security_profile = MagicMock()
+            mock_security_profile.security_type = "TrustedLaunch"
+
+            mock_uefi_settings = MagicMock()
+            mock_uefi_settings.secure_boot_enabled = True
+            mock_uefi_settings.v_tpm_enabled = True
+            mock_security_profile.uefi_settings = mock_uefi_settings
+
+            mock_vm.security_profile = mock_security_profile
+            mock_vm.resources = []
+            mock_vm.storage_profile = None
+            mock_vm.hardware_profile = None
+            mock_vm.os_profile = None
+
+            return [mock_vm]
+
+        # Create mock client with properly configured virtual_machines attribute
+        mock_client = MagicMock()
+        # Explicitly create virtual_machines as a MagicMock to ensure it has list_all method
+        # This prevents AttributeError in GitHub Actions where it might be a dict
+        mock_client.virtual_machines = MagicMock()
+        mock_client.virtual_machines.list_all.side_effect = mock_list_vms
+
+        with (
+            patch.object(VirtualMachines, "_get_disks", return_value={}),
+            patch.object(VirtualMachines, "_get_vm_scale_sets", return_value={}),
+            patch.object(VirtualMachines, "_get_virtual_machines", return_value={}),
+        ):
+            vm_service = VirtualMachines(set_mocked_azure_provider())
+            # Replace the client with our mocked one
+            vm_service.clients[AZURE_SUBSCRIPTION_ID] = mock_client
+
+        # Now call _get_virtual_machines with the mocked client (patch is removed)
+        # This simulates the actual service flow
+        virtual_machines = vm_service._get_virtual_machines()
+
+        # Verify VM was created successfully without ValidationError
+        assert len(virtual_machines[AZURE_SUBSCRIPTION_ID]) == 1
+
+        vm_id = list(virtual_machines[AZURE_SUBSCRIPTION_ID].keys())[0]
+        vm = virtual_machines[AZURE_SUBSCRIPTION_ID][vm_id]
+
+        # Verify the VM object is valid
+        assert vm.resource_name == "test-vm-full-sim"
+        assert vm.location == "eastus"
+
+        # Verify SecurityProfile was converted correctly (not Azure SDK object)
+        assert vm.security_profile is not None
+        assert isinstance(vm.security_profile, SecurityProfile)
+        assert vm.security_profile.security_type == "TrustedLaunch"
+
+        # Verify UefiSettings was converted correctly
+        assert vm.security_profile.uefi_settings is not None
+        assert isinstance(vm.security_profile.uefi_settings, UefiSettings)
+        assert vm.security_profile.uefi_settings.secure_boot_enabled is True
+        assert vm.security_profile.uefi_settings.v_tpm_enabled is True
--- a/tests/providers/m365/lib/powershell/m365_powershell_test.py
+++ b/tests/providers/m365/lib/powershell/m365_powershell_test.py
@@ -547,8 +547,7 @@ class Testm365PowerShell:
        session.close()

    @patch("subprocess.Popen")
-    @patch("prowler.providers.m365.lib.powershell.m365_powershell.decode_jwt")
-    def test_test_teams_connection_success(self, mock_decode_jwt, mock_popen):
+    def test_test_teams_connection_success(self, mock_popen):
        """Test test_teams_connection when token is valid"""
        mock_process = MagicMock()
        mock_popen.return_value = mock_process
@@ -567,30 +566,20 @@ class Testm365PowerShell:
        )
        session = M365PowerShell(credentials, identity)

-        # Mock execute to return valid responses
-        def mock_execute(command, *args, **kwargs):
-            if "Write-Output $teamsToken" in command:
-                return "valid_teams_token"
-            return None
-
-        session.execute = MagicMock(side_effect=mock_execute)
-        # Mock JWT decode to return proper permissions
-        mock_decode_jwt.return_value = {"roles": ["application_access"]}
+        session.execute = MagicMock(side_effect=[None, ""])
+        session.execute_connect = MagicMock(return_value="")

        result = session.test_teams_connection()

        assert result is True
-        # Verify all expected PowerShell commands were called
-        # 4 calls: teamstokenBody, teamsToken, Write-Output $teamsToken, Connect-MicrosoftTeams
-        assert session.execute.call_count == 4
-        mock_decode_jwt.assert_called_once_with("valid_teams_token")
+        assert session.execute.call_count == 2
+        session.execute_connect.assert_called_once_with(
+            'Connect-MicrosoftTeams -AccessTokens @("$graphToken","$teamsToken")'
+        )
        session.close()

    @patch("subprocess.Popen")
-    @patch("prowler.providers.m365.lib.powershell.m365_powershell.decode_jwt")
-    def test_test_teams_connection_missing_permissions(
-        self, mock_decode_jwt, mock_popen
-    ):
+    def test_test_teams_connection_missing_permissions(self, mock_popen):
        """Test test_teams_connection when token lacks required permissions"""
        mock_process = MagicMock()
        mock_popen.return_value = mock_process
@@ -609,23 +598,17 @@ class Testm365PowerShell:
        )
        session = M365PowerShell(credentials, identity)

-        # Mock execute to return valid token but decode returns no permissions
-        def mock_execute(command, *args, **kwargs):
-            if "Write-Output $teamsToken" in command:
-                return "valid_teams_token"
-            return None
-
-        session.execute = MagicMock(side_effect=mock_execute)
-        # Mock JWT decode to return missing required permission
-        mock_decode_jwt.return_value = {"roles": ["other_permission"]}
+        session.execute = MagicMock(side_effect=[None, "Permission denied"])
+        session.execute_connect = MagicMock()

        with patch("prowler.lib.logger.logger.error") as mock_error:
            result = session.test_teams_connection()

        assert result is False
        mock_error.assert_called_once_with(
-            "Microsoft Teams connection failed: Please check your permissions and try again."
+            "Microsoft Teams connection failed: Permission denied"
        )
+        session.execute_connect.assert_not_called()
        session.close()

    @patch("subprocess.Popen")
@@ -688,15 +671,17 @@ class Testm365PowerShell:
            return None

        session.execute = MagicMock(side_effect=mock_execute)
+        session.execute_connect = MagicMock(return_value=None)
        # Mock MSAL token decode to return proper permissions
        mock_decode_msal_token.return_value = {"roles": ["Exchange.ManageAsApp"]}

        result = session.test_exchange_connection()

        assert result is True
-        # Verify all expected PowerShell commands were called
-        # 4 calls: SecureSecret, exchangeToken, Write-Output $exchangeToken, Connect-ExchangeOnline
-        assert session.execute.call_count == 4
+        assert session.execute.call_count == 3
+        session.execute_connect.assert_called_once_with(
+            'Connect-ExchangeOnline -AccessToken $exchangeToken.AccessToken -Organization "$tenantID"'
+        )
        mock_decode_msal_token.assert_called_once_with("valid_exchange_token")
        session.close()

@@ -730,6 +715,7 @@ class Testm365PowerShell:
            return None

        session.execute = MagicMock(side_effect=mock_execute)
+        session.execute_connect = MagicMock(return_value=None)
        # Mock MSAL token decode to return missing required permission
        mock_decode_msal_token.return_value = {"roles": ["other_permission"]}

@@ -737,6 +723,7 @@ class Testm365PowerShell:
            result = session.test_exchange_connection()

        assert result is False
+        session.execute_connect.assert_not_called()
        mock_error.assert_called_once_with(
            "Exchange Online connection failed: Please check your permissions and try again."
        )
@@ -781,7 +768,7 @@ class Testm365PowerShell:
        mock_popen.return_value = mock_process

        credentials = M365Credentials()
-        identity = M365IdentityInfo()
+        identity = M365IdentityInfo(identity_id="expected-id")
        session = M365PowerShell(credentials, identity)

        # Test with clean base64 content
@@ -924,18 +911,17 @@ class Testm365PowerShell:
        mock_popen.return_value = mock_process

        credentials = M365Credentials()
-        identity = M365IdentityInfo()
+        identity = M365IdentityInfo(identity_id="expected-id")
        session = M365PowerShell(credentials, identity)

-        # Mock successful Exchange connection
-        session.execute = MagicMock(
+        session.execute_connect = MagicMock(
            return_value="Connected successfully https://aka.ms/exov3-module"
        )

        result = session.test_exchange_certificate_connection()
        assert result is True

-        session.execute.assert_called_once_with(
+        session.execute_connect.assert_called_once_with(
            "Connect-ExchangeOnline -Certificate $certificate -AppId $clientID -Organization $tenantDomain"
        )

@@ -948,20 +934,24 @@ class Testm365PowerShell:
        mock_popen.return_value = mock_process

        credentials = M365Credentials()
-        identity = M365IdentityInfo()
+        identity = M365IdentityInfo(identity_id="expected-id")
        session = M365PowerShell(credentials, identity)

-        # Mock failed Exchange connection
-        session.execute = MagicMock(
+        session.execute_connect = MagicMock(
            return_value="Connection failed: Authentication error"
        )

-        result = session.test_exchange_certificate_connection()
+        with patch("prowler.lib.logger.logger.error") as mock_error:
+            result = session.test_exchange_certificate_connection()
+
        assert result is False

-        session.execute.assert_called_once_with(
+        session.execute_connect.assert_called_once_with(
            "Connect-ExchangeOnline -Certificate $certificate -AppId $clientID -Organization $tenantDomain"
        )
+        mock_error.assert_called_once_with(
+            "Exchange Online Certificate connection failed: Connection failed: Authentication error"
+        )

        session.close()

@@ -979,18 +969,14 @@ class Testm365PowerShell:
            session = M365PowerShell(credentials, identity)

        # Mock successful Teams connection - the method returns bool
-        def mock_execute_side_effect(command):
-            if "Connect-MicrosoftTeams" in command:
-                # Return result that contains the identity_id for success
-                return "Connected successfully test_identity_id"
-            return ""
-
-        session.execute = MagicMock(side_effect=mock_execute_side_effect)
+        session.execute_connect = MagicMock(
+            return_value="Connected successfully test_identity_id"
+        )

        result = session.test_teams_certificate_connection()
        assert result is True

-        session.execute.assert_called_once_with(
+        session.execute_connect.assert_called_once_with(
            "Connect-MicrosoftTeams -Certificate $certificate -ApplicationId $clientID -TenantId $tenantID"
        )

@@ -1003,22 +989,21 @@ class Testm365PowerShell:
        mock_popen.return_value = mock_process

        credentials = M365Credentials()
-        identity = M365IdentityInfo()
+        identity = M365IdentityInfo(identity_id="expected-id")
        session = M365PowerShell(credentials, identity)

-        # Mock failed Teams connection
-        def mock_execute_side_effect(command, json_parse=False):
-            if "Connect-MicrosoftTeams" in command:
-                raise Exception("Connection failed: Authentication error")
-            return ""
+        session.execute_connect = MagicMock(return_value="Connection failed")

-        session.execute = MagicMock(side_effect=mock_execute_side_effect)
+        with patch("prowler.lib.logger.logger.error") as mock_error:
+            result = session.test_teams_certificate_connection()

-        # Should raise exception on connection failure
-        with pytest.raises(Exception) as exc_info:
-            session.test_teams_certificate_connection()
-
-        assert "Connection failed: Authentication error" in str(exc_info.value)
+        assert result is False
+        session.execute_connect.assert_called_once_with(
+            "Connect-MicrosoftTeams -Certificate $certificate -ApplicationId $clientID -TenantId $tenantID"
+        )
+        mock_error.assert_called_once_with(
+            "Microsoft Teams Certificate connection failed: Connection failed"
+        )

        session.close()

@@ -1090,7 +1075,7 @@ class Testm365PowerShell:
        # Mock certificate variable check and teams connection
        execute_calls = []

-        def mock_execute_side_effect(command, json_parse=False):
+        def mock_execute_side_effect(command):
            execute_calls.append(command)
            if "Write-Output $certificate" in command:
                return "certificate_content"  # Non-empty means certificate exists
@@ -1123,7 +1108,7 @@ class Testm365PowerShell:
        # Mock certificate variable check and exchange connection
        execute_calls = []

-        def mock_execute_side_effect(command, json_parse=False):
+        def mock_execute_side_effect(command):
            execute_calls.append(command)
            if "Write-Output $certificate" in command:
                return "certificate_content"  # Non-empty means certificate exists
Author	SHA1	Message	Date
Pedro Martín	80829c07e6	Merge branch 'v5.13' into backport/v5.13/pr-9208	2025-11-19 14:29:11 +01:00
Prowler Bot	0a034a173c	fix: split `file_name` not working on Windows (#9269 ) Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>	2025-11-18 14:49:49 +01:00
Prowler Bot	3266caa818	fix(docs): Fix dead links leading to `docs.prowler.cloud` (#9242 ) Co-authored-by: Marc Espin <mespinsanz@gmail.com> Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-11-17 12:29:49 +01:00
Prowler Bot	9a42257af6	fix(azure): validation and other errors in cosmosdb, defender, storage and vm (#9232 ) Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>	2025-11-13 09:29:17 -05:00
Pedro Martín	b413381f91	fix(compliance): handle check_id not in Prowler Checks (#9208 ) (cherry picked from commit `427dab6810`) # Conflicts: # api/CHANGELOG.md	2025-11-12 08:12:30 +00:00
Prowler Bot	2c57f4edda	fix(aws): false negative in `iam_role_cross_service_confused_deputy_prevention` (#9217 ) Co-authored-by: Shaun <39968858+snotrauk@users.noreply.github.com> Co-authored-by: shaun <shaun@snotra.cloud> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-11-11 22:10:00 -05:00
Prowler Bot	d9d450d158	fix(html): rename `get_oci_assessment_summary` (#9201 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-11-10 10:45:55 -05:00
Prowler Bot	6d5a2a94de	fix(m365_powershell): teams connection with `--sp-env-auth` and enhanced timeouts error logging (#9195 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2025-11-10 11:31:06 +01:00
Prowler Bot	8f0d760705	fix(powershell): depth truncation and parsing error (#9188 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2025-11-07 13:36:11 +01:00
Prowler Bot	28eb1eeb85	fix(gcp): check `check_name` has no `resource_name` error (#9178 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com>	2025-11-06 13:05:15 +01:00
César Arroba	7f54a269de	chore(github): sync .github folder from master to v5.13 (#9175 )	2025-11-06 10:01:43 +01:00
Prowler Bot	b1188538a5	chore(github): improve container slack notifications (#9174 ) Co-authored-by: César Arroba <19954079+cesararroba@users.noreply.github.com>	2025-11-06 09:36:51 +01:00
Prowler Bot	986dfaafe7	chore(release): Bump version to v5.13.2 (#9160 ) Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>	2025-11-04 15:15:56 +01:00