fix(aws): add missing region to Backup Recovery Point (#6275 )

Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>
fix(aws): solve None type errors (#6272 )
2026-03-26 05:48:03 +00:00 · 2024-12-19 16:55:35 -05:00 · 2024-12-19 12:20:03 -05:00 · 2024-12-19 09:47:00 -05:00 · 2024-12-19 09:06:22 -05:00 · 2024-12-19 14:26:54 +05:45
1598 changed files with 13387 additions and 51022 deletions
--- a/.env
+++ b/.env
@@ -6,14 +6,13 @@
 PROWLER_UI_VERSION="latest"
 SITE_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="

 #### Prowler API Configuration ####
-PROWLER_API_VERSION="stable"
+PROWLER_API_VERSION="latest"
 # PostgreSQL settings
 # If running Django and celery on host, use 'localhost', else use 'postgres-db'
 POSTGRES_HOST=postgres-db
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,7 +5,6 @@

 version: 2
 updates:
-  # v5
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
@@ -15,18 +14,6 @@ updates:
    labels:
      - "dependencies"
      - "pip"
-
-  - package-ecosystem: "pip"
-    directory: "/api"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "pip"
-      - "component/api"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
@@ -37,77 +24,20 @@ updates:
      - "dependencies"
      - "github_actions"

-  - package-ecosystem: "npm"
-    directory: "/ui"
+  - package-ecosystem: "pip"
+    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "npm"
-      - "component/ui"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "docker"
-
-  # v4.6
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "pip"
-      - "v4"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v4"
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "docker"
-      - "v4"
-
-  # v3
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 10
    target-branch: v3
    labels:
      - "dependencies"
      - "pip"
      - "v3"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "monthly"
+      interval: "daily"
    open-pull-requests-limit: 10
    target-branch: v3
    labels:
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -22,11 +22,6 @@ provider/kubernetes:
      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/**"

-provider/github:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/github/**"
-      - any-glob-to-any-file: "tests/providers/github/**"
-
 github_actions:
  - changed-files:
      - any-glob-to-any-file: ".github/workflows/*"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -15,8 +15,7 @@ Please include a summary of the change and which issue is fixed. List any depend
 - [ ] Review if the code is being covered by tests.
 - [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
 - [ ] Review if backport is needed.
- [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)

 ### License

-By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/api-build-lint-push-containers.yml
+++ b/.github/workflows/api-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./api

@@ -93,6 +92,5 @@ jobs:
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/api-codeql.yml
+++ b/.github/workflows/api-codeql.yml
@@ -15,12 +15,16 @@ on:
  push:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
  pull_request:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
--- a/.github/workflows/api-pull-request.yml
+++ b/.github/workflows/api-pull-request.yml
@@ -4,13 +4,11 @@ on:
  push:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"
  pull_request:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"

@@ -71,7 +69,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
        uses: tj-actions/changed-files@v45
@@ -83,21 +80,18 @@ jobs:
            api/permissions/**
            api/README.md
            api/mkdocs.yml
-
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
-
+          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
-
      - name: Install dependencies
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -114,60 +108,49 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
-
+          poetry lock --check
      - name: Lint with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run ruff check . --exclude contrib
-
      - name: Check Format with ruff
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run ruff format --check . --exclude contrib
-
      - name: Lint with pylint
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
-
      - name: Bandit
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
-
      - name: Safety
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run safety check --ignore 70612,66963
-
      - name: Vulture
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
-
      - name: Hadolint
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013
-
      - name: Test with pytest
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pytest --cov=./src/backend --cov-report=xml src/backend
-
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: api
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -5,43 +5,38 @@ on:
    branches: ['master']
    types: ['labeled', 'closed']

-env:
-  # The prefix of the label that triggers the backport must not contain the branch name
-  # so, for example, if the branch is 'master', the label should be 'backport-to-<branch>'
-  BACKPORT_LABEL_PREFIX: backport-to-
-  BACKPORT_LABEL_IGNORE: was-backported
-
 jobs:
  backport:
    name: Backport PR
-    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
+    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport'))
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      pull-requests: write
      contents: write
    steps:
-      - name: Check labels
-        id: preview_label_check
-        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
-        with:
-          allow_failure: true
-          prefix_mode: true
-          any_of: ${{ env.BACKPORT_LABEL_PREFIX }}
-          none_of: ${{ env.BACKPORT_LABEL_IGNORE }}
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
+      # Workaround not to fail the workflow if the PR does not need a backport
+      # https://github.com/sorenlouv/backport-github-action/issues/127#issuecomment-2258561266
+      - name: Check for backport labels
+        id: check_labels
+        run: |-
+          labels='${{ toJSON(github.event.pull_request.labels.*.name) }}'
+          echo "$labels"
+          matched=$(echo "${labels}" | jq '. | map(select(startswith("backport-to-"))) | length')
+          echo "matched=$matched"
+          echo "matched=$matched" >> $GITHUB_OUTPUT

      - name: Backport Action
-        if: steps.preview_label_check.outputs.label_check == 'success'
+        if: fromJSON(steps.check_labels.outputs.matched) > 0
        uses: sorenlouv/backport-github-action@v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
+          auto_backport_label_prefix: backport-to-

      - name: Info log
-        if: ${{ success() && steps.preview_label_check.outputs.label_check == 'success' }}
+        if: ${{ success() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
        run: cat ~/.backport/backport.info.log

      - name: Debug log
-        if: ${{ failure() && steps.preview_label_check.outputs.label_check == 'success' }}
+        if: ${{ failure() && fromJSON(steps.check_labels.outputs.matched) > 0 }}
        run: cat ~/.backport/backport.debug.log
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.88.2
+        uses: trufflesecurity/trufflehog@v3.84.1
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/.github/workflows/sdk-build-lint-push-containers.yml
+++ b/.github/workflows/sdk-build-lint-push-containers.yml
@@ -3,11 +3,7 @@ name: SDK - Build and Push containers
 on:
  push:
    branches:
-      # For `v3-latest`
      - "v3"
-      # For `v4-latest`
-      - "v4.6"
-      # For `latest`
      - "master"
    paths-ignore:
      - ".github/**"
@@ -68,7 +64,7 @@ jobs:

      - name: Install Poetry
        run: |
-          pipx install poetry==1.8.5
+          pipx install poetry
          pipx inject poetry poetry-bumpversion

      - name: Get Prowler version
--- a/.github/workflows/sdk-pull-request.yml
+++ b/.github/workflows/sdk-pull-request.yml
@@ -22,7 +22,6 @@ jobs:

    steps:
      - uses: actions/checkout@v4
-
      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
        uses: tj-actions/changed-files@v45
@@ -38,21 +37,18 @@ jobs:
            mkdocs.yml
            .backportrc.json
            .env
-            docker-compose*

      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
-
+          pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
-
      - name: Install dependencies
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
@@ -63,56 +59,44 @@ jobs:
            sed -E 's/.*"v([^"]+)".*/\1/' \
            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
            && chmod +x /tmp/hadolint
-
      - name: Poetry check
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
-
+          poetry lock --check
      - name: Lint with flake8
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
-
      - name: Checking format with black
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run black --exclude api ui --check .
-
      - name: Lint with pylint
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
-
      - name: Bandit
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
-
      - name: Safety
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run safety check --ignore 70612 -r pyproject.toml
-
      - name: Vulture
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
-
      - name: Hadolint
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013
-
      - name: Test with pytest
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests
-
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler
--- a/.github/workflows/sdk-pypi-release.yml
+++ b/.github/workflows/sdk-pypi-release.yml
@@ -39,10 +39,7 @@ jobs:
      - name: Repository check
        working-directory: /tmp
        run: |
-              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
-                  echo "This action only runs for prowler-cloud/prowler"
-                  exit 1
-              fi
+          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 1

      - name: Get Prowler version
        run: |
@@ -68,7 +65,7 @@ jobs:

      - name: Install dependencies
        run: |
-          pipx install poetry==1.8.5
+          pipx install poetry

      - name: Setup Python
        uses: actions/setup-python@v5
--- a/.github/workflows/ui-build-lint-push-containers.yml
+++ b/.github/workflows/ui-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./ui

@@ -93,6 +92,5 @@ jobs:
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -15,12 +15,14 @@ on:
  push:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
  pull_request:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
--- a/.github/workflows/ui-pull-request.yml
+++ b/.github/workflows/ui-pull-request.yml
@@ -1,16 +1,9 @@
 name: UI - Pull Request

 on:
-  push:
-    branches:
-      - "master"
-      - "v5.*"
-    paths:
-      - "ui/**"
  pull_request:
    branches:
      - master
-      - "v5.*"
    paths:
      - 'ui/**'

@@ -27,7 +20,7 @@ jobs:
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
--- a/.gitignore
+++ b/.gitignore
@@ -45,7 +45,6 @@ junit-reports/
 # Terraform
 .terraform*
 *.tfstate
-*.tfstate.*

 # .env
 ui/.env*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,7 +27,6 @@ repos:
    hooks:
      - id: shellcheck
        exclude: contrib
-
  ## PYTHON
  - repo: https://github.com/myint/autoflake
    rev: v2.3.1
@@ -62,25 +61,8 @@ repos:
    rev: 1.8.0
    hooks:
      - id: poetry-check
-        name: API - poetry-check
-        args: ["--directory=./api"]
-        pass_filenames: false
-
      - id: poetry-lock
-        name: API - poetry-lock
-        args: ["--no-update", "--directory=./api"]
-        pass_filenames: false
-
-      - id: poetry-check
-        name: SDK - poetry-check
-        args: ["--directory=./"]
-        pass_filenames: false
-
-      - id: poetry-lock
-        name: SDK - poetry-lock
-        args: ["--no-update", "--directory=./"]
-        pass_filenames: false
-
+        args: ["--no-update"]

  - repo: https://github.com/hadolint/hadolint
    rev: v2.13.0-beta
@@ -108,7 +90,7 @@ repos:
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
-        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
        language: system
        files: '.*\.py'

@@ -121,6 +103,7 @@ repos:
      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
-        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
+        entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
+        exclude: 'api/src/backend/'
        language: system
        files: '.*\.py'
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
 </p>
 <p align="center">
-  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>Prowler SaaS </b> and <b>Prowler Open Source</b> are as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
 </p>
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
@@ -29,7 +29,7 @@
 <p align="center">
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Repo size" src="https://img.shields.io/github/repo-size/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler/issues"><img alt="Issues" src="https://img.shields.io/github/issues/prowler-cloud/prowler"></a>
-  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler"></a>
+  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler?include_prereleases"></a>
  <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/release-date/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler"><img alt="Contributors" src="https://img.shields.io/github/contributors-anon/prowler-cloud/prowler"></a>
  <a href="https://github.com/prowler-cloud/prowler"><img alt="License" src="https://img.shields.io/github/license/prowler-cloud/prowler"></a>
@@ -43,7 +43,7 @@

 # Description

-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.

 ## Prowler App

@@ -72,9 +72,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
 | AWS | 561 | 81 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
-| GCP | 77 | 13 -> `prowler gcp --list-services` | 4 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
-| Azure | 139 | 18 -> `prowler azure --list-services` | 5 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
-| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 2 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 3 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 139 | 18 -> `prowler azure --list-services` | 4 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |

 # 💻 Installation

@@ -98,7 +98,6 @@ curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/mast
 docker compose up -d
 ```

-> Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
 > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

 ### From GitHub
@@ -140,19 +139,6 @@ cd src/backend
 python -m celery -A config.celery worker -l info -E
 ```

-**Commands to run the API Scheduler**
-
-``` console
-git clone https://github.com/prowler-cloud/prowler
-cd prowler/api
-poetry install
-poetry shell
-set -a
-source .env
-cd src/backend
-python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler
-```
-
 **Commands to run the UI**

 ``` console
--- a/api/Dockerfile
+++ b/api/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.8-alpine3.20 AS build
+FROM python:3.12-alpine AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

--- a/api/docker-entrypoint.sh
+++ b/api/docker-entrypoint.sh
@@ -28,7 +28,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans -E
 }

 start_worker_beat() {
--- a/api/poetry.lock
+++ b/api/poetry.lock
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -8,11 +8,11 @@ description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
 name = "prowler-api"
 package-mode = false
-version = "1.3.2"
+version = "1.0.0"

 [tool.poetry.dependencies]
 celery = {extras = ["pytest"], version = "^5.4.0"}
-django = "5.1.5"
+django = "5.1.1"
 django-celery-beat = "^2.7.0"
 django-celery-results = "^2.5.1"
 django-cors-headers = "4.4.0"
@@ -27,7 +27,7 @@ drf-nested-routers = "^0.94.1"
 drf-spectacular = "0.27.2"
 drf-spectacular-jsonapi = "0.5.1"
 gunicorn = "23.0.0"
-prowler = {git = "https://github.com/prowler-cloud/prowler.git", branch = "v5.2"}
+prowler = "^5.0"
 psycopg2-binary = "2.9.9"
 pytest-celery = {extras = ["redis"], version = "^1.0.1"}
 # Needed for prowler compatibility
@@ -37,7 +37,6 @@ uuid6 = "2024.7.10"
 [tool.poetry.group.dev.dependencies]
 bandit = "1.7.9"
 coverage = "7.5.4"
-django-silk = "5.3.2"
 docker = "7.1.0"
 freezegun = "1.5.1"
 mypy = "1.10.1"
@@ -49,8 +48,8 @@ pytest-env = "1.1.3"
 pytest-randomly = "3.15.0"
 pytest-xdist = "3.6.1"
 ruff = "0.5.0"
-safety = "3.2.9"
-vulture = "2.14"
+safety = "3.2.3"
+vulture = "2.11"

 [tool.poetry.scripts]
 celery = "src.backend.config.settings.celery"
--- a/api/src/backend/api/base_views.py
+++ b/api/src/backend/api/base_views.py
@@ -1,4 +1,3 @@
-from django.core.exceptions import ObjectDoesNotExist
 from django.db import transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
@@ -7,17 +6,13 @@ from rest_framework_json_api import filters
 from rest_framework_json_api.views import ModelViewSet
 from rest_framework_simplejwt.authentication import JWTAuthentication

-from api.db_router import MainRouter
 from api.db_utils import POSTGRES_USER_VAR, rls_transaction
 from api.filters import CustomDjangoFilterBackend
-from api.models import Role, Tenant
-from api.rbac.permissions import HasPermissions


 class BaseViewSet(ModelViewSet):
    authentication_classes = [JWTAuthentication]
-    required_permissions = []
-    permission_classes = [permissions.IsAuthenticated, HasPermissions]
+    permission_classes = [permissions.IsAuthenticated]
    filter_backends = [
        filters.QueryParameterValidationFilter,
        filters.OrderingFilter,
@@ -31,17 +26,6 @@ class BaseViewSet(ModelViewSet):
    ordering_fields = "__all__"
    ordering = ["id"]

-    def initial(self, request, *args, **kwargs):
-        """
-        Sets required_permissions before permissions are checked.
-        """
-        self.set_required_permissions()
-        super().initial(request, *args, **kwargs)
-
-    def set_required_permissions(self):
-        """This is an abstract method that must be implemented by subclasses."""
-        NotImplemented
-
    def get_queryset(self):
        raise NotImplementedError

@@ -74,39 +58,7 @@ class BaseRLSViewSet(BaseViewSet):
 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
        with transaction.atomic():
-            tenant = super().dispatch(request, *args, **kwargs)
-
-        try:
-            # If the request is a POST, create the admin role
-            if request.method == "POST":
-                isinstance(tenant, dict) and self._create_admin_role(tenant.data["id"])
-        except Exception as e:
-            self._handle_creation_error(e, tenant)
-            raise
-
-        return tenant
-
-    def _create_admin_role(self, tenant_id):
-        Role.objects.using(MainRouter.admin_db).create(
-            name="admin",
-            tenant_id=tenant_id,
-            manage_users=True,
-            manage_account=True,
-            manage_billing=True,
-            manage_providers=True,
-            manage_integrations=True,
-            manage_scans=True,
-            unlimited_visibility=True,
-        )
-
-    def _handle_creation_error(self, error, tenant):
-        if tenant.data.get("id"):
-            try:
-                Tenant.objects.using(MainRouter.admin_db).filter(
-                    id=tenant.data["id"]
-                ).delete()
-            except ObjectDoesNotExist:
-                pass  # Tenant might not exist, handle gracefully
+            return super().dispatch(request, *args, **kwargs)

    def initial(self, request, *args, **kwargs):
        if (
--- a/api/src/backend/api/db_router.py
+++ b/api/src/backend/api/db_router.py
@@ -4,17 +4,13 @@ class MainRouter:

    def db_for_read(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if model_table_name.startswith("django_") or model_table_name.startswith(
-            "silk_"
-        ):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

    def db_for_write(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if model_table_name.startswith("django_") or model_table_name.startswith(
-            "silk_"
-        ):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

--- a/api/src/backend/api/db_utils.py
+++ b/api/src/backend/api/db_utils.py
@@ -5,6 +5,7 @@ from datetime import datetime, timedelta, timezone

 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
+from django.core.paginator import Paginator
 from django.db import connection, models, transaction
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
@@ -119,18 +120,15 @@ def batch_delete(queryset, batch_size=5000):
    total_deleted = 0
    deletion_summary = {}

-    while True:
-        # Get a batch of IDs to delete
-        batch_ids = set(
-            queryset.values_list("id", flat=True).order_by("id")[:batch_size]
-        )
-        if not batch_ids:
-            # No more objects to delete
-            break
+    paginator = Paginator(queryset.order_by("id").only("id"), batch_size)
+
+    for page_num in paginator.page_range:
+        batch_ids = [obj.id for obj in paginator.page(page_num).object_list]

        deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()

        total_deleted += deleted_count
+
        for model_label, count in deleted_info.items():
            deletion_summary[model_label] = deletion_summary.get(model_label, 0) + count

--- a/api/src/backend/api/filters.py
+++ b/api/src/backend/api/filters.py
@@ -26,13 +26,11 @@ from api.models import (
    Finding,
    Invitation,
    Membership,
-    PermissionChoices,
    Provider,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
    Scan,
    ScanSummary,
    SeverityChoices,
@@ -319,28 +317,6 @@ class FindingFilter(FilterSet):
        field_name="resources__type", lookup_expr="icontains"
    )

-    # Temporarily disabled until we implement tag filtering in the UI
-    # resource_tag_key = CharFilter(field_name="resources__tags__key")
-    # resource_tag_key__in = CharInFilter(
-    #     field_name="resources__tags__key", lookup_expr="in"
-    # )
-    # resource_tag_key__icontains = CharFilter(
-    #     field_name="resources__tags__key", lookup_expr="icontains"
-    # )
-    # resource_tag_value = CharFilter(field_name="resources__tags__value")
-    # resource_tag_value__in = CharInFilter(
-    #     field_name="resources__tags__value", lookup_expr="in"
-    # )
-    # resource_tag_value__icontains = CharFilter(
-    #     field_name="resources__tags__value", lookup_expr="icontains"
-    # )
-    # resource_tags = CharInFilter(
-    #     method="filter_resource_tag",
-    #     lookup_expr="in",
-    #     help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
-    #     "separated by commas.",
-    # )
-
    scan = UUIDFilter(method="filter_scan_id")
    scan__in = UUIDInFilter(method="filter_scan_id_in")

@@ -448,16 +424,6 @@ class FindingFilter(FilterSet):

        return queryset.filter(id__lte=end).filter(inserted_at__lte=value)

-    def filter_resource_tag(self, queryset, name, value):
-        overall_query = Q()
-        for key_value_pair in value:
-            tag_key, tag_value = key_value_pair.split(":", 1)
-            overall_query |= Q(
-                resources__tags__key__icontains=tag_key,
-                resources__tags__value__icontains=tag_value,
-            )
-        return queryset.filter(overall_query).distinct()
-
    @staticmethod
    def maybe_date_to_datetime(value):
        dt = value
@@ -515,26 +481,6 @@ class UserFilter(FilterSet):
        }


-class RoleFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    permission_state = ChoiceFilter(
-        choices=PermissionChoices.choices, method="filter_permission_state"
-    )
-
-    def filter_permission_state(self, queryset, name, value):
-        return Role.filter_by_permission_state(queryset, value)
-
-    class Meta:
-        model = Role
-        fields = {
-            "id": ["exact", "in"],
-            "name": ["exact", "in"],
-            "inserted_at": ["gte", "lte"],
-            "updated_at": ["gte", "lte"],
-        }
-
-
 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    provider_type = ChoiceFilter(choices=Provider.ProviderChoices.choices)
@@ -575,25 +521,3 @@ class ScanSummaryFilter(FilterSet):
            "inserted_at": ["date", "gte", "lte"],
            "region": ["exact", "icontains", "in"],
        }
-
-
-class ServiceOverviewFilter(ScanSummaryFilter):
-    muted_findings = None
-
-    def is_valid(self):
-        # Check if at least one of the inserted_at filters is present
-        inserted_at_filters = [
-            self.data.get("inserted_at"),
-            self.data.get("inserted_at__gte"),
-            self.data.get("inserted_at__lte"),
-        ]
-        if not any(inserted_at_filters):
-            raise ValidationError(
-                {
-                    "inserted_at": [
-                        "At least one of filter[inserted_at], filter[inserted_at__gte], or "
-                        "filter[inserted_at__lte] is required."
-                    ]
-                }
-            )
-        return super().is_valid()
--- a/api/src/backend/api/fixtures/dev/5_dev_findings.json
+++ b/api/src/backend/api/fixtures/dev/5_dev_findings.json
@@ -6,7 +6,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.823Z",
      "updated_at": "2024-10-18T10:46:04.841Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -62,7 +61,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.855Z",
      "updated_at": "2024-10-18T10:46:04.858Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -118,7 +116,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.869Z",
      "updated_at": "2024-10-18T10:46:04.876Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -174,7 +171,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.888Z",
      "updated_at": "2024-10-18T10:46:04.892Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -230,7 +226,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.901Z",
      "updated_at": "2024-10-18T10:46:04.905Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -286,7 +281,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.915Z",
      "updated_at": "2024-10-18T10:46:04.919Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -342,7 +336,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.929Z",
      "updated_at": "2024-10-18T10:46:04.934Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -398,7 +391,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.944Z",
      "updated_at": "2024-10-18T10:46:04.947Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -454,7 +446,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.957Z",
      "updated_at": "2024-10-18T10:46:04.962Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": "new",
      "status": "PASS",
@@ -510,7 +501,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.971Z",
      "updated_at": "2024-10-18T10:46:04.975Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -566,7 +556,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.984Z",
      "updated_at": "2024-10-18T10:46:04.989Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -622,7 +611,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.999Z",
      "updated_at": "2024-10-18T10:46:05.003Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -678,7 +666,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.013Z",
      "updated_at": "2024-10-18T10:46:05.018Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -734,7 +721,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.029Z",
      "updated_at": "2024-10-18T10:46:05.033Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -790,7 +776,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.045Z",
      "updated_at": "2024-10-18T10:46:05.050Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -846,7 +831,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.061Z",
      "updated_at": "2024-10-18T10:46:05.065Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -902,7 +886,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.080Z",
      "updated_at": "2024-10-18T10:46:05.085Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -958,7 +941,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.099Z",
      "updated_at": "2024-10-18T10:46:05.104Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1014,7 +996,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.115Z",
      "updated_at": "2024-10-18T10:46:05.121Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1070,7 +1051,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.489Z",
      "updated_at": "2024-10-18T11:16:24.506Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1126,7 +1106,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.518Z",
      "updated_at": "2024-10-18T11:16:24.521Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1182,7 +1161,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.526Z",
      "updated_at": "2024-10-18T11:16:24.529Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1238,7 +1216,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.535Z",
      "updated_at": "2024-10-18T11:16:24.538Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1294,7 +1271,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.544Z",
      "updated_at": "2024-10-18T11:16:24.546Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1350,7 +1326,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.551Z",
      "updated_at": "2024-10-18T11:16:24.554Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1406,7 +1381,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.560Z",
      "updated_at": "2024-10-18T11:16:24.562Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1462,7 +1436,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.567Z",
      "updated_at": "2024-10-18T11:16:24.569Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1518,7 +1491,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.573Z",
      "updated_at": "2024-10-18T11:16:24.575Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": null,
      "status": "PASS",
@@ -1574,7 +1546,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.580Z",
      "updated_at": "2024-10-18T11:16:24.582Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1630,7 +1601,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.587Z",
      "updated_at": "2024-10-18T11:16:24.589Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1686,7 +1656,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.595Z",
      "updated_at": "2024-10-18T11:16:24.597Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1742,7 +1711,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.602Z",
      "updated_at": "2024-10-18T11:16:24.604Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1798,7 +1766,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.610Z",
      "updated_at": "2024-10-18T11:16:24.612Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1854,7 +1821,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.617Z",
      "updated_at": "2024-10-18T11:16:24.620Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1910,7 +1876,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.625Z",
      "updated_at": "2024-10-18T11:16:24.627Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1966,7 +1931,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.632Z",
      "updated_at": "2024-10-18T11:16:24.634Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2022,7 +1986,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.639Z",
      "updated_at": "2024-10-18T11:16:24.642Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2078,7 +2041,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.646Z",
      "updated_at": "2024-10-18T11:16:24.648Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2134,7 +2096,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:26.033Z",
      "updated_at": "2024-10-18T11:16:26.045Z",
-      "first_seen_at": "2024-10-18T11:16:26.033Z",
      "uid": "prowler-aws-account_security_contact_information_is_registered-112233445566-us-east-1-112233445566",
      "delta": "new",
      "status": "MANUAL",
--- a/api/src/backend/api/fixtures/dev/6_dev_rbac.json
+++ b/api/src/backend/api/fixtures/dev/6_dev_rbac.json
@@ -58,96 +58,5 @@
      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
      "inserted_at": "2024-11-13T11:55:41.237Z"
    }
-  },
-  {
-    "model": "api.role",
-    "pk": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "admin_test",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": true,
-      "manage_scans": true,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-11-20T15:32:42.402Z",
-      "updated_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.role",
-    "pk": "845ff03a-87ef-42ba-9786-6577c70c4df0",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "first_role",
-      "manage_users": true,
-      "manage_account": true,
-      "manage_billing": true,
-      "manage_providers": true,
-      "manage_integrations": false,
-      "manage_scans": false,
-      "unlimited_visibility": true,
-      "inserted_at": "2024-11-20T15:31:53.239Z",
-      "updated_at": "2024-11-20T15:31:53.239Z"
-    }
-  },
-  {
-    "model": "api.role",
-    "pk": "902d726c-4bd5-413a-a2a4-f7b4754b6b20",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "third_role",
-      "manage_users": false,
-      "manage_account": false,
-      "manage_billing": false,
-      "manage_providers": false,
-      "manage_integrations": false,
-      "manage_scans": true,
-      "unlimited_visibility": false,
-      "inserted_at": "2024-11-20T15:34:05.440Z",
-      "updated_at": "2024-11-20T15:34:05.440Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "57fd024a-0a7f-49b4-a092-fa0979a07aaf",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "3fe28fb8-e545-424c-9b8f-69aff638f430",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "a3cd0099-1c13-4df1-a5e5-ecdfec561b35",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "481769f5-db2b-447b-8b00-1dee18db90ec",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.roleprovidergrouprelationship",
-    "pk": "cfd84182-a058-40c2-af3c-0189b174940f",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "provider_group": "525e91e7-f3f3-4254-bbc3-27ce1ade86b1",
-      "inserted_at": "2024-11-20T15:32:42.402Z"
-    }
-  },
-  {
-    "model": "api.userrolerelationship",
-    "pk": "92339663-e954-4fd8-98fb-8bfe15949975",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "role": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
-      "user": "8b38e2eb-6689-4f1e-a4ba-95b275130200",
-      "inserted_at": "2024-11-20T15:36:14.302Z"
-    }
  }
 ]
--- a/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
+++ b/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
@@ -1,23 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-20 13:16
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0002_token_migrations"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0004_rbac.py
+++ b/api/src/backend/api/migrations/0004_rbac.py
@@ -1,248 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-05 12:29
-
-import uuid
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0003_update_provider_unique_constraint_with_is_deleted"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Role",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("name", models.CharField(max_length=255)),
-                ("manage_users", models.BooleanField(default=False)),
-                ("manage_account", models.BooleanField(default=False)),
-                ("manage_billing", models.BooleanField(default=False)),
-                ("manage_providers", models.BooleanField(default=False)),
-                ("manage_integrations", models.BooleanField(default=False)),
-                ("manage_scans", models.BooleanField(default=False)),
-                ("unlimited_visibility", models.BooleanField(default=False)),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "roles",
-            },
-        ),
-        migrations.CreateModel(
-            name="RoleProviderGroupRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_provider_group_relationship",
-            },
-        ),
-        migrations.CreateModel(
-            name="UserRoleRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_user_relationship",
-            },
-        ),
-        migrations.AddField(
-            model_name="roleprovidergrouprelationship",
-            name="provider_group",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.providergroup"
-            ),
-        ),
-        migrations.AddField(
-            model_name="roleprovidergrouprelationship",
-            name="role",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.role"
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="provider_groups",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.RoleProviderGroupRelationship",
-                to="api.providergroup",
-            ),
-        ),
-        migrations.AddField(
-            model_name="userrolerelationship",
-            name="role",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.role"
-            ),
-        ),
-        migrations.AddField(
-            model_name="userrolerelationship",
-            name="user",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="users",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.UserRoleRelationship",
-                to=settings.AUTH_USER_MODEL,
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="roleprovidergrouprelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "provider_group_id"),
-                name="unique_role_provider_group_relationship",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="roleprovidergrouprelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_roleprovidergrouprelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="userrolerelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "user_id"), name="unique_role_user_relationship"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="userrolerelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_userrolerelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="role",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "name"), name="unique_role_per_tenant"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="role",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_role",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.CreateModel(
-            name="InvitationRoleRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "invitation",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.invitation"
-                    ),
-                ),
-                (
-                    "role",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.role"
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "role_invitation_relationship",
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="invitationrolerelationship",
-            constraint=models.UniqueConstraint(
-                fields=("role_id", "invitation_id"),
-                name="unique_role_invitation_relationship",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="invitationrolerelationship",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_invitationrolerelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="role",
-            name="invitations",
-            field=models.ManyToManyField(
-                related_name="roles",
-                through="api.InvitationRoleRelationship",
-                to="api.invitation",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0005_rbac_missing_admin_roles.py
+++ b/api/src/backend/api/migrations/0005_rbac_missing_admin_roles.py
@@ -1,44 +0,0 @@
-from django.db import migrations
-
-from api.db_router import MainRouter
-
-
-def create_admin_role(apps, schema_editor):
-    Tenant = apps.get_model("api", "Tenant")
-    Role = apps.get_model("api", "Role")
-    User = apps.get_model("api", "User")
-    UserRoleRelationship = apps.get_model("api", "UserRoleRelationship")
-
-    for tenant in Tenant.objects.using(MainRouter.admin_db).all():
-        admin_role, _ = Role.objects.using(MainRouter.admin_db).get_or_create(
-            name="admin",
-            tenant=tenant,
-            defaults={
-                "manage_users": True,
-                "manage_account": True,
-                "manage_billing": True,
-                "manage_providers": True,
-                "manage_integrations": True,
-                "manage_scans": True,
-                "unlimited_visibility": True,
-            },
-        )
-        users = User.objects.using(MainRouter.admin_db).filter(
-            membership__tenant=tenant
-        )
-        for user in users:
-            UserRoleRelationship.objects.using(MainRouter.admin_db).get_or_create(
-                user=user,
-                role=admin_role,
-                tenant=tenant,
-            )
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0004_rbac"),
-    ]
-
-    operations = [
-        migrations.RunPython(create_admin_role),
-    ]
--- a/api/src/backend/api/migrations/0006_findings_first_seen.py
+++ b/api/src/backend/api/migrations/0006_findings_first_seen.py
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0005_rbac_missing_admin_roles"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="first_seen_at",
-            field=models.DateTimeField(editable=False, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
+++ b/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
@@ -1,25 +0,0 @@
-# Generated by Django 5.1.5 on 2025-01-28 15:03
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0006_findings_first_seen"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="scan",
-            index=models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="scansummary",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="scan_summaries_tenant_scan_idx"
-            ),
-        ),
-    ]
--- a/api/src/backend/api/models.py
+++ b/api/src/backend/api/models.py
@@ -69,21 +69,6 @@ class StateChoices(models.TextChoices):
    CANCELLED = "cancelled", _("Cancelled")


-class PermissionChoices(models.TextChoices):
-    """
-    Represents the different permission states that a role can have.
-
-    Attributes:
-        UNLIMITED: Indicates that the role possesses all permissions.
-        LIMITED: Indicates that the role has some permissions but not all.
-        NONE: Indicates that the role does not have any permissions.
-    """
-
-    UNLIMITED = "unlimited", _("Unlimited permissions")
-    LIMITED = "limited", _("Limited permissions")
-    NONE = "none", _("No permissions")
-
-
 class ActiveProviderManager(models.Manager):
    def get_queryset(self):
        return super().get_queryset().filter(self.active_provider_filter())
@@ -271,7 +256,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
+                fields=("tenant_id", "provider", "uid"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -313,10 +298,19 @@ class ProviderGroup(RowLevelSecurityProtectedModel):


 class ProviderGroupMembership(RowLevelSecurityProtectedModel):
+    objects = ActiveProviderManager()
+    all_objects = models.Manager()
+
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
-    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
+    provider = models.ForeignKey(
+        Provider,
+        on_delete=models.CASCADE,
+    )
+    provider_group = models.ForeignKey(
+        ProviderGroup,
+        on_delete=models.CASCADE,
+    )
+    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)

    class Meta:
        db_table = "provider_group_memberships"
@@ -333,7 +327,7 @@ class ProviderGroupMembership(RowLevelSecurityProtectedModel):
        ]

    class JSONAPIMeta:
-        resource_name = "provider_groups-provider"
+        resource_name = "provider-group-memberships"


 class Task(RowLevelSecurityProtectedModel):
@@ -428,10 +422,6 @@ class Scan(RowLevelSecurityProtectedModel):
                fields=["provider", "state", "trigger", "scheduled_at"],
                name="scans_prov_state_trig_sche_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -519,8 +509,8 @@ class Resource(RowLevelSecurityProtectedModel):
        through="ResourceTagMapping",
    )

-    def get_tags(self, tenant_id: str) -> dict:
-        return {tag.key: tag.value for tag in self.tags.filter(tenant_id=tenant_id)}
+    def get_tags(self) -> dict:
+        return {tag.key: tag.value for tag in self.tags.all()}

    def clear_tags(self):
        self.tags.clear()
@@ -619,7 +609,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid7, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    first_seen_at = models.DateTimeField(editable=False, null=True)

    uid = models.CharField(max_length=300)
    delta = FindingDeltaEnumField(
@@ -862,150 +851,6 @@ class Invitation(RowLevelSecurityProtectedModel):
        resource_name = "invitations"


-class Role(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    name = models.CharField(max_length=255)
-    manage_users = models.BooleanField(default=False)
-    manage_account = models.BooleanField(default=False)
-    manage_billing = models.BooleanField(default=False)
-    manage_providers = models.BooleanField(default=False)
-    manage_integrations = models.BooleanField(default=False)
-    manage_scans = models.BooleanField(default=False)
-    unlimited_visibility = models.BooleanField(default=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    provider_groups = models.ManyToManyField(
-        ProviderGroup, through="RoleProviderGroupRelationship", related_name="roles"
-    )
-    users = models.ManyToManyField(
-        User, through="UserRoleRelationship", related_name="roles"
-    )
-    invitations = models.ManyToManyField(
-        Invitation, through="InvitationRoleRelationship", related_name="roles"
-    )
-
-    # Filter permission_state
-    PERMISSION_FIELDS = [
-        "manage_users",
-        "manage_account",
-        "manage_billing",
-        "manage_providers",
-        "manage_integrations",
-        "manage_scans",
-    ]
-
-    @property
-    def permission_state(self):
-        values = [getattr(self, field) for field in self.PERMISSION_FIELDS]
-        if all(values):
-            return PermissionChoices.UNLIMITED
-        elif not any(values):
-            return PermissionChoices.NONE
-        else:
-            return PermissionChoices.LIMITED
-
-    @classmethod
-    def filter_by_permission_state(cls, queryset, value):
-        q_all_true = Q(**{field: True for field in cls.PERMISSION_FIELDS})
-        q_all_false = Q(**{field: False for field in cls.PERMISSION_FIELDS})
-
-        if value == PermissionChoices.UNLIMITED:
-            return queryset.filter(q_all_true)
-        elif value == PermissionChoices.NONE:
-            return queryset.filter(q_all_false)
-        else:
-            return queryset.exclude(q_all_true | q_all_false)
-
-    class Meta:
-        db_table = "roles"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["tenant_id", "name"],
-                name="unique_role_per_tenant",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "roles"
-
-
-class RoleProviderGroupRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    provider_group = models.ForeignKey(ProviderGroup, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_provider_group_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "provider_group_id"],
-                name="unique_role_provider_group_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "role-provider_groups"
-
-
-class UserRoleRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    user = models.ForeignKey(User, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_user_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "user_id"],
-                name="unique_role_user_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "user-roles"
-
-
-class InvitationRoleRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    role = models.ForeignKey(Role, on_delete=models.CASCADE)
-    invitation = models.ForeignKey(Invitation, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "role_invitation_relationship"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["role_id", "invitation_id"],
-                name="unique_role_invitation_relationship",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "invitation-roles"
-
-
 class ComplianceOverview(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
@@ -1104,12 +949,6 @@ class ScanSummary(RowLevelSecurityProtectedModel):
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "scan_id"],
-                name="scan_summaries_tenant_scan_idx",
-            )
-        ]

    class JSONAPIMeta:
        resource_name = "scan-summaries"
--- a/api/src/backend/api/rbac/permissions.py
+++ b/api/src/backend/api/rbac/permissions.py
@@ -1,75 +0,0 @@
-from enum import Enum
-from typing import Optional
-
-from django.db.models import QuerySet
-from rest_framework.permissions import BasePermission
-
-from api.db_router import MainRouter
-from api.models import Provider, Role, User
-
-
-class Permissions(Enum):
-    MANAGE_USERS = "manage_users"
-    MANAGE_ACCOUNT = "manage_account"
-    MANAGE_BILLING = "manage_billing"
-    MANAGE_PROVIDERS = "manage_providers"
-    MANAGE_INTEGRATIONS = "manage_integrations"
-    MANAGE_SCANS = "manage_scans"
-    UNLIMITED_VISIBILITY = "unlimited_visibility"
-
-
-class HasPermissions(BasePermission):
-    """
-    Custom permission to check if the user's role has the required permissions.
-    The required permissions should be specified in the view as a list in `required_permissions`.
-    """
-
-    def has_permission(self, request, view):
-        required_permissions = getattr(view, "required_permissions", [])
-        if not required_permissions:
-            return True
-
-        user_roles = (
-            User.objects.using(MainRouter.admin_db).get(id=request.user.id).roles.all()
-        )
-        if not user_roles:
-            return False
-
-        for perm in required_permissions:
-            if not getattr(user_roles[0], perm.value, False):
-                return False
-
-        return True
-
-
-def get_role(user: User) -> Optional[Role]:
-    """
-    Retrieve the first role assigned to the given user.
-
-    Returns:
-        The user's first Role instance if the user has any roles, otherwise None.
-    """
-    return user.roles.first()
-
-
-def get_providers(role: Role) -> QuerySet[Provider]:
-    """
-    Return a distinct queryset of Providers accessible by the given role.
-
-    If the role has no associated provider groups, an empty queryset is returned.
-
-    Args:
-        role: A Role instance.
-
-    Returns:
-        A QuerySet of Provider objects filtered by the role's provider groups.
-        If the role has no provider groups, returns an empty queryset.
-    """
-    tenant = role.tenant
-    provider_groups = role.provider_groups.all()
-    if not provider_groups.exists():
-        return Provider.objects.none()
-
-    return Provider.objects.filter(
-        tenant=tenant, provider_groups__in=provider_groups
-    ).distinct()
--- a/api/src/backend/api/specs/v1.yaml
+++ b/api/src/backend/api/specs/v1.yaml
--- a/api/src/backend/api/tests/integration/test_authentication.py
+++ b/api/src/backend/api/tests/integration/test_authentication.py
@@ -1,9 +1,12 @@
 import pytest
-from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header
 from django.urls import reverse
+from unittest.mock import patch
 from rest_framework.test import APIClient

+from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header

+
+@patch("api.v1.views.MainRouter.admin_db", new="default")
@pytest.mark.django_db
 def test_basic_authentication():
    client = APIClient()
@@ -95,85 +98,3 @@ def test_refresh_token(create_test_user, tenants_fixture):
        format="vnd.api+json",
    )
    assert new_refresh_response.status_code == 200
-
-
-@pytest.mark.django_db
-def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fixture):
-    client = APIClient()
-
-    role = roles_fixture[0]
-
-    user1_email = "user1@testing.com"
-    user2_email = "user2@testing.com"
-
-    password = "thisisapassword123"
-
-    user1_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user1",
-                    "email": user1_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user1_response.status_code == 201
-
-    user1_access_token, _ = get_api_tokens(client, user1_email, password)
-    user1_headers = get_authorization_header(user1_access_token)
-
-    user2_invitation = client.post(
-        reverse("invitation-list"),
-        data={
-            "data": {
-                "type": "invitations",
-                "attributes": {"email": user2_email},
-                "relationships": {
-                    "roles": {
-                        "data": [
-                            {
-                                "type": "roles",
-                                "id": str(role.id),
-                            }
-                        ]
-                    }
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=user1_headers,
-    )
-    assert user2_invitation.status_code == 201
-    invitation_token = user2_invitation.json()["data"]["attributes"]["token"]
-
-    user2_response = client.post(
-        reverse("user-list") + f"?invitation_token={invitation_token}",
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user2",
-                    "email": user2_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user2_response.status_code == 201
-
-    user2_access_token, _ = get_api_tokens(client, user2_email, password)
-    user2_headers = get_authorization_header(user2_access_token)
-
-    user1_me = client.get(reverse("user-me"), headers=user1_headers)
-    assert user1_me.status_code == 200
-    assert user1_me.json()["data"]["attributes"]["email"] == user1_email
-
-    user2_me = client.get(reverse("user-me"), headers=user2_headers)
-    assert user2_me.status_code == 200
-    assert user2_me.json()["data"]["attributes"]["email"] == user2_email
--- a/api/src/backend/api/tests/integration/test_providers.py
+++ b/api/src/backend/api/tests/integration/test_providers.py
@@ -1,85 +0,0 @@
-from unittest.mock import Mock, patch
-
-import pytest
-from conftest import get_api_tokens, get_authorization_header
-from django.urls import reverse
-from rest_framework.test import APIClient
-
-from api.models import Provider
-
-
-@patch("api.v1.views.Task.objects.get")
-@patch("api.v1.views.delete_provider_task.delay")
-@pytest.mark.django_db
-def test_delete_provider_without_executing_task(
-    mock_delete_task, mock_task_get, create_test_user, tenants_fixture, tasks_fixture
-):
-    client = APIClient()
-
-    test_user = "test_email@prowler.com"
-    test_password = "test_password"
-
-    prowler_task = tasks_fixture[0]
-    task_mock = Mock()
-    task_mock.id = prowler_task.id
-    mock_delete_task.return_value = task_mock
-    mock_task_get.return_value = prowler_task
-
-    user_creation_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "test",
-                    "email": test_user,
-                    "password": test_password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user_creation_response.status_code == 201
-
-    access_token, _ = get_api_tokens(client, test_user, test_password)
-    auth_headers = get_authorization_header(access_token)
-
-    create_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": "123456789012",
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert create_provider_response.status_code == 201
-    provider_id = create_provider_response.json()["data"]["id"]
-    provider_uid = create_provider_response.json()["data"]["attributes"]["uid"]
-
-    remove_provider = client.delete(
-        reverse("provider-detail", kwargs={"pk": provider_id}),
-        headers=auth_headers,
-    )
-    assert remove_provider.status_code == 202
-
-    recreate_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": provider_uid,
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert recreate_provider_response.status_code == 201
--- a/api/src/backend/api/tests/integration/test_tenants.py
+++ b/api/src/backend/api/tests/integration/test_tenants.py
@@ -13,7 +13,6 @@ def test_check_resources_between_different_tenants(
    enforce_test_user_db_connection,
    authenticated_api_client,
    tenants_fixture,
-    set_user_admin_roles_fixture,
 ):
    client = authenticated_api_client

--- a/api/src/backend/api/tests/test_database.py
+++ b/api/src/backend/api/tests/test_database.py
@@ -6,10 +6,8 @@ from django.db.utils import ConnectionRouter
 from api.db_router import MainRouter
 from api.rls import Tenant
 from config.django.base import DATABASE_ROUTERS as PROD_DATABASE_ROUTERS
-from unittest.mock import patch


-@patch("api.db_router.MainRouter.admin_db", new="admin")
 class TestMainDatabaseRouter:
    @pytest.fixture(scope="module")
    def router(self):
--- a/api/src/backend/api/tests/test_db_utils.py
+++ b/api/src/backend/api/tests/test_db_utils.py
@@ -2,15 +2,7 @@ from datetime import datetime, timezone
 from enum import Enum
 from unittest.mock import patch

-import pytest
-
-from api.db_utils import (
-    batch_delete,
-    enum_to_choices,
-    generate_random_token,
-    one_week_from_now,
-)
-from api.models import Provider
+from api.db_utils import enum_to_choices, one_week_from_now, generate_random_token


 class TestEnumToChoices:
@@ -114,26 +106,3 @@ class TestGenerateRandomToken:
        token = generate_random_token(length=5, symbols="")
        # Default symbols
        assert len(token) == 5
-
-
-class TestBatchDelete:
-    @pytest.fixture
-    def create_test_providers(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        provider_id = 123456789012
-        provider_count = 10
-        for i in range(provider_count):
-            Provider.objects.create(
-                tenant=tenant,
-                uid=f"{provider_id + i}",
-                provider=Provider.ProviderChoices.AWS,
-            )
-        return provider_count
-
-    @pytest.mark.django_db
-    def test_batch_delete(self, create_test_providers):
-        _, summary = batch_delete(
-            Provider.objects.all(), batch_size=create_test_providers // 2
-        )
-        assert Provider.objects.all().count() == 0
-        assert summary == {"api.Provider": create_test_providers}
--- a/api/src/backend/api/tests/test_models.py
+++ b/api/src/backend/api/tests/test_models.py
@@ -7,10 +7,9 @@ from api.models import Resource, ResourceTag
 class TestResourceModel:
    def test_setting_tags(self, providers_fixture):
        provider, *_ = providers_fixture
-        tenant_id = provider.tenant_id

        resource = Resource.objects.create(
-            tenant_id=tenant_id,
+            tenant_id=provider.tenant_id,
            provider=provider,
            uid="arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
            name="My Instance 1",
@@ -21,12 +20,12 @@ class TestResourceModel:

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key",
                value="value",
            ),
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key2",
                value="value2",
            ),
@@ -34,9 +33,9 @@ class TestResourceModel:

        resource.upsert_or_delete_tags(tags)

-        assert len(tags) == len(resource.tags.filter(tenant_id=tenant_id))
+        assert len(tags) == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        for tag in tags:
            assert tag.key in tags_dict
@@ -44,51 +43,47 @@ class TestResourceModel:

    def test_adding_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=resource.tenant_id,
                key="env",
                value="test",
            ),
        ]
-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

-        assert before_count + 1 == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count + 1 == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        assert "env" in tags_dict
        assert tags_dict["env"] == "test"

    def test_adding_duplicate_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

-        tags = resource.tags.filter(tenant_id=tenant_id)
+        tags = resource.tags.all()

-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

        # should be the same number of tags
-        assert before_count == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count == len(resource.tags.all())

    def test_add_tags_none(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.upsert_or_delete_tags(None)

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}

    def test_clear_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.clear_tags()

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}
--- a/api/src/backend/api/tests/test_rbac.py
+++ b/api/src/backend/api/tests/test_rbac.py
@@ -1,306 +0,0 @@
-import pytest
-from django.urls import reverse
-from rest_framework import status
-from unittest.mock import patch, ANY, Mock
-
-
-@pytest.mark.django_db
-class TestUserViewSet:
-    def test_list_users_with_all_permissions(self, authenticated_client_rbac):
-        response = authenticated_client_rbac.get(reverse("user-list"))
-        assert response.status_code == status.HTTP_200_OK
-        assert isinstance(response.json()["data"], list)
-
-    def test_list_users_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        response = authenticated_client_no_permissions_rbac.get(reverse("user-list"))
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_retrieve_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.get(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert (
-            response.json()["data"]["attributes"]["email"]
-            == create_test_user_rbac.email
-        )
-
-    def test_retrieve_user_with_no_roles(
-        self, authenticated_client_rbac_noroles, create_test_user_rbac_no_roles
-    ):
-        response = authenticated_client_rbac_noroles.get(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac_no_roles.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_retrieve_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("user-detail", kwargs={"pk": create_test_user.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
-        valid_user_payload = {
-            "name": "test",
-            "password": "newpassword123",
-            "email": "new_user@test.com",
-        }
-        response = authenticated_client_rbac.post(
-            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
-
-    def test_create_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        valid_user_payload = {
-            "name": "test",
-            "password": "newpassword123",
-            "email": "new_user@test.com",
-        }
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("user-list"), data=valid_user_payload, format="vnd.api+json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"
-
-    def test_partial_update_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        updated_data = {
-            "data": {
-                "type": "users",
-                "id": str(create_test_user_rbac.id),
-                "attributes": {"name": "Updated Name"},
-            },
-        }
-        response = authenticated_client_rbac.patch(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id}),
-            data=updated_data,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["name"] == "Updated Name"
-
-    def test_partial_update_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        updated_data = {
-            "data": {
-                "type": "users",
-                "attributes": {"name": "Updated Name"},
-            }
-        }
-        response = authenticated_client_no_permissions_rbac.patch(
-            reverse("user-detail", kwargs={"pk": create_test_user.id}),
-            data=updated_data,
-            format="vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_delete_user_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.delete(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac.id})
-        )
-        assert response.status_code == status.HTTP_204_NO_CONTENT
-
-    def test_delete_user_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.delete(
-            reverse("user-detail", kwargs={"pk": create_test_user.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_me_with_all_permissions(
-        self, authenticated_client_rbac, create_test_user_rbac
-    ):
-        response = authenticated_client_rbac.get(reverse("user-me"))
-        assert response.status_code == status.HTTP_200_OK
-        assert (
-            response.json()["data"]["attributes"]["email"]
-            == create_test_user_rbac.email
-        )
-
-    def test_me_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, create_test_user
-    ):
-        response = authenticated_client_no_permissions_rbac.get(reverse("user-me"))
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["email"] == "rbac_limited@rbac.com"
-
-
-@pytest.mark.django_db
-class TestProviderViewSet:
-    def test_list_providers_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        response = authenticated_client_rbac.get(reverse("provider-list"))
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == len(providers_fixture)
-
-    def test_list_providers_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("provider-list")
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-
-    def test_retrieve_provider_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_rbac.get(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["alias"] == provider.alias
-
-    def test_retrieve_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_404_NOT_FOUND
-
-    def test_create_provider_with_all_permissions(self, authenticated_client_rbac):
-        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
-        response = authenticated_client_rbac.post(
-            reverse("provider-list"), data=payload, format="json"
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-        assert response.json()["data"]["attributes"]["alias"] == "new_alias"
-
-    def test_create_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac
-    ):
-        payload = {"provider": "aws", "uid": "111111111111", "alias": "new_alias"}
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("provider-list"), data=payload, format="json"
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    def test_partial_update_provider_with_all_permissions(
-        self, authenticated_client_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        payload = {
-            "data": {
-                "type": "providers",
-                "id": provider.id,
-                "attributes": {"alias": "updated_alias"},
-            },
-        }
-        response = authenticated_client_rbac.patch(
-            reverse("provider-detail", kwargs={"pk": provider.id}),
-            data=payload,
-            content_type="application/vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"]["attributes"]["alias"] == "updated_alias"
-
-    def test_partial_update_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        update_payload = {
-            "data": {
-                "type": "providers",
-                "attributes": {"alias": "updated_alias"},
-            }
-        }
-        response = authenticated_client_no_permissions_rbac.patch(
-            reverse("provider-detail", kwargs={"pk": provider.id}),
-            data=update_payload,
-            format="vnd.api+json",
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    @patch("api.v1.views.Task.objects.get")
-    @patch("api.v1.views.delete_provider_task.delay")
-    def test_delete_provider_with_all_permissions(
-        self,
-        mock_delete_task,
-        mock_task_get,
-        authenticated_client_rbac,
-        providers_fixture,
-        tasks_fixture,
-    ):
-        prowler_task = tasks_fixture[0]
-        task_mock = Mock()
-        task_mock.id = prowler_task.id
-        mock_delete_task.return_value = task_mock
-        mock_task_get.return_value = prowler_task
-
-        provider1, *_ = providers_fixture
-        response = authenticated_client_rbac.delete(
-            reverse("provider-detail", kwargs={"pk": provider1.id})
-        )
-        assert response.status_code == status.HTTP_202_ACCEPTED
-        mock_delete_task.assert_called_once_with(
-            provider_id=str(provider1.id), tenant_id=ANY
-        )
-        assert "Content-Location" in response.headers
-        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
-
-    def test_delete_provider_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.delete(
-            reverse("provider-detail", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    @patch("api.v1.views.Task.objects.get")
-    @patch("api.v1.views.check_provider_connection_task.delay")
-    def test_connection_with_all_permissions(
-        self,
-        mock_provider_connection,
-        mock_task_get,
-        authenticated_client_rbac,
-        providers_fixture,
-        tasks_fixture,
-    ):
-        prowler_task = tasks_fixture[0]
-        task_mock = Mock()
-        task_mock.id = prowler_task.id
-        task_mock.status = "PENDING"
-        mock_provider_connection.return_value = task_mock
-        mock_task_get.return_value = prowler_task
-
-        provider1, *_ = providers_fixture
-        assert provider1.connected is None
-        assert provider1.connection_last_checked_at is None
-
-        response = authenticated_client_rbac.post(
-            reverse("provider-connection", kwargs={"pk": provider1.id})
-        )
-        assert response.status_code == status.HTTP_202_ACCEPTED
-        mock_provider_connection.assert_called_once_with(
-            provider_id=str(provider1.id), tenant_id=ANY
-        )
-        assert "Content-Location" in response.headers
-        assert response.headers["Content-Location"] == f"/api/v1/tasks/{task_mock.id}"
-
-    def test_connection_with_no_permissions(
-        self, authenticated_client_no_permissions_rbac, providers_fixture
-    ):
-        provider = providers_fixture[0]
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("provider-connection", kwargs={"pk": provider.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
--- a/api/src/backend/api/tests/test_views.py
+++ b/api/src/backend/api/tests/test_views.py
--- a/api/src/backend/api/v1/serializers.py
+++ b/api/src/backend/api/v1/serializers.py
@@ -17,7 +17,6 @@ from api.models import (
    ComplianceOverview,
    Finding,
    Invitation,
-    InvitationRoleRelationship,
    Membership,
    Provider,
    ProviderGroup,
@@ -25,13 +24,10 @@ from api.models import (
    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
-    RoleProviderGroupRelationship,
    Scan,
    StateChoices,
    Task,
    User,
-    UserRoleRelationship,
 )
 from api.rls import Tenant

@@ -180,26 +176,10 @@ class UserSerializer(BaseSerializerV1):
    """

    memberships = serializers.ResourceRelatedField(many=True, read_only=True)
-    roles = serializers.ResourceRelatedField(many=True, read_only=True)

    class Meta:
        model = User
-        fields = [
-            "id",
-            "name",
-            "email",
-            "company_name",
-            "date_joined",
-            "memberships",
-            "roles",
-        ]
-        extra_kwargs = {
-            "roles": {"read_only": True},
-        }
-
-    included_serializers = {
-        "roles": "api.v1.serializers.RoleSerializer",
-    }
+        fields = ["id", "name", "email", "company_name", "date_joined", "memberships"]


 class UserCreateSerializer(BaseWriteSerializer):
@@ -255,73 +235,6 @@ class UserUpdateSerializer(BaseWriteSerializer):
        return super().update(instance, validated_data)


-class RoleResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "role-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class UserRoleRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for modifying user memberships
-    """
-
-    roles = serializers.ListField(
-        child=RoleResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing roles.",
-    )
-
-    def create(self, validated_data):
-        role_ids = [item["id"] for item in validated_data["roles"]]
-        roles = Role.objects.filter(id__in=role_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        new_relationships = [
-            UserRoleRelationship(
-                user=self.context.get("user"), role=r, tenant_id=tenant_id
-            )
-            for r in roles
-        ]
-        UserRoleRelationship.objects.bulk_create(new_relationships)
-
-        return self.context.get("user")
-
-    def update(self, instance, validated_data):
-        role_ids = [item["id"] for item in validated_data["roles"]]
-        roles = Role.objects.filter(id__in=role_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.roles.clear()
-        new_relationships = [
-            UserRoleRelationship(user=instance, role=r, tenant_id=tenant_id)
-            for r in roles
-        ]
-        UserRoleRelationship.objects.bulk_create(new_relationships)
-
-        return instance
-
-    class Meta:
-        model = UserRoleRelationship
-        fields = ["id", "roles"]
-
-
 # Tasks
 class TaskBase(serializers.ModelSerializer):
    state_mapping = {
@@ -445,199 +358,89 @@ class MembershipSerializer(serializers.ModelSerializer):

 # Provider Groups
 class ProviderGroupSerializer(RLSSerializer, BaseWriteSerializer):
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-    roles = serializers.ResourceRelatedField(
-        queryset=Role.objects.all(), many=True, required=False
-    )
+    providers = serializers.ResourceRelatedField(many=True, read_only=True)

    def validate(self, attrs):
-        if ProviderGroup.objects.filter(name=attrs.get("name")).exists():
+        tenant = self.context["tenant_id"]
+        name = attrs.get("name", self.instance.name if self.instance else None)
+
+        # Exclude the current instance when checking for uniqueness during updates
+        queryset = ProviderGroup.objects.filter(tenant=tenant, name=name)
+        if self.instance:
+            queryset = queryset.exclude(pk=self.instance.pk)
+
+        if queryset.exists():
            raise serializers.ValidationError(
-                {"name": "A provider group with this name already exists."}
+                {
+                    "name": "A provider group with this name already exists for this tenant."
+                }
            )

        return super().validate(attrs)

    class Meta:
        model = ProviderGroup
-        fields = [
-            "id",
-            "name",
-            "inserted_at",
-            "updated_at",
-            "providers",
-            "roles",
-            "url",
-        ]
+        fields = ["id", "name", "inserted_at", "updated_at", "providers", "url"]
+        read_only_fields = ["id", "inserted_at", "updated_at"]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
-            "roles": {"read_only": True},
-            "url": {"read_only": True},
        }


-class ProviderGroupIncludedSerializer(ProviderGroupSerializer):
+class ProviderGroupIncludedSerializer(RLSSerializer, BaseWriteSerializer):
    class Meta:
        model = ProviderGroup
        fields = ["id", "name"]


-class ProviderGroupCreateSerializer(ProviderGroupSerializer):
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-    roles = serializers.ResourceRelatedField(
-        queryset=Role.objects.all(), many=True, required=False
-    )
+class ProviderGroupUpdateSerializer(RLSSerializer, BaseWriteSerializer):
+    """
+    Serializer for updating the ProviderGroup model.
+    Only allows "name" field to be updated.
+    """

    class Meta:
        model = ProviderGroup
-        fields = [
-            "id",
-            "name",
-            "inserted_at",
-            "updated_at",
-            "providers",
-            "roles",
-        ]
-
-    def create(self, validated_data):
-        providers = validated_data.pop("providers", [])
-        roles = validated_data.pop("roles", [])
-        tenant_id = self.context.get("tenant_id")
-        provider_group = ProviderGroup.objects.create(
-            tenant_id=tenant_id, **validated_data
-        )
-
-        through_model_instances = [
-            ProviderGroupMembership(
-                provider_group=provider_group,
-                provider=provider,
-                tenant_id=tenant_id,
-            )
-            for provider in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(through_model_instances)
-
-        through_model_instances = [
-            RoleProviderGroupRelationship(
-                provider_group=provider_group,
-                role=role,
-                tenant_id=tenant_id,
-            )
-            for role in roles
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        return provider_group
+        fields = ["id", "name"]


-class ProviderGroupUpdateSerializer(ProviderGroupSerializer):
-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-
-        if "providers" in validated_data:
-            providers = validated_data.pop("providers")
-            instance.providers.clear()
-            through_model_instances = [
-                ProviderGroupMembership(
-                    provider_group=instance,
-                    provider=provider,
-                    tenant_id=tenant_id,
-                )
-                for provider in providers
-            ]
-            ProviderGroupMembership.objects.bulk_create(through_model_instances)
-
-        if "roles" in validated_data:
-            roles = validated_data.pop("roles")
-            instance.roles.clear()
-            through_model_instances = [
-                RoleProviderGroupRelationship(
-                    provider_group=instance,
-                    role=role,
-                    tenant_id=tenant_id,
-                )
-                for role in roles
-            ]
-            RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        return super().update(instance, validated_data)
-
-
-class ProviderResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "provider-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class ProviderGroupMembershipSerializer(RLSSerializer, BaseWriteSerializer):
+class ProviderGroupMembershipUpdateSerializer(RLSSerializer, BaseWriteSerializer):
    """
-    Serializer for modifying provider_group memberships
+    Serializer for modifying provider group memberships
    """

-    providers = serializers.ListField(
-        child=ProviderResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing providers.",
+    provider_ids = serializers.ListField(
+        child=serializers.UUIDField(),
+        help_text="List of provider UUIDs to add to the group",
    )

-    def create(self, validated_data):
-        provider_ids = [item["id"] for item in validated_data["providers"]]
-        providers = Provider.objects.filter(id__in=provider_ids)
-        tenant_id = self.context.get("tenant_id")
+    def validate(self, attrs):
+        tenant_id = self.context["tenant_id"]
+        provider_ids = attrs.get("provider_ids", [])

-        new_relationships = [
-            ProviderGroupMembership(
-                provider_group=self.context.get("provider_group"),
-                provider=p,
-                tenant_id=tenant_id,
+        existing_provider_ids = set(
+            Provider.objects.filter(
+                id__in=provider_ids, tenant_id=tenant_id
+            ).values_list("id", flat=True)
+        )
+        provided_provider_ids = set(provider_ids)
+
+        missing_provider_ids = provided_provider_ids - existing_provider_ids
+
+        if missing_provider_ids:
+            raise serializers.ValidationError(
+                {
+                    "provider_ids": f"The following provider IDs do not exist: {', '.join(str(id) for id in missing_provider_ids)}"
+                }
            )
-            for p in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(new_relationships)

-        return self.context.get("provider_group")
-
-    def update(self, instance, validated_data):
-        provider_ids = [item["id"] for item in validated_data["providers"]]
-        providers = Provider.objects.filter(id__in=provider_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.providers.clear()
-        new_relationships = [
-            ProviderGroupMembership(
-                provider_group=instance, provider=p, tenant_id=tenant_id
-            )
-            for p in providers
-        ]
-        ProviderGroupMembership.objects.bulk_create(new_relationships)
-
-        return instance
+        return super().validate(attrs)

    class Meta:
        model = ProviderGroupMembership
-        fields = ["id", "providers"]
+        fields = ["id", "provider_ids"]


 # Providers
@@ -874,7 +677,7 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        return obj.get_tags(self.context.get("tenant_id"))
+        return obj.get_tags()

    def get_fields(self):
        """`type` is a Python reserved keyword."""
@@ -905,7 +708,6 @@ class FindingSerializer(RLSSerializer):
            "raw_result",
            "inserted_at",
            "updated_at",
-            "first_seen_at",
            "url",
            # Relationships
            "scan",
@@ -918,7 +720,6 @@ class FindingSerializer(RLSSerializer):
    }


-# To be removed when the related endpoint is removed as well
 class FindingDynamicFilterSerializer(serializers.Serializer):
    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
@@ -927,19 +728,6 @@ class FindingDynamicFilterSerializer(serializers.Serializer):
        resource_name = "finding-dynamic-filters"


-class FindingMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    resource_types = serializers.ListField(
-        child=serializers.CharField(), allow_empty=True
-    )
-    # Temporarily disabled until we implement tag filtering in the UI
-    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "findings-metadata"
-
-
 # Provider secrets
 class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
    @staticmethod
@@ -1012,7 +800,7 @@ class KubernetesProviderSecret(serializers.Serializer):

 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
-    external_id = serializers.CharField()
+    external_id = serializers.CharField(required=False)
    role_session_name = serializers.CharField(required=False)
    session_duration = serializers.IntegerField(
        required=False, min_value=900, max_value=43200
@@ -1059,10 +847,6 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
                        "assumption.",
                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
                    "aws_access_key_id": {
                        "type": "string",
                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
@@ -1084,6 +868,11 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "default": 3600,
                        "description": "The duration (in seconds) for the role session.",
                    },
+                    "external_id": {
+                        "type": "string",
+                        "description": "An optional identifier to enhance security for role assumption; may be "
+                        "required by the role administrator.",
+                    },
                    "role_session_name": {
                        "type": "string",
                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
@@ -1097,7 +886,7 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
                    },
                },
-                "required": ["role_arn", "external_id"],
+                "required": ["role_arn"],
            },
            {
                "type": "object",
@@ -1245,14 +1034,6 @@ class InvitationSerializer(RLSSerializer):
    Serializer for the Invitation model.
    """

-    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    class Meta:
        model = Invitation
        fields = [
@@ -1262,7 +1043,6 @@ class InvitationSerializer(RLSSerializer):
            "email",
            "state",
            "token",
-            "roles",
            "expires_at",
            "inviter",
            "url",
@@ -1270,14 +1050,6 @@ class InvitationSerializer(RLSSerializer):


 class InvitationBaseWriteSerializer(BaseWriteSerializer):
-    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    def validate_email(self, value):
        user = User.objects.filter(email=value).first()
        tenant_id = self.context["tenant_id"]
@@ -1314,62 +1086,31 @@ class InvitationCreateSerializer(InvitationBaseWriteSerializer, RLSSerializer):

    class Meta:
        model = Invitation
-        fields = ["email", "expires_at", "state", "token", "inviter", "roles"]
+        fields = ["email", "expires_at", "state", "token", "inviter"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "inviter": {"read_only": True},
            "expires_at": {"required": False},
-            "roles": {"required": False},
        }

    def create(self, validated_data):
        inviter = self.context.get("request").user
-        tenant_id = self.context.get("tenant_id")
        validated_data["inviter"] = inviter
-        roles = validated_data.pop("roles", [])
-        invitation = super().create(validated_data)
-        for role in roles:
-            InvitationRoleRelationship.objects.create(
-                role=role, invitation=invitation, tenant_id=tenant_id
-            )
-
-        return invitation
+        return super().create(validated_data)


 class InvitationUpdateSerializer(InvitationBaseWriteSerializer):
-    roles = serializers.ResourceRelatedField(
-        required=False, many=True, queryset=Role.objects.all()
-    )
-
    class Meta:
        model = Invitation
-        fields = ["id", "email", "expires_at", "state", "token", "roles"]
+        fields = ["id", "email", "expires_at", "state", "token"]
        extra_kwargs = {
            "token": {"read_only": True},
            "state": {"read_only": True},
            "expires_at": {"required": False},
            "email": {"required": False},
-            "roles": {"required": False},
        }

-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-        if "roles" in validated_data:
-            roles = validated_data.pop("roles")
-            instance.roles.clear()
-            new_relationships = [
-                InvitationRoleRelationship(
-                    role=r, invitation=instance, tenant_id=tenant_id
-                )
-                for r in roles
-            ]
-            InvitationRoleRelationship.objects.bulk_create(new_relationships)
-
-        invitation = super().update(instance, validated_data)
-
-        return invitation
-

 class InvitationAcceptSerializer(RLSSerializer):
    """Serializer for accepting an invitation."""
@@ -1381,218 +1122,6 @@ class InvitationAcceptSerializer(RLSSerializer):
        fields = ["invitation_token"]


-# Roles
-
-
-class RoleSerializer(RLSSerializer, BaseWriteSerializer):
-    permission_state = serializers.SerializerMethodField()
-    users = serializers.ResourceRelatedField(
-        queryset=User.objects.all(), many=True, required=False
-    )
-    provider_groups = serializers.ResourceRelatedField(
-        queryset=ProviderGroup.objects.all(), many=True, required=False
-    )
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["users"].queryset = User.objects.filter(
-                membership__tenant__id=tenant_id
-            )
-            self.fields["provider_groups"].queryset = ProviderGroup.objects.filter(
-                tenant_id=self.context.get("tenant_id")
-            )
-
-    def get_permission_state(self, obj) -> str:
-        return obj.permission_state
-
-    def validate(self, attrs):
-        if Role.objects.filter(name=attrs.get("name")).exists():
-            raise serializers.ValidationError(
-                {"name": "A role with this name already exists."}
-            )
-
-        if attrs.get("manage_providers"):
-            attrs["unlimited_visibility"] = True
-
-        # Prevent updates to the admin role
-        if getattr(self.instance, "name", None) == "admin":
-            raise serializers.ValidationError(
-                {"name": "The admin role cannot be updated."}
-            )
-
-        return super().validate(attrs)
-
-    class Meta:
-        model = Role
-        fields = [
-            "id",
-            "name",
-            "manage_users",
-            "manage_account",
-            # Disable for the first release
-            # "manage_billing",
-            # "manage_integrations",
-            # /Disable for the first release
-            "manage_providers",
-            "manage_scans",
-            "permission_state",
-            "unlimited_visibility",
-            "inserted_at",
-            "updated_at",
-            "provider_groups",
-            "users",
-            "invitations",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True},
-        }
-
-
-class RoleCreateSerializer(RoleSerializer):
-    provider_groups = serializers.ResourceRelatedField(
-        many=True, queryset=ProviderGroup.objects.all(), required=False
-    )
-    users = serializers.ResourceRelatedField(
-        many=True, queryset=User.objects.all(), required=False
-    )
-
-    def create(self, validated_data):
-        provider_groups = validated_data.pop("provider_groups", [])
-        users = validated_data.pop("users", [])
-        tenant_id = self.context.get("tenant_id")
-        role = Role.objects.create(tenant_id=tenant_id, **validated_data)
-
-        through_model_instances = [
-            RoleProviderGroupRelationship(
-                role=role,
-                provider_group=provider_group,
-                tenant_id=tenant_id,
-            )
-            for provider_group in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        through_model_instances = [
-            UserRoleRelationship(
-                role=role,
-                user=user,
-                tenant_id=tenant_id,
-            )
-            for user in users
-        ]
-        UserRoleRelationship.objects.bulk_create(through_model_instances)
-
-        return role
-
-
-class RoleUpdateSerializer(RoleSerializer):
-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-
-        if "provider_groups" in validated_data:
-            provider_groups = validated_data.pop("provider_groups")
-            instance.provider_groups.clear()
-            through_model_instances = [
-                RoleProviderGroupRelationship(
-                    role=instance,
-                    provider_group=provider_group,
-                    tenant_id=tenant_id,
-                )
-                for provider_group in provider_groups
-            ]
-            RoleProviderGroupRelationship.objects.bulk_create(through_model_instances)
-
-        if "users" in validated_data:
-            users = validated_data.pop("users")
-            instance.users.clear()
-            through_model_instances = [
-                UserRoleRelationship(
-                    role=instance,
-                    user=user,
-                    tenant_id=tenant_id,
-                )
-                for user in users
-            ]
-            UserRoleRelationship.objects.bulk_create(through_model_instances)
-
-        return super().update(instance, validated_data)
-
-
-class ProviderGroupResourceIdentifierSerializer(serializers.Serializer):
-    resource_type = serializers.CharField(source="type")
-    id = serializers.UUIDField()
-
-    class JSONAPIMeta:
-        resource_name = "provider-group-identifier"
-
-    def to_representation(self, instance):
-        """
-        Ensure 'type' is used in the output instead of 'resource_type'.
-        """
-        representation = super().to_representation(instance)
-        representation["type"] = representation.pop("resource_type", None)
-        return representation
-
-    def to_internal_value(self, data):
-        """
-        Map 'type' back to 'resource_type' during input.
-        """
-        data["resource_type"] = data.pop("type", None)
-        return super().to_internal_value(data)
-
-
-class RoleProviderGroupRelationshipSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for modifying role memberships
-    """
-
-    provider_groups = serializers.ListField(
-        child=ProviderGroupResourceIdentifierSerializer(),
-        help_text="List of resource identifier objects representing provider groups.",
-    )
-
-    def create(self, validated_data):
-        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
-        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        new_relationships = [
-            RoleProviderGroupRelationship(
-                role=self.context.get("role"), provider_group=pg, tenant_id=tenant_id
-            )
-            for pg in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
-
-        return self.context.get("role")
-
-    def update(self, instance, validated_data):
-        provider_group_ids = [item["id"] for item in validated_data["provider_groups"]]
-        provider_groups = ProviderGroup.objects.filter(id__in=provider_group_ids)
-        tenant_id = self.context.get("tenant_id")
-
-        instance.provider_groups.clear()
-        new_relationships = [
-            RoleProviderGroupRelationship(
-                role=instance, provider_group=pg, tenant_id=tenant_id
-            )
-            for pg in provider_groups
-        ]
-        RoleProviderGroupRelationship.objects.bulk_create(new_relationships)
-
-        return instance
-
-    class Meta:
-        model = RoleProviderGroupRelationship
-        fields = ["id", "provider_groups"]
-
-
 # Compliance overview


@@ -1736,7 +1265,7 @@ class OverviewProviderSerializer(serializers.Serializer):
            "properties": {
                "pass": {"type": "integer"},
                "fail": {"type": "integer"},
-                "muted": {"type": "integer"},
+                "manual": {"type": "integer"},
                "total": {"type": "integer"},
            },
        }
@@ -1745,7 +1274,7 @@ class OverviewProviderSerializer(serializers.Serializer):
        return {
            "pass": obj["findings_passed"],
            "fail": obj["findings_failed"],
-            "muted": obj["findings_muted"],
+            "manual": obj["findings_manual"],
            "total": obj["total_findings"],
        }

@@ -1805,24 +1334,6 @@ class OverviewSeveritySerializer(serializers.Serializer):
        return {"version": "v1"}


-class OverviewServiceSerializer(serializers.Serializer):
-    id = serializers.CharField(source="service")
-    total = serializers.IntegerField()
-    _pass = serializers.IntegerField()
-    fail = serializers.IntegerField()
-    muted = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "services-overview"
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["pass"] = self.fields.pop("_pass")
-
-    def get_root_meta(self, _resource, _many):
-        return {"version": "v1"}
-
-
 # Schedules


--- a/api/src/backend/api/v1/urls.py
+++ b/api/src/backend/api/v1/urls.py
@@ -1,4 +1,3 @@
-from django.conf import settings
 from django.urls import include, path
 from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers
@@ -12,20 +11,16 @@ from api.v1.views import (
    InvitationViewSet,
    MembershipViewSet,
    OverviewViewSet,
-    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
    ProviderSecretViewSet,
    ProviderViewSet,
    ResourceViewSet,
-    RoleProviderGroupRelationshipView,
-    RoleViewSet,
    ScanViewSet,
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
    TenantMembersViewSet,
    TenantViewSet,
-    UserRoleRelationshipView,
    UserViewSet,
 )

@@ -34,12 +29,11 @@ router = routers.DefaultRouter(trailing_slash=False)
 router.register(r"users", UserViewSet, basename="user")
 router.register(r"tenants", TenantViewSet, basename="tenant")
 router.register(r"providers", ProviderViewSet, basename="provider")
-router.register(r"provider-groups", ProviderGroupViewSet, basename="providergroup")
+router.register(r"provider_groups", ProviderGroupViewSet, basename="providergroup")
 router.register(r"scans", ScanViewSet, basename="scan")
 router.register(r"tasks", TaskViewSet, basename="task")
 router.register(r"resources", ResourceViewSet, basename="resource")
 router.register(r"findings", FindingViewSet, basename="finding")
-router.register(r"roles", RoleViewSet, basename="role")
 router.register(
    r"compliance-overviews", ComplianceOverviewViewSet, basename="complianceoverview"
 )
@@ -86,33 +80,9 @@ urlpatterns = [
        InvitationAcceptViewSet.as_view({"post": "accept"}),
        name="invitation-accept",
    ),
-    path(
-        "roles/<uuid:pk>/relationships/provider_groups",
-        RoleProviderGroupRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="role-provider-groups-relationship",
-    ),
-    path(
-        "users/<uuid:pk>/relationships/roles",
-        UserRoleRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="user-roles-relationship",
-    ),
-    path(
-        "provider-groups/<uuid:pk>/relationships/providers",
-        ProviderGroupProvidersRelationshipView.as_view(
-            {"post": "create", "patch": "partial_update", "delete": "destroy"}
-        ),
-        name="provider_group-providers-relationship",
-    ),
    path("", include(router.urls)),
    path("", include(tenants_router.urls)),
    path("", include(users_router.urls)),
    path("schema", SchemaView.as_view(), name="schema"),
    path("docs", SpectacularRedocView.as_view(url_name="schema"), name="docs"),
 ]
-
-if settings.DEBUG:
-    urlpatterns += [path("silk/", include("silk.urls", namespace="silk"))]
--- a/api/src/backend/api/v1/views.py
+++ b/api/src/backend/api/v1/views.py
--- a/api/src/backend/config/django/devel.py
+++ b/api/src/backend/config/django/devel.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=True)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["*"])

@@ -37,9 +38,3 @@ REST_FRAMEWORK["DEFAULT_FILTER_BACKENDS"] = tuple(  # noqa: F405
 ) + ("api.filters.CustomDjangoFilterBackend",)

 SECRETS_ENCRYPTION_KEY = "ZMiYVo7m4Fbe2eXXPyrwxdJss2WSalXSv3xHBcJkPl0="
-
-MIDDLEWARE += [  # noqa: F405
-    "silk.middleware.SilkyMiddleware",
-]
-
-INSTALLED_APPS += ["silk"]  # noqa: F405
--- a/api/src/backend/config/django/production.py
+++ b/api/src/backend/config/django/production.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

--- a/api/src/backend/config/django/testing.py
+++ b/api/src/backend/config/django/testing.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

@@ -9,8 +10,8 @@ DATABASES = {
    "default": {
        "ENGINE": "psqlextra.backend",
        "NAME": "prowler_db_test",
-        "USER": env("POSTGRES_USER", default="prowler_admin"),
-        "PASSWORD": env("POSTGRES_PASSWORD", default="postgres"),
+        "USER": env("POSTGRES_USER", default="prowler"),
+        "PASSWORD": env("POSTGRES_PASSWORD", default="S3cret"),
        "HOST": env("POSTGRES_HOST", default="localhost"),
        "PORT": env("POSTGRES_PORT", default="5432"),
    },
--- a/api/src/backend/conftest.py
+++ b/api/src/backend/conftest.py
@@ -1,6 +1,5 @@
 import logging
 from datetime import datetime, timedelta, timezone
-from unittest.mock import patch

 import pytest
 from django.conf import settings
@@ -11,7 +10,6 @@ from django_celery_results.models import TaskResult
 from rest_framework import status
 from rest_framework.test import APIClient

-from api.db_utils import rls_transaction
 from api.models import (
    ComplianceOverview,
    Finding,
@@ -22,13 +20,10 @@ from api.models import (
    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
    Scan,
-    ScanSummary,
    StateChoices,
    Task,
    User,
-    UserRoleRelationship,
 )
 from api.rls import Tenant
 from api.v1.serializers import TokenSerializer
@@ -87,150 +82,8 @@ def create_test_user(django_db_setup, django_db_blocker):
    return user


-@pytest.fixture(scope="function")
-def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing",
-            email="rbac@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = tenants_fixture[0]
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-        Role.objects.create(
-            name="admin",
-            tenant_id=tenant.id,
-            manage_users=True,
-            manage_account=True,
-            manage_billing=True,
-            manage_providers=True,
-            manage_integrations=True,
-            manage_scans=True,
-            unlimited_visibility=True,
-        )
-        UserRoleRelationship.objects.create(
-            user=user,
-            role=Role.objects.get(name="admin"),
-            tenant_id=tenant.id,
-        )
-    return user
-
-
-@pytest.fixture(scope="function")
-def create_test_user_rbac_no_roles(django_db_setup, django_db_blocker, tenants_fixture):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing",
-            email="rbac_noroles@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = tenants_fixture[0]
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-
-    return user
-
-
-@pytest.fixture(scope="function")
-def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing_limited",
-            email="rbac_limited@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = Tenant.objects.create(
-            name="Tenant Test",
-        )
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-        Role.objects.create(
-            name="limited",
-            tenant_id=tenant.id,
-            manage_users=False,
-            manage_account=False,
-            manage_billing=False,
-            manage_providers=False,
-            manage_integrations=False,
-            manage_scans=False,
-            unlimited_visibility=False,
-        )
-        UserRoleRelationship.objects.create(
-            user=user,
-            role=Role.objects.get(name="limited"),
-            tenant_id=tenant.id,
-        )
-    return user
-
-
@pytest.fixture
-def authenticated_client_rbac(create_test_user_rbac, tenants_fixture, client):
-    client.user = create_test_user_rbac
-    tenant_id = tenants_fixture[0].id
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac@rbac.com",
-            "password": TEST_PASSWORD,
-            "tenant_id": tenant_id,
-        }
-    )
-    serializer.is_valid(raise_exception=True)
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client_rbac_noroles(
-    create_test_user_rbac_no_roles, tenants_fixture, client
-):
-    client.user = create_test_user_rbac_no_roles
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac_noroles@rbac.com",
-            "password": TEST_PASSWORD,
-        }
-    )
-    serializer.is_valid()
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client_no_permissions_rbac(
-    create_test_user_rbac_limited, tenants_fixture, client
-):
-    client.user = create_test_user_rbac_limited
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac_limited@rbac.com",
-            "password": TEST_PASSWORD,
-        }
-    )
-    serializer.is_valid()
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client(
-    create_test_user, tenants_fixture, set_user_admin_roles_fixture, client
-):
+def authenticated_client(create_test_user, tenants_fixture, client):
    client.user = create_test_user
    serializer = TokenSerializer(
        data={"type": "tokens", "email": TEST_USER, "password": TEST_PASSWORD}
@@ -250,7 +103,6 @@ def authenticated_api_client(create_test_user, tenants_fixture):
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-
    return client


@@ -275,37 +127,13 @@ def tenants_fixture(create_test_user):
    tenant3 = Tenant.objects.create(
        name="Tenant Three",
    )
-
    return tenant1, tenant2, tenant3


-@pytest.fixture
-def set_user_admin_roles_fixture(create_test_user, tenants_fixture):
-    user = create_test_user
-    for tenant in tenants_fixture[:2]:
-        with rls_transaction(str(tenant.id)):
-            role = Role.objects.create(
-                name="admin",
-                tenant_id=tenant.id,
-                manage_users=True,
-                manage_account=True,
-                manage_billing=True,
-                manage_providers=True,
-                manage_integrations=True,
-                manage_scans=True,
-                unlimited_visibility=True,
-            )
-            UserRoleRelationship.objects.create(
-                user=user,
-                role=role,
-                tenant_id=tenant.id,
-            )
-
-
@pytest.fixture
 def invitations_fixture(create_test_user, tenants_fixture):
    user = create_test_user
-    tenant = tenants_fixture[0]
+    *_, tenant = tenants_fixture
    valid_invitation = Invitation.objects.create(
        email="testing@prowler.com",
        state=Invitation.State.PENDING,
@@ -324,20 +152,6 @@ def invitations_fixture(create_test_user, tenants_fixture):
    return valid_invitation, expired_invitation


-@pytest.fixture
-def users_fixture(django_user_model):
-    user1 = User.objects.create_user(
-        name="user1", email="test_unit0@prowler.com", password="S3cret"
-    )
-    user2 = User.objects.create_user(
-        name="user2", email="test_unit1@prowler.com", password="S3cret"
-    )
-    user3 = User.objects.create_user(
-        name="user3", email="test_unit2@prowler.com", password="S3cret"
-    )
-    return user1, user2, user3
-
-
@pytest.fixture
 def providers_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -395,74 +209,6 @@ def provider_groups_fixture(tenants_fixture):
    return pgroup1, pgroup2, pgroup3


-@pytest.fixture
-def admin_role_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-
-    return Role.objects.get_or_create(
-        name="admin",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )[0]
-
-
-@pytest.fixture
-def roles_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-    role1 = Role.objects.create(
-        name="Role One",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=False,
-        manage_scans=True,
-        unlimited_visibility=False,
-    )
-    role2 = Role.objects.create(
-        name="Role Two",
-        tenant_id=tenant.id,
-        manage_users=False,
-        manage_account=False,
-        manage_billing=False,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )
-    role3 = Role.objects.create(
-        name="Role Three",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )
-    role4 = Role.objects.create(
-        name="Role Four",
-        tenant_id=tenant.id,
-        manage_users=False,
-        manage_account=False,
-        manage_billing=False,
-        manage_providers=False,
-        manage_integrations=False,
-        manage_scans=False,
-        unlimited_visibility=False,
-    )
-
-    return role1, role2, role3, role4
-
-
@pytest.fixture
 def provider_secret_fixture(providers_fixture):
    return tuple(
@@ -626,7 +372,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding1.add_resources([resource1])
@@ -652,7 +397,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding2.add_resources([resource2])
@@ -798,101 +542,5 @@ def get_api_tokens(
    )


-@pytest.fixture
-def scan_summaries_fixture(tenants_fixture, providers_fixture):
-    tenant = tenants_fixture[0]
-    provider = providers_fixture[0]
-    scan = Scan.objects.create(
-        name="overview scan",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant=tenant,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region2",
-        _pass=0,
-        fail=1,
-        muted=1,
-        total=2,
-        new=2,
-        changed=0,
-        unchanged=0,
-        fail_new=1,
-        fail_changed=0,
-        pass_new=0,
-        pass_changed=0,
-        muted_new=1,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check2",
-        service="service2",
-        severity="critical",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}
-
-
-def pytest_collection_modifyitems(items):
-    """Ensure test_rbac.py is executed first."""
-    items.sort(key=lambda item: 0 if "test_rbac.py" in item.nodeid else 1)
-
-
-def pytest_configure(config):
-    # Apply the mock before the test session starts. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch("api.db_router.MainRouter.admin_db", new="default").start()
-
-
-def pytest_unconfigure(config):
-    # Stop all patches after the test session ends. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch.stopall()
--- a/api/src/backend/tasks/jobs/scan.py
+++ b/api/src/backend/tasks/jobs/scan.py
@@ -116,6 +116,7 @@ def perform_prowler_scan(
        ValueError: If the provider cannot be connected.

    """
+    generate_compliance = False
    check_status_by_region = {}
    exception = None
    unique_resources = set()
@@ -144,6 +145,7 @@ def perform_prowler_scan(
                )
                provider_instance.save()

+        generate_compliance = provider_instance.provider != Provider.ProviderChoices.GCP
        prowler_scan = ProwlerScan(provider=prowler_provider, checks=checks_to_execute)

        resource_cache = {}
@@ -152,9 +154,6 @@ def perform_prowler_scan(

        for progress, findings in prowler_scan.scan():
            for finding in findings:
-                if finding is None:
-                    logger.error(f"None finding detected on scan {scan_id}.")
-                    continue
                for attempt in range(CELERY_DEADLOCK_ATTEMPTS):
                    try:
                        with rls_transaction(tenant_id):
@@ -179,10 +178,7 @@ def perform_prowler_scan(

                        # Update resource fields if necessary
                        updated_fields = []
-                        if (
-                            finding.region
-                            and resource_instance.region != finding.region
-                        ):
+                        if resource_instance.region != finding.region:
                            resource_instance.region = finding.region
                            updated_fields.append("region")
                        if resource_instance.service != finding.service_name:
@@ -225,30 +221,24 @@ def perform_prowler_scan(
                # Process finding
                with rls_transaction(tenant_id):
                    finding_uid = finding.uid
-                    last_first_seen_at = None
                    if finding_uid not in last_status_cache:
                        most_recent_finding = (
-                            Finding.all_objects.filter(
-                                tenant_id=tenant_id, uid=finding_uid
-                            )
-                            .order_by("-inserted_at")
-                            .values("status", "first_seen_at")
+                            Finding.objects.filter(uid=finding_uid)
+                            .order_by("-id")
+                            .values("status")
                            .first()
                        )
-                        last_status = None
-                        if most_recent_finding:
-                            last_status = most_recent_finding["status"]
-                            last_first_seen_at = most_recent_finding["first_seen_at"]
-                        last_status_cache[finding_uid] = last_status, last_first_seen_at
+                        last_status = (
+                            most_recent_finding["status"]
+                            if most_recent_finding
+                            else None
+                        )
+                        last_status_cache[finding_uid] = last_status
                    else:
-                        last_status, last_first_seen_at = last_status_cache[finding_uid]
+                        last_status = last_status_cache[finding_uid]

                    status = FindingStatus[finding.status]
                    delta = _create_finding_delta(last_status, status)
-                    # For the findings prior to the change, when a first finding is found with delta!="new" it will be assigned a current date as first_seen_at and the successive findings with the same UID will always get the date of the previous finding.
-                    # For new findings, when a finding (delta="new") is found for the first time, the first_seen_at attribute will be assigned the current date, the following findings will get that date.
-                    if not last_first_seen_at:
-                        last_first_seen_at = datetime.now(tz=timezone.utc)

                    # Create the finding
                    finding_instance = Finding.objects.create(
@@ -263,12 +253,11 @@ def perform_prowler_scan(
                        raw_result=finding.raw,
                        check_id=finding.check_id,
                        scan=scan_instance,
-                        first_seen_at=last_first_seen_at,
                    )
                    finding_instance.add_resources([resource_instance])

                # Update compliance data if applicable
-                if finding.status.value == "MUTED":
+                if not generate_compliance or finding.status.value == "MUTED":
                    continue

                region_dict = check_status_by_region.setdefault(finding.region, {})
@@ -296,7 +285,7 @@ def perform_prowler_scan(
            scan_instance.unique_resource_count = len(unique_resources)
            scan_instance.save()

-    if exception is None:
+    if exception is None and generate_compliance:
        try:
            regions = prowler_provider.get_regions()
        except AttributeError:
@@ -380,7 +369,7 @@ def aggregate_findings(tenant_id: str, scan_id: str):
        - muted_changed: Muted findings with a delta of 'changed'.
    """
    with rls_transaction(tenant_id):
-        findings = Finding.objects.filter(tenant_id=tenant_id, scan_id=scan_id)
+        findings = Finding.objects.filter(scan_id=scan_id)

        aggregation = findings.values(
            "check_id",
--- a/api/src/backend/tasks/tests/test_deletion.py
+++ b/api/src/backend/tasks/tests/test_deletion.py
@@ -1,3 +1,5 @@
+from unittest.mock import patch
+
 import pytest
 from django.core.exceptions import ObjectDoesNotExist
 from tasks.jobs.deletion import delete_provider, delete_tenant
@@ -22,6 +24,7 @@ class TestDeleteProvider:
            delete_provider(non_existent_pk)


+@patch("api.db_router.MainRouter.admin_db", new="default")
@pytest.mark.django_db
 class TestDeleteTenant:
    def test_delete_tenant_success(self, tenants_fixture, providers_fixture):
--- a/codecov.yml
+++ b/codecov.yml
@@ -1,11 +0,0 @@
-component_management:
-  individual_components:
-    - component_id: "prowler"
-      paths:
-        - "prowler/**"
-    - component_id: "api"
-      paths:
-        - "api/**"
-
-comment:
-  layout: "header, diff, flags, components"
--- a/contrib/aws/aws-sso-docker/readme.md
+++ b/contrib/aws/aws-sso-docker/readme.md
@@ -1,301 +0,0 @@
-# AWS SSO to Prowler Automation Script
-
-## Table of Contents
- [Introduction](#introduction)
- [Prerequisites](#prerequisites)
- [Setup](#setup)
- [Script Overview](#script-overview)
- [Usage](#usage)
- [Troubleshooting](#troubleshooting)
- [Customization](#customization)
- [Security Considerations](#security-considerations)
- [License](#license)
-
-## Introduction
-
-This repository provides a Bash script that automates the process of logging into AWS Single Sign-On (SSO), extracting temporary AWS credentials, and running **Prowler**—a security tool that performs AWS security best practices assessments—inside a Docker container using those credentials.
-
-By following this guide, you can streamline your AWS security assessments, ensuring that you consistently apply best practices across your AWS accounts.
-
-## Prerequisites
-
-Before you begin, ensure that you have the following tools installed and properly configured on your system:
-
-1. **AWS CLI v2**
-   - AWS SSO support is available from AWS CLI version 2 onwards.
-   - [Installation Guide](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
-
-2. **jq**
-   - A lightweight and flexible command-line JSON processor.
-   - **macOS (Homebrew):**
-     ```bash
-     brew install jq
-     ```
-   - **Ubuntu/Debian:**
-     ```bash
-     sudo apt-get update
-     sudo apt-get install -y jq
-     ```
-   - **Windows:**
-     - [Download jq](https://stedolan.github.io/jq/download/)
-
-3. **Docker**
-   - Ensure Docker is installed and running on your system.
-   - [Docker Installation Guide](https://docs.docker.com/get-docker/)
-
-4. **AWS SSO Profile Configuration**
-   - Ensure that you have configured an AWS CLI profile with SSO.
-   - [Configuring AWS CLI with SSO](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)
-
-## Setup
-
-1. **Clone the Repository**
-   ```bash
-   git clone https://github.com/your-username/aws-sso-prowler-automation.git
-   cd aws-sso-prowler-automation
-   ```
-
-2. **Create the Automation Script**
-   Create a new Bash script named `run_prowler_sso.sh` and make it executable.
-
-   ```bash
-   nano run_prowler_sso.sh
-   chmod +x run_prowler_sso.sh
-   ```
-
-3. **Add the Script Content**
-   Paste the following content into `run_prowler_sso.sh`:
-
-4. **Configure AWS SSO Profile**
-   Ensure that your AWS CLI profile (`twodragon` in this case) is correctly configured for SSO.
-
-   ```bash
-   aws configure sso --profile twodragon
-   ```
-
-   **Example Configuration Prompts:**
-   ```
-   SSO session name (Recommended): [twodragon]
-   SSO start URL [None]: https://twodragon.awsapps.com/start
-   SSO region [None]: ap-northeast-2
-   SSO account ID [None]: 123456789012
-   SSO role name [None]: ReadOnlyAccess
-   CLI default client region [None]: ap-northeast-2
-   CLI default output format [None]: json
-   CLI profile name [twodragon]: twodragon
-   ```
-
-## Script Overview
-
-The `run_prowler_sso.sh` script performs the following actions:
-
-1. **AWS SSO Login:**
-   - Initiates AWS SSO login for the specified profile.
-   - Opens the SSO authorization page in the default browser for user authentication.
-
-2. **Extract Temporary Credentials:**
-   - Locates the most recent SSO cache file containing the `accessToken`.
-   - Uses `jq` to parse and extract the `accessToken` from the cache file.
-   - Retrieves the `sso_role_name` and `sso_account_id` from the AWS CLI configuration.
-   - Obtains temporary AWS credentials (`AccessKeyId`, `SecretAccessKey`, `SessionToken`) using the extracted `accessToken`.
-
-3. **Set Environment Variables:**
-   - Exports the extracted AWS credentials as environment variables to be used by the Docker container.
-
-4. **Run Prowler:**
-   - Executes the **Prowler** Docker container, passing the AWS credentials as environment variables for security assessments.
-
-## Usage
-
-1. **Make the Script Executable**
-   Ensure the script has execute permissions.
-
-   ```bash
-   chmod +x run_prowler_sso.sh
-   ```
-
-2. **Run the Script**
-   Execute the script to start the AWS SSO login process and run Prowler.
-
-   ```bash
-   ./run_prowler_sso.sh
-   ```
-
-3. **Follow the Prompts**
-   - A browser window will open prompting you to authenticate via AWS SSO.
-   - Complete the authentication process in the browser.
-   - Upon successful login, the script will extract temporary credentials and run Prowler.
-
-4. **Review Prowler Output**
-   - Prowler will analyze your AWS environment based on the specified checks and output the results directly in the terminal.
-
-## Troubleshooting
-
-If you encounter issues during the script execution, follow these steps to diagnose and resolve them.
-
-### 1. Verify AWS CLI Version
-
-Ensure you are using AWS CLI version 2 or later.
-
-```bash
-aws --version
-```
-
-**Expected Output:**
-```
-aws-cli/2.11.10 Python/3.9.12 Darwin/20.3.0 exe/x86_64 prompt/off
-```
-
-If you are not using version 2, [install or update AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html).
-
-### 2. Confirm AWS SSO Profile Configuration
-
-Check that the `twodragon` profile is correctly configured.
-
-```bash
-aws configure list-profiles
-```
-
-**Expected Output:**
-```
-default
-twodragon
-```
-
-Review the profile details:
-
-```bash
-aws configure get sso_start_url --profile twodragon
-aws configure get sso_region --profile twodragon
-aws configure get sso_account_id --profile twodragon
-aws configure get sso_role_name --profile twodragon
-```
-
-Ensure all fields return the correct values.
-
-### 3. Check SSO Cache File
-
-Ensure that the SSO cache file contains a valid `accessToken`.
-
-```bash
-cat ~/.aws/sso/cache/*.json
-```
-
-**Example Content:**
-```json
-{
-  "accessToken": "eyJz93a...k4laUWw",
-  "expiresAt": "2024-12-22T14:07:55Z",
-  "clientId": "example-client-id",
-  "clientSecret": "example-client-secret",
-  "startUrl": "https://twodragon.awsapps.com/start#"
-}
-```
-
-If `accessToken` is `null` or missing, retry the AWS SSO login:
-
-```bash
-aws sso login --profile twodragon
-```
-
-### 4. Validate `jq` Installation
-
-Ensure that `jq` is installed and functioning correctly.
-
-```bash
-jq --version
-```
-
-**Expected Output:**
-```
-jq-1.6
-```
-
-If `jq` is not installed, install it using the instructions in the [Prerequisites](#prerequisites) section.
-
-### 5. Test Docker Environment Variables
-
-Verify that the Docker container receives the AWS credentials correctly.
-
-```bash
-docker run --platform linux/amd64 \
-    -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-    -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-    -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
-    toniblyx/prowler /bin/bash -c 'echo $AWS_ACCESS_KEY_ID; echo $AWS_SECRET_ACCESS_KEY; echo $AWS_SESSION_TOKEN'
-```
-
-**Expected Output:**
-```
-ASIA...
-wJalrFEMI/K7MDENG/bPxRfiCY...
-IQoJb3JpZ2luX2VjEHwaCXVz...
-```
-
-Ensure that none of the environment variables are empty.
-
-### 6. Review Script Output
-
-Run the script with debugging enabled to get detailed output.
-
-1. **Enable Debugging in Script**
-   Add `set -x` for verbose output.
-
-   ```bash
-   #!/bin/bash
-   set -e
-   set -x
-   # ... rest of the script ...
-   ```
-
-2. **Run the Script**
-
-   ```bash
-   ./run_prowler_sso.sh
-   ```
-
-3. **Analyze Output**
-   Look for any errors or unexpected values in the output to identify where the script is failing.
-
-## Customization
-
-You can modify the script to suit your specific needs, such as:
-
- **Changing the AWS Profile Name:**
-  Update the `PROFILE` variable at the top of the script.
-
-  ```bash
-  PROFILE="your-profile-name"
-  ```
-
- **Adding Prowler Options:**
-  Pass additional options to Prowler for customized checks or output formats.
-
-  ```bash
-  docker run --platform linux/amd64 \
-      -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
-      -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \
-      -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN \
-      toniblyx/prowler -c check123 -M json
-  ```
-
-## Security Considerations
-
- **Handle Credentials Securely:**
-  - Avoid sharing or exposing your AWS credentials.
-  - Do not include sensitive information in logs or version control.
-
- **Script Permissions:**
-  - Ensure the script file has appropriate permissions to prevent unauthorized access.
-
-    ```bash
-    chmod 700 run_prowler_sso.sh
-    ```
-
- **Environment Variables:**
-  - Be cautious when exporting credentials as environment variables.
-  - Consider using more secure methods for credential management if necessary.
-
-## License
-
-This project is licensed under the [MIT License](LICENSE).
--- a/contrib/aws/aws-sso-docker/run_prowler_sso.sh
+++ b/contrib/aws/aws-sso-docker/run_prowler_sso.sh
@@ -1,136 +0,0 @@
-#!/bin/bash
-set -e
-
-# Set the profile name
-PROFILE="twodragon"
-
-# Set the Prowler output directory
-OUTPUT_DIR=~/prowler-output
-mkdir -p "$OUTPUT_DIR"
-
-# Set the port for the local web server
-WEB_SERVER_PORT=8000
-
-# ----------------------------------------------
-# Functions
-# ----------------------------------------------
-
-# Function to open the HTML report in the default browser
-open_report() {
-    local report_path="$1"
-
-    if [[ "$OSTYPE" == "darwin"* ]]; then
-        open "$report_path"
-    elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
-        xdg-open "$report_path"
-    elif [[ "$OSTYPE" == "msys" ]]; then
-        start "" "$report_path"
-    else
-        echo "Automatic method to open Prowler HTML report is not supported on this OS."
-        echo "Please open the report manually at: $report_path"
-    fi
-}
-
-# Function to start a simple HTTP server to host the Prowler reports
-start_web_server() {
-    local directory="$1"
-    local port="$2"
-
-    echo "Starting local web server to host Prowler reports at http://localhost:$port"
-    echo "Press Ctrl+C to stop the web server."
-
-    # Change to the output directory
-    cd "$directory"
-
-    # Start the HTTP server in the foreground
-    # Python 3 is required
-    python3 -m http.server "$port"
-}
-
-# ----------------------------------------------
-# Main Script
-# ----------------------------------------------
-
-# AWS SSO Login
-echo "Logging into AWS SSO..."
-aws sso login --profile "$PROFILE"
-
-# Extract temporary credentials
-echo "Extracting temporary credentials..."
-
-# Find the most recently modified SSO cache file
-CACHE_FILE=$(ls -t ~/.aws/sso/cache/*.json 2>/dev/null | head -n 1)
-echo "Cache File: $CACHE_FILE"
-
-if [ -z "$CACHE_FILE" ]; then
-    echo "SSO cache file not found. Please ensure AWS SSO login was successful."
-    exit 1
-fi
-
-# Extract accessToken using jq
-ACCESS_TOKEN=$(jq -r '.accessToken' "$CACHE_FILE")
-echo "Access Token: $ACCESS_TOKEN"
-
-if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
-    echo "Unable to extract accessToken. Please check your SSO login and cache file."
-    exit 1
-fi
-
-# Extract role name and account ID from AWS CLI configuration
-ROLE_NAME=$(aws configure get sso_role_name --profile "$PROFILE")
-ACCOUNT_ID=$(aws configure get sso_account_id --profile "$PROFILE")
-echo "Role Name: $ROLE_NAME"
-echo "Account ID: $ACCOUNT_ID"
-
-if [ -z "$ROLE_NAME" ] || [ -z "$ACCOUNT_ID" ]; then
-    echo "Unable to extract sso_role_name or sso_account_id. Please check your profile configuration."
-    exit 1
-fi
-
-# Obtain temporary credentials using AWS SSO
-TEMP_CREDS=$(aws sso get-role-credentials \
-    --role-name "$ROLE_NAME" \
-    --account-id "$ACCOUNT_ID" \
-    --access-token "$ACCESS_TOKEN" \
-    --profile "$PROFILE")
-
-echo "TEMP_CREDS: $TEMP_CREDS"
-
-# Extract credentials from the JSON response
-AWS_ACCESS_KEY_ID=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.accessKeyId')
-AWS_SECRET_ACCESS_KEY=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.secretAccessKey')
-AWS_SESSION_TOKEN=$(echo "$TEMP_CREDS" | jq -r '.roleCredentials.sessionToken')
-
-# Verify that all credentials were extracted successfully
-if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ] || [ -z "$AWS_SESSION_TOKEN" ]; then
-    echo "Unable to extract temporary credentials."
-    exit 1
-fi
-
-# Export AWS credentials as environment variables
-export AWS_ACCESS_KEY_ID
-export AWS_SECRET_ACCESS_KEY
-export AWS_SESSION_TOKEN
-
-echo "AWS credentials have been set."
-
-# Run Prowler in Docker container
-echo "Running Prowler Docker container..."
-
-docker run --platform linux/amd64 \
-    -e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
-    -e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
-    -e AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \
-    -v "$OUTPUT_DIR":/home/prowler/output \
-    toniblyx/prowler -M html -M csv -M json-ocsf --output-directory /home/prowler/output --output-filename prowler-output
-
-echo "Prowler has finished running. Reports are saved in $OUTPUT_DIR."
-
-# Open the HTML report in the default browser
-REPORT_PATH="$OUTPUT_DIR/prowler-output.html"
-echo "Opening Prowler HTML report..."
-open_report "$REPORT_PATH" &
-
-# Start the local web server to host the Prowler dashboard
-# This will run in the foreground. To run it in the background, append an ampersand (&) at the end of the command.
-start_web_server "$OUTPUT_DIR" "$WEB_SERVER_PORT"
--- a/contrib/k8s/helm/prowler-api/.helmignore
+++ b/contrib/k8s/helm/prowler-api/.helmignore
--- a/contrib/k8s/helm/prowler-cli/Chart.yaml
+++ b/contrib/k8s/helm/prowler-cli/Chart.yaml
--- a/contrib/k8s/helm/prowler-cli/README.md
+++ b/contrib/k8s/helm/prowler-cli/README.md
--- a/contrib/k8s/helm/prowler-api/Chart.yaml
+++ b/contrib/k8s/helm/prowler-api/Chart.yaml
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: prowler-api
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "5.1.1"
--- a/contrib/k8s/helm/prowler-api/templates/NOTES.txt
+++ b/contrib/k8s/helm/prowler-api/templates/NOTES.txt
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prowler-api.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prowler-api.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prowler-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prowler-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/contrib/k8s/helm/prowler-api/templates/_helpers.tpl
+++ b/contrib/k8s/helm/prowler-api/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prowler-api.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prowler-api.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prowler-api.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "prowler-api.labels" -}}
-helm.sh/chart: {{ include "prowler-api.chart" . }}
-{{ include "prowler-api.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "prowler-api.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "prowler-api.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler-api.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "prowler-api.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-api/templates/configmap.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/configmap.yaml
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "prowler-api.fullname" . }}-config
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-data:
-  config.yaml: |-
-    {{- toYaml .Values.mainConfig | nindent 4 }}
--- a/contrib/k8s/helm/prowler-api/templates/deployment.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/deployment.yaml
@@ -1,85 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "prowler-api.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler-api.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler-api.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-      {{- range $name,$config := .Values.containers }}
-      {{- if $config.enabled }}
-        - name: {{ $name }}
-          securityContext:
-            {{- toYaml $config.securityContext | nindent 12 }}
-          image: "{{ $config.image.repository }}:{{ $config.image.tag | default $.Chart.AppVersion }}"
-          imagePullPolicy: {{ $config.image.pullPolicy }}
-          envFrom:
-            - secretRef:
-                name: {{ include "prowler-api.fullname" $ }}
-          command:
-            {{- toYaml $config.command | nindent 12 }}
-          {{- if $config.ports }}
-          ports:
-            {{- toYaml $config.ports | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            {{- toYaml $config.livenessProbe | nindent 12 }}
-          readinessProbe:
-            {{- toYaml $config.readinessProbe | nindent 12 }}
-          resources:
-            {{- toYaml $config.resources | nindent 12 }}
-          volumeMounts:
-            - name: {{ include "prowler-api.fullname" $ }}-config
-              mountPath: {{ $.Values.releaseConfigRoot }}{{ $.Values.releaseConfigPath }}
-              subPath: config.yaml
-          {{- with .volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- end }}
-      {{- end }}
-      volumes:
-        - name: {{ include "prowler-api.fullname" . }}-config
-          configMap:
-            name: {{ include "prowler-api.fullname" . }}-config
-      {{- with .Values.volumes }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/contrib/k8s/helm/prowler-api/templates/ingress.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/ingress.yaml
@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler-api.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-api/templates/secrets.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/secrets.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- range $k, $v := .Values.secrets }}
-  {{ $k }}: {{ $v | toString | b64enc | quote }}
-  {{- end }}
--- a/contrib/k8s/helm/prowler-api/templates/service.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/service.yaml
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler-api.fullname" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-  {{- range $name,$config := .Values.containers }}
-    {{- if $config.ports }}
-    {{- range $p := $config.ports }}
-    - port: {{ $p.containerPort }}
-      targetPort: {{ $p.containerPort }}
-      protocol: TCP
-      name: {{ $config.name }}
-    {{- end }}
-    {{- end }}
-  {{- end }}
-  selector:
-    {{- include "prowler-api.selectorLabels" . | nindent 4 }}
--- a/contrib/k8s/helm/prowler-api/templates/serviceaccount.yaml
+++ b/contrib/k8s/helm/prowler-api/templates/serviceaccount.yaml
@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler-api.serviceAccountName" . }}
-  labels:
-    {{- include "prowler-api.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-api/values.yaml
+++ b/contrib/k8s/helm/prowler-api/values.yaml
@@ -1,625 +0,0 @@
-# Default values for prowler-api.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-containers:
-  prowler-api:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    ports:
-      - name: http
-        containerPort: 8080
-        protocol: TCP
-    command: ["/home/prowler/docker-entrypoint.sh", "prod"]
-  worker:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    command: ["/home/prowler/docker-entrypoint.sh", "worker"]
-  worker-beat:
-    enabled: true
-    image:
-      repository: prowlercloud/prowler-api
-      pullPolicy: IfNotPresent
-    command: ["../docker-entrypoint.sh", "beat"]
-
-secrets:
-  POSTGRES_HOST:
-  POSTGRES_PORT: 5432
-  POSTGRES_ADMIN_USER:
-  POSTGRES_ADMIN_PASSWORD:
-  POSTGRES_USER:
-  POSTGRES_PASSWORD:
-  POSTGRES_DB:
-  # Valkey settings
-  VALKEY_HOST: valkey-headless
-  VALKEY_PORT: "6379"
-  VALKEY_DB: "0"
-  # Django settings
-  DJANGO_ALLOWED_HOSTS: localhost,127.0.0.1,prowler-api
-  DJANGO_BIND_ADDRESS: 0.0.0.0
-  DJANGO_PORT: "8080"
-  DJANGO_DEBUG: False
-  DJANGO_SETTINGS_MODULE: config.django.production
-  # Select one of [ndjson|human_readable]
-  DJANGO_LOGGING_FORMATTER: human_readable
-  # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
-  # Applies to both Django and Celery Workers
-  DJANGO_LOGGING_LEVEL: INFO
-  # Defaults to the maximum available based on CPU cores if not set.
-  DJANGO_WORKERS: 2
-  # Token lifetime is in minutes
-  DJANGO_ACCESS_TOKEN_LIFETIME: "30"
-  # Token lifetime is in minutes
-  DJANGO_REFRESH_TOKEN_LIFETIME: "1440"
-  DJANGO_CACHE_MAX_AGE: "3600"
-  DJANGO_STALE_WHILE_REVALIDATE: "60"
-  DJANGO_MANAGE_DB_PARTITIONS: "False"
-  # openssl genrsa -out private.pem 2048
-  DJANGO_TOKEN_SIGNING_KEY:
-  # openssl rsa -in private.pem -pubout -out public.pem
-  DJANGO_TOKEN_VERIFYING_KEY:
-  # openssl rand -base64 32
-  DJANGO_SECRETS_ENCRYPTION_KEY:
-  DJANGO_BROKER_VISIBILITY_TIMEOUT: 86400
-
-releaseConfigRoot: /home/prowler/.cache/pypoetry/virtualenvs/prowler-api-NnJNioq7-py3.12/lib/python3.12/site-packages/
-releaseConfigPath: prowler/config/config.yaml
-
-mainConfig:
-  # AWS Configuration
-  aws:
-    # AWS Global Configuration
-    # aws.mute_non_default_regions --> Set to True to muted failed findings in non-default regions for AccessAnalyzer, GuardDuty, SecurityHub, DRS and Config
-    mute_non_default_regions: False
-    # If you want to mute failed findings only in specific regions, create a file with the following syntax and run it with `prowler aws -w mutelist.yaml`:
-    # Mutelist:
-    #  Accounts:
-    #   "*":
-    #     Checks:
-    #       "*":
-    #         Regions:
-    #           - "ap-southeast-1"
-    #           - "ap-southeast-2"
-    #         Resources:
-    #           - "*"
-
-    # AWS IAM Configuration
-    # aws.iam_user_accesskey_unused --> CIS recommends 45 days
-    max_unused_access_keys_days: 45
-    # aws.iam_user_console_access_unused --> CIS recommends 45 days
-    max_console_access_days: 45
-
-    # AWS EC2 Configuration
-    # aws.ec2_elastic_ip_shodan
-    # TODO: create common config
-    shodan_api_key: null
-    # aws.ec2_securitygroup_with_many_ingress_egress_rules --> by default is 50 rules
-    max_security_group_rules: 50
-    # aws.ec2_instance_older_than_specific_days --> by default is 6 months (180 days)
-    max_ec2_instance_age_in_days: 180
-    # aws.ec2_securitygroup_allow_ingress_from_internet_to_any_port
-    # allowed network interface types for security groups open to the Internet
-    ec2_allowed_interface_types:
-      [
-          "api_gateway_managed",
-          "vpc_endpoint",
-      ]
-    # allowed network interface owners for security groups open to the Internet
-    ec2_allowed_instance_owners:
-      [
-          "amazon-elb"
-      ]
-    # aws.ec2_securitygroup_allow_ingress_from_internet_to_high_risk_tcp_ports
-    ec2_high_risk_ports:
-      [
-          25,
-          110,
-          135,
-          143,
-          445,
-          3000,
-          4333,
-          5000,
-          5500,
-          8080,
-          8088,
-      ]
-
-    # AWS ECS Configuration
-    # aws.ecs_service_fargate_latest_platform_version
-    fargate_linux_latest_version: "1.4.0"
-    fargate_windows_latest_version: "1.0.0"
-
-    # AWS VPC Configuration (vpc_endpoint_connections_trust_boundaries, vpc_endpoint_services_allowed_principals_trust_boundaries)
-    # AWS SSM Configuration (aws.ssm_documents_set_as_public)
-    # Single account environment: No action required. The AWS account number will be automatically added by the checks.
-    # Multi account environment: Any additional trusted account number should be added as a space separated list, e.g.
-    # trusted_account_ids : ["123456789012", "098765432109", "678901234567"]
-    trusted_account_ids: []
-
-    # AWS Cloudwatch Configuration
-    # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days
-    log_group_retention_days: 365
-
-    # AWS CloudFormation Configuration
-    # cloudformation_stack_cdktoolkit_bootstrap_version --> by default is 21
-    recommended_cdk_bootstrap_version: 21
-
-    # AWS AppStream Session Configuration
-    # aws.appstream_fleet_session_idle_disconnect_timeout
-    max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes
-    # aws.appstream_fleet_session_disconnect_timeout
-    max_disconnect_timeout_in_seconds: 300 # 5 Minutes
-    # aws.appstream_fleet_maximum_session_duration
-    max_session_duration_seconds: 36000 # 10 Hours
-
-    # AWS Lambda Configuration
-    # aws.awslambda_function_using_supported_runtimes
-    obsolete_lambda_runtimes:
-      [
-        "java8",
-        "go1.x",
-        "provided",
-        "python3.6",
-        "python2.7",
-        "python3.7",
-        "nodejs4.3",
-        "nodejs4.3-edge",
-        "nodejs6.10",
-        "nodejs",
-        "nodejs8.10",
-        "nodejs10.x",
-        "nodejs12.x",
-        "nodejs14.x",
-        "nodejs16.x",
-        "dotnet5.0",
-        "dotnet7",
-        "dotnetcore1.0",
-        "dotnetcore2.0",
-        "dotnetcore2.1",
-        "dotnetcore3.1",
-        "ruby2.5",
-        "ruby2.7",
-      ]
-    # aws.awslambda_function_vpc_is_in_multi_azs
-    lambda_min_azs: 2
-
-    # AWS Organizations
-    # aws.organizations_scp_check_deny_regions
-    # aws.organizations_enabled_regions: [
-    #   "eu-central-1",
-    #   "eu-west-1",
-    #   "us-east-1"
-    # ]
-    organizations_enabled_regions: []
-    organizations_trusted_delegated_administrators: []
-
-    # AWS ECR
-    # aws.ecr_repositories_scan_vulnerabilities_in_latest_image
-    # CRITICAL
-    # HIGH
-    # MEDIUM
-    ecr_repository_vulnerability_minimum_severity: "MEDIUM"
-
-    # AWS Trusted Advisor
-    # aws.trustedadvisor_premium_support_plan_subscribed
-    verify_premium_support_plans: True
-
-    # AWS CloudTrail Configuration
-    # aws.cloudtrail_threat_detection_privilege_escalation
-    threat_detection_privilege_escalation_threshold: 0.2 # Percentage of actions found to decide if it is an privilege_escalation attack event, by default is 0.2 (20%)
-    threat_detection_privilege_escalation_minutes: 1440 # Past minutes to search from now for privilege_escalation attacks, by default is 1440 minutes (24 hours)
-    threat_detection_privilege_escalation_actions:
-      [
-        "AddPermission",
-        "AddRoleToInstanceProfile",
-        "AddUserToGroup",
-        "AssociateAccessPolicy",
-        "AssumeRole",
-        "AttachGroupPolicy",
-        "AttachRolePolicy",
-        "AttachUserPolicy",
-        "ChangePassword",
-        "CreateAccessEntry",
-        "CreateAccessKey",
-        "CreateDevEndpoint",
-        "CreateEventSourceMapping",
-        "CreateFunction",
-        "CreateGroup",
-        "CreateJob",
-        "CreateKeyPair",
-        "CreateLoginProfile",
-        "CreatePipeline",
-        "CreatePolicyVersion",
-        "CreateRole",
-        "CreateStack",
-        "DeleteRolePermissionsBoundary",
-        "DeleteRolePolicy",
-        "DeleteUserPermissionsBoundary",
-        "DeleteUserPolicy",
-        "DetachRolePolicy",
-        "DetachUserPolicy",
-        "GetCredentialsForIdentity",
-        "GetId",
-        "GetPolicyVersion",
-        "GetUserPolicy",
-        "Invoke",
-        "ModifyInstanceAttribute",
-        "PassRole",
-        "PutGroupPolicy",
-        "PutPipelineDefinition",
-        "PutRolePermissionsBoundary",
-        "PutRolePolicy",
-        "PutUserPermissionsBoundary",
-        "PutUserPolicy",
-        "ReplaceIamInstanceProfileAssociation",
-        "RunInstances",
-        "SetDefaultPolicyVersion",
-        "UpdateAccessKey",
-        "UpdateAssumeRolePolicy",
-        "UpdateDevEndpoint",
-        "UpdateEventSourceMapping",
-        "UpdateFunctionCode",
-        "UpdateJob",
-        "UpdateLoginProfile",
-      ]
-    # aws.cloudtrail_threat_detection_enumeration
-    threat_detection_enumeration_threshold: 0.3 # Percentage of actions found to decide if it is an enumeration attack event, by default is 0.3 (30%)
-    threat_detection_enumeration_minutes: 1440 # Past minutes to search from now for enumeration attacks, by default is 1440 minutes (24 hours)
-    threat_detection_enumeration_actions:
-      [
-        "DescribeAccessEntry",
-        "DescribeAccountAttributes",
-        "DescribeAvailabilityZones",
-        "DescribeBundleTasks",
-        "DescribeCarrierGateways",
-        "DescribeClientVpnRoutes",
-        "DescribeCluster",
-        "DescribeDhcpOptions",
-        "DescribeFlowLogs",
-        "DescribeImages",
-        "DescribeInstanceAttribute",
-        "DescribeInstanceInformation",
-        "DescribeInstanceTypes",
-        "DescribeInstances",
-        "DescribeInstances",
-        "DescribeKeyPairs",
-        "DescribeLogGroups",
-        "DescribeLogStreams",
-        "DescribeOrganization",
-        "DescribeRegions",
-        "DescribeSecurityGroups",
-        "DescribeSnapshotAttribute",
-        "DescribeSnapshotTierStatus",
-        "DescribeSubscriptionFilters",
-        "DescribeTransitGatewayMulticastDomains",
-        "DescribeVolumes",
-        "DescribeVolumesModifications",
-        "DescribeVpcEndpointConnectionNotifications",
-        "DescribeVpcs",
-        "GetAccount",
-        "GetAccountAuthorizationDetails",
-        "GetAccountSendingEnabled",
-        "GetBucketAcl",
-        "GetBucketLogging",
-        "GetBucketPolicy",
-        "GetBucketReplication",
-        "GetBucketVersioning",
-        "GetCallerIdentity",
-        "GetCertificate",
-        "GetConsoleScreenshot",
-        "GetCostAndUsage",
-        "GetDetector",
-        "GetEbsDefaultKmsKeyId",
-        "GetEbsEncryptionByDefault",
-        "GetFindings",
-        "GetFlowLogsIntegrationTemplate",
-        "GetIdentityVerificationAttributes",
-        "GetInstances",
-        "GetIntrospectionSchema",
-        "GetLaunchTemplateData",
-        "GetLaunchTemplateData",
-        "GetLogRecord",
-        "GetParameters",
-        "GetPolicyVersion",
-        "GetPublicAccessBlock",
-        "GetQueryResults",
-        "GetRegions",
-        "GetSMSAttributes",
-        "GetSMSSandboxAccountStatus",
-        "GetSendQuota",
-        "GetTransitGatewayRouteTableAssociations",
-        "GetUserPolicy",
-        "HeadObject",
-        "ListAccessKeys",
-        "ListAccounts",
-        "ListAllMyBuckets",
-        "ListAssociatedAccessPolicies",
-        "ListAttachedUserPolicies",
-        "ListClusters",
-        "ListDetectors",
-        "ListDomains",
-        "ListFindings",
-        "ListHostedZones",
-        "ListIPSets",
-        "ListIdentities",
-        "ListInstanceProfiles",
-        "ListObjects",
-        "ListOrganizationalUnitsForParent",
-        "ListOriginationNumbers",
-        "ListPolicyVersions",
-        "ListRoles",
-        "ListRoles",
-        "ListRules",
-        "ListServiceQuotas",
-        "ListSubscriptions",
-        "ListTargetsByRule",
-        "ListTopics",
-        "ListUsers",
-        "LookupEvents",
-        "Search",
-      ]
-    # aws.cloudtrail_threat_detection_llm_jacking
-    threat_detection_llm_jacking_threshold: 0.4 # Percentage of actions found to decide if it is an LLM Jacking attack event, by default is 0.4 (40%)
-    threat_detection_llm_jacking_minutes: 1440 # Past minutes to search from now for LLM Jacking attacks, by default is 1440 minutes (24 hours)
-    threat_detection_llm_jacking_actions:
-      [
-      "PutUseCaseForModelAccess",  # Submits a use case for model access, providing justification (Write).
-      "PutFoundationModelEntitlement",  # Grants entitlement for accessing a foundation model (Write).
-      "PutModelInvocationLoggingConfiguration", # Configures logging for model invocations (Write).
-      "CreateFoundationModelAgreement",  # Creates a new agreement to use a foundation model (Write).
-      "InvokeModel",  # Invokes a specified Bedrock model for inference using provided prompt and parameters (Read).
-      "InvokeModelWithResponseStream",  # Invokes a Bedrock model for inference with real-time token streaming (Read).
-      "GetUseCaseForModelAccess",  # Retrieves an existing use case for model access (Read).
-      "GetModelInvocationLoggingConfiguration",  # Fetches the logging configuration for model invocations (Read).
-      "GetFoundationModelAvailability",  # Checks the availability of a foundation model for use (Read).
-      "ListFoundationModelAgreementOffers",  # Lists available agreement offers for accessing foundation models (List).
-      "ListFoundationModels",  # Lists the available foundation models in Bedrock (List).
-      "ListProvisionedModelThroughputs",  # Lists the provisioned throughput for previously created models (List).
-      ]
-
-    # AWS RDS Configuration
-    # aws.rds_instance_backup_enabled
-    # Whether to check RDS instance replicas or not
-    check_rds_instance_replicas: False
-
-    # AWS ACM Configuration
-    # aws.acm_certificates_expiration_check
-    days_to_expire_threshold: 7
-    # aws.acm_certificates_with_secure_key_algorithms
-    insecure_key_algorithms:
-      [
-        "RSA-1024",
-        "P-192",
-        "SHA-1",
-      ]
-
-    # AWS EKS Configuration
-    # aws.eks_control_plane_logging_all_types_enabled
-    # EKS control plane logging types that must be enabled
-    eks_required_log_types:
-      [
-        "api",
-        "audit",
-        "authenticator",
-        "controllerManager",
-        "scheduler",
-      ]
-
-    # aws.eks_cluster_uses_a_supported_version
-    # EKS clusters must be version 1.28 or higher
-    eks_cluster_oldest_version_supported: "1.28"
-
-    # AWS CodeBuild Configuration
-    # aws.codebuild_project_no_secrets_in_variables
-    # CodeBuild sensitive variables that are excluded from the check
-    excluded_sensitive_environment_variables:
-      [
-
-      ]
-
-    # AWS ELB Configuration
-    # aws.elb_is_in_multiple_az
-    # Minimum number of Availability Zones that an CLB must be in
-    elb_min_azs: 2
-
-    # AWS ELBv2 Configuration
-    # aws.elbv2_is_in_multiple_az
-    # Minimum number of Availability Zones that an ELBv2 must be in
-    elbv2_min_azs: 2
-
-
-    # AWS Secrets Configuration
-    # Patterns to ignore in the secrets checks
-    secrets_ignore_patterns: []
-
-    # AWS Secrets Manager Configuration
-    # aws.secretsmanager_secret_unused
-    # Maximum number of days a secret can be unused
-    max_days_secret_unused: 90
-
-    # aws.secretsmanager_secret_rotated_periodically
-    # Maximum number of days a secret should be rotated
-    max_days_secret_unrotated: 90
-
-    # AWS Kinesis Configuration
-    # Minimum retention period in hours for Kinesis streams
-    min_kinesis_stream_retention_hours: 168 # 7 days
-
-
-  # Azure Configuration
-  azure:
-    # Azure Network Configuration
-    # azure.network_public_ip_shodan
-    # TODO: create common config
-    shodan_api_key: null
-
-    # Azure App Service
-    # azure.app_ensure_php_version_is_latest
-    php_latest_version: "8.2"
-    # azure.app_ensure_python_version_is_latest
-    python_latest_version: "3.12"
-    # azure.app_ensure_java_version_is_latest
-    java_latest_version: "17"
-
-    # Azure SQL Server
-    # azure.sqlserver_minimal_tls_version
-    recommended_minimal_tls_versions:
-      [
-        "1.2",
-        "1.3",
-      ]
-
-  # GCP Configuration
-  gcp:
-    # GCP Compute Configuration
-    # gcp.compute_public_address_shodan
-    shodan_api_key: null
-
-  # Kubernetes Configuration
-  kubernetes:
-    # Kubernetes API Server
-    # kubernetes.apiserver_audit_log_maxbackup_set
-    audit_log_maxbackup: 10
-    # kubernetes.apiserver_audit_log_maxsize_set
-    audit_log_maxsize: 100
-    # kubernetes.apiserver_audit_log_maxage_set
-    audit_log_maxage: 30
-    # kubernetes.apiserver_strong_ciphers_only
-    apiserver_strong_ciphers:
-      [
-        "TLS_AES_128_GCM_SHA256",
-        "TLS_AES_256_GCM_SHA384",
-        "TLS_CHACHA20_POLY1305_SHA256",
-      ]
-    # Kubelet
-    # kubernetes.kubelet_strong_ciphers_only
-    kubelet_strong_ciphers:
-      [
-        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
-        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        "TLS_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_RSA_WITH_AES_128_GCM_SHA256",
-      ]
-
-
-# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-#This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 80
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-
-#This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
--- a/contrib/k8s/helm/prowler-cli/.helmignore
+++ b/contrib/k8s/helm/prowler-cli/.helmignore
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
--- a/contrib/k8s/helm/prowler-ui/.helmignore
+++ b/contrib/k8s/helm/prowler-ui/.helmignore
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
--- a/contrib/k8s/helm/prowler-ui/Chart.yaml
+++ b/contrib/k8s/helm/prowler-ui/Chart.yaml
@@ -1,6 +0,0 @@
-apiVersion: v2
-name: prowler-ui
-description: A Helm chart for Kubernetes
-type: application
-version: 0.1.0
-appVersion: "5.1.1"
--- a/contrib/k8s/helm/prowler-ui/templates/NOTES.txt
+++ b/contrib/k8s/helm/prowler-ui/templates/NOTES.txt
@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prowler-ui.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "prowler-ui.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prowler-ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "prowler-ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
--- a/contrib/k8s/helm/prowler-ui/templates/_helpers.tpl
+++ b/contrib/k8s/helm/prowler-ui/templates/_helpers.tpl
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prowler-ui.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prowler-ui.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prowler-ui.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "prowler-ui.labels" -}}
-helm.sh/chart: {{ include "prowler-ui.chart" . }}
-{{ include "prowler-ui.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "prowler-ui.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "prowler-ui.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler-ui.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "prowler-ui.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-ui/templates/deployment.yaml
+++ b/contrib/k8s/helm/prowler-ui/templates/deployment.yaml
@@ -1,72 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "prowler-ui.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler-ui.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler-ui.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-            - secretRef:
-                name: {{ include "prowler-ui.fullname" $ }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          livenessProbe:
-            {{- toYaml .Values.livenessProbe | nindent 12 }}
-          readinessProbe:
-            {{- toYaml .Values.readinessProbe | nindent 12 }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
--- a/contrib/k8s/helm/prowler-ui/templates/ingress.yaml
+++ b/contrib/k8s/helm/prowler-ui/templates/ingress.yaml
@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler-ui.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-ui/templates/secrets.yaml
+++ b/contrib/k8s/helm/prowler-ui/templates/secrets.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- range $k, $v := .Values.secrets }}
-  {{ $k }}: {{ $v | toString | b64enc | quote }}
-  {{- end }}
--- a/contrib/k8s/helm/prowler-ui/templates/service.yaml
+++ b/contrib/k8s/helm/prowler-ui/templates/service.yaml
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler-ui.fullname" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "prowler-ui.selectorLabels" . | nindent 4 }}
--- a/contrib/k8s/helm/prowler-ui/templates/serviceaccount.yaml
+++ b/contrib/k8s/helm/prowler-ui/templates/serviceaccount.yaml
@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler-ui.serviceAccountName" . }}
-  labels:
-    {{- include "prowler-ui.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}
--- a/contrib/k8s/helm/prowler-ui/values.yaml
+++ b/contrib/k8s/helm/prowler-ui/values.yaml
@@ -1,132 +0,0 @@
-# Default values for prowler-ui.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-image:
-  repository: prowlercloud/prowler-ui
-  # This sets the pull policy for images.
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-secrets:
-  SITE_URL: http://localhost:3000
-  API_BASE_URL: http://prowler-api:8080/api/v1
-  NEXT_PUBLIC_API_DOCS_URL: http://prowler-api:8080/api/v1/docs
-  AUTH_TRUST_HOST: True
-  UI_PORT: 3000
-  # openssl rand -base64 32
-  AUTH_SECRET:
-
-#This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 3000
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: chart-example.local
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-
-#This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
--- a/contrib/k8s/helm/prowler-cli/templates/cluster-role.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/cluster-role.yaml
--- a/contrib/k8s/helm/prowler-cli/templates/cm.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/cm.yaml
--- a/contrib/k8s/helm/prowler-cli/templates/job.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/job.yaml
@@ -39,3 +39,4 @@ spec:
                path: {{ $value }}
            {{- end }}
          {{- end }}
+
--- a/contrib/k8s/helm/prowler-cli/templates/namespace.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/namespace.yaml
--- a/contrib/k8s/helm/prowler-cli/templates/role-binding.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/role-binding.yaml
--- a/contrib/k8s/helm/prowler-cli/templates/sa.yaml
+++ b/contrib/k8s/helm/prowler-cli/templates/sa.yaml
--- a/contrib/k8s/helm/prowler-cli/values.yaml
+++ b/contrib/k8s/helm/prowler-cli/values.yaml
--- a/dashboard/compliance/cis_1_10_kubernetes.py
+++ b/dashboard/compliance/cis_1_10_kubernetes.py
@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
--- a/dashboard/compliance/cis_3_0_azure.py
+++ b/dashboard/compliance/cis_3_0_azure.py
@@ -1,25 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
--- a/dashboard/compliance/cis_3_0_gcp.py
+++ b/dashboard/compliance/cis_3_0_gcp.py
@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
  api:
    hostname: "prowler-api"
-    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-stable}
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
    env_file:
      - path: .env
        required: false
@@ -17,7 +17,7 @@ services:
      - "prod"

  ui:
-    image: prowlercloud/prowler-ui:${PROWLER_UI_VERSION:-stable}
+    image: prowlercloud/prowler-ui:${PROWLER_UI_VERSION:-latest}
    env_file:
      - path: .env
        required: false
@@ -61,7 +61,7 @@ services:
      retries: 3

  worker:
-    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-stable}
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
    env_file:
      - path: .env
        required: false
@@ -75,7 +75,7 @@ services:
      - "worker"

  worker-beat:
-    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-stable}
+    image: prowlercloud/prowler-api:${PROWLER_API_VERSION:-latest}
    env_file:
      - path: ./.env
        required: false
--- a/docs/developer-guide/checks.md
+++ b/docs/developer-guide/checks.md
@@ -279,9 +279,6 @@ Each Prowler check has metadata associated which is stored at the same level of
  "Severity": "critical",
  # ResourceType only for AWS, holds the type from here
  # https://docs.aws.amazon.com/securityhub/latest/userguide/asff-resources.html
-  # In case of not existing, use CloudFormation type but removing the "::" and using capital letters only at the beginning of each word. Example: "AWS::EC2::Instance" -> "AwsEc2Instance"
-  # CloudFormation type reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
-  # If the resource type does not exist in the CloudFormation types, use "Other".
  "ResourceType": "Other",
  # Description holds the title of the check, for now is the same as CheckTitle
  "Description": "Ensure there are no EC2 AMIs set as Public.",
--- a/docs/developer-guide/integrations.md
+++ b/docs/developer-guide/integrations.md
@@ -1,336 +1,3 @@
-# Creating a New Integration
+# Create a new integration

-## Introduction
-
-Integrating Prowler with external tools enhances its functionality and seamlessly embeds it into your workflows. Prowler supports a wide range of integrations to streamline security assessments and reporting. Common integration targets include messaging platforms like Slack, project management tools like Jira, and cloud services such as AWS Security Hub.
-
-* Consult the [Prowler Developer Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/) to understand how Prowler works and the way that you can integrate it with the desired product!
-* Identify the best approach for the specific platform you’re targeting.
-
-## Steps to Create an Integration
-
-### Identify the Integration Purpose
-
-* Clearly define the objective of the integration. For example:
-    * Sending Prowler findings to a platform for alerts, tracking, or further analysis.
-    * Review existing integrations in the [`prowler/lib/outputs`](https://github.com/prowler-cloud/prowler/tree/master/prowler/lib/outputs) folder for inspiration and implementation examples.
-
-### Develop the Integration
-
-* Script Development:
-    * Write a script to process Prowler’s output and interact with the target platform’s API.
-    * For example, to send findings, parse Prowler’s results and use the platform’s API to create entries or notifications.
-* Configuration:
-    * Ensure your script includes configurable options for environment-specific settings, such as API endpoints and authentication tokens.
-
-### Fundamental Structure
-
-* Integration Class:
-    * Create a class that encapsulates attributes and methods for the integration.
-    Here is an example with Jira integration:
-    ```python title="Jira Class"
-    class Jira:
-    """
-    Jira class to interact with the Jira API
-
-    [Note]
-    This integration is limited to a single Jira Cloud, therefore all the issues will be created for same Jira Cloud ID. We will need to work on the ability of providing a Jira Cloud ID if the user is present in more than one.
-
-    Attributes:
-        - _redirect_uri: The redirect URI
-        - _client_id: The client ID
-        - _client_secret: The client secret
-        - _access_token: The access token
-        - _refresh_token: The refresh token
-        - _expiration_date: The authentication expiration
-        - _cloud_id: The cloud ID
-        - _scopes: The scopes needed to authenticate, read:jira-user read:jira-work write:jira-work
-        - AUTH_URL: The URL to authenticate with Jira
-        - PARAMS_TEMPLATE: The template for the parameters to authenticate with Jira
-        - TOKEN_URL: The URL to get the access token from Jira
-        - API_TOKEN_URL: The URL to get the accessible resources from Jira
-
-    Methods:
-        - __init__: Initialize the Jira object
-        - input_authorization_code: Input the authorization code
-        - auth_code_url: Generate the URL to authorize the application
-        - get_auth: Get the access token and refresh token
-        - get_cloud_id: Get the cloud ID from Jira
-        - get_access_token: Get the access token
-        - refresh_access_token: Refresh the access token from Jira
-        - test_connection: Test the connection to Jira and return a Connection object
-        - get_projects: Get the projects from Jira
-        - get_available_issue_types: Get the available issue types for a project
-        - send_findings: Send the findings to Jira and create an issue
-
-    Raises:
-        - JiraGetAuthResponseError: Failed to get the access token and refresh token
-        - JiraGetCloudIDNoResourcesError: No resources were found in Jira when getting the cloud id
-        - JiraGetCloudIDResponseError: Failed to get the cloud ID, response code did not match 200
-        - JiraGetCloudIDError: Failed to get the cloud ID from Jira
-        - JiraAuthenticationError: Failed to authenticate
-        - JiraRefreshTokenError: Failed to refresh the access token
-        - JiraRefreshTokenResponseError: Failed to refresh the access token, response code did not match 200
-        - JiraGetAccessTokenError: Failed to get the access token
-        - JiraNoProjectsError: No projects found in Jira
-        - JiraGetProjectsError: Failed to get projects from Jira
-        - JiraGetProjectsResponseError: Failed to get projects from Jira, response code did not match 200
-        - JiraInvalidIssueTypeError: The issue type is invalid
-        - JiraGetAvailableIssueTypesError: Failed to get available issue types from Jira
-        - JiraGetAvailableIssueTypesResponseError: Failed to get available issue types from Jira, response code did not match 200
-        - JiraCreateIssueError: Failed to create an issue in Jira
-        - JiraSendFindingsResponseError: Failed to send the findings to Jira
-        - JiraTestConnectionError: Failed to test the connection
-
-    Usage:
-        jira = Jira(
-            redirect_uri="http://localhost:8080",
-            client_id="client_id",
-            client_secret="client_secret
-        )
-        jira.send_findings(findings=findings, project_key="KEY")
-    """
-
-    _redirect_uri: str = None
-    _client_id: str = None
-    _client_secret: str = None
-    _access_token: str = None
-    _refresh_token: str = None
-    _expiration_date: int = None
-    _cloud_id: str = None
-    _scopes: list[str] = None
-    AUTH_URL = "https://auth.atlassian.com/authorize"
-    PARAMS_TEMPLATE = {
-        "audience": "api.atlassian.com",
-        "client_id": None,
-        "scope": None,
-        "redirect_uri": None,
-        "state": None,
-        "response_type": "code",
-        "prompt": "consent",
-    }
-    TOKEN_URL = "https://auth.atlassian.com/oauth/token"
-    API_TOKEN_URL = "https://api.atlassian.com/oauth/token/accessible-resources"
-
-    def __init__(
-        self,
-        redirect_uri: str = None,
-        client_id: str = None,
-        client_secret: str = None,
-    ):
-        self._redirect_uri = redirect_uri
-        self._client_id = client_id
-        self._client_secret = client_secret
-        self._scopes = ["read:jira-user", "read:jira-work", "write:jira-work"]
-        auth_url = self.auth_code_url()
-        authorization_code = self.input_authorization_code(auth_url)
-        self.get_auth(authorization_code)
-
-    # More properties and methods
-    ```
-* Test Connection Method:
-    * Implement a method to validate credentials or tokens, ensuring the connection to the target platform is successful.
-    The following is the code for the `test_connection` method for the `Jira` class:
-    ```python title="Test connection"
-    @staticmethod
-    def test_connection(
-        redirect_uri: str = None,
-        client_id: str = None,
-        client_secret: str = None,
-        raise_on_exception: bool = True,
-    ) -> Connection:
-        """Test the connection to Jira
-
-        Args:
-            - redirect_uri: The redirect URI
-            - client_id: The client ID
-            - client_secret: The client secret
-            - raise_on_exception: Whether to raise an exception or not
-
-        Returns:
-            - Connection: The connection object
-
-        Raises:
-            - JiraGetCloudIDNoResourcesError: No resources were found in Jira when getting the cloud id
-            - JiraGetCloudIDResponseError: Failed to get the cloud ID, response code did not match 200
-            - JiraGetCloudIDError: Failed to get the cloud ID from Jira
-            - JiraAuthenticationError: Failed to authenticate
-            - JiraTestConnectionError: Failed to test the connection
-        """
-        try:
-            jira = Jira(
-                redirect_uri=redirect_uri,
-                client_id=client_id,
-                client_secret=client_secret,
-            )
-            access_token = jira.get_access_token()
-
-            if not access_token:
-                return ValueError("Failed to get access token")
-
-            headers = {"Authorization": f"Bearer {access_token}"}
-            response = requests.get(
-                f"https://api.atlassian.com/ex/jira/{jira.cloud_id}/rest/api/3/myself",
-                headers=headers,
-            )
-
-            if response.status_code == 200:
-                return Connection(is_connected=True)
-            else:
-                return Connection(is_connected=False, error=response.json())
-        except JiraGetCloudIDNoResourcesError as no_resources_error:
-            logger.error(
-                f"{no_resources_error.__class__.__name__}[{no_resources_error.__traceback__.tb_lineno}]: {no_resources_error}"
-            )
-            if raise_on_exception:
-                raise no_resources_error
-            return Connection(error=no_resources_error)
-        except JiraGetCloudIDResponseError as response_error:
-            logger.error(
-                f"{response_error.__class__.__name__}[{response_error.__traceback__.tb_lineno}]: {response_error}"
-            )
-            if raise_on_exception:
-                raise response_error
-            return Connection(error=response_error)
-        except JiraGetCloudIDError as cloud_id_error:
-            logger.error(
-                f"{cloud_id_error.__class__.__name__}[{cloud_id_error.__traceback__.tb_lineno}]: {cloud_id_error}"
-            )
-            if raise_on_exception:
-                raise cloud_id_error
-            return Connection(error=cloud_id_error)
-        except JiraAuthenticationError as auth_error:
-            logger.error(
-                f"{auth_error.__class__.__name__}[{auth_error.__traceback__.tb_lineno}]: {auth_error}"
-            )
-            if raise_on_exception:
-                raise auth_error
-            return Connection(error=auth_error)
-        except Exception as error:
-            logger.error(f"Failed to test connection: {error}")
-            if raise_on_exception:
-                raise JiraTestConnectionError(
-                    message="Failed to test connection on the Jira integration",
-                    file=os.path.basename(__file__),
-                )
-            return Connection(is_connected=False, error=error)
-    ```
-* Send Findings Method:
-    * Add a method to send Prowler findings to the target platform, adhering to its API specifications.
-    The following is the code for the `send_findings` method for the `Jira` class:
-    ```python title="Send findings method"
-    def send_findings(
-        self,
-        findings: list[Finding] = None,
-        project_key: str = None,
-        issue_type: str = None,
-    ):
-        """
-        Send the findings to Jira
-
-        Args:
-            - findings: The findings to send
-            - project_key: The project key
-            - issue_type: The issue type
-
-        Raises:
-            - JiraRefreshTokenError: Failed to refresh the access token
-            - JiraRefreshTokenResponseError: Failed to refresh the access token, response code did not match 200
-            - JiraCreateIssueError: Failed to create an issue in Jira
-            - JiraSendFindingsResponseError: Failed to send the findings to Jira
-        """
-        try:
-            access_token = self.get_access_token()
-
-            if not access_token:
-                raise JiraNoTokenError(
-                    message="No token was found",
-                    file=os.path.basename(__file__),
-                )
-
-            projects = self.get_projects()
-
-            if project_key not in projects:
-                logger.error("The project key is invalid")
-                raise JiraInvalidProjectKeyError(
-                    message="The project key is invalid",
-                    file=os.path.basename(__file__),
-                )
-
-            available_issue_types = self.get_available_issue_types(project_key)
-
-            if issue_type not in available_issue_types:
-                logger.error("The issue type is invalid")
-                raise JiraInvalidIssueTypeError(
-                    message="The issue type is invalid", file=os.path.basename(__file__)
-                )
-            headers = {
-                "Authorization": f"Bearer {access_token}",
-                "Content-Type": "application/json",
-            }
-
-            for finding in findings:
-                status_color = self.get_color_from_status(finding.status.value)
-                adf_description = self.get_adf_description(
-                    check_id=finding.metadata.CheckID,
-                    check_title=finding.metadata.CheckTitle,
-                    severity=finding.metadata.Severity.value.upper(),
-                    status=finding.status.value,
-                    status_color=status_color,
-                    status_extended=finding.status_extended,
-                    provider=finding.metadata.Provider,
-                    region=finding.region,
-                    resource_uid=finding.resource_uid,
-                    resource_name=finding.resource_name,
-                    risk=finding.metadata.Risk,
-                    recommendation_text=finding.metadata.Remediation.Recommendation.Text,
-                    recommendation_url=finding.metadata.Remediation.Recommendation.Url,
-                )
-                payload = {
-                    "fields": {
-                        "project": {"key": project_key},
-                        "summary": f"[Prowler] {finding.metadata.Severity.value.upper()} - {finding.metadata.CheckID} - {finding.resource_uid}",
-                        "description": adf_description,
-                        "issuetype": {"name": issue_type},
-                    }
-                }
-
-                response = requests.post(
-                    f"https://api.atlassian.com/ex/jira/{self.cloud_id}/rest/api/3/issue",
-                    json=payload,
-                    headers=headers,
-                )
-
-                if response.status_code != 201:
-                    response_error = f"Failed to send finding: {response.status_code} - {response.json()}"
-                    logger.warning(response_error)
-                    raise JiraSendFindingsResponseError(
-                        message=response_error, file=os.path.basename(__file__)
-                    )
-                else:
-                    logger.info(f"Finding sent successfully: {response.json()}")
-        except JiraRefreshTokenError as refresh_error:
-            raise refresh_error
-        except JiraRefreshTokenResponseError as response_error:
-            raise response_error
-        except Exception as e:
-            logger.error(f"Failed to send findings: {e}")
-            raise JiraCreateIssueError(
-                message="Failed to create an issue in Jira",
-                file=os.path.basename(__file__),
-            )
-    ```
-
-### Testing
-
-* Test the integration in a controlled environment to confirm it behaves as expected.
-* Verify that Prowler’s findings are accurately transmitted and correctly processed by the target platform.
-* Simulate edge cases to ensure robust error handling.
-
-### Documentation
-
-* Provide clear, detailed documentation for your integration:
-    * Setup instructions, including any required dependencies.
-    * Configuration details, such as environment variables or authentication steps.
-    * Example use cases and troubleshooting tips.
-* Good documentation ensures maintainability and simplifies onboarding for team members.
+Coming soon ...
--- a/docs/developer-guide/outputs.md
+++ b/docs/developer-guide/outputs.md
@@ -1,166 +1,3 @@
-# Create a Custom Output Format
+# Create a custom output format

-## Introduction
-
-Prowler can generate outputs in multiple formats, allowing users to customize the way findings are presented. This is particularly useful when integrating Prowler with third-party tools, creating specialized reports, or simply tailoring the data to meet specific requirements. A custom output format gives you the flexibility to extract and display only the most relevant information in the way you need it.
-
-* Prowler organizes its outputs in the `/lib/outputs` directory. Each format (e.g., JSON, CSV, HTML) is implemented as a Python class.
-* Outputs are generated based on findings collected during a scan. Each finding is represented as a structured dictionary containing details like resource IDs, severities, descriptions, and more.
-* Consult the [Prowler Developer Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/) to understand how Prowler works and the way that you can create it with the desired output!
-* Identify the best approach for the specific output you’re targeting.
-
-## Steps to Create a Custom Output Format
-
-### Schema
-
-* Output Class:
-    * The class must inherit from `Output`. Review the [Output Class](https://github.com/prowler-cloud/prowler/blob/master/prowler/lib/outputs/output.py).
-    * Create a class that encapsulates attributes and methods for the output.
-    The following is the code for the `CSV` class:
-    ```python title="CSV Class"
-    class CSV(Output):
-        def transform(self, findings: List[Finding]) -> None:
-            """Transforms the findings into the CSV format.
-
-            Args:
-                findings (list[Finding]): a list of Finding objects
-
-            """
-        ...
-    ```
-* Transform Method:
-    * This method will transform the findings provided by Prowler to a specific format.
-    The following is the code for the `transform` method for the `CSV` class:
-    ```python title="Transform"
-    def transform(self, findings: List[Finding]) -> None:
-        """Transforms the findings into the CSV format.
-
-        Args:
-            findings (list[Finding]): a list of Finding objects
-
-        """
-        try:
-            for finding in findings:
-                finding_dict = {}
-                finding_dict["AUTH_METHOD"] = finding.auth_method
-                finding_dict["TIMESTAMP"] = finding.timestamp
-                finding_dict["ACCOUNT_UID"] = finding.account_uid
-                finding_dict["ACCOUNT_NAME"] = finding.account_name
-                finding_dict["ACCOUNT_EMAIL"] = finding.account_email
-                finding_dict["ACCOUNT_ORGANIZATION_UID"] = (
-                    finding.account_organization_uid
-                )
-                finding_dict["ACCOUNT_ORGANIZATION_NAME"] = (
-                    finding.account_organization_name
-                )
-                finding_dict["ACCOUNT_TAGS"] = unroll_dict(
-                    finding.account_tags, separator=":"
-                )
-                finding_dict["FINDING_UID"] = finding.uid
-                finding_dict["PROVIDER"] = finding.metadata.Provider
-                finding_dict["CHECK_ID"] = finding.metadata.CheckID
-                finding_dict["CHECK_TITLE"] = finding.metadata.CheckTitle
-                finding_dict["CHECK_TYPE"] = unroll_list(finding.metadata.CheckType)
-                finding_dict["STATUS"] = finding.status.value
-                finding_dict["STATUS_EXTENDED"] = finding.status_extended
-                finding_dict["MUTED"] = finding.muted
-                finding_dict["SERVICE_NAME"] = finding.metadata.ServiceName
-                finding_dict["SUBSERVICE_NAME"] = finding.metadata.SubServiceName
-                finding_dict["SEVERITY"] = finding.metadata.Severity.value
-                finding_dict["RESOURCE_TYPE"] = finding.metadata.ResourceType
-                finding_dict["RESOURCE_UID"] = finding.resource_uid
-                finding_dict["RESOURCE_NAME"] = finding.resource_name
-                finding_dict["RESOURCE_DETAILS"] = finding.resource_details
-                finding_dict["RESOURCE_TAGS"] = unroll_dict(finding.resource_tags)
-                finding_dict["PARTITION"] = finding.partition
-                finding_dict["REGION"] = finding.region
-                finding_dict["DESCRIPTION"] = finding.metadata.Description
-                finding_dict["RISK"] = finding.metadata.Risk
-                finding_dict["RELATED_URL"] = finding.metadata.RelatedUrl
-                finding_dict["REMEDIATION_RECOMMENDATION_TEXT"] = (
-                    finding.metadata.Remediation.Recommendation.Text
-                )
-                finding_dict["REMEDIATION_RECOMMENDATION_URL"] = (
-                    finding.metadata.Remediation.Recommendation.Url
-                )
-                finding_dict["REMEDIATION_CODE_NATIVEIAC"] = (
-                    finding.metadata.Remediation.Code.NativeIaC
-                )
-                finding_dict["REMEDIATION_CODE_TERRAFORM"] = (
-                    finding.metadata.Remediation.Code.Terraform
-                )
-                finding_dict["REMEDIATION_CODE_CLI"] = (
-                    finding.metadata.Remediation.Code.CLI
-                )
-                finding_dict["REMEDIATION_CODE_OTHER"] = (
-                    finding.metadata.Remediation.Code.Other
-                )
-                finding_dict["COMPLIANCE"] = unroll_dict(
-                    finding.compliance, separator=": "
-                )
-                finding_dict["CATEGORIES"] = unroll_list(finding.metadata.Categories)
-                finding_dict["DEPENDS_ON"] = unroll_list(finding.metadata.DependsOn)
-                finding_dict["RELATED_TO"] = unroll_list(finding.metadata.RelatedTo)
-                finding_dict["NOTES"] = finding.metadata.Notes
-                finding_dict["PROWLER_VERSION"] = finding.prowler_version
-                self._data.append(finding_dict)
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-    ```
-* Batch Write Data To File Method:
-    * This method will write the modeled object to a file.
-    The following is the code for the `batch_write_data_to_file` method for the `CSV` class:
-    ```python title="Batch Write Data To File"
-    def batch_write_data_to_file(self) -> None:
-        """Writes the findings to a file using the CSV format using the `Output._file_descriptor`."""
-        try:
-            if (
-                getattr(self, "_file_descriptor", None)
-                and not self._file_descriptor.closed
-                and self._data
-            ):
-                csv_writer = DictWriter(
-                    self._file_descriptor,
-                    fieldnames=self._data[0].keys(),
-                    delimiter=";",
-                )
-                csv_writer.writeheader()
-                for finding in self._data:
-                    csv_writer.writerow(finding)
-                self._file_descriptor.close()
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-    ```
-
-### Integration With The Current Code
-
-Once that the desired output format is created it has to be integrated with Prowler. Take a look at the the usage from the current supported output in order to add the new one.
-Here is an example of the CSV output creation inside [prowler code](https://github.com/prowler-cloud/prowler/blob/master/prowler/__main__.py):
-```python title="CSV creation"
-if mode == "csv":
-    csv_output = CSV(
-        findings=finding_outputs,
-        create_file_descriptor=True,
-        file_path=f"{filename}{csv_file_suffix}",
-    )
-    generated_outputs["regular"].append(csv_output)
-    # Write CSV Finding Object to file
-    csv_output.batch_write_data_to_file()
-```
-
-### Testing
-
-* Verify that Prowler’s findings are accurately writed in the desired output format.
-* Simulate edge cases to ensure robust error handling.
-
-### Documentation
-
-* Provide clear, detailed documentation for your output:
-    * Setup instructions, including any required dependencies.
-    * Configuration details.
-    * Example use cases and troubleshooting tips.
-* Good documentation ensures maintainability and simplifies onboarding for new users.
+Coming soon ...
--- a/docs/developer-guide/services.md
+++ b/docs/developer-guide/services.md
@@ -56,6 +56,7 @@ from prowler.providers.<provider>.lib.service.service import ServiceParentClass


 # Create a class for the Service
+################## <Service>
 class <Service>(ServiceParentClass):
    def __init__(self, provider):
        # Call Service Parent Class __init__
--- a/docs/developer-guide/unit-testing.md
+++ b/docs/developer-guide/unit-testing.md
@@ -51,14 +51,14 @@ For the AWS provider we have ways to test a Prowler check based on the following
    We use and contribute to the [Moto](https://github.com/getmoto/moto) library which allows us to easily mock out tests based on AWS infrastructure. **It's awesome!**

 - AWS API calls covered by [Moto](https://github.com/getmoto/moto):
-    - Service tests with `@mock_aws`
-    - Checks tests with `@mock_aws`
+    - Service tests with `@mock_<service>`
+    - Checks tests with `@mock_<service>`
 - AWS API calls not covered by Moto:
    - Service test with `mock_make_api_call`
    - Checks tests with [MagicMock](https://docs.python.org/3/library/unittest.mock.html#unittest.mock.MagicMock)
 - AWS API calls partially covered by Moto:
-    - Service test with `@mock_aws` and `mock_make_api_call`
-    - Checks tests with `@mock_aws` and `mock_make_api_call`
+    - Service test with `@mock_<service>` and `mock_make_api_call`
+    - Checks tests with `@mock_<service>` and `mock_make_api_call`

 In the following section we are going to explain all of the above scenarios with examples. The main difference between those scenarios comes from if the [Moto](https://github.com/getmoto/moto) library covers the AWS API calls made by the service. You can check the covered API calls [here](https://github.com/getmoto/moto/blob/master/IMPLEMENTATION_COVERAGE.md).

@@ -70,7 +70,7 @@ This section is going to be divided based on the API coverage of the [Moto](http

 #### API calls covered

-If the [Moto](https://github.com/getmoto/moto) library covers the API calls we want to test, we can use the `@mock_aws` decorator. This will mocked out all the API calls made to AWS keeping the state within the code decorated, in this case the test function.
+If the [Moto](https://github.com/getmoto/moto) library covers the API calls we want to test, we can use the `@mock_<service>` decorator. This will mocked out all the API calls made to AWS keeping the state within the code decorated, in this case the test function.

 ```python
 # We need to import the unittest.mock to allow us to patch some objects
@@ -80,8 +80,8 @@ from unittest import mock
 # Boto3 client and session to call the AWS APIs
 from boto3 import client, session

-# Moto decorator
-from moto import mock_aws
+# Moto decorator for the IAM service we want to mock
+from moto import mock_iam

 # Constants used
 AWS_ACCOUNT_NUMBER = "123456789012"
@@ -91,8 +91,10 @@ AWS_REGION = "us-east-1"
 # We always name the test classes like Test_<check_name>
 class Test_iam_password_policy_uppercase:

-  # We include the Moto decorator
-  @mock_aws
+  # We include the Moto decorator for the service we want to use
+  # You can include more than one if two or more services are
+  # involved in test
+  @mock_iam
  # We name the tests with test_<service>_<check_name>_<test_action>
  def test_iam_password_policy_no_uppercase_flag(self):
    # First, we have to create an IAM client
@@ -236,7 +238,7 @@ To do so, you need to mock the `botocore.client.BaseClient._make_api_call` funct
 import boto3
 import botocore
 from unittest.mock import patch
-from moto import mock_aws
+from moto import mock_iam

 # Original botocore _make_api_call function
 orig = botocore.client.BaseClient._make_api_call
@@ -669,9 +671,8 @@ class Test_app_ensure_http_is_redirected_to_https:
            # Create the custom App object to be tested
            app_client.apps = {
                AZURE_SUBSCRIPTION_ID: {
-                    resource_id: WebApp(
+                    "app_id-1": WebApp(
                        resource_id=resource_id,
-                        name="app_id-1",
                        auth_enabled=True,
                        configurations=mock.MagicMock(),
                        client_cert_mode="Ignore",
@@ -717,9 +718,8 @@ class Test_app_ensure_http_is_redirected_to_https:

            app_client.apps = {
                AZURE_SUBSCRIPTION_ID: {
-                    resource_id: WebApp(
+                    "app_id-1": WebApp(
                        resource_id=resource_id,
-                        name="app_id-1",
                        auth_enabled=True,
                        configurations=mock.MagicMock(),
                        client_cert_mode="Ignore",
--- a/docs/getting-started/requirements.md
+++ b/docs/getting-started/requirements.md
@@ -38,19 +38,16 @@ If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to

 ## Azure

-Prowler for Azure supports the following authentication types. To use each one you need to pass the proper flag to the execution:
+Prowler for Azure supports the following authentication types:

- [Service principal application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object) (recommended).
- Current az cli credentials stored.
- Interactive browser authentication.
- [Managed identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) authentication.
+- [Service principal application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object) by environment variables (recommended)
+- Current az cli credentials stored
+- Interactive browser authentication
+- [Managed identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) authentication

-???+ warning
-    For Prowler App only the Service Principal authentication method is supported.
+### Service Principal authentication

-### Service Principal Application authentication
-
-To allow Prowler assume the service principal application identity to start the scan it is needed to configure the following environment variables:
+To allow Prowler assume the service principal identity to start the scan it is needed to configure the following environment variables:

 ```console
 export AZURE_CLIENT_ID="XXXXXXXXX"
@@ -59,31 +56,29 @@ export AZURE_CLIENT_SECRET="XXXXXXX"
 ```

 If you try to execute Prowler with the `--sp-env-auth` flag and those variables are empty or not exported, the execution is going to fail.
-Follow the instructions in the [Create Prowler Service Principal](../tutorials/azure/create-prowler-service-principal.md#how-to-create-prowler-service-principal) section to create a service principal.
+Follow the instructions in the [Create Prowler Service Principal](../tutorials/azure/create-prowler-service-principal.md) section to create a service principal.

 ### AZ CLI / Browser / Managed Identity authentication

 The other three cases does not need additional configuration, `--az-cli-auth` and `--managed-identity-auth` are automated options. To use `--browser-auth`  the user needs to authenticate against Azure using the default browser to start the scan, also `tenant-id` is required.

-### Needed permissions
+### Permissions

-Prowler for Azure needs two types of permission scopes to be set:
+To use each one you need to pass the proper flag to the execution. Prowler for Azure handles two types of permission scopes, which are:

- **Microsoft Entra ID permissions**: used to retrieve metadata from the identity assumed by Prowler and specific Entra checks (not mandatory to have access to execute the tool). The permissions required by the tool are the following:
+- **Microsoft Entra ID permissions**: Used to retrieve metadata from the identity assumed by Prowler and specific Entra checks (not mandatory to have access to execute the tool). The permissions required by the tool are the following:
    - `Directory.Read.All`
    - `Policy.Read.All`
-    - `UserAuthenticationMethod.Read.All` (used only for the Entra checks related with multifactor authentication)
- **Subscription scope permissions**: required to launch the checks against your resources, mandatory to launch the tool. It is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool:
+    - `UserAuthenticationMethod.Read.All`
+- **Subscription scope permissions**: Required to launch the checks against your resources, mandatory to launch the tool. It is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool:
    - `Reader`
-    - `ProwlerRole` (custom role with minimal permissions defined in [prowler-azure-custom-role](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-azure-custom-role.json))
-    ???+ note
-        Please, notice that the field `assignableScopes` in the JSON custom role file must be changed to be the subscription or management group where the role is going to be assigned. The valid formats for the field are `/subscriptions/<subscription-id>` or `/providers/Microsoft.Management/managementGroups/<management-group-id>`.
+    - `ProwlerRole` (custom role defined in [prowler-azure-custom-role](https://github.com/prowler-cloud/prowler/blob/master/permissions/prowler-azure-custom-role.json))

 To assign the permissions, follow the instructions in the [Microsoft Entra ID permissions](../tutorials/azure/create-prowler-service-principal.md#assigning-the-proper-permissions) section and the [Azure subscriptions permissions](../tutorials/azure/subscriptions.md#assigning-proper-permissions) section, respectively.

 #### Checks that require ProwlerRole

-The following checks require the `ProwlerRole` permissions to be executed, if you want to run them, make sure you have assigned the role to the identity that is going to be assumed by Prowler:
+The following checks require the `ProwlerRole` custom role to be executed, if you want to run them, make sure you have assigned the role to the identity that is going to be assumed by Prowler:

 - `app_function_access_keys_configured`
 - `app_function_ftps_deployment_disabled`
--- a/docs/img/compliance.png
+++ b/docs/img/compliance.png
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,4 +1,4 @@
-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler SaaS</a>.

 ## Prowler App

@@ -29,7 +29,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 Prowler App can be installed in different ways, depending on your environment:

-> See how to use Prowler App in the [Prowler App Tutorial](tutorials/prowler-app.md) section.
+> See how to use Prowler App in the [Prowler App](tutorials/prowler-app.md) section.

 === "Docker Compose"

@@ -45,8 +45,6 @@ Prowler App can be installed in different ways, depending on your environment:
    docker compose up -d
    ```

-    > Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
-
    > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

    ???+ note
@@ -67,9 +65,6 @@ Prowler App can be installed in different ways, depending on your environment:
    * `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
    * `Docker Compose` installed: https://docs.docker.com/compose/install/.

-    ???+ warning
-        Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
-
    _Commands to run the API_:

    ``` bash
@@ -100,19 +95,6 @@ Prowler App can be installed in different ways, depending on your environment:
    python -m celery -A config.celery worker -l info -E
    ```

-    _Commands to run the API Scheduler_:
-
-    ``` bash
-    git clone https://github.com/prowler-cloud/prowler \
-    cd prowler/api \
-    poetry install \
-    poetry shell \
-    set -a \
-    source .env \
-    cd src/backend \
-    python -m celery -A config.celery beat -l info --scheduler django_celery_beat.schedulers:DatabaseScheduler
-    ```
-
    _Commands to run the UI_:

    ``` bash
@@ -125,6 +107,9 @@ Prowler App can be installed in different ways, depending on your environment:

    > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

+    ???+ warning
+        Make sure to have `api/.env` and `ui/.env.local` files with the required environment variables. You can find the required environment variables in the [`api/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/api/.env.example) and [`ui/.env.template`](https://github.com/prowler-cloud/prowler/blob/master/ui/.env.template) files.
+
    ???+ warning
        Google and GitHub authentication is only available in [Prowler Cloud](https://prowler.com).

@@ -187,8 +172,6 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),
    * In the command below, change `-v` to your local directory path in order to access the reports.
    * AWS, GCP, Azure and/or Kubernetes credentials

-    > Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
-
    _Commands_:

    ``` bash
@@ -319,14 +302,10 @@ The available versions of Prowler CLI are the following:
 - `v3-stable`: this tag always point to the latest release for v3.

 The container images are available here:
-
 - Prowler CLI:
-
    - [DockerHub](https://hub.docker.com/r/toniblyx/prowler/tags)
    - [AWS Public ECR](https://gallery.ecr.aws/prowler-cloud/prowler)
-
 - Prowler App:
-
    - [DockerHub - Prowler UI](https://hub.docker.com/r/prowlercloud/prowler-ui/tags)
    - [DockerHub - Prowler API](https://hub.docker.com/r/prowlercloud/prowler-api/tags)

@@ -394,8 +373,8 @@ After successfully adding and testing your credentials, Prowler will start scann
 #### **View Results**
 While the scan is running, start exploring the findings in these sections:

- **Overview**: High-level summary of the scans. <img src="img/overview.png" alt="Overview" width="700"/>
- **Compliance**: Insights into compliance status. <img src="img/compliance.png" alt="Compliance" width="700"/>
+- **Overview**: High-level summary of the scans. <img src="../../img/overview.png" alt="Overview" width="700"/>
+- **Compliance**: Insights into compliance status. <img src="../../img/compliance.png" alt="Compliance" width="700"/>

 > See more details about the Prowler App usage in the [Prowler App](tutorials/prowler-app.md) section.

--- a/docs/security.md
+++ b/docs/security.md
@@ -13,7 +13,7 @@ As an **AWS Partner** and we have passed the [AWS Foundation Technical Review (F

 ## Reporting Vulnerabilities

-If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler Cloud service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).
+If you would like to report a vulnerability or have a security concern regarding Prowler Open Source or Prowler SaaS service, please submit the information by contacting to us via [**support.prowler.com**](http://support.prowler.com).

 The information you share with the Prowler team as part of this process is kept confidential within Prowler. We will only share this information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Prowler Bot	17e1472962	fix(aws): add missing region to Backup Recovery Point (#6275 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-19 16:55:35 -05:00
Prowler Bot	8782cd0d89	fix(aws): solve `None` type errors (#6272 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-19 12:20:03 -05:00
Prowler Bot	bea2d807fd	chore(api): Use prowler ^5.0 (#6267 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-19 09:47:00 -05:00
Pepe Fagoaga	bbcf318acd	chore: update Prowler version (#6258 )	2024-12-19 09:06:22 -05:00
Prowler Bot	80e5ea843f	chore: skip action on .env changes (#6259 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-19 14:26:54 +05:45
Prowler Bot	06b9ba291b	fix(gha): make conditional job for checking the repo (#6260 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-19 14:24:11 +05:45
Prowler Bot	8fc0d30c21	chore(gha): build and push OSS UI (#6248 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-18 13:32:03 -05:00
Prowler Bot	b739b515e7	feat(GHA): add gha for API (#6247 ) Co-authored-by: Pedro Martín <pedromarting3@gmail.com>	2024-12-18 13:31:41 -05:00
Prowler Bot	5d41c6a0a5	feat(celery): Add configurable broker visibility timeout setting (#6246 ) Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>	2024-12-19 00:05:38 +05:45
Prowler Bot	29dad4e8aa	fix(.env): remove comment (#6242 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-18 11:15:59 -05:00
Prowler Bot	a1e53ef0fc	chore(rls): rename tenant_transaction to rls_transaction (#6203 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-16 12:40:02 +01:00
Prowler Bot	dfed6ac248	fix(RLS): enforce config security (#6190 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-16 11:39:05 +01:00
Sergio Garcia	c930416260	chore(version): update Prowler version (#6196 )	2024-12-16 08:31:16 +01:00
Prowler Bot	83ffd78e63	chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /ui (#6176 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-13 15:46:06 +01:00
Prowler Bot	1045ffe489	fix(aws): set unique resource IDs (#6192 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-13 09:07:57 -04:00
Prowler Bot	5af81b9b6d	chore(deps): bump nanoid from 3.3.7 to 3.3.8 in /ui (#6175 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-13 09:13:20 +01:00
Prowler Bot	f95394bec0	chore: delete unneeded requirements file (#6058 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2024-12-13 07:58:21 +01:00
Prowler Bot	0a865f8950	fix(tenant): fix delete tenants behavior (#6014 ) Co-authored-by: Víctor Fernández Poyatos <victor@prowler.com>	2024-12-13 07:56:46 +01:00
Prowler Bot	68d7f140ff	fix(deploy): temporal fix for the alpine-python segmentation fault (#6115 ) Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>	2024-12-13 07:56:19 +01:00
Prowler Bot	6ed237b49c	feat(users): user detail can be edited now properly (#6137 ) Co-authored-by: Pablo Lara <larabjj@gmail.com>	2024-12-13 07:55:35 +01:00
Prowler Bot	51c2158563	fix(rds): add invalid SG to status_extended (#6170 ) Co-authored-by: Pedro Martín <pedromarting3@gmail.com>	2024-12-12 12:47:11 -04:00
Prowler Bot	dbb348fb09	fix(aurora): Add default ports to the check of using non default ports (#6151 ) Co-authored-by: Mads Brouer Lundholm <mads@madslundholm.dk>	2024-12-11 13:49:02 -04:00
Prowler Bot	405dc9c507	fix(autoscaling): `autoscaling_group_launch_configuration_requires_imdsv2` fails if Launch Template is used (#6147 ) Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>	2024-12-11 12:06:39 -04:00
Prowler Bot	40004ebb99	fix(app): add support for TLS 1.3 to Web Apps check (#6144 ) Co-authored-by: Rubén De la Torre Vico <rubendltv22@gmail.com>	2024-12-11 10:28:41 -04:00
Prowler Bot	0556f30670	fix(iam): set unique resource id for each user access key (#6134 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-11 09:25:29 -04:00
Prowler Bot	1723ac6a6a	fix(compliance_tables): add correct values for findings (#6127 ) Co-authored-by: Pedro Martín <pedromarting3@gmail.com>	2024-12-10 16:47:28 -04:00
Prowler Bot	7b308bf5f4	fix(aws): get firewall manager managed rule groups (#6124 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2024-12-10 16:46:48 -04:00
Prowler Bot	d4e9940beb	fix(aws): check AWS Owned keys in `firehose_stream_encrypted_at_rest` (#6121 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2024-12-10 14:30:41 -04:00
Prowler Bot	8558034eae	fix(aws): set IAM identity as resource in threat detection (#6118 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-10 13:37:38 -04:00
Prowler Bot	a6b4c27262	fix(gcp): make sure default project is active (#6113 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-10 11:53:32 -04:00
Prowler Bot	159aa8b464	fix(aws): set same severity for EC2 IMDSv2 checks (#6104 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-10 09:30:17 -04:00
Prowler Bot	293c822c3d	fix(backup): modify list recovery points call (#6096 ) Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com>	2024-12-09 17:26:11 -04:00
Prowler Bot	649ec19012	chore(actions): standardize names (#6092 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2024-12-09 16:33:43 -04:00
Prowler Bot	e04e5d3b18	fix(invitations): remove wrong url (#6012 ) Co-authored-by: Pablo Lara <larabjj@gmail.com>	2024-12-05 10:56:46 +01:00