fix(ui): animate finding group collapse

- Keep after-row content mounted during exit - Animate inline resource container close state - Preserve existing finding group table behavior
feat(ui): add Combobox trigger transition
2026-06-10 13:32:44 +00:00 · 2026-06-05 14:55:00 +02:00 · 2026-06-05 14:54:52 +02:00 · 2026-06-05 14:54:45 +02:00 · 2026-06-05 14:54:37 +02:00 · 2026-06-05 14:49:09 +02:00
119 changed files with 1586 additions and 1429 deletions
@@ -2,12 +2,11 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.30.0] (Prowler v5.29.0)
+## [1.30.0] (Prowler UNRELEASED)

 ### 🔄 Changed

 - Scan finding ingestion: bulk-resolve `Resource`/`ResourceTag` rows, replace per-mapping `SELECT FOR UPDATE` with deferred `ResourceTagMapping.bulk_create(ignore_conflicts=True)`, wrap each micro-batch in a single `rls_transaction`, and raise `SCAN_DB_BATCH_SIZE` to 1000 [(#11249)](https://github.com/prowler-cloud/prowler/pull/11249)
- Faster `GET /api/v1/finding-groups/latest` aggregation on tenants where one recent scan holds most findings [(#11380)](https://github.com/prowler-cloud/prowler/pull/11380)

 ---

@@ -43,7 +43,7 @@ dependencies = [
  "defusedxml==0.7.1",
  "gunicorn==23.0.0",
  "lxml==6.1.0",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.29",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (==1.3.0)",
  "sentry-sdk[django] (==2.56.0)",
@@ -4410,8 +4410,8 @@ wheels = [

 [[package]]
 name = "prowler"
-version = "5.29.0"
-source = { git = "https://github.com/prowler-cloud/prowler.git?rev=v5.29#a769e3761532d9332cb64078ef09ebf7ffb15292" }
+version = "5.27.0"
+source = { git = "https://github.com/prowler-cloud/prowler.git?rev=master#0abbb7fc590eaf7de6ed354dd5a217bca261d2b0" }
 dependencies = [
    { name = "alibabacloud-actiontrail20200706" },
    { name = "alibabacloud-credentials" },
@@ -4484,13 +4484,9 @@ dependencies = [
    { name = "pygithub" },
    { name = "python-dateutil" },
    { name = "pytz" },
-    { name = "scaleway" },
    { name = "schema" },
    { name = "shodan" },
    { name = "slack-sdk" },
-    { name = "stackit-core" },
-    { name = "stackit-iaas" },
-    { name = "stackit-resourcemanager" },
    { name = "tabulate" },
    { name = "tzlocal" },
    { name = "uuid6" },
@@ -4594,7 +4590,7 @@ requires-dist = [
    { name = "matplotlib", specifier = "==3.10.8" },
    { name = "neo4j", specifier = "==6.1.0" },
    { name = "openai", specifier = "==1.109.1" },
-    { name = "prowler", git = "https://github.com/prowler-cloud/prowler.git?rev=v5.29" },
+    { name = "prowler", git = "https://github.com/prowler-cloud/prowler.git?rev=master" },
    { name = "psycopg2-binary", specifier = "==2.9.9" },
    { name = "pytest-celery", extras = ["redis"], specifier = "==1.3.0" },
    { name = "reportlab", specifier = "==4.4.10" },
@@ -5530,52 +5526,6 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/49/4b/359f28a903c13438ef59ebeee215fb25da53066db67b305c125f1c6d2a25/sqlparse-0.5.5-py3-none-any.whl", hash = "sha256:12a08b3bf3eec877c519589833aed092e2444e68240a3577e8e26148acc7b1ba", size = 46138, upload-time = "2025-12-19T07:17:46.573Z" },
 ]

-[[package]]
-name = "stackit-core"
-version = "0.2.0"
-source = { registry = "https://pypi.org/simple" }
-dependencies = [
-    { name = "cryptography" },
-    { name = "pydantic" },
-    { name = "pyjwt" },
-    { name = "requests" },
-    { name = "urllib3" },
-]
-sdist = { url = "https://files.pythonhosted.org/packages/24/90/20f9ec7387eec4067cfd3d29055d0e2b5e1e0322c601a7f48125fd8ea35f/stackit_core-0.2.0.tar.gz", hash = "sha256:b8af91877cdb060d6969a303d8cf20bc0b33b345afd91f679c44a987381e2d47", size = 8987, upload-time = "2025-06-12T08:24:45.251Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/ab/b4/7b53187ce68956870d864ccb9ccfb68066c9df9de1c9568fd2feb03c4504/stackit_core-0.2.0-py3-none-any.whl", hash = "sha256:04632fc6742790d08ddfcb7f2313e04d1254827397a80250f838a2f81b92645b", size = 10240, upload-time = "2025-06-12T08:24:44.214Z" },
-]
-
-[[package]]
-name = "stackit-iaas"
-version = "1.4.0"
-source = { registry = "https://pypi.org/simple" }
-dependencies = [
-    { name = "pydantic" },
-    { name = "python-dateutil" },
-    { name = "requests" },
-    { name = "stackit-core" },
-]
-sdist = { url = "https://files.pythonhosted.org/packages/52/07/24e65278300d5c3cb19cb1660bff924c80812cf8aad3e715f826bae5aa80/stackit_iaas-1.4.0.tar.gz", hash = "sha256:93523b23442350c7ebefd9129485c4c2a539f694a9c36a0f8edfaba9862057ea", size = 116236, upload-time = "2026-05-13T09:43:15.996Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/08/51/2201164d7bfacf47539888c735f10f6320c188252384957aa1b23121a210/stackit_iaas-1.4.0-py3-none-any.whl", hash = "sha256:3f4a32321b57ac238f73e5d660c6428186b92cc0425c1f0783ba801e377149d9", size = 316588, upload-time = "2026-05-13T09:43:14.943Z" },
-]
-
-[[package]]
-name = "stackit-resourcemanager"
-version = "0.8.0"
-source = { registry = "https://pypi.org/simple" }
-dependencies = [
-    { name = "pydantic" },
-    { name = "python-dateutil" },
-    { name = "requests" },
-    { name = "stackit-core" },
-]
-sdist = { url = "https://files.pythonhosted.org/packages/23/2d/f458f18e48ed2b1c83df52cff7dbdfd5dd904fb2980ffd9385876e47bbd9/stackit_resourcemanager-0.8.0.tar.gz", hash = "sha256:f44542beab4130857f5a7f465cf02defeef657bdf63c1beeb3102f0ba3c003fe", size = 33943, upload-time = "2026-05-13T09:43:08.667Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/c7/9c/38a74d0f7a89b4320f6d2366fb660638bda8860daa08748b12c713d84381/stackit_resourcemanager-0.8.0-py3-none-any.whl", hash = "sha256:dd04bb8353d041a137c4dcba190beabded7acfaff1bc98b218fce20a99389ebc", size = 81288, upload-time = "2026-05-13T09:43:07.81Z" },
-]
-
 [[package]]
 name = "statsd"
 version = "4.0.1"
@@ -40,6 +40,12 @@ To install Prowler as a Python package, use `Python >= 3.10, <= 3.12`. Prowler i
    pip install prowler
    prowler -v
    ```
+
+    To upgrade Prowler to the latest version:
+
+    ``` bash
+    pip install --upgrade prowler
+    ```
  </Tab>
  <Tab title="Docker">
    _Requirements_:
@@ -164,68 +170,6 @@ To install Prowler as a Python package, use `Python >= 3.10, <= 3.12`. Prowler i
  </Tab>
 </Tabs>

-## Updating Prowler CLI
-
-Upgrade Prowler CLI to the latest release using the same method chosen for installation:
-
-<Tabs>
-  <Tab title="pipx">
-    ```bash
-    pipx upgrade prowler
-    prowler -v
-    ```
-  </Tab>
-  <Tab title="pip">
-    ```bash
-    pip install --upgrade prowler
-    prowler -v
-    ```
-  </Tab>
-  <Tab title="Docker">
-    Pull the desired image tag to fetch the latest version:
-
-    ```bash
-    docker pull toniblyx/prowler:latest
-    ```
-
-    <Note>
-      Replace `latest` with a specific release tag (for example, `stable` or `<x.y.z>`) to pin a version. Refer to the [Container Versions](#container-versions) section for the full list of available tags.
-    </Note>
-  </Tab>
-  <Tab title="GitHub">
-    Pull the latest changes and sync the environment:
-
-    ```bash
-    cd prowler
-    git pull
-    uv sync
-    uv run python prowler-cli.py -v
-    ```
-
-    <Note>
-      To upgrade to a specific release, check out the corresponding tag before syncing: `git checkout <x.y.z>`.
-    </Note>
-  </Tab>
-  <Tab title="Brew">
-    ```bash
-    brew upgrade prowler
-    prowler -v
-    ```
-  </Tab>
-  <Tab title="CloudShell">
-    Both AWS CloudShell and Azure CloudShell install Prowler with `pipx`, so the upgrade command is the same:
-
-    ```bash
-    pipx upgrade prowler
-    prowler -v
-    ```
-  </Tab>
-</Tabs>
-
-<Note>
-  To install a specific version instead of the latest release, pin it explicitly. For example, with `pipx`: `pipx install prowler==<x.y.z>`, or with `pip`: `pip install prowler==<x.y.z>`. The available releases are listed in the [Releases GitHub section](https://github.com/prowler-cloud/prowler/releases).
-</Note>
-
 ## Container Versions

 The available versions of Prowler CLI are the following:
@@ -141,45 +141,6 @@ Choose one of the following installation methods:

 ---

-## Updating Prowler MCP Server
-
-When running Prowler MCP Server locally ("Option 2: Run Locally"), upgrade to the latest version using the same method chosen for installation. The hosted server (`https://mcp.prowler.com/mcp`) is always kept up to date by Prowler and requires no action.
-
-<Tabs>
-  <Tab title="Docker">
-    Pull the latest image and restart the container:
-
-    ```bash
-    docker pull prowlercloud/prowler-mcp
-    ```
-
-    <Note>
-      Recreate any running container after pulling the new image so the updated version takes effect.
-    </Note>
-  </Tab>
-  <Tab title="From Source">
-    Pull the latest changes and sync the dependencies:
-
-    ```bash
-    cd prowler/mcp_server
-    git pull
-    uv sync
-    uv run prowler-mcp --help
-    ```
-  </Tab>
-  <Tab title="Build Docker Image">
-    Pull the latest source and rebuild the image:
-
-    ```bash
-    cd prowler/mcp_server
-    git pull
-    docker build -t prowler-mcp .
-    ```
-  </Tab>
-</Tabs>
-
---
-
 ## Command Line Options

 The Prowler MCP Server supports the following command-line arguments:
@@ -2,32 +2,26 @@

 All notable changes to the **Prowler SDK** are documented in this file.

-## [5.29.0] (Prowler v5.29.0)
+## [5.29.0] (Prowler UNRELEASED)

 ### 🚀 Added

 - `application` service for Okta provider with `application_admin_console_session_idle_timeout_15min`, `application_admin_console_mfa_required`, `application_admin_console_phishing_resistant_authentication`, `application_dashboard_mfa_required`, `application_dashboard_phishing_resistant_authentication`, and `application_authentication_policy_network_zone_enforced` checks [(#11358)](https://github.com/prowler-cloud/prowler/pull/11358)
 - AWS AI Security Framework compliance for AWS provider [(#11353)](https://github.com/prowler-cloud/prowler/pull/11353)
 - `storage_account_public_network_access_disabled` check for Azure provider and remapped the Azure CIS "Public Network Access is Disabled" requirements to it [(#11334)](https://github.com/prowler-cloud/prowler/pull/11334)
- StackIT provider with service account key authentication [(#9237)](https://github.com/prowler-cloud/prowler/pull/9237)
+- StackIT provider now authenticates with a service account key, either as a file path (`--stackit-service-account-key-path` / `STACKIT_SERVICE_ACCOUNT_KEY_PATH`) or as inline JSON content (`--stackit-service-account-key` / `STACKIT_SERVICE_ACCOUNT_KEY`, intended for CI/CD with a secret manager); the StackIT SDK refreshes access tokens internally, replacing the short-lived `STACKIT_API_TOKEN` flow [(#9237)](https://github.com/prowler-cloud/prowler/pull/9237)
 - 8 Rules service checks for Google Workspace provider using the Cloud Identity Policy API [(#11379)](https://github.com/prowler-cloud/prowler/pull/11379)
 - 12 Security service checks for Google Workspace provider using the Cloud Identity Policy API [(#11356)](https://github.com/prowler-cloud/prowler/pull/11356)

-### ⚠️ Deprecated
-
- `s3_bucket_default_encryption` check for AWS provider since SSE-S3 is automatically applied to all S3 buckets by AWS as of January 5, 2023 and can no longer be disabled [(#11230)](https://github.com/prowler-cloud/prowler/pull/11230)
-
 ### 🐞 Fixed

- Broken documentation URLs in Google Workspace check metadata [(#11405)](https://github.com/prowler-cloud/prowler/pull/11405)
 - ENS RD 311/2022 (AWS) compliance mapping: `vpc_different_regions` was uncorrectly mapped under the `mp.com.4` family (Network segregation). That check is now mapped to a new `op.cont.2.aws.vpc.1` requirement under the Continuity of Service control [(#11372)](https://github.com/prowler-cloud/prowler/pull/11372)
 - Compliance CSV row count now matches the UI per requirement by sourcing rows from the framework JSON's `requirement.Checks` instead of the stale `finding.compliance` snapshot [(#11370)](https://github.com/prowler-cloud/prowler/pull/11370)
 - OpenStack provider exception codes moved from the `10000-10999` range, shared with the AlibabaCloud provider, to the free `17000-17999` range to keep error codes unambiguous [(#11382)](https://github.com/prowler-cloud/prowler/pull/11382)
- Azure provider authentication against sovereign clouds (`AzureChinaCloud`, `AzureUSGovernment`) [(#10284)](https://github.com/prowler-cloud/prowler/pull/10284)

 ---

-## [5.28.1] (Prowler v5.28.1)
+## [5.28.1] (Prowler 5.28.1)

 ### 🐞 Fixed

@@ -1,7 +1,7 @@
 {
  "Provider": "aws",
  "CheckID": "s3_bucket_default_encryption",
-  "CheckTitle": "[DEPRECATED] S3 bucket has default server-side encryption (SSE) enabled",
+  "CheckTitle": "S3 bucket has default server-side encryption (SSE) enabled",
  "CheckType": [
    "Software and Configuration Checks/AWS Security Best Practices",
    "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices",
@@ -14,11 +14,13 @@
  "Severity": "medium",
  "ResourceType": "AwsS3Bucket",
  "ResourceGroup": "storage",
-  "Description": "[DEPRECATED] **Amazon S3 buckets** have a default **server-side encryption** setting that automatically encrypts new objects using `SSE-S3` or `SSE-KMS`. This evaluates whether a bucket has a default encryption configuration defined.",
+  "Description": "**Amazon S3 buckets** have a default **server-side encryption** setting that automatically encrypts new objects using `SSE-S3` or `SSE-KMS`. This evaluates whether a bucket has a default encryption configuration defined.",
  "Risk": "Without default encryption, older objects may remain unencrypted and new uploads won't be forced to use `SSE-KMS`. This reduces confidentiality and governance by limiting key audit logs, rotation, and cross-account controls, and increases exposure if data is copied, replicated, or accessed outside intended paths.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html"
+    "https://docs.amazonaws.cn/en_us/AmazonS3/latest/userguide/bucket-encryption.html",
+    "https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/",
+    "https://docs.aws.amazon.com/us_en/AmazonS3/latest/userguide/default-encryption-faq.html"
  ],
  "Remediation": {
    "Code": {
@@ -37,5 +39,5 @@
  ],
  "DependsOn": [],
  "RelatedTo": [],
-  "Notes": "This check is being deprecated since AWS automatically applies SSE-S3 to every S3 bucket (both new buckets and previously-unencrypted existing buckets) as of January 5, 2023, and encryption can no longer be disabled. For SSE-KMS validation, use `s3_bucket_kms_encryption` instead."
+  "Notes": ""
 }
@@ -241,10 +241,7 @@ class AzureProvider(Provider):
        azure_credentials = None
        if tenant_id and client_id and client_secret:
            azure_credentials = self.validate_static_credentials(
-                tenant_id=tenant_id,
-                client_id=client_id,
-                client_secret=client_secret,
-                region_config=self._region_config,
+                tenant_id=tenant_id, client_id=client_id, client_secret=client_secret
            )

        # Set up the Azure session
@@ -413,9 +410,6 @@ class AzureProvider(Provider):
                authority=config["authority"],
                base_url=config["base_url"],
                credential_scopes=config["credential_scopes"],
-                graph_host=config["graph_host"],
-                graph_scope=config["graph_scope"],
-                logs_endpoint=config["logs_endpoint"],
            )
        except ArgumentTypeError as validation_error:
            logger.error(
@@ -513,7 +507,6 @@ class AzureProvider(Provider):
                            tenant_id=azure_credentials["tenant_id"],
                            client_id=azure_credentials["client_id"],
                            client_secret=azure_credentials["client_secret"],
-                            authority=region_config.authority,
                        )
                        return credentials
                    except ClientAuthenticationError as error:
@@ -586,10 +579,7 @@ class AzureProvider(Provider):
                )
        else:
            try:
-                credentials = InteractiveBrowserCredential(
-                    tenant_id=tenant_id,
-                    authority=region_config.authority,
-                )
+                credentials = InteractiveBrowserCredential(tenant_id=tenant_id)
            except Exception as error:
                logger.critical(
                    "Failed to retrieve azure credentials using browser authentication"
@@ -672,7 +662,6 @@ class AzureProvider(Provider):
                    tenant_id=tenant_id,
                    client_id=client_id,
                    client_secret=client_secret,
-                    region_config=region_config,
                )

            # Set up the Azure session
@@ -686,11 +675,7 @@ class AzureProvider(Provider):
                region_config,
            )
            # Create a SubscriptionClient
-            subscription_client = SubscriptionClient(
-                credentials,
-                base_url=region_config.base_url,
-                credential_scopes=region_config.credential_scopes,
-            )
+            subscription_client = SubscriptionClient(credentials)

            # Get info from the subscriptions
            available_subscriptions = []
@@ -1054,11 +1039,7 @@ class AzureProvider(Provider):
            }
        """
        credentials = self.session
-        subscription_client = SubscriptionClient(
-            credentials,
-            base_url=self.region_config.base_url,
-            credential_scopes=self.region_config.credential_scopes,
-        )
+        subscription_client = SubscriptionClient(credentials)
        locations = {}

        for subscription_id, display_name in self._identity.subscriptions.items():
@@ -1103,10 +1084,7 @@ class AzureProvider(Provider):

    @staticmethod
    def validate_static_credentials(
-        tenant_id: str = None,
-        client_id: str = None,
-        client_secret: str = None,
-        region_config: AzureRegionConfig = None,
+        tenant_id: str = None, client_id: str = None, client_secret: str = None
    ) -> dict:
        """
        Validates the static credentials for the Azure provider.
@@ -1115,9 +1093,6 @@ class AzureProvider(Provider):
            tenant_id (str): The Azure Active Directory tenant ID.
            client_id (str): The Azure client ID.
            client_secret (str): The Azure client secret.
-            region_config (AzureRegionConfig): The region configuration used to
-                build the per-cloud login endpoint and Graph scope. Defaults to
-                the public-cloud configuration when not provided.

        Raises:
            AzureNotValidTenantIdError: If the provided Azure Tenant ID is not valid.
@@ -1154,13 +1129,8 @@ class AzureProvider(Provider):
                message="The provided Azure Client Secret is not valid.",
            )

-        if region_config is None:
-            region_config = AzureProvider.setup_region_config("AzureCloud")
-
        try:
-            AzureProvider.verify_client(
-                tenant_id, client_id, client_secret, region_config
-            )
+            AzureProvider.verify_client(tenant_id, client_id, client_secret)
            return {
                "tenant_id": tenant_id,
                "client_id": client_id,
@@ -1192,9 +1162,7 @@ class AzureProvider(Provider):
            )

    @staticmethod
-    def verify_client(
-        tenant_id, client_id, client_secret, region_config: AzureRegionConfig = None
-    ) -> None:
+    def verify_client(tenant_id, client_id, client_secret) -> None:
        """
        Verifies the Azure client credentials using the specified tenant ID, client ID, and client secret.

@@ -1202,9 +1170,6 @@ class AzureProvider(Provider):
            tenant_id (str): The Azure Active Directory tenant ID.
            client_id (str): The Azure client ID.
            client_secret (str): The Azure client secret.
-            region_config (AzureRegionConfig): The region configuration used to
-                build the per-cloud login endpoint and Graph scope. Defaults to
-                the public-cloud configuration when not provided.

        Raises:
            AzureNotValidTenantIdError: If the provided Azure Tenant ID is not valid.
@@ -1214,13 +1179,7 @@ class AzureProvider(Provider):
        Returns:
            None
        """
-        if region_config is None:
-            region_config = AzureProvider.setup_region_config("AzureCloud")
-        # `authority` is None for the public cloud and a bare host (e.g.
-        # `login.chinacloudapi.cn`) for sovereign clouds, mirroring the
-        # `AzureAuthorityHosts` constants used by azure-identity.
-        login_endpoint = region_config.authority or "login.microsoftonline.com"
-        url = f"https://{login_endpoint}/{tenant_id}/oauth2/v2.0/token"
+        url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
        headers = {
            "Content-Type": "application/x-www-form-urlencoded",
            "Accept": "application/json",
@@ -1229,7 +1188,7 @@ class AzureProvider(Provider):
            "grant_type": "client_credentials",
            "client_id": client_id,
            "client_secret": client_secret,
-            "scope": region_config.graph_scope,
+            "scope": "https://graph.microsoft.com/.default",
        }
        response = requests.post(url, headers=headers, data=data).json()
        if "access_token" not in response.keys() and "error_codes" in response.keys():
@@ -4,18 +4,6 @@ AZURE_CHINA_CLOUD = "https://management.chinacloudapi.cn"
 AZURE_US_GOV_CLOUD = "https://management.usgovcloudapi.net"
 AZURE_GENERIC_CLOUD = "https://management.azure.com"

-AZURE_GENERIC_GRAPH_HOST = "https://graph.microsoft.com"
-AZURE_CHINA_GRAPH_HOST = "https://microsoftgraph.chinacloudapi.cn"
-AZURE_US_GOV_GRAPH_HOST = "https://graph.microsoft.us"
-
-AZURE_GENERIC_GRAPH_SCOPE = f"{AZURE_GENERIC_GRAPH_HOST}/.default"
-AZURE_CHINA_GRAPH_SCOPE = f"{AZURE_CHINA_GRAPH_HOST}/.default"
-AZURE_US_GOV_GRAPH_SCOPE = f"{AZURE_US_GOV_GRAPH_HOST}/.default"
-
-AZURE_GENERIC_LOGS_ENDPOINT = "https://api.loganalytics.io"
-AZURE_CHINA_LOGS_ENDPOINT = "https://api.loganalytics.azure.cn"
-AZURE_US_GOV_LOGS_ENDPOINT = "https://api.loganalytics.us"
-

 def get_regions_config(region):
    allowed_regions = {
@@ -23,25 +11,16 @@ def get_regions_config(region):
            "authority": None,
            "base_url": AZURE_GENERIC_CLOUD,
            "credential_scopes": [AZURE_GENERIC_CLOUD + "/.default"],
-            "graph_host": AZURE_GENERIC_GRAPH_HOST,
-            "graph_scope": AZURE_GENERIC_GRAPH_SCOPE,
-            "logs_endpoint": AZURE_GENERIC_LOGS_ENDPOINT,
        },
        "AzureChinaCloud": {
            "authority": AzureAuthorityHosts.AZURE_CHINA,
            "base_url": AZURE_CHINA_CLOUD,
            "credential_scopes": [AZURE_CHINA_CLOUD + "/.default"],
-            "graph_host": AZURE_CHINA_GRAPH_HOST,
-            "graph_scope": AZURE_CHINA_GRAPH_SCOPE,
-            "logs_endpoint": AZURE_CHINA_LOGS_ENDPOINT,
        },
        "AzureUSGovernment": {
            "authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
            "base_url": AZURE_US_GOV_CLOUD,
            "credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
-            "graph_host": AZURE_US_GOV_GRAPH_HOST,
-            "graph_scope": AZURE_US_GOV_GRAPH_SCOPE,
-            "logs_endpoint": AZURE_US_GOV_LOGS_ENDPOINT,
        },
    }
    return allowed_regions[region]
@@ -1,11 +1,5 @@
 from concurrent.futures import ThreadPoolExecutor, as_completed

-from kiota_authentication_azure.azure_identity_authentication_provider import (
-    AzureIdentityAuthenticationProvider,
-)
-from msgraph.graph_request_adapter import GraphRequestAdapter
-from msgraph_core import GraphClientFactory
-
 from prowler.lib.logger import logger
 from prowler.providers.azure.azure_provider import AzureProvider

@@ -53,32 +47,10 @@ class AzureService:
        clients = {}
        try:
            if "GraphServiceClient" in str(service):
-                # GraphServiceClient(credentials, scopes=...) only customises the
-                # OAuth scope; the underlying httpx client's base URL stays at
-                # graph.microsoft.com. For sovereign clouds we must also point
-                # the HTTP transport at the per-cloud host, which is done by
-                # building a custom GraphRequestAdapter with a NationalClouds
-                # base URL.
-                auth_provider = AzureIdentityAuthenticationProvider(
-                    session, scopes=[region_config.graph_scope]
-                )
-                http_client = GraphClientFactory.create_with_default_middleware(
-                    host=region_config.graph_host
-                )
-                request_adapter = GraphRequestAdapter(auth_provider, client=http_client)
-                clients.update(
-                    {identity.tenant_domain: service(request_adapter=request_adapter)}
-                )
+                clients.update({identity.tenant_domain: service(credentials=session)})
            elif "LogsQueryClient" in str(service):
                for subscription_id, display_name in identity.subscriptions.items():
-                    clients.update(
-                        {
-                            subscription_id: service(
-                                credential=session,
-                                endpoint=region_config.logs_endpoint,
-                            )
-                        }
-                    )
+                    clients.update({subscription_id: service(credential=session)})
            else:
                for subscription_id, display_name in identity.subscriptions.items():
                    clients.update(
@@ -20,9 +20,6 @@ class AzureRegionConfig(BaseModel):
    authority: Optional[str] = None
    base_url: str = ""
    credential_scopes: list = []
-    graph_host: str = "https://graph.microsoft.com"
-    graph_scope: str = "https://graph.microsoft.com/.default"
-    logs_endpoint: str = "https://api.loganalytics.io"


 class AzureSubscription(BaseModel):
@@ -13,8 +13,8 @@
  "Risk": "When external Google Groups access is enabled, users can access and participate in groups created **outside the organization**, potentially exposing them to **phishing, social engineering, or data leakage** through unmanaged external group communications.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/users/advanced/turn-on-or-off-additional-google-services",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/181865",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,9 @@
  "Risk": "Without external invitation warnings, users may unintentionally include **external guests** in internal meetings, exposing **confidential meeting details**, agendas, and internal attendee lists to unauthorized parties. This is a common vector for inadvertent data leakage through everyday calendar actions.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/calendar/allow-external-invitations-in-google-calendar-events",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/6329284",
+    "https://knowledge.workspace.google.com/admin/calendar/set-google-calendar-sharing-options",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,9 @@
  "Risk": "Overly permissive external sharing of primary calendars exposes **sensitive meeting metadata** — titles, attendees, locations, and descriptions — to users outside the organization. This increases the risk of **information disclosure**, **social engineering**, and **targeted phishing** based on insights into organizational activities.",
  "RelatedUrl": "",
  "AdditionalURLs": [
+    "https://support.google.com/a/answer/60765",
    "https://knowledge.workspace.google.com/admin/calendar/set-google-calendar-sharing-options",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,9 @@
  "Risk": "Overly permissive external sharing of secondary calendars exposes **project-specific or team-specific event details** to users outside the organization. Because secondary calendars often hold more targeted activities (e.g., product launches, internal reviews), unrestricted external sharing increases the risk of **information disclosure** and **competitive intelligence leakage**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
+    "https://support.google.com/a/answer/60765",
    "https://knowledge.workspace.google.com/admin/calendar/set-google-calendar-sharing-options",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Unrestricted Chat app installation allows **unvetted third-party applications** to access user data including conversation content and organizational information. An attacker could distribute a malicious Chat app to **exfiltrate confidential data** or establish **persistent access** to internal communications.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/apps/manage-the-marketplace-app-allowlist-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/6089179",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Enabled external file sharing allows users to send files containing **confidential information** to external parties through Chat. This creates a **data leakage** channel that bypasses DLP controls, particularly dangerous for organizations handling **regulated data** such as PII, PHI, or financial records.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/chat/set-up-chat-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9540647",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Unrestricted external messaging allows users to communicate freely with **any external party**, increasing the risk of **data exfiltration** through conversation content and **social engineering attacks** from untrusted domains targeting internal users.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/chat/set-up-chat-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9540647",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Unrestricted external spaces allow users to add **anyone from any domain** to persistent group conversations. This increases the risk of **confidential information exposure** in shared spaces and enables **unauthorized external access** to ongoing organizational discussions.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/chat/set-up-chat-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9540647",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Exposed webhook URLs allow **unauthorized content injection** into Chat spaces. Attackers can send **fraudulent or misleading messages** that appear to come from trusted services, creating a vector for **social engineering** and **phishing** within internal communications.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/apps/manage-the-marketplace-app-allowlist-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/6089179",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Unrestricted internal file sharing in Chat allows files with **sensitive information** to be distributed freely without passing through approved channels. This undermines **data governance** and **audit trail** requirements, making it harder to track data movement within the organization.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/chat/set-up-chat-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9540647",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/users/prebuilt-administrator-roles",
-    "https://knowledge.workspace.google.com/admin/users/security-best-practices-for-administrator-accounts"
+    "https://support.google.com/a/answer/9011373"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/users/prebuilt-administrator-roles",
-    "https://knowledge.workspace.google.com/admin/users/security-best-practices-for-administrator-accounts"
+    "https://support.google.com/a/answer/9011373"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "If Access Checker suggests broader audiences or public visibility, users may **inadvertently widen access** to a file beyond the people they intended to share with. This is a common cause of unintentional internal or external over-sharing.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "When Drive for desktop is enabled, organizational files are **synchronized to local devices** and remain accessible if the device is lost, stolen, or compromised. Because Drive for desktop bypasses the central offline-access controls, this channel is a frequently overlooked path for sensitive data to leave organization-managed environments.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/set-up-drive-for-desktop-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7491144",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without external sharing warnings, users may unintentionally share **sensitive documents** with external recipients who are not entitled to the data. This is a common vector for inadvertent leakage of intellectual property, personally identifiable information, and confidential business data through routine Drive sharing.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "If external users can move files from internal shared drives into shared drives owned by another organization, the organization **loses authoritative control** over its own data. This is a frequently overlooked path for unintentional or malicious data exfiltration through shared drive collaboration.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowing users to publish Drive files to the web creates a path for **unbounded data exposure**. Sensitive documents, intellectual property, customer data, or internal communications can be made publicly accessible — and indexed by search engines — with a single click, often unintentionally.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "When users cannot create shared drives, they store collaborative content in their personal **My Drive** instead. When that user account is deleted, the data is also deleted, leading to **unintentional data loss** of organizationally significant information. Allowing shared drive creation makes data survivable across account lifecycle events.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://support.google.com/a/users/answer/7212025",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7212025",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "When viewers and commenters can download, print, or copy shared drive files, they can **bulk-extract sensitive content** — including intellectual property, personally identifiable information, and confidential business documents — using nothing more than read access. This is one of the most direct paths to data exfiltration through Drive.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-shared-drives-as-an-admin",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7662202",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "If shared drive managers can override organizational defaults, **unauthorized data exposure** can occur when a manager intentionally or accidentally weakens a shared drive's security posture (for example, allowing external members or enabling download for viewers).",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-shared-drives-as-an-admin",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7662202",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "If non-members can be added to files inside a shared drive, the **drive's membership becomes meaningless** as a security control. Sensitive content scoped to a specific team can be silently extended to users who were never granted access to the drive itself, leading to unintended information disclosure.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-shared-drives-as-an-admin",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7662202",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "When external sharing is unrestricted, users can share organizational content with **any external Google account**, including untrusted or unknown parties. Restricting sharing to allowlisted domains drastically reduces the surface area for accidental and malicious data exfiltration through Drive.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowlisted domains are still external. Users may not realize that even an allowlisted recipient is outside the organization, leading to **unintentional disclosure of sensitive content** to legitimate but external collaborators. A warning prompt at share time mitigates that without preventing the sharing itself.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/drive/manage-external-sharing-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/60781",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against anomalous attachment types, users may receive **emails with unusual file formats** that are designed to bypass standard security filters. Attackers may use **uncommon file extensions or MIME types** to deliver malware that evades signature-based detection.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/set-up-rules-to-detect-harmful-attachments",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "With auto-forwarding enabled, an attacker who gains control of a user account can create **forwarding rules to exfiltrate** all incoming email to an external address. This can persist undetected and provide the attacker with continuous access to sensitive communications even after the account is recovered.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/let-users-automatically-forward-their-own-gmail-emails",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/2491924",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without comprehensive mail storage, messages sent through other Google services (Calendar, Drive, etc.) may not be stored in Gmail and therefore **not subject to Vault retention policies**. This creates gaps in **compliance coverage**, **eDiscovery**, and **audit trails** that could violate regulatory requirements.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/set-up-comprehensive-mail-storage",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/3547347",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against domain spoofing based on similar domain names, users may receive **phishing emails from lookalike domains** (e.g., examp1e.com instead of example.com) that appear legitimate. This enables **credential theft, malware delivery, and business email compromise** attacks.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9157861",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against employee name spoofing, users may receive **emails that appear to come from colleagues or executives** but are actually from external attackers. This enables **business email compromise (BEC)**, **wire fraud**, and **social engineering attacks** that exploit trust relationships.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9157861",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against encrypted attachments from untrusted senders, users may receive **password-protected archives containing malware** that bypass standard content scanning. Attackers commonly use encrypted attachments to evade detection and deliver **ransomware, trojans, or other malicious payloads**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/set-up-rules-to-detect-harmful-attachments",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without enhanced pre-delivery scanning, some **sophisticated phishing and malware** messages may pass through standard filters and be delivered to users. The additional scanning layer catches threats that the first-pass filters miss, reducing the organization's exposure to **zero-day phishing campaigns** and **targeted attacks**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/security/help-prevent-phishing-with-pre-delivery-message-scanning",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7380368",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without external image scanning, attackers can use **linked images to track email opens**, deliver **exploit payloads via image rendering vulnerabilities**, or use images as part of sophisticated **phishing schemes** that mimic legitimate communications.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection of groups from domain-spoofing emails, attackers can send **spoofed messages to group mailboxes** that appear to originate from the organization. Since groups distribute to many recipients, a single spoofed email can enable **mass phishing, social engineering, or misinformation** campaigns across the organization.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9157861",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against inbound domain spoofing, users may receive **emails that appear to come from their own organization** but are sent by external attackers. This enables **internal impersonation**, **phishing**, and **business email compromise** attacks that exploit trust in internal communications.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9157861",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "If users can delegate access to their mailbox, an attacker who compromises one account could silently delegate access to maintain persistent email surveillance. This also increases the risk of **insider threats** and **data exfiltration** through shared mailbox access.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/let-users-delegate-access-to-a-gmail-account",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7223765",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "With per-user outbound gateways enabled, users can route outbound email through **external SMTP servers**, bypassing organizational **email security controls**, **DLP policies**, and **audit logging**. This creates an unmonitored channel for data exfiltration and policy circumvention.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/allow-per-user-outbound-gateways",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/176652",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "With POP and IMAP enabled, users can access email through **legacy clients** that rely on simple password authentication, bypassing **multifactor authentication** and other modern security controls. This significantly increases the risk of **credential-based account compromise**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/sync/turn-pop-and-imap-on-or-off-for-users",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/105694",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against script-bearing attachments from untrusted senders, users may receive **files containing malicious scripts** that can execute harmful code when opened. Attackers commonly use script attachments to deliver **malware, backdoors, or credential stealers**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/set-up-rules-to-detect-harmful-attachments",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without shortened URL scanning, attackers can use **URL shortening services** to hide malicious destinations in phishing emails. Users cannot visually verify where the link leads, increasing the success rate of **phishing and credential harvesting** attacks.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without protection against unauthenticated emails, users may receive **spoofed or forged messages** that fail SPF and DKIM checks but are still delivered normally. This enables **phishing**, **spam**, and **impersonation attacks** that exploit the lack of sender verification.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/9157861",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Without untrusted link warnings, users may click on **phishing links** or links to **malware distribution sites** without any warning. This significantly increases the success rate of **social engineering attacks** targeting the organization.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/gmail/advanced/advanced-phishing-and-malware-protection",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/7676854",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowing any user to create groups with external members or incoming email from outside increases the risk of **unauthorized data sharing**, **spam delivery**, and **shadow IT** groups that bypass organizational controls.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/groups/what-you-get-with-groups-for-business",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/10308022",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowing external access to groups exposes **group names, descriptions, and membership** to anyone outside the organization, increasing the risk of **information disclosure** and enabling external parties to identify targets for **social engineering attacks**.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/groups/what-you-get-with-groups-for-business",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/10308022",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowing all organization users or anyone to view group conversations can lead to **information disclosure** of sensitive discussions, internal decisions, and confidential data shared within groups.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/groups/what-you-get-with-groups-for-business",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/10308022",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "Allowing unrestricted Marketplace app installation exposes the organization to **unvetted third-party applications** that may request broad OAuth scopes, potentially gaining access to **sensitive organizational data** including emails, documents, and calendar events without proper security review.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/apps/manage-the-marketplace-app-allowlist-for-your-organization",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/6089179",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/protect-your-business-with-2-step-verification",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/protect-your-business-with-2-step-verification",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/protect-users-with-the-advanced-protection-program",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/apps/control-which-apps-access-google-workspace-data",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/about-dlp",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/apps/control-which-apps-access-google-workspace-data",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/apps/control-access-to-less-secure-apps",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/protect-google-workspace-accounts-with-security-challenges",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/users/enforce-and-monitor-password-requirements-for-users",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/security/set-session-length-for-google-services",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/users/allow-super-administrators-to-recover-their-password",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -14,7 +14,7 @@
  "RelatedUrl": "",
  "AdditionalURLs": [
    "https://knowledge.workspace.google.com/admin/users/set-up-password-recovery-for-users",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -13,8 +13,8 @@
  "Risk": "When Google Sites is enabled, users can create websites that may **inadvertently expose internal information** to external parties. These sites can be difficult to track and manage, creating potential **data leakage vectors** outside the organization's standard content management controls.",
  "RelatedUrl": "",
  "AdditionalURLs": [
-    "https://knowledge.workspace.google.com/admin/users/advanced/turn-a-service-on-or-off-for-google-workspace-users",
-    "https://docs.cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
+    "https://support.google.com/a/answer/182442",
+    "https://cloud.google.com/identity/docs/concepts/supported-policy-api-settings"
  ],
  "Remediation": {
    "Code": {
@@ -725,300 +725,6 @@ class TestAzureProviderSetupIdentitySubscriptions:
        }


-class TestAzureProviderSovereignCloudSupport:
-    """Sovereign-cloud authentication coverage across AzureCloud,
-    AzureChinaCloud and AzureUSGovernment for every authentication code path
-    Prowler exposes. Pinned to issue #8425."""
-
-    REGION_CASES = [
-        (
-            "AzureCloud",
-            None,
-            "https://management.azure.com",
-            ["https://management.azure.com/.default"],
-            "https://graph.microsoft.com/.default",
-            "https://api.loganalytics.io",
-            "login.microsoftonline.com",
-        ),
-        (
-            "AzureChinaCloud",
-            "login.chinacloudapi.cn",
-            "https://management.chinacloudapi.cn",
-            ["https://management.chinacloudapi.cn/.default"],
-            "https://microsoftgraph.chinacloudapi.cn/.default",
-            "https://api.loganalytics.azure.cn",
-            "login.chinacloudapi.cn",
-        ),
-        (
-            "AzureUSGovernment",
-            "login.microsoftonline.us",
-            "https://management.usgovcloudapi.net",
-            ["https://management.usgovcloudapi.net/.default"],
-            "https://graph.microsoft.us/.default",
-            "https://api.loganalytics.us",
-            "login.microsoftonline.us",
-        ),
-    ]
-
-    @pytest.mark.parametrize(
-        "region,authority,base_url,credential_scopes,graph_scope,logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_setup_region_config_per_cloud(
-        self,
-        region,
-        authority,
-        base_url,
-        credential_scopes,
-        graph_scope,
-        logs_endpoint,
-        _login_endpoint,
-    ):
-        config = AzureProvider.setup_region_config(region)
-
-        # graph_host mirrors graph_scope without the `/.default` suffix; we
-        # derive it here to avoid threading a separate parameter through every
-        # parametrized test in this class.
-        expected_graph_host = graph_scope.removesuffix("/.default")
-        assert config == AzureRegionConfig(
-            name=region,
-            authority=authority,
-            base_url=base_url,
-            credential_scopes=credential_scopes,
-            graph_host=expected_graph_host,
-            graph_scope=graph_scope,
-            logs_endpoint=logs_endpoint,
-        )
-
-    @pytest.mark.parametrize(
-        "region,authority,_base_url,_credential_scopes,_graph_scope,_logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_setup_session_static_credentials_passes_authority(
-        self,
-        region,
-        authority,
-        _base_url,
-        _credential_scopes,
-        _graph_scope,
-        _logs_endpoint,
-        _login_endpoint,
-    ):
-        with patch(
-            "prowler.providers.azure.azure_provider.ClientSecretCredential"
-        ) as mock_client_secret_credential:
-            azure_credentials = {
-                "tenant_id": str(uuid4()),
-                "client_id": str(uuid4()),
-                "client_secret": "fake-secret-value",
-            }
-            region_config = AzureProvider.setup_region_config(region)
-
-            AzureProvider.setup_session(
-                az_cli_auth=False,
-                sp_env_auth=False,
-                browser_auth=False,
-                managed_identity_auth=False,
-                tenant_id=azure_credentials["tenant_id"],
-                azure_credentials=azure_credentials,
-                region_config=region_config,
-            )
-
-            mock_client_secret_credential.assert_called_once_with(
-                tenant_id=azure_credentials["tenant_id"],
-                client_id=azure_credentials["client_id"],
-                client_secret=azure_credentials["client_secret"],
-                authority=authority,
-            )
-
-    @pytest.mark.parametrize(
-        "region,authority,_base_url,_credential_scopes,_graph_scope,_logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_setup_session_browser_auth_passes_authority(
-        self,
-        region,
-        authority,
-        _base_url,
-        _credential_scopes,
-        _graph_scope,
-        _logs_endpoint,
-        _login_endpoint,
-    ):
-        with patch(
-            "prowler.providers.azure.azure_provider.InteractiveBrowserCredential"
-        ) as mock_interactive_browser_credential:
-            tenant_id = str(uuid4())
-            region_config = AzureProvider.setup_region_config(region)
-
-            AzureProvider.setup_session(
-                az_cli_auth=False,
-                sp_env_auth=False,
-                browser_auth=True,
-                managed_identity_auth=False,
-                tenant_id=tenant_id,
-                azure_credentials=None,
-                region_config=region_config,
-            )
-
-            mock_interactive_browser_credential.assert_called_once_with(
-                tenant_id=tenant_id,
-                authority=authority,
-            )
-
-    @pytest.mark.parametrize(
-        "region,authority,_base_url,_credential_scopes,_graph_scope,_logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_setup_session_default_credential_passes_authority(
-        self,
-        region,
-        authority,
-        _base_url,
-        _credential_scopes,
-        _graph_scope,
-        _logs_endpoint,
-        _login_endpoint,
-    ):
-        with patch(
-            "prowler.providers.azure.azure_provider.DefaultAzureCredential"
-        ) as mock_default_credential:
-            region_config = AzureProvider.setup_region_config(region)
-
-            AzureProvider.setup_session(
-                az_cli_auth=True,
-                sp_env_auth=False,
-                browser_auth=False,
-                managed_identity_auth=False,
-                tenant_id=None,
-                azure_credentials=None,
-                region_config=region_config,
-            )
-
-            _, called_kwargs = mock_default_credential.call_args
-            assert called_kwargs["authority"] == authority
-            assert called_kwargs["exclude_cli_credential"] is False
-            assert called_kwargs["exclude_environment_credential"] is True
-            assert called_kwargs["exclude_managed_identity_credential"] is True
-
-    @pytest.mark.parametrize(
-        "region,_authority,_base_url,_credential_scopes,graph_scope,_logs_endpoint,login_endpoint",
-        REGION_CASES,
-    )
-    def test_verify_client_uses_per_cloud_endpoints(
-        self,
-        region,
-        _authority,
-        _base_url,
-        _credential_scopes,
-        graph_scope,
-        _logs_endpoint,
-        login_endpoint,
-    ):
-        tenant_id = str(uuid4())
-        client_id = str(uuid4())
-        client_secret = "fake-secret"
-        region_config = AzureProvider.setup_region_config(region)
-
-        with patch("prowler.providers.azure.azure_provider.requests.post") as mock_post:
-            mock_post.return_value = MagicMock()
-            mock_post.return_value.json.return_value = {"access_token": "fake-token"}
-
-            AzureProvider.verify_client(
-                tenant_id, client_id, client_secret, region_config
-            )
-
-            mock_post.assert_called_once()
-            args, kwargs = mock_post.call_args
-            assert args[0] == (
-                f"https://{login_endpoint}/{tenant_id}/oauth2/v2.0/token"
-            )
-            assert kwargs["data"]["scope"] == graph_scope
-            assert kwargs["data"]["client_id"] == client_id
-            assert kwargs["data"]["client_secret"] == client_secret
-
-    @pytest.mark.parametrize(
-        "region,_authority,base_url,credential_scopes,_graph_scope,_logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_test_connection_passes_base_url_to_subscription_client(
-        self,
-        region,
-        _authority,
-        base_url,
-        credential_scopes,
-        _graph_scope,
-        _logs_endpoint,
-        _login_endpoint,
-    ):
-        subscription_client_instance = MagicMock()
-        subscription_client_instance.subscriptions = MagicMock()
-        subscription_client_instance.subscriptions.list = MagicMock(return_value=[])
-        subscription_client_class = MagicMock(return_value=subscription_client_instance)
-
-        with (
-            patch(
-                "prowler.providers.azure.azure_provider.AzureProvider.setup_session"
-            ) as mock_setup_session,
-            patch(
-                "prowler.providers.azure.azure_provider.SubscriptionClient",
-                subscription_client_class,
-            ),
-        ):
-            mock_setup_session.return_value = MagicMock()
-
-            AzureProvider.test_connection(
-                az_cli_auth=True,
-                region=region,
-                raise_on_exception=False,
-            )
-
-            subscription_client_class.assert_called_once()
-            _, kwargs = subscription_client_class.call_args
-            assert kwargs["base_url"] == base_url
-            assert kwargs["credential_scopes"] == credential_scopes
-
-    @pytest.mark.parametrize(
-        "region,_authority,base_url,credential_scopes,_graph_scope,_logs_endpoint,_login_endpoint",
-        REGION_CASES,
-    )
-    def test_get_locations_passes_base_url_to_subscription_client(
-        self,
-        region,
-        _authority,
-        base_url,
-        credential_scopes,
-        _graph_scope,
-        _logs_endpoint,
-        _login_endpoint,
-    ):
-        subscription_client_instance = MagicMock()
-        subscription_client_instance.subscriptions = MagicMock()
-        subscription_client_instance.subscriptions.list_locations = MagicMock(
-            return_value=[]
-        )
-        subscription_client_class = MagicMock(return_value=subscription_client_instance)
-
-        with (
-            patch.object(AzureProvider, "__init__", return_value=None),
-            patch(
-                "prowler.providers.azure.azure_provider.SubscriptionClient",
-                subscription_client_class,
-            ),
-        ):
-            azure_provider = AzureProvider()
-            azure_provider._session = MagicMock()
-            azure_provider._region_config = AzureProvider.setup_region_config(region)
-            azure_provider._identity = AzureIdentityInfo(subscriptions={})
-
-            azure_provider.get_locations()
-
-            subscription_client_class.assert_called_once()
-            _, kwargs = subscription_client_class.call_args
-            assert kwargs["base_url"] == base_url
-            assert kwargs["credential_scopes"] == credential_scopes
-
-
 class TestAzureProviderSetupIdentityEventLoop:
    """Regression for the Celery worker scenario where
    asyncio.get_event_loop() raised "There is no current event loop in
@@ -2,17 +2,8 @@ from azure.identity import AzureAuthorityHosts

 from prowler.providers.azure.lib.regions.regions import (
    AZURE_CHINA_CLOUD,
-    AZURE_CHINA_GRAPH_HOST,
-    AZURE_CHINA_GRAPH_SCOPE,
-    AZURE_CHINA_LOGS_ENDPOINT,
    AZURE_GENERIC_CLOUD,
-    AZURE_GENERIC_GRAPH_HOST,
-    AZURE_GENERIC_GRAPH_SCOPE,
-    AZURE_GENERIC_LOGS_ENDPOINT,
    AZURE_US_GOV_CLOUD,
-    AZURE_US_GOV_GRAPH_HOST,
-    AZURE_US_GOV_GRAPH_SCOPE,
-    AZURE_US_GOV_LOGS_ENDPOINT,
    get_regions_config,
 )

@@ -29,25 +20,16 @@ class Test_azure_regions:
                "authority": None,
                "base_url": AZURE_GENERIC_CLOUD,
                "credential_scopes": [AZURE_GENERIC_CLOUD + "/.default"],
-                "graph_host": AZURE_GENERIC_GRAPH_HOST,
-                "graph_scope": AZURE_GENERIC_GRAPH_SCOPE,
-                "logs_endpoint": AZURE_GENERIC_LOGS_ENDPOINT,
            },
            "AzureChinaCloud": {
                "authority": AzureAuthorityHosts.AZURE_CHINA,
                "base_url": AZURE_CHINA_CLOUD,
                "credential_scopes": [AZURE_CHINA_CLOUD + "/.default"],
-                "graph_host": AZURE_CHINA_GRAPH_HOST,
-                "graph_scope": AZURE_CHINA_GRAPH_SCOPE,
-                "logs_endpoint": AZURE_CHINA_LOGS_ENDPOINT,
            },
            "AzureUSGovernment": {
                "authority": AzureAuthorityHosts.AZURE_GOVERNMENT,
                "base_url": AZURE_US_GOV_CLOUD,
                "credential_scopes": [AZURE_US_GOV_CLOUD + "/.default"],
-                "graph_host": AZURE_US_GOV_GRAPH_HOST,
-                "graph_scope": AZURE_US_GOV_GRAPH_SCOPE,
-                "logs_endpoint": AZURE_US_GOV_LOGS_ENDPOINT,
            },
        }

@@ -1,108 +0,0 @@
-from unittest.mock import MagicMock, patch
-
-import pytest
-
-from prowler.providers.azure.lib.service.service import AzureService
-from prowler.providers.azure.models import AzureIdentityInfo, AzureRegionConfig
-
-REGION_CASES = [
-    (
-        "AzureCloud",
-        "https://graph.microsoft.com",
-        "https://graph.microsoft.com/.default",
-        "https://api.loganalytics.io",
-    ),
-    (
-        "AzureChinaCloud",
-        "https://microsoftgraph.chinacloudapi.cn",
-        "https://microsoftgraph.chinacloudapi.cn/.default",
-        "https://api.loganalytics.azure.cn",
-    ),
-    (
-        "AzureUSGovernment",
-        "https://graph.microsoft.us",
-        "https://graph.microsoft.us/.default",
-        "https://api.loganalytics.us",
-    ),
-]
-
-
-def _identity_and_session():
-    identity = AzureIdentityInfo(
-        tenant_domain="tenant.onmicrosoft.com",
-        subscriptions={"sub-1": "Subscription 1"},
-    )
-    session = MagicMock()
-    return identity, session
-
-
-class TestAzureServiceSovereignClouds:
-    """Cover __set_clients__ kwargs for the Graph and Logs clients across the
-    three sovereign clouds — these are the two service slots in service.py
-    that historically defaulted to public-cloud endpoints."""
-
-    @pytest.mark.parametrize(
-        "_region,graph_host,graph_scope,_logs_endpoint",
-        REGION_CASES,
-    )
-    def test_set_clients_graph_uses_per_cloud_host_scope_and_adapter(
-        self, _region, graph_host, graph_scope, _logs_endpoint
-    ):
-        graph_service = MagicMock()
-        graph_service.__str__ = MagicMock(return_value="GraphServiceClient")
-        region_config = AzureRegionConfig(
-            graph_host=graph_host,
-            graph_scope=graph_scope,
-            logs_endpoint=_logs_endpoint,
-        )
-        identity, session = _identity_and_session()
-
-        with (
-            patch.object(AzureService, "__init__", return_value=None),
-            patch(
-                "prowler.providers.azure.lib.service.service.AzureIdentityAuthenticationProvider"
-            ) as mock_auth_provider_cls,
-            patch(
-                "prowler.providers.azure.lib.service.service.GraphClientFactory"
-            ) as mock_factory,
-            patch(
-                "prowler.providers.azure.lib.service.service.GraphRequestAdapter"
-            ) as mock_adapter_cls,
-        ):
-            service = AzureService.__new__(AzureService)
-            service.__set_clients__(identity, session, graph_service, region_config)
-
-        mock_auth_provider_cls.assert_called_once_with(session, scopes=[graph_scope])
-        mock_factory.create_with_default_middleware.assert_called_once_with(
-            host=graph_host
-        )
-        mock_adapter_cls.assert_called_once_with(
-            mock_auth_provider_cls.return_value,
-            client=mock_factory.create_with_default_middleware.return_value,
-        )
-        graph_service.assert_called_once_with(
-            request_adapter=mock_adapter_cls.return_value
-        )
-
-    @pytest.mark.parametrize(
-        "_region,_graph_host,_graph_scope,logs_endpoint",
-        REGION_CASES,
-    )
-    def test_set_clients_logs_passes_per_cloud_endpoint(
-        self, _region, _graph_host, _graph_scope, logs_endpoint
-    ):
-        logs_service = MagicMock()
-        logs_service.__str__ = MagicMock(return_value="LogsQueryClient")
-        region_config = AzureRegionConfig(
-            graph_host=_graph_host,
-            graph_scope=_graph_scope,
-            logs_endpoint=logs_endpoint,
-        )
-        identity, session = _identity_and_session()
-
-        with patch.object(AzureService, "__init__", return_value=None):
-            service = AzureService.__new__(AzureService)
-
-        service.__set_clients__(identity, session, logs_service, region_config)
-
-        logs_service.assert_called_once_with(credential=session, endpoint=logs_endpoint)
@@ -2,11 +2,11 @@

 All notable changes to the **Prowler UI** are documented in this file.

-## [1.29.0] (Prowler v5.29.0)
+## [1.29.0] (Prowler UNRELEASED)

 ### 🚀 Added

- Restyle `Scan Jobs` view with specific In Progress, Completed, Scheduled tabs [(#11258)](https://github.com/prowler-cloud/prowler/pull/11258)
+- New Scan Jobs view with specific In Progress, Completed, Scheduled tabs [(#11258)](https://github.com/prowler-cloud/prowler/pull/11258)

 ### 🔄 Changed

@@ -34,13 +34,4 @@ describe("providers page", () => {
    expect(source).toContain("size: 160");
    expect(source).toContain("size: 140");
  });
-
-  it("keeps the CLI import banner gated by the Cloud environment", () => {
-    const currentDir = path.dirname(fileURLToPath(import.meta.url));
-    const pagePath = path.join(currentDir, "page.tsx");
-    const source = readFileSync(pagePath, "utf8");
-
-    expect(source).toContain("NEXT_PUBLIC_IS_CLOUD_ENV");
-    expect(source).toContain("{isCloudEnvironment && <CliImportBanner");
-  });
 });
@@ -2,7 +2,6 @@ import { Suspense } from "react";

 import { ProvidersAccountsView } from "@/components/providers";
 import { SkeletonTableProviders } from "@/components/providers/table";
-import { CliImportBanner } from "@/components/scans";
 import { Skeleton } from "@/components/shadcn/skeleton/skeleton";
 import { ContentLayout } from "@/components/ui";
 import { FilterTransitionWrapper } from "@/contexts";
@@ -20,7 +19,6 @@ export default async function Providers({
 }) {
  const resolvedSearchParams = await searchParams;
  const activeTab = getProviderTab(resolvedSearchParams.tab);
-  const isCloudEnvironment = process.env.NEXT_PUBLIC_IS_CLOUD_ENV === "true";

  // Exclude `tab` from the Suspense key so switching tabs doesn't re-suspend
  const { tab: _, ...paramsWithoutTab } = resolvedSearchParams || {};
@@ -28,7 +26,6 @@ export default async function Providers({

  return (
    <ContentLayout title="Providers" icon="lucide:cloud-cog">
-      {isCloudEnvironment && <CliImportBanner className="mb-6" />}
      <FilterTransitionWrapper>
        <ProviderPageTabs
          activeTab={activeTab}
@@ -5,7 +5,7 @@ import {
  getCoreRowModel,
  useReactTable,
 } from "@tanstack/react-table";
-import { AnimatePresence, motion } from "framer-motion";
+import { motion } from "framer-motion";
 import { ChevronsDown } from "lucide-react";
 import { useImperativeHandle, useRef } from "react";

@@ -213,109 +213,112 @@ export function InlineResourceContainer({
        onMuteComplete: handleMuteComplete,
      }}
    >
-      <tr>
+      <motion.tr
+        initial={{ opacity: 0 }}
+        animate={{ opacity: 1 }}
+        exit={{ opacity: 0 }}
+        transition={{ duration: 0.2, ease: "easeOut" }}
+      >
        <td colSpan={columnCount} className="p-0">
-          <AnimatePresence initial>
-            <motion.div
-              initial={{ height: 0, opacity: 0 }}
-              animate={{ height: "auto", opacity: 1 }}
-              exit={{ height: 0, opacity: 0 }}
-              transition={{ duration: 0.2, ease: "easeOut" }}
-              className="overflow-hidden"
-            >
-              <div className="relative">
-                <div
-                  ref={combinedScrollRef}
-                  className="max-h-[440px] overflow-y-auto pl-6"
-                >
-                  {/* Resource rows or skeleton placeholder */}
-                  <table className="-mt-2.5 w-full border-separate border-spacing-y-4">
-                    <tbody>
-                      {isLoading && rows.length === 0 ? (
-                        Array.from({ length: skeletonRowCount }).map((_, i) => (
-                          <ResourceSkeletonRow
-                            key={i}
-                            isEmptyStateSized={filteredResourceCount === 0}
-                          />
-                        ))
-                      ) : rows.length > 0 ? (
-                        rows.map((row) => (
-                          <TableRow
-                            key={row.id}
-                            data-state={row.getIsSelected() && "selected"}
-                            className="cursor-pointer"
-                            onClick={(e) => {
-                              // Don't open drawer if clicking interactive elements
-                              // (links, buttons, checkboxes, dropdown items)
-                              const target = e.target as HTMLElement;
-                              if (
-                                target.closest(
-                                  "a, button, input, [role=menuitem]",
-                                )
+          <motion.div
+            initial={{ height: 0, opacity: 0 }}
+            animate={{ height: "auto", opacity: 1 }}
+            exit={{ height: 0, opacity: 0 }}
+            transition={{ duration: 0.2, ease: "easeInOut" }}
+            className="overflow-hidden"
+          >
+            <div className="relative">
+              <div
+                ref={combinedScrollRef}
+                className="max-h-[440px] overflow-y-auto pl-6"
+              >
+                {/* Resource rows or skeleton placeholder */}
+                <table className="-mt-2.5 w-full border-separate border-spacing-y-4">
+                  <tbody>
+                    {isLoading && rows.length === 0 ? (
+                      Array.from({ length: skeletonRowCount }).map((_, i) => (
+                        <ResourceSkeletonRow
+                          key={i}
+                          isEmptyStateSized={filteredResourceCount === 0}
+                        />
+                      ))
+                    ) : rows.length > 0 ? (
+                      rows.map((row) => (
+                        <TableRow
+                          key={row.id}
+                          data-state={row.getIsSelected() && "selected"}
+                          className="cursor-pointer"
+                          onClick={(e) => {
+                            // Don't open drawer if clicking interactive elements
+                            // (links, buttons, checkboxes, dropdown items)
+                            const target = e.target as HTMLElement;
+                            if (
+                              target.closest(
+                                "a, button, input, [role=menuitem]",
                              )
-                                return;
-                              drawer.openDrawer(row.index);
-                            }}
-                          >
-                            {row.getVisibleCells().map((cell) => (
-                              <TableCell key={cell.id}>
-                                {flexRender(
-                                  cell.column.columnDef.cell,
-                                  cell.getContext(),
-                                )}
-                              </TableCell>
-                            ))}
-                          </TableRow>
-                        ))
-                      ) : (
-                        <TableRow className="hover:bg-transparent">
-                          <TableCell
-                            colSpan={columns.length}
-                            className="h-24 text-center"
-                          >
-                            {getFindingGroupEmptyStateMessage(group, filters)}
-                          </TableCell>
+                            )
+                              return;
+                            drawer.openDrawer(row.index);
+                          }}
+                        >
+                          {row.getVisibleCells().map((cell) => (
+                            <TableCell key={cell.id}>
+                              {flexRender(
+                                cell.column.columnDef.cell,
+                                cell.getContext(),
+                              )}
+                            </TableCell>
+                          ))}
                        </TableRow>
-                      )}
-                    </tbody>
-                  </table>
+                      ))
+                    ) : (
+                      <TableRow className="hover:bg-transparent">
+                        <TableCell
+                          colSpan={columns.length}
+                          className="h-24 text-center"
+                        >
+                          {getFindingGroupEmptyStateMessage(group, filters)}
+                        </TableCell>
+                      </TableRow>
+                    )}
+                  </tbody>
+                </table>

-                  {/* Loading state for infinite scroll (subsequent pages only) */}
-                  {isLoading && rows.length > 0 && (
-                    <LoadingState label="Loading resources..." />
-                  )}
+                {/* Loading state for infinite scroll (subsequent pages only) */}
+                {isLoading && rows.length > 0 && (
+                  <LoadingState label="Loading resources..." />
+                )}

-                  {/* Sentinel for scroll hint detection */}
-                  <div
-                    ref={scrollHintSentinelRef}
-                    aria-hidden
-                    className="h-px shrink-0"
-                  />
+                {/* Sentinel for scroll hint detection */}
+                <div
+                  ref={scrollHintSentinelRef}
+                  aria-hidden
+                  className="h-px shrink-0"
+                />

-                  {/* Sentinel for infinite scroll */}
-                  <div ref={sentinelRef} className="h-1" />
-                </div>
+                {/* Sentinel for infinite scroll */}
+                <div ref={sentinelRef} className="h-1" />
+              </div>

-                {/* Gradients rendered after scroll container so they paint on top */}
-                <div className="from-bg-neutral-secondary pointer-events-none absolute top-0 right-0 left-6 z-20 h-6 bg-gradient-to-b to-transparent" />
-                <div className="from-bg-neutral-secondary pointer-events-none absolute right-0 bottom-0 left-6 z-20 h-6 bg-gradient-to-t to-transparent" />
+              {/* Gradients rendered after scroll container so they paint on top */}
+              <div className="from-bg-neutral-secondary pointer-events-none absolute top-0 right-0 left-6 z-20 h-6 bg-gradient-to-b to-transparent" />
+              <div className="from-bg-neutral-secondary pointer-events-none absolute right-0 bottom-0 left-6 z-20 h-6 bg-gradient-to-t to-transparent" />

-                {/* Scroll hint */}
-                {showScrollHint && (
-                  <div className="pointer-events-none absolute right-0 bottom-0 left-6 z-30">
-                    <div className="absolute inset-x-0 bottom-2 flex justify-center">
-                      <div className="bg-bg-neutral-tertiary text-text-neutral-secondary animate-bounce rounded-full px-3 py-1 text-xs shadow-md">
-                        <ChevronsDown className="inline size-3.5" /> Scroll for
-                        more
-                      </div>
+              {/* Scroll hint */}
+              {showScrollHint && (
+                <div className="pointer-events-none absolute right-0 bottom-0 left-6 z-30">
+                  <div className="absolute inset-x-0 bottom-2 flex justify-center">
+                    <div className="bg-bg-neutral-tertiary text-text-neutral-secondary animate-bounce rounded-full px-3 py-1 text-xs shadow-md">
+                      <ChevronsDown className="inline size-3.5" /> Scroll for
+                      more
                    </div>
                  </div>
-                )}
-              </div>
-            </motion.div>
-          </AnimatePresence>
+                </div>
+              )}
+            </div>
+          </motion.div>
        </td>
-      </tr>
+      </motion.tr>

      <ResourceDetailDrawer
        open={drawer.isOpen}
@@ -3,7 +3,6 @@ import type { ComponentProps } from "react";
 import { beforeEach, describe, expect, it, vi } from "vitest";

 import { useProviderWizardStore } from "@/store/provider-wizard/store";
-import { SCAN_JOBS_TAB } from "@/types";

 import { LaunchStep } from "./launch-step";

@@ -82,9 +81,5 @@ describe("LaunchStep", () => {
        title: "Scan Launched",
      }),
    );
-    const toastPayload = toastMock.mock.calls[0]?.[0];
-    expect(toastPayload.action.props.children.props.href).toBe(
-      `/scans?tab=${SCAN_JOBS_TAB.ACTIVE}`,
-    );
  });
 });
@@ -15,7 +15,6 @@ import { Spinner } from "@/components/shadcn/spinner/spinner";
 import { TreeStatusIcon } from "@/components/shadcn/tree-view/tree-status-icon";
 import { ToastAction, useToast } from "@/components/ui";
 import { useProviderWizardStore } from "@/store/provider-wizard/store";
-import { SCAN_JOBS_TAB } from "@/types";
 import { TREE_ITEM_STATUS } from "@/types/tree";

 import {
@@ -82,7 +81,7 @@ export function LaunchStep({
          : "Single scan launched successfully.",
      action: (
        <ToastAction altText="Go to scans" asChild>
-          <Link href={`/scans?tab=${SCAN_JOBS_TAB.ACTIVE}`}>Go to scans</Link>
+          <Link href="/scans">Go to scans</Link>
        </ToastAction>
      ),
    });
@@ -1,89 +0,0 @@
-import { render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { beforeEach, describe, expect, it, vi } from "vitest";
-
-import { DOCS_URLS } from "@/lib/external-urls";
-
-import { CliImportBanner } from "./cli-import-banner";
-
-const STORAGE_KEY = "prowler:cli-import-banner-dismissed";
-
-const localStorageMock = (() => {
-  let store: Record<string, string> = {};
-
-  return {
-    getItem: vi.fn((key: string) => store[key] ?? null),
-    setItem: vi.fn((key: string, value: string) => {
-      store[key] = value;
-    }),
-    removeItem: vi.fn((key: string) => {
-      delete store[key];
-    }),
-    clear: vi.fn(() => {
-      store = {};
-    }),
-    get length() {
-      return Object.keys(store).length;
-    },
-    key: vi.fn((index: number) => Object.keys(store)[index] ?? null),
-  };
-})();
-
-Object.defineProperty(window, "localStorage", {
-  value: localStorageMock,
-  writable: true,
-});
-
-describe("CliImportBanner", () => {
-  beforeEach(() => {
-    localStorageMock.clear();
-    vi.clearAllMocks();
-  });
-
-  it("renders the banner when not dismissed", () => {
-    render(<CliImportBanner />);
-
-    expect(
-      screen.getByText(/Import findings from Prowler CLI/),
-    ).toBeInTheDocument();
-  });
-
-  it("renders a link to the documentation", () => {
-    render(<CliImportBanner />);
-
-    const link = screen.getByRole("link", { name: "Learn more" });
-
-    expect(link).toHaveAttribute("href", DOCS_URLS.FINDINGS_INGESTION);
-    expect(link).toHaveAttribute("target", "_blank");
-    expect(link).toHaveAttribute("rel", "noopener noreferrer");
-  });
-
-  it("does not render when previously dismissed", () => {
-    localStorageMock.setItem(STORAGE_KEY, "true");
-
-    const { container } = render(<CliImportBanner />);
-
-    expect(container).toBeEmptyDOMElement();
-  });
-
-  it("dismisses the banner and persists to localStorage on close", async () => {
-    const user = userEvent.setup();
-
-    render(<CliImportBanner />);
-
-    const closeButton = screen.getByRole("button", { name: "Close" });
-
-    await user.click(closeButton);
-
-    expect(
-      screen.queryByText(/Import findings from Prowler CLI/),
-    ).not.toBeInTheDocument();
-    expect(localStorageMock.setItem).toHaveBeenCalledWith(STORAGE_KEY, "true");
-  });
-
-  it("renders with role='alert'", () => {
-    render(<CliImportBanner />);
-
-    expect(screen.getByRole("alert")).toBeInTheDocument();
-  });
-});
@@ -1,49 +0,0 @@
-"use client";
-
-import { Upload } from "lucide-react";
-import Link from "next/link";
-import { useState } from "react";
-
-import { Alert, AlertTitle } from "@/components/shadcn";
-import { useMountEffect } from "@/hooks/use-mount-effect";
-import { DOCS_URLS } from "@/lib/external-urls";
-import { cn } from "@/lib/utils";
-
-const STORAGE_KEY = "prowler:cli-import-banner-dismissed";
-
-export const CliImportBanner = ({ className }: { className?: string }) => {
-  const [isVisible, setIsVisible] = useState<boolean | null>(null);
-
-  useMountEffect(() => {
-    const isDismissed = localStorage.getItem(STORAGE_KEY) === "true";
-    setIsVisible(!isDismissed);
-  });
-
-  const handleClose = () => {
-    localStorage.setItem(STORAGE_KEY, "true");
-    setIsVisible(false);
-  };
-
-  if (isVisible === null || !isVisible) return null;
-
-  return (
-    <Alert
-      variant="info"
-      onClose={handleClose}
-      className={cn("animate-fade-in", className)}
-    >
-      <Upload />
-      <AlertTitle>
-        Import findings from Prowler CLI —{" "}
-        <Link
-          href={DOCS_URLS.FINDINGS_INGESTION}
-          target="_blank"
-          rel="noopener noreferrer"
-          className="font-normal underline underline-offset-2"
-        >
-          Learn more
-        </Link>
-      </AlertTitle>
-    </Alert>
-  );
-};
@@ -1,2 +1 @@
 export * from "./auto-refresh";
-export * from "./cli-import-banner";
@@ -1,66 +0,0 @@
-import { render, screen } from "@testing-library/react";
-import { describe, expect, it, vi } from "vitest";
-
-import { SCAN_JOBS_TAB } from "@/types";
-
-import { ScansFilterBar } from "./scans-filter-bar";
-
-vi.mock("@/components/filters/provider-account-selectors", () => ({
-  ProviderAccountSelectors: () => <div>Provider account selectors</div>,
-}));
-
-vi.mock("@/components/shadcn", () => ({
-  Select: ({ children }: { children: React.ReactNode }) => (
-    <div>{children}</div>
-  ),
-  SelectContent: ({ children }: { children: React.ReactNode }) => (
-    <div>{children}</div>
-  ),
-  SelectItem: ({
-    children,
-    value,
-  }: {
-    children: React.ReactNode;
-    value: string;
-  }) => <div data-value={value}>{children}</div>,
-  SelectTrigger: ({ children, ...props }: React.ComponentProps<"button">) => (
-    <button {...props}>{children}</button>
-  ),
-  SelectValue: ({ placeholder }: { placeholder: string }) => (
-    <span>{placeholder}</span>
-  ),
-}));
-
-const defaultProps = {
-  providers: [],
-  scheduleType: "all",
-  scanStatus: "all",
-  showStatusFilter: false,
-  onScheduleTypeChange: vi.fn(),
-  onScanStatusChange: vi.fn(),
-};
-
-describe("ScansFilterBar", () => {
-  it("hides the type filter on the scheduled tab", () => {
-    // Given
-    render(
-      <ScansFilterBar {...defaultProps} activeTab={SCAN_JOBS_TAB.SCHEDULED} />,
-    );
-
-    // Then
-    expect(
-      screen.queryByRole("button", { name: /all types/i }),
-    ).not.toBeInTheDocument();
-    expect(screen.getByText("Provider account selectors")).toBeInTheDocument();
-  });
-
-  it("shows the type filter outside the scheduled tab", () => {
-    // Given
-    render(
-      <ScansFilterBar {...defaultProps} activeTab={SCAN_JOBS_TAB.COMPLETED} />,
-    );
-
-    // Then
-    expect(screen.getByRole("button", { name: /all types/i })).toBeVisible();
-  });
-});
@@ -8,7 +8,7 @@ import {
  SelectTrigger,
  SelectValue,
 } from "@/components/shadcn";
-import { SCAN_JOBS_TAB, type ScanJobsTab } from "@/types";
+import type { ScanJobsTab } from "@/types";
 import type { ProviderProps } from "@/types/providers";

 import {
@@ -40,7 +40,6 @@ export function ScansFilterBar({
  const isCloudEnvironment = process.env.NEXT_PUBLIC_IS_CLOUD_ENV === "true";
  const triggerFilterOptions = getScanTriggerFilterOptions(isCloudEnvironment);
  const statusFilterOptions = getScanStatusFilterOptions(activeTab);
-  const showScheduleTypeFilter = activeTab !== SCAN_JOBS_TAB.SCHEDULED;

  return (
    <>
@@ -53,20 +52,18 @@ export function ScansFilterBar({
        accountSelectorClassName={filterItemClass}
      />

-      {showScheduleTypeFilter && (
-        <Select value={scheduleType} onValueChange={onScheduleTypeChange}>
-          <SelectTrigger aria-label="All Types" className={filterItemClass}>
-            <SelectValue placeholder="All Types" />
-          </SelectTrigger>
-          <SelectContent>
-            {triggerFilterOptions.map((option) => (
-              <SelectItem key={option.value} value={option.value}>
-                {option.label}
-              </SelectItem>
-            ))}
-          </SelectContent>
-        </Select>
-      )}
+      <Select value={scheduleType} onValueChange={onScheduleTypeChange}>
+        <SelectTrigger aria-label="All Types" className={filterItemClass}>
+          <SelectValue placeholder="All Types" />
+        </SelectTrigger>
+        <SelectContent>
+          {triggerFilterOptions.map((option) => (
+            <SelectItem key={option.value} value={option.value}>
+              {option.label}
+            </SelectItem>
+          ))}
+        </SelectContent>
+      </Select>

      {showStatusFilter && (
        <Select value={scanStatus} onValueChange={onScanStatusChange}>
@@ -16,32 +16,6 @@ const { scansFilterBarSpy } = vi.hoisted(() => ({
  scansFilterBarSpy: vi.fn(),
 }));

-const localStorageMock = (() => {
-  let store: Record<string, string> = {};
-
-  return {
-    getItem: vi.fn((key: string) => store[key] ?? null),
-    setItem: vi.fn((key: string, value: string) => {
-      store[key] = value;
-    }),
-    removeItem: vi.fn((key: string) => {
-      delete store[key];
-    }),
-    clear: vi.fn(() => {
-      store = {};
-    }),
-    get length() {
-      return Object.keys(store).length;
-    },
-    key: vi.fn((index: number) => Object.keys(store)[index] ?? null),
-  };
-})();
-
-Object.defineProperty(window, "localStorage", {
-  value: localStorageMock,
-  writable: true,
-});
-
 vi.mock("next/navigation", () => ({
  usePathname: () => "/scans",
  useRouter: () => ({
@@ -146,7 +120,6 @@ describe("ScansPageShell", () => {
  afterEach(() => {
    vi.unstubAllEnvs();
    vi.clearAllMocks();
-    localStorageMock.clear();
    searchParamsValue.current = "";
    useScansStore.getState().closeLaunchScanModal();
  });
@@ -218,36 +191,6 @@ describe("ScansPageShell", () => {
    expect(screen.getByRole("combobox", { name: /all types/i })).toBeVisible();
  });

-  it("shows the CLI import banner in Cloud", () => {
-    vi.stubEnv("NEXT_PUBLIC_IS_CLOUD_ENV", "true");
-
-    render(
-      <ScansPageShell providers={providers} hasManageScansPermission>
-        <div>Scans table</div>
-      </ScansPageShell>,
-    );
-
-    expect(screen.getByRole("alert")).toHaveTextContent(
-      /import findings from prowler cli/i,
-    );
-    expect(screen.getByRole("link", { name: /learn more/i })).toHaveAttribute(
-      "href",
-      "https://docs.prowler.com/user-guide/tutorials/prowler-app-import-findings",
-    );
-  });
-
-  it("hides the CLI import banner outside Cloud", () => {
-    vi.stubEnv("NEXT_PUBLIC_IS_CLOUD_ENV", "false");
-
-    render(
-      <ScansPageShell providers={providers} hasManageScansPermission>
-        <div>Scans table</div>
-      </ScansPageShell>,
-    );
-
-    expect(screen.queryByRole("alert")).not.toBeInTheDocument();
-  });
-
  it("keeps launch scan with filters and mutelist with tabs", () => {
    vi.stubEnv("NEXT_PUBLIC_IS_CLOUD_ENV", "false");

@@ -389,22 +332,4 @@ describe("ScansPageShell", () => {
    expect(calledUrl).toContain("tab=active");
    expect(calledUrl).not.toContain("filter%5Bstate__in%5D");
  });
-
-  it("clears type filter when switching to scheduled scans", async () => {
-    vi.stubEnv("NEXT_PUBLIC_IS_CLOUD_ENV", "false");
-    searchParamsValue.current = "tab=completed&filter%5Btrigger%5D=manual";
-    const user = userEvent.setup();
-
-    render(
-      <ScansPageShell providers={providers} hasManageScansPermission>
-        <div>Scans table</div>
-      </ScansPageShell>,
-    );
-
-    await user.click(screen.getByRole("tab", { name: /scheduled/i }));
-
-    const calledUrl = pushMock.mock.calls.at(-1)?.[0] as string;
-    expect(calledUrl).toContain("tab=scheduled");
-    expect(calledUrl).not.toContain("filter%5Btrigger%5D");
-  });
 });
@@ -19,7 +19,6 @@ import { useScansStore } from "@/store";
 import { SCAN_JOBS_TAB, SCAN_TAB_LABELS, type ScanJobsTab } from "@/types";
 import type { ProviderProps } from "@/types/providers";

-import { CliImportBanner } from "./cli-import-banner";
 import { LaunchScanModal } from "./launch-scan-modal";
 import { ScansFilterBar } from "./scans-filter-bar";
 import { useScansFilters } from "./use-scans-filters";
@@ -54,7 +53,6 @@ export function ScansPageShell({
  const hasConnectedProviders = providers.some(
    (provider) => provider.attributes.connection.connected === true,
  );
-  const isCloudEnvironment = process.env.NEXT_PUBLIC_IS_CLOUD_ENV === "true";
  const launchDisabled = !hasManageScansPermission || !hasConnectedProviders;
  const launchOpen = isLaunchScanModalOpen || urlLaunchOpen;

@@ -106,8 +104,6 @@ export function ScansPageShell({
        </Button>
      </div>

-      {isCloudEnvironment && <CliImportBanner />}
-
      <Tabs
        value={filters.activeTab}
        onValueChange={filters.setTab}
@@ -1,22 +1,9 @@
 import { render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
-import { afterEach, describe, expect, it, vi } from "vitest";
+import { describe, expect, it, vi } from "vitest";

 import { ScansProvidersEmptyState } from "./scans-providers-empty-state";

-const { replaceMock, searchParamsValue } = vi.hoisted(() => ({
-  replaceMock: vi.fn(),
-  searchParamsValue: { current: "" },
-}));
-
-vi.mock("next/navigation", () => ({
-  usePathname: () => "/scans",
-  useRouter: () => ({
-    replace: replaceMock,
-  }),
-  useSearchParams: () => new URLSearchParams(searchParamsValue.current),
-}));
-
 vi.mock("@/components/providers/wizard", () => ({
  ProviderWizardModal: ({ open }: { open: boolean }) =>
    open ? <div role="dialog">Provider wizard</div> : null,
@@ -27,11 +14,6 @@ vi.mock("./no-providers-connected", () => ({
 }));

 describe("ScansProvidersEmptyState", () => {
-  afterEach(() => {
-    vi.clearAllMocks();
-    searchParamsValue.current = "";
-  });
-
  it("shows the add provider message and opens the provider wizard", async () => {
    const user = userEvent.setup();

@@ -46,25 +28,6 @@ describe("ScansProvidersEmptyState", () => {
    expect(screen.getByRole("dialog")).toHaveTextContent("Provider wizard");
  });

-  it("clears the launch scan URL intent before opening the provider wizard", async () => {
-    // Given
-    searchParamsValue.current = "tab=completed&launchScan=true";
-    const user = userEvent.setup();
-
-    render(<ScansProvidersEmptyState thereIsNoProviders />);
-
-    // When
-    await user.click(
-      screen.getByRole("button", { name: /open add provider modal/i }),
-    );
-
-    // Then
-    expect(replaceMock).toHaveBeenCalledWith("/scans?tab=completed", {
-      scroll: false,
-    });
-    expect(screen.getByRole("dialog")).toHaveTextContent("Provider wizard");
-  });
-
  it("shows the no connected providers message", () => {
    render(<ScansProvidersEmptyState thereIsNoProviders={false} />);

@@ -1,10 +1,8 @@
 "use client";

-import { usePathname, useRouter, useSearchParams } from "next/navigation";
 import { useState } from "react";

 import { ProviderWizardModal } from "@/components/providers/wizard";
-import { LAUNCH_SCAN_SEARCH_PARAM } from "@/lib/scans-navigation";

 import { NoProvidersAdded } from "./no-providers-added";
 import { NoProvidersConnected } from "./no-providers-connected";
@@ -16,28 +14,12 @@ interface ScansProvidersEmptyStateProps {
 export function ScansProvidersEmptyState({
  thereIsNoProviders,
 }: ScansProvidersEmptyStateProps) {
-  const pathname = usePathname();
-  const router = useRouter();
-  const searchParams = useSearchParams();
  const [isProviderWizardOpen, setIsProviderWizardOpen] = useState(false);

-  const openProviderWizard = () => {
-    if (searchParams.has(LAUNCH_SCAN_SEARCH_PARAM)) {
-      const params = new URLSearchParams(searchParams.toString());
-      params.delete(LAUNCH_SCAN_SEARCH_PARAM);
-      const query = params.toString();
-      router.replace(query ? `${pathname}?${query}` : pathname, {
-        scroll: false,
-      });
-    }
-
-    setIsProviderWizardOpen(true);
-  };
-
  return (
    <>
      {thereIsNoProviders ? (
-        <NoProvidersAdded onOpenWizard={openProviderWizard} />
+        <NoProvidersAdded onOpenWizard={() => setIsProviderWizardOpen(true)} />
      ) : (
        <NoProvidersConnected />
      )}
@@ -94,18 +94,6 @@ describe("scans.utils", () => {
    });
  });

-  it("excludes trigger filters from scheduled scans", () => {
-    expect(
-      getScanJobsUserFilters({
-        tab: "scheduled",
-        "filter[trigger]": "manual",
-        "filter[provider_uid]": "123456789012",
-      }),
-    ).toEqual({
-      "filter[provider_uid]": "123456789012",
-    });
-  });
-
  it("formats scan labels and durations for table display", () => {
    expect(getScanAlias(makeScan(""))).toBe("-");
    expect(getScanAlias(makeScan("Daily scheduled scan", "scheduled"))).toBe(
@@ -77,14 +77,8 @@ function isSearchParamValue(value: unknown): value is string | string[] {
 export function getScanJobsUserFilters(
  searchParams: SearchParamsProps,
 ): Record<string, string | string[]> {
-  const tab = getScanJobsTab(searchParams.tab);
-
  return Object.entries(searchParams).reduce<Record<string, string | string[]>>(
    (filters, [key, value]) => {
-      if (tab === SCAN_JOBS_TAB.SCHEDULED && key === "filter[trigger]") {
-        return filters;
-      }
-
      if (
        key.startsWith("filter[") &&
        !isScanStateFilterKey(key) &&
@@ -81,17 +81,6 @@ const makeCompletedScan = (): ScanProps => ({
  },
 });

-const makeScheduledScan = (): ScanProps => ({
-  ...makeCompletedScan(),
-  attributes: {
-    ...makeCompletedScan().attributes,
-    trigger: "scheduled",
-    state: "scheduled",
-    scheduled_at: "2026-01-01T10:00:00Z",
-    next_scan_at: "2026-01-02T10:00:00Z",
-  },
-});
-
 const renderCell = (
  columnId: string,
  scan: ScanProps,
@@ -148,6 +137,7 @@ describe("getScanJobsColumns", () => {
      "account",
      "scanInfo",
      "scanSchedule",
+      "nextScan",
      "actions",
    ]);
  });
@@ -173,19 +163,4 @@ describe("getScanJobsColumns", () => {

    expect(screen.getByText("1 min 13 sec")).toBeInTheDocument();
  });
-
-  it("labels the completed scan schedule column as Type", () => {
-    renderHeader(SCAN_JOBS_TAB.COMPLETED, "scanSchedule");
-
-    expect(screen.getByText("Type")).toBeInTheDocument();
-    expect(screen.queryByText("Schedule")).not.toBeInTheDocument();
-  });
-
-  it("keeps the scheduled column without repeating the scheduled label in each row", () => {
-    renderHeader(SCAN_JOBS_TAB.SCHEDULED, "scanSchedule");
-    renderCell("scanSchedule", makeScheduledScan(), SCAN_JOBS_TAB.SCHEDULED);
-
-    expect(screen.getByText("Schedule")).toBeInTheDocument();
-    expect(screen.queryByText("Scheduled")).not.toBeInTheDocument();
-  });
 });
@@ -39,25 +39,13 @@ const scanInfoColumn: ColumnDef<ScanProps> = {
  cell: ({ row }) => <ScanInfoCell scan={row.original} />,
 };

-const getScanScheduleColumn = (title: string): ColumnDef<ScanProps> => ({
+const scanScheduleColumn: ColumnDef<ScanProps> = {
  id: "scanSchedule",
  accessorFn: (row) => row.attributes.trigger,
  header: ({ column }) => (
-    <DataTableColumnHeader column={column} title={title} param="trigger" />
+    <DataTableColumnHeader column={column} title="Schedule" param="trigger" />
  ),
  cell: ({ row }) => <ScheduleCell scan={row.original} />,
-});
-
-const scheduledScanScheduleColumn: ColumnDef<ScanProps> = {
-  id: "scanSchedule",
-  accessorFn: (row) => row.attributes.scheduled_at,
-  header: ({ column }) => (
-    <DataTableColumnHeader column={column} title="Schedule" />
-  ),
-  cell: ({ row }) => (
-    <DateWithTime dateTime={row.original.attributes.scheduled_at} showTime />
-  ),
-  enableSorting: false,
 };

 const resourcesColumn: ColumnDef<ScanProps> = {
@@ -98,7 +86,7 @@ const activeColumns = (): ColumnDef<ScanProps>[] => [
    cell: ({ row }) => <ProgressCell scan={row.original} />,
    enableSorting: false,
  },
-  getScanScheduleColumn("Schedule"),
+  scanScheduleColumn,
  {
    id: "launched",
    header: ({ column }) => (
@@ -130,7 +118,7 @@ const completedColumns = (): ColumnDef<ScanProps>[] => [
    cell: ({ row }) => <StatusBadge status={row.original.attributes.state} />,
    enableSorting: false,
  },
-  getScanScheduleColumn("Type"),
+  scanScheduleColumn,
  {
    id: "scanDate",
    accessorFn: (row) => row.attributes.completed_at,
@@ -151,7 +139,7 @@ const completedColumns = (): ColumnDef<ScanProps>[] => [
 const scheduledColumns = (): ColumnDef<ScanProps>[] => [
  accountColumn,
  scanInfoColumn,
-  scheduledScanScheduleColumn,
+  scanScheduleColumn,
  /*
   * TODO: Restore this column when the API exposes the last completed scan date for this schedule.
   * {
@@ -165,6 +153,20 @@ const scheduledColumns = (): ColumnDef<ScanProps>[] => [
   *   enableSorting: false,
   * },
   */
+  {
+    id: "nextScan",
+    accessorFn: (row) => row.attributes.next_scan_at,
+    header: ({ column }) => (
+      <DataTableColumnHeader
+        column={column}
+        title="Next Run"
+        param="next_scan_at"
+      />
+    ),
+    cell: ({ row }) => (
+      <DateWithTime dateTime={row.original.attributes.next_scan_at} />
+    ),
+  },
  actionsColumn,
 ];

@@ -46,19 +46,13 @@ export function useScansFilters(): UseScansFiltersReturn {
    router.push(`${pathname}?${params.toString()}`, { scroll: false });
  };

-  const setTab = (tab: string) => {
-    const isScheduledTab = tab === SCAN_JOBS_TAB.SCHEDULED;
-    const updates: Record<string, string | null> = {
+  const setTab = (tab: string) =>
+    updateParams({
      tab,
      sort: null,
      "filter[state]": null,
      "filter[state__in]": null,
-    };
-
-    if (isScheduledTab) updates["filter[trigger]"] = null;
-
-    updateParams(updates);
-  };
+    });

  const setScheduleType = (value: string) =>
    updateParams({ "filter[trigger]": value });
@@ -32,4 +32,53 @@ describe("Button", () => {
      "text-xs",
    );
  });
+
+  it("applies the shared press and reduced-motion contract to button-like variants", () => {
+    // Given
+    render(<Button>Start scan</Button>);
+
+    // When
+    const button = screen.getByRole("button", { name: "Start scan" });
+
+    // Then
+    expect(button).toHaveClass(
+      "transition-[background-color,border-color,color,box-shadow,transform,scale]",
+      "duration-150",
+      "ease-out",
+      "active:scale-[0.98]",
+      "motion-reduce:active:scale-100",
+      "motion-reduce:transform-none",
+      "motion-reduce:transition-none",
+    );
+    expect(button).not.toHaveClass("transition-all");
+  });
+
+  it("keeps link buttons from scaling on press", () => {
+    // Given
+    render(<Button variant="link">Open details</Button>);
+
+    // When
+    const button = screen.getByRole("button", { name: "Open details" });
+
+    // Then
+    expect(button).toHaveClass("active:scale-100");
+    expect(button).not.toHaveClass("active:scale-[0.98]");
+  });
+
+  it("keeps menu buttons on the shared targeted transition recipe", () => {
+    // Given
+    render(<Button variant="menu">Open menu</Button>);
+
+    // When
+    const button = screen.getByRole("button", { name: "Open menu" });
+
+    // Then
+    expect(button).toHaveClass(
+      "transition-[background-color,border-color,color,box-shadow,transform,scale]",
+      "duration-200",
+      "active:scale-[0.98]",
+      "motion-reduce:active:scale-100",
+    );
+    expect(button).not.toHaveClass("transition-all");
+  });
 });
@@ -5,7 +5,7 @@ import type { ComponentProps } from "react";
 import { cn } from "@/lib/utils";

 const buttonVariants = cva(
-  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-[8px] text-sm font-medium transition-all disabled:pointer-events-none disabled:bg-button-disabled disabled:text-text-neutral-tertiary outline-none focus-visible:ring-2 focus-visible:ring-offset-2 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0",
+  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-[8px] text-sm font-medium transition-[background-color,border-color,color,box-shadow,transform,scale] duration-150 ease-out active:scale-[0.98] disabled:pointer-events-none disabled:bg-button-disabled disabled:text-text-neutral-tertiary motion-reduce:active:scale-100 motion-reduce:transform-none motion-reduce:transition-none outline-none focus-visible:ring-2 focus-visible:ring-offset-2 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0",
  {
    variants: {
      variant: {
@@ -21,13 +21,13 @@ const buttonVariants = cva(
          "border border-border-neutral-secondary bg-bg-neutral-secondary hover:bg-bg-neutral-tertiary active:bg-border-neutral-tertiary text-text-neutral-primary focus-visible:ring-border-neutral-tertiary/50",
        ghost:
          "border border-transparent text-text-neutral-primary hover:bg-bg-neutral-tertiary active:bg-border-neutral-secondary focus-visible:ring-border-neutral-secondary/50",
-        link: "text-button-tertiary underline-offset-4 hover:text-button-tertiary-hover disabled:bg-transparent",
+        link: "text-button-tertiary underline-offset-4 hover:text-button-tertiary-hover active:scale-100 disabled:bg-transparent",
        // Menu variant like secondary but more padding and the back is almost transparent
-        menu: "backdrop-blur-xl bg-white/60 dark:bg-white/5 border border-white/80 dark:border-white/10 text-text-neutral-primary dark:text-white shadow-lg hover:bg-white/70 dark:hover:bg-white/10 hover:border-white/90 dark:hover:border-white/30 active:bg-white/80 dark:active:bg-white/15 active:scale-[0.98] focus-visible:ring-button-primary/50 transition-all duration-200",
+        menu: "backdrop-blur-xl bg-white/60 dark:bg-white/5 border border-white/80 dark:border-white/10 text-text-neutral-primary dark:text-white shadow-lg hover:bg-white/70 dark:hover:bg-white/10 hover:border-white/90 dark:hover:border-white/30 active:bg-white/80 dark:active:bg-white/15 focus-visible:ring-button-primary/50 duration-200",
        "menu-active":
-          "backdrop-blur-xl bg-white/50 dark:bg-white/5 border border-black/[0.08] dark:border-white/10 text-text-neutral-primary dark:text-white shadow-sm hover:bg-white/60 dark:hover:bg-white/10 hover:border-black/[0.12] dark:hover:border-white/30 active:bg-white/70 dark:active:bg-white/15 active:scale-[0.98] focus-visible:ring-button-primary/50 transition-all duration-200",
+          "backdrop-blur-xl bg-white/50 dark:bg-white/5 border border-black/[0.08] dark:border-white/10 text-text-neutral-primary dark:text-white shadow-sm hover:bg-white/60 dark:hover:bg-white/10 hover:border-black/[0.12] dark:hover:border-white/30 active:bg-white/70 dark:active:bg-white/15 focus-visible:ring-button-primary/50 duration-200",
        "menu-inactive":
-          "text-text-neutral-primary border border-transparent hover:backdrop-blur-xl hover:bg-white/40 dark:hover:bg-white/5 hover:border-black/[0.08] dark:hover:border-white/10 hover:shadow-sm active:bg-white/50 dark:active:bg-white/15 active:scale-[0.98] focus-visible:ring-border-neutral-secondary/50 transition-all duration-200",
+          "text-text-neutral-primary border border-transparent hover:backdrop-blur-xl hover:bg-white/40 dark:hover:bg-white/5 hover:border-black/[0.08] dark:hover:border-white/10 hover:shadow-sm active:bg-white/50 dark:active:bg-white/15 focus-visible:ring-border-neutral-secondary/50 duration-200",
      },
      size: {
        default: "h-9 px-4 py-2 has-[>svg]:px-3",
@@ -0,0 +1,52 @@
+import { render, screen } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { useState } from "react";
+import { describe, expect, it } from "vitest";
+
+import { Checkbox } from "./checkbox";
+
+function ControlledCheckbox() {
+  const [checked, setChecked] = useState(false);
+
+  return (
+    <Checkbox
+      aria-label="Select provider"
+      checked={checked}
+      onCheckedChange={(value) => setChecked(value === true)}
+    />
+  );
+}
+
+describe("Checkbox", () => {
+  it("animates the background and check mark as one state change", async () => {
+    // Given - A controlled checkbox in the unchecked state
+    const user = userEvent.setup();
+    render(<ControlledCheckbox />);
+
+    const checkbox = screen.getByRole("checkbox", { name: /select provider/i });
+    const indicator = checkbox.querySelector(
+      "[data-slot='checkbox-indicator']",
+    );
+
+    // When - The user checks the checkbox
+    await user.click(checkbox);
+
+    // Then - The background and check mark transitions use the same timing
+    expect(checkbox).toHaveClass(
+      "transition-colors",
+      "duration-200",
+      "ease-out",
+      "motion-reduce:transition-none",
+    );
+    expect(indicator).toHaveClass(
+      "transition-[opacity,transform]",
+      "duration-200",
+      "ease-out",
+      "data-[state=checked]:scale-100",
+      "data-[state=checked]:opacity-100",
+      "data-[state=unchecked]:scale-75",
+      "data-[state=unchecked]:opacity-0",
+      "motion-reduce:transition-none",
+    );
+  });
+});
@@ -41,7 +41,7 @@ function Checkbox({
      checked={indeterminate ? "indeterminate" : checked}
      className={cn(
        // Base styles
-        "peer shrink-0 rounded-sm border transition-all outline-none",
+        "peer shrink-0 rounded-sm border transition-colors duration-200 ease-out outline-none motion-reduce:transition-none",
        sizeStyles.root,
        // Default state
        "bg-bg-input-primary border-border-input-primary shadow-[0_1px_2px_0_rgba(0,0,0,0.1)]",
@@ -58,8 +58,9 @@ function Checkbox({
      {...props}
    >
      <CheckboxPrimitive.Indicator
+        forceMount
        data-slot="checkbox-indicator"
-        className="grid place-content-center text-current transition-none"
+        className="grid place-content-center text-current transition-[opacity,transform] duration-200 ease-out data-[state=checked]:scale-100 data-[state=checked]:opacity-100 data-[state=indeterminate]:scale-100 data-[state=indeterminate]:opacity-100 data-[state=unchecked]:scale-75 data-[state=unchecked]:opacity-0 motion-reduce:scale-100 motion-reduce:transition-none"
      >
        {indeterminate || checked === "indeterminate" ? (
          <MinusIcon className={sizeStyles.icon} />
@@ -0,0 +1,94 @@
+import { render, screen } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { beforeAll, describe, expect, it, vi } from "vitest";
+
+import { Combobox } from "./combobox";
+
+const options = [
+  { value: "aws", label: "AWS" },
+  { value: "azure", label: "Azure" },
+  { value: "gcp", label: "GCP" },
+];
+
+beforeAll(() => {
+  global.ResizeObserver = class ResizeObserver {
+    observe = vi.fn();
+    unobserve = vi.fn();
+    disconnect = vi.fn();
+  } as unknown as typeof ResizeObserver;
+
+  Object.defineProperty(HTMLElement.prototype, "scrollIntoView", {
+    configurable: true,
+    value: vi.fn(),
+  });
+
+  Object.defineProperty(HTMLElement.prototype, "hasPointerCapture", {
+    configurable: true,
+    value: vi.fn(() => false),
+  });
+  Object.defineProperty(HTMLElement.prototype, "releasePointerCapture", {
+    configurable: true,
+    value: vi.fn(),
+  });
+});
+
+describe("Combobox", () => {
+  it("renders a selectable combobox trigger", () => {
+    // Given
+    render(<Combobox options={options} placeholder="Select provider" />);
+
+    // When
+    const trigger = screen.getByRole("combobox", { name: /select provider/i });
+
+    // Then
+    expect(trigger).toBeVisible();
+    expect(trigger).toHaveAttribute("aria-expanded", "false");
+  });
+
+  it("uses visible trigger and chevron open-state motion", () => {
+    // Given
+    render(<Combobox options={options} placeholder="Select provider" />);
+
+    // When
+    const trigger = screen.getByRole("combobox", { name: /select provider/i });
+    const icon = trigger.querySelector("svg");
+
+    // Then
+    expect(trigger).toHaveClass(
+      "group",
+      "transition-[background-color,border-color,color,box-shadow]",
+    );
+    expect(icon).toHaveClass(
+      "transition-transform",
+      "duration-200",
+      "ease-out",
+      "group-aria-expanded:rotate-180",
+      "motion-reduce:rotate-0",
+      "motion-reduce:transition-none",
+    );
+  });
+
+  it("opens with the shared Popover content motion contract", async () => {
+    // Given
+    const user = userEvent.setup();
+    render(<Combobox options={options} placeholder="Select provider" />);
+
+    // When
+    await user.click(
+      screen.getByRole("combobox", { name: /select provider/i }),
+    );
+    const content = document.querySelector("[data-slot='popover-content']");
+
+    // Then
+    expect(content).toHaveClass(
+      "duration-200",
+      "ease-out",
+      "data-[state=open]:animate-in",
+      "data-[state=open]:fade-in-0",
+      "data-[state=open]:zoom-in-95",
+      "motion-reduce:animate-none",
+      "motion-reduce:transform-none",
+      "motion-reduce:transition-none",
+    );
+  });
+});
@@ -113,8 +113,10 @@ export function Combobox({
          variant="outline"
          role="combobox"
          aria-expanded={open}
+          aria-label={selectedOption ? selectedOption.label : placeholder}
          disabled={disabled}
          className={cn(
+            "group transition-[background-color,border-color,color,box-shadow]",
            comboboxTriggerVariants({ variant }),
            triggerClassName,
            className,
@@ -123,7 +125,7 @@ export function Combobox({
          <span className="truncate">
            {selectedOption ? selectedOption.label : placeholder}
          </span>
-          <ChevronsUpDown className="ml-2 h-4 w-4 shrink-0 opacity-50" />
+          <ChevronsUpDown className="ml-2 h-4 w-4 shrink-0 opacity-50 transition-transform duration-200 ease-out group-aria-expanded:rotate-180 motion-reduce:rotate-0 motion-reduce:transition-none" />
        </Button>
      </PopoverTrigger>
      <PopoverContent
@@ -0,0 +1,84 @@
+import { render, screen } from "@testing-library/react";
+import { describe, expect, it } from "vitest";
+
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogTitle,
+  DialogTrigger,
+} from "./dialog";
+
+function renderOpenDialog() {
+  return render(
+    <Dialog open>
+      <DialogTrigger>Open modal</DialogTrigger>
+      <DialogContent>
+        <DialogTitle>Launch scan</DialogTitle>
+        <DialogDescription>Configure scan settings</DialogDescription>
+      </DialogContent>
+    </Dialog>,
+  );
+}
+
+describe("Dialog", () => {
+  it("renders controlled content through the Radix Dialog API", () => {
+    // Given
+    renderOpenDialog();
+
+    // When
+    const dialog = screen.getByRole("dialog", { name: "Launch scan" });
+
+    // Then
+    expect(dialog).toBeVisible();
+    expect(dialog).toHaveAttribute("data-slot", "dialog-content");
+    expect(screen.getByText("Configure scan settings")).toBeVisible();
+  });
+
+  it("uses an intentional overlay motion contract", () => {
+    // Given
+    renderOpenDialog();
+
+    // When
+    const overlay = document.querySelector("[data-slot='dialog-overlay']");
+
+    // Then
+    expect(overlay).toHaveClass(
+      "duration-200",
+      "ease-out",
+      "data-[state=open]:animate-in",
+      "data-[state=open]:fade-in-0",
+      "data-[state=closed]:animate-out",
+      "data-[state=closed]:fade-out-0",
+      "data-[state=closed]:duration-100",
+      "data-[state=closed]:ease-in",
+      "motion-reduce:animate-none",
+      "motion-reduce:transition-none",
+    );
+  });
+
+  it("uses an intentional content motion contract", () => {
+    // Given
+    renderOpenDialog();
+
+    // When
+    const dialog = screen.getByRole("dialog", { name: "Launch scan" });
+
+    // Then
+    expect(dialog).toHaveClass(
+      "duration-200",
+      "ease-out",
+      "data-[state=open]:animate-in",
+      "data-[state=open]:fade-in-0",
+      "data-[state=open]:zoom-in-95",
+      "data-[state=closed]:animate-out",
+      "data-[state=closed]:fade-out-0",
+      "data-[state=closed]:zoom-out-95",
+      "data-[state=closed]:duration-100",
+      "data-[state=closed]:ease-in",
+      "motion-reduce:animate-none",
+      "motion-reduce:transform-none",
+      "motion-reduce:transition-none",
+    );
+  });
+});
@@ -37,7 +37,7 @@ function DialogOverlay({
    <DialogPrimitive.Overlay
      data-slot="dialog-overlay"
      className={cn(
-        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50 duration-200 ease-out data-[state=closed]:duration-100 data-[state=closed]:ease-in motion-reduce:animate-none motion-reduce:transition-none",
        className,
      )}
      {...props}
@@ -59,7 +59,7 @@ function DialogContent({
      <DialogPrimitive.Content
        data-slot="dialog-content"
        className={cn(
-          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 sm:max-w-lg",
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 ease-out data-[state=closed]:duration-100 data-[state=closed]:ease-in motion-reduce:transform-none motion-reduce:animate-none motion-reduce:transition-none sm:max-w-lg",
          className,
        )}
        onClick={(e) => e.stopPropagation()}
@@ -0,0 +1,88 @@
+import { render, screen } from "@testing-library/react";
+import { describe, expect, it } from "vitest";
+
+import {
+  Drawer,
+  DrawerContent,
+  DrawerDescription,
+  DrawerTitle,
+  DrawerTrigger,
+} from "./drawer";
+
+function renderOpenDrawer() {
+  return render(
+    <Drawer open>
+      <DrawerTrigger>Open drawer</DrawerTrigger>
+      <DrawerContent>
+        <DrawerTitle>Resource details</DrawerTitle>
+        <DrawerDescription>Review resource metadata</DrawerDescription>
+      </DrawerContent>
+    </Drawer>,
+  );
+}
+
+describe("Drawer", () => {
+  it("renders controlled content through the Vaul Drawer API", () => {
+    // Given
+    renderOpenDrawer();
+
+    // When
+    const drawer = screen.getByRole("dialog", { name: "Resource details" });
+
+    // Then
+    expect(drawer).toBeVisible();
+    expect(drawer).toHaveAttribute("data-slot", "drawer-content");
+    expect(screen.getByText("Review resource metadata")).toBeVisible();
+  });
+
+  it("uses an intentional overlay motion contract", () => {
+    // Given
+    renderOpenDrawer();
+
+    // When
+    const overlay = document.querySelector("[data-slot='drawer-overlay']");
+
+    // Then
+    expect(overlay).toHaveClass(
+      "duration-200",
+      "ease-out",
+      "data-[state=open]:animate-in",
+      "data-[state=open]:fade-in-0",
+      "data-[state=closed]:animate-out",
+      "data-[state=closed]:fade-out-0",
+      "data-[state=closed]:duration-100",
+      "data-[state=closed]:ease-in",
+      "motion-reduce:animate-none",
+      "motion-reduce:transition-none",
+    );
+  });
+
+  it("uses direction-aware drawer content motion", () => {
+    // Given
+    renderOpenDrawer();
+
+    // When
+    const drawer = screen.getByRole("dialog", { name: "Resource details" });
+
+    // Then
+    expect(drawer).toHaveClass(
+      "duration-200",
+      "ease-out",
+      "data-[state=open]:animate-in",
+      "data-[state=closed]:animate-out",
+      "data-[state=closed]:duration-100",
+      "data-[state=closed]:ease-in",
+      "data-[vaul-drawer-direction=bottom]:slide-in-from-bottom-full",
+      "data-[vaul-drawer-direction=bottom]:data-[state=closed]:slide-out-to-bottom-full",
+      "data-[vaul-drawer-direction=top]:slide-in-from-top-full",
+      "data-[vaul-drawer-direction=top]:data-[state=closed]:slide-out-to-top-full",
+      "data-[vaul-drawer-direction=right]:slide-in-from-right-full",
+      "data-[vaul-drawer-direction=right]:data-[state=closed]:slide-out-to-right-full",
+      "data-[vaul-drawer-direction=left]:slide-in-from-left-full",
+      "data-[vaul-drawer-direction=left]:data-[state=closed]:slide-out-to-left-full",
+      "motion-reduce:animate-none",
+      "motion-reduce:transform-none",
+      "motion-reduce:transition-none",
+    );
+  });
+});
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Alan Buscaglia	65c0425729	fix(ui): animate finding group collapse - Keep after-row content mounted during exit - Animate inline resource container close state - Preserve existing finding group table behavior	2026-06-05 14:55:00 +02:00
Alan Buscaglia	5828cce644	feat(ui): add Combobox trigger transition - Animate combobox trigger and chevron state - Keep trigger accessible with a stable label - Cover Combobox motion with focused unit tests	2026-06-05 14:54:52 +02:00
Alan Buscaglia	87bd2e78a1	feat(ui): add Drawer content transition - Animate drawer overlay and directional content states - Preserve reduced-motion behavior - Cover Drawer motion with focused unit tests	2026-06-05 14:54:45 +02:00
Alan Buscaglia	ccae4afe68	feat(ui): add Dialog content transition - Animate dialog overlay and content states - Preserve reduced-motion behavior - Cover Dialog motion with focused unit tests	2026-06-05 14:54:37 +02:00
Alan Buscaglia	0e2bb99f02	feat(ui): add Tabs content transition - Animate tab panels when switching active content - Preserve reduced-motion behavior - Cover shared Tabs motion with focused unit tests	2026-06-05 14:49:09 +02:00
Alan Buscaglia	8fb59682d5	feat(ui): add multiselect selection microinteractions - Animate selected pills and item feedback in multiselect components - Add checkbox state transitions for provider group selections - Cover shared selection motion with focused unit tests	2026-06-05 14:44:25 +02:00
Alan Buscaglia	799f062ee0	feat(ui): add Tooltip open close microinteraction - Add visible Tooltip motion timing and easing - Preserve reduced-motion fallbacks - Cover Tooltip motion contract with unit tests	2026-06-05 13:47:11 +02:00
Alan Buscaglia	51945f5cc5	feat(ui): add Dropdown open close microinteraction - Add visible Dropdown motion timing and easing - Align submenu motion with dropdown content - Cover reduced-motion behavior with unit tests	2026-06-05 13:46:53 +02:00
Alan Buscaglia	b93e3f9d04	feat(ui): add Select open close microinteraction - Add visible Select close motion without open-state conflicts - Preserve reduced-motion behavior - Cover controlled and uncontrolled close flows	2026-06-05 13:04:16 +02:00
Alan Buscaglia	ef4d05a782	feat(ui): add Popover open close microinteraction - Add explicit timing for Popover state transitions - Add reduced-motion fallback utilities - Cover controlled Popover motion behavior	2026-06-05 12:16:27 +02:00
Alan Buscaglia	7185e539c8	feat(ui): add Button press microinteraction - Add targeted transition recipe for shared Button states - Add press and reduced-motion behavior - Cover link and menu motion exceptions	2026-06-05 12:00:35 +02:00