docs(tutorials): add embedded videos

fix(gcp): make provider id mandatory in test_connection (#7296 )
docs: add social login images and update documentation (#7314 )
2026-05-19 02:32:54 +00:00 · 2025-03-19 16:54:41 +01:00 · 2025-03-19 18:33:49 +05:45 · 2025-03-19 17:16:37 +05:45 · 2025-03-19 14:46:11 +05:45 · 2025-03-19 09:31:40 +01:00
957 changed files with 48884 additions and 22542 deletions
@@ -4,7 +4,7 @@

 #### Prowler UI Configuration ####
 PROWLER_UI_VERSION="stable"
-SITE_URL=http://localhost:3000
+AUTH_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
 NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
@@ -33,10 +33,10 @@ VALKEY_DB=0
 # API scan settings

 # The path to the directory where scan output should be stored
-DJANGO_TMP_OUTPUT_DIRECTORY = "/tmp/prowler_api_output"
+DJANGO_TMP_OUTPUT_DIRECTORY="/tmp/prowler_api_output"

 # The maximum number of findings to process in a single batch
-DJANGO_FINDINGS_BATCH_SIZE = 1000
+DJANGO_FINDINGS_BATCH_SIZE=1000

 # The AWS access key to be used when uploading scan output to an S3 bucket
 # If left empty, default AWS credentials resolution behavior will be used
@@ -123,4 +123,13 @@ SENTRY_ENVIRONMENT=local
 SENTRY_RELEASE=local

 #### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.4.0
+NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.5.0
+
+# Social login credentials
+SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
+SOCIAL_GOOGLE_OAUTH_CLIENT_ID=""
+SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET=""
+
+SOCIAL_GITHUB_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/github"
+SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
+SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""
@@ -16,16 +16,17 @@ updates:
      - "dependencies"
      - "pip"

-  - package-ecosystem: "pip"
-    directory: "/api"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "pip"
-      - "component/api"
+  # Dependabot Updates are temporary disabled - 2025/03/19
+  # - package-ecosystem: "pip"
+  #   directory: "/api"
+  #   schedule:
+  #     interval: "daily"
+  #   open-pull-requests-limit: 10
+  #   target-branch: master
+  #   labels:
+  #     - "dependencies"
+  #     - "pip"
+  #     - "component/api"

  - package-ecosystem: "github-actions"
    directory: "/"
@@ -37,16 +38,17 @@ updates:
      - "dependencies"
      - "github_actions"

-  - package-ecosystem: "npm"
-    directory: "/ui"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-    target-branch: master
-    labels:
-      - "dependencies"
-      - "npm"
-      - "component/ui"
+  # Dependabot Updates are temporary disabled - 2025/03/19
+  # - package-ecosystem: "npm"
+  #   directory: "/ui"
+  #   schedule:
+  #     interval: "daily"
+  #   open-pull-requests-limit: 10
+  #   target-branch: master
+  #   labels:
+  #     - "dependencies"
+  #     - "npm"
+  #     - "component/ui"

  - package-ecosystem: "docker"
    directory: "/"
@@ -61,7 +61,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set short git commit SHA
        id: vars
@@ -70,18 +70,18 @@ jobs:
          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV

      - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
@@ -94,7 +94,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
@@ -106,7 +106,7 @@ jobs:

      - name: Trigger deployment
        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@v3
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -44,16 +44,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
      with:
        category: "/language:${{matrix.language}}"
@@ -71,11 +71,11 @@ jobs:
          --health-retries 5

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1
        with:
          files: api/**
          files_ignore: |
@@ -90,11 +90,11 @@ jobs:
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
+          pipx install poetry==2.1.1

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -103,7 +103,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install
+          poetry install --no-root
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -167,7 +167,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -175,11 +175,11 @@ jobs:
  test-container-build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.API_WORKING_DIR }}
          push: false
@@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Check labels
        id: preview_label_check
-        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
+        uses: agilepathway/label-checker@c3d16ad512e7cea5961df85ff2486bb774caf3c5 # v1.6.65
        with:
          allow_failure: true
          prefix_mode: true
@@ -33,7 +33,7 @@ jobs:

      - name: Backport Action
        if: steps.preview_label_check.outputs.label_check == 'success'
-        uses: sorenlouv/backport-github-action@v9.5.1
+        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Leave PR comment with the Prowler Documentation URI
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          issue-number: ${{ env.PR_NUMBER }}
          body: |
@@ -18,6 +18,6 @@ jobs:
    steps:
      - name: conventional-commit-check
        id: conventional-commit-check
-        uses: agenthunt/conventional-commit-checker-action@v2.0.0
+        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
        with:
            pr-title-regex: '^([^\s(]+)(?:\(([^)]+)\))?: (.+)'
@@ -7,11 +7,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.88.14
+        uses: trufflesecurity/trufflehog@ded5f45b92c00939718787ce586b520bbe795f3b # v3.88.18
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -14,4 +14,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/labeler@v5
+    - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
@@ -59,10 +59,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -108,13 +108,13 @@ jobs:
          esac

      - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -123,11 +123,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
@@ -50,16 +50,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
      with:
        category: "/language:${{matrix.language}}"
@@ -21,11 +21,11 @@ jobs:
        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1
        with:
          files: ./**
          files_ignore: |
@@ -46,11 +46,11 @@ jobs:
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==1.8.5
+          pipx install poetry==2.1.1

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -58,7 +58,7 @@ jobs:
      - name: Install dependencies
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install
+          poetry install --no-root
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -113,7 +113,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -64,14 +64,14 @@ jobs:
              ;;
          esac

-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install dependencies
        run: |
          pipx install poetry==1.8.5

      - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: ${{ env.CACHE }}
@@ -23,12 +23,12 @@ jobs:
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: 3.9 #install the python needed

@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,8 +50,9 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services"
          branch: "aws-services-regions-updated-${{ github.sha }}"
@@ -61,7 +61,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set short git commit SHA
        id: vars
@@ -70,18 +70,18 @@ jobs:
          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV

      - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -96,7 +96,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -110,7 +110,7 @@ jobs:

      - name: Trigger deployment
        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@v3
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -44,16 +44,16 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
        with:
          category: "/language:${{matrix.language}}"
@@ -27,11 +27,11 @@ jobs:
        node-version: [20.x]
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
@@ -46,11 +46,11 @@ jobs:
  test-container-build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.UI_WORKING_DIR }}
          # Always build using `prod` target
@@ -50,6 +50,7 @@ junit-reports/
 # .env
 ui/.env*
 api/.env*
+.env.local

 # Coverage
 .coverage*
@@ -59,7 +59,7 @@ repos:
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
-    rev: 1.8.0
+    rev: 2.1.1
    hooks:
      - id: poetry-check
        name: API - poetry-check
@@ -68,7 +68,7 @@ repos:

      - id: poetry-lock
        name: API - poetry-lock
-        args: ["--no-update", "--directory=./api"]
+        args: ["--directory=./api"]
        pass_filenames: false

      - id: poetry-check
@@ -78,7 +78,7 @@ repos:

      - id: poetry-lock
        name: SDK - poetry-lock
-        args: ["--no-update", "--directory=./"]
+        args: ["--directory=./"]
        pass_filenames: false


@@ -4,7 +4,7 @@ LABEL maintainer="https://github.com/prowler-cloud/prowler"

 # Update system dependencies and install essential tools
 #hadolint ignore=DL3018
-RUN apk --no-cache upgrade && apk --no-cache add curl git
+RUN apk --no-cache upgrade && apk --no-cache add curl git gcc python3-dev musl-dev linux-headers

 # Create non-root user
 RUN mkdir -p /home/prowler && \
@@ -18,21 +18,25 @@ WORKDIR /home/prowler
 COPY prowler/  /home/prowler/prowler/
 COPY dashboard/ /home/prowler/dashboard/
 COPY pyproject.toml /home/prowler
-COPY README.md /home/prowler
+COPY README.md /home/prowler/

 # Install Python dependencies
 ENV HOME='/home/prowler'
-ENV PATH="$HOME/.local/bin:$PATH"
-RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
-    pip install --no-cache-dir .
+ENV PATH="${HOME}/.local/bin:${PATH}"
+#hadolint ignore=DL3013
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir poetry
+
+# By default poetry does not compile Python source files to bytecode during installation.
+# This speeds up the installation process, but the first execution may take a little more
+# time because Python then compiles source files to bytecode automatically. If you want to
+# compile source files to bytecode during installation, you can use the --compile option
+RUN poetry install --compile && \
+    rm -rf ~/.cache/pip

 # Remove deprecated dash dependencies
 RUN pip uninstall dash-html-components -y && \
    pip uninstall dash-core-components -y

-# Remove Prowler directory and build files
-USER 0
-RUN rm -rf /home/prowler/prowler /home/prowler/pyproject.toml /home/prowler/README.md /home/prowler/build /home/prowler/prowler.egg-info
-
 USER prowler
-ENTRYPOINT ["prowler"]
+ENTRYPOINT ["poetry", "run", "prowler"]
@@ -72,9 +72,9 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
 | AWS | 564 | 82 | 33 | 10 |
-| GCP | 77 | 13 | 5 | 3 |
-| Azure | 140 | 18 | 6 | 3 |
-| Kubernetes | 83 | 7 | 2 | 7 |
+| GCP | 77 | 13 | 6 | 3 |
+| Azure | 140 | 18 | 7 | 3 |
+| Kubernetes | 83 | 7 | 4 | 7 |
 | Microsoft365 | 5 | 2 | 1 | 0 |

 > You can list the checks, services, compliance frameworks and categories with `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.
@@ -109,7 +109,7 @@ docker compose up -d
 **Requirements**

 * `git` installed.
-* `poetry` installed: [poetry installation](https://python-poetry.org/docs/#installation).
+* `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation).
 * `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
 * `Docker Compose` installed: https://docs.docker.com/compose/install/.

@@ -212,7 +212,7 @@ git clone https://github.com/prowler-cloud/prowler
 cd prowler
 eval $(poetry env activate)
 poetry install
-python prowler.py -v
+python prowler-cli.py -v
 ```
 > [!IMPORTANT]
 > Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
@@ -4,6 +4,23 @@ All notable changes to the **Prowler API** are documented in this file.

 ---

+## [v1.6.0] (Prowler UNRELEASED)
+
+### Added
+
+- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
+- HTTP Security Headers [(#7289)](https://github.com/prowler-cloud/prowler/pull/7289).
+
+---
+
+## [v1.5.1] (Prowler v5.4.1)
+
+### Fixed
+- Added a handled response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183).
+- Fixed a race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172).
+
+---
+
 ## [v1.5.0] (Prowler v5.4.0)

 ### Added
@@ -22,6 +39,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700).
 - Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800).
 - Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863).
- Increase the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869).
+- Increased the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869).

 ---
@@ -21,7 +21,8 @@ COPY src/backend/  ./backend/

 ENV PATH="/home/prowler/.local/bin:$PATH"

-RUN poetry install && \
+# Add `--no-root` to avoid installing the current project as a package
+RUN poetry install --no-root && \
    rm -rf ~/.cache/pip

 COPY docker-entrypoint.sh ./docker-entrypoint.sh
@@ -2,39 +2,42 @@
 build-backend = "poetry.core.masonry.api"
 requires = ["poetry-core"]

-[tool.poetry]
-authors = ["Prowler Team"]
+[project]
+authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
+dependencies = [
+  "celery[pytest] (>=5.4.0,<6.0.0)",
+  "dj-rest-auth[with_social,jwt] (==7.0.1)",
+  "django==5.1.7",
+  "django-celery-beat (>=2.7.0,<3.0.0)",
+  "django-celery-results (>=2.5.1,<3.0.0)",
+  "django-cors-headers==4.4.0",
+  "django-environ==0.11.2",
+  "django-filter==24.3",
+  "django-guid==3.5.0",
+  "django-postgres-extra (>=2.0.8,<3.0.0)",
+  "djangorestframework==3.15.2",
+  "djangorestframework-jsonapi==7.0.2",
+  "djangorestframework-simplejwt (>=5.3.1,<6.0.0)",
+  "drf-nested-routers (>=0.94.1,<1.0.0)",
+  "drf-spectacular==0.27.2",
+  "drf-spectacular-jsonapi==0.5.1",
+  "gunicorn==23.0.0",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
+  "psycopg2-binary==2.9.9",
+  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
+  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
+  "uuid6==2024.7.10"
+]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
 name = "prowler-api"
 package-mode = false
-version = "1.5.0"
+# Needed for the SDK compatibility
+requires-python = ">=3.11,<3.13"
+version = "1.6.0"

-[tool.poetry.dependencies]
-celery = {extras = ["pytest"], version = "^5.4.0"}
-dj-rest-auth = {extras = ["with_social", "jwt"], version = "7.0.1"}
-django = "5.1.5"
-django-celery-beat = "^2.7.0"
-django-celery-results = "^2.5.1"
-django-cors-headers = "4.4.0"
-django-environ = "0.11.2"
-django-filter = "24.3"
-django-guid = "3.5.0"
-django-postgres-extra = "^2.0.8"
-djangorestframework = "3.15.2"
-djangorestframework-jsonapi = "7.0.2"
-djangorestframework-simplejwt = "^5.3.1"
-drf-nested-routers = "^0.94.1"
-drf-spectacular = "0.27.2"
-drf-spectacular-jsonapi = "0.5.1"
-gunicorn = "23.0.0"
-prowler = {git = "https://github.com/prowler-cloud/prowler.git", branch = "v5.4"}
-psycopg2-binary = "2.9.9"
-pytest-celery = {extras = ["redis"], version = "^1.0.1"}
-# Needed for prowler compatibility
-python = ">=3.11,<3.13"
-sentry-sdk = {extras = ["django"], version = "^2.20.0"}
-uuid6 = "2024.7.10"
+[project.scripts]
+celery = "src.backend.config.settings.celery"

 [tool.poetry.group.dev.dependencies]
 bandit = "1.7.9"
@@ -54,6 +57,3 @@ ruff = "0.5.0"
 safety = "3.2.9"
 tqdm = "4.67.1"
 vulture = "2.14"
-
-[tool.poetry.scripts]
-celery = "src.backend.config.settings.celery"
@@ -30,6 +30,10 @@ class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
        with transaction.atomic(using=MainRouter.admin_db):
            user = super().save_user(request, sociallogin, form)
            user.save(using=MainRouter.admin_db)
+            social_account_name = sociallogin.account.extra_data.get("name")
+            if social_account_name:
+                user.name = social_account_name
+                user.save(using=MainRouter.admin_db)

            tenant = Tenant.objects.using(MainRouter.admin_db).create(
                name=f"{user.email.split('@')[0]} default tenant"
@@ -318,3 +318,15 @@ class InvitationStateEnum(EnumType):
 class InvitationStateEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("invitation_state", *args, **kwargs)
+
+
+# Postgres enum definition for Integration type
+
+
+class IntegrationTypeEnum(EnumType):
+    enum_type_name = "integration_type"
+
+
+class IntegrationTypeEnumField(PostgresEnumField):
+    def __init__(self, *args, **kwargs):
+        super().__init__("integration_type", *args, **kwargs)
@@ -24,6 +24,7 @@ from api.db_utils import (
 from api.models import (
    ComplianceOverview,
    Finding,
+    Integration,
    Invitation,
    Membership,
    PermissionChoices,
@@ -648,3 +649,19 @@ class ServiceOverviewFilter(ScanSummaryFilter):
                }
            )
        return super().is_valid()
+
+
+class IntegrationFilter(FilterSet):
+    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
+    integration_type = ChoiceFilter(choices=Integration.IntegrationChoices.choices)
+    integration_type__in = ChoiceInFilter(
+        choices=Integration.IntegrationChoices.choices,
+        field_name="integration_type",
+        lookup_expr="in",
+    )
+
+    class Meta:
+        model = Integration
+        fields = {
+            "inserted_at": ["date", "gte", "lte"],
+        }
@@ -0,0 +1,35 @@
+# Generated by Django 5.1.5 on 2025-03-03 15:46
+
+from functools import partial
+
+from django.db import migrations
+
+from api.db_utils import IntegrationTypeEnum, PostgresEnumMigration, register_enum
+from api.models import Integration
+
+IntegrationTypeEnumMigration = PostgresEnumMigration(
+    enum_name="integration_type",
+    enum_values=tuple(
+        integration_type[0]
+        for integration_type in Integration.IntegrationChoices.choices
+    ),
+)
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0012_scan_report_output"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            IntegrationTypeEnumMigration.create_enum_type,
+            reverse_code=IntegrationTypeEnumMigration.drop_enum_type,
+        ),
+        migrations.RunPython(
+            partial(register_enum, enum_class=IntegrationTypeEnum),
+            reverse_code=migrations.RunPython.noop,
+        ),
+    ]
@@ -0,0 +1,131 @@
+# Generated by Django 5.1.5 on 2025-03-03 15:46
+
+import uuid
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import api.db_utils
+import api.rls
+from api.rls import RowLevelSecurityConstraint
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0013_integrations_enum"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Integration",
+            fields=[
+                (
+                    "id",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                ("inserted_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                ("enabled", models.BooleanField(default=False)),
+                ("connected", models.BooleanField(blank=True, null=True)),
+                (
+                    "connection_last_checked_at",
+                    models.DateTimeField(blank=True, null=True),
+                ),
+                (
+                    "integration_type",
+                    api.db_utils.IntegrationTypeEnumField(
+                        choices=[
+                            ("amazon_s3", "Amazon S3"),
+                            ("saml", "SAML"),
+                            ("aws_security_hub", "AWS Security Hub"),
+                            ("jira", "JIRA"),
+                            ("slack", "Slack"),
+                        ]
+                    ),
+                ),
+                ("configuration", models.JSONField(default=dict)),
+                ("_credentials", models.BinaryField(db_column="credentials")),
+                (
+                    "tenant",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
+                    ),
+                ),
+            ],
+            options={"db_table": "integrations", "abstract": False},
+        ),
+        migrations.AddConstraint(
+            model_name="integration",
+            constraint=RowLevelSecurityConstraint(
+                "tenant_id",
+                name="rls_on_integration",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ),
+        migrations.CreateModel(
+            name="IntegrationProviderRelationship",
+            fields=[
+                (
+                    "id",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                ("inserted_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "integration",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="api.integration",
+                    ),
+                ),
+                (
+                    "provider",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="api.provider"
+                    ),
+                ),
+                (
+                    "tenant",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
+                    ),
+                ),
+            ],
+            options={
+                "db_table": "integration_provider_mappings",
+                "constraints": [
+                    models.UniqueConstraint(
+                        fields=("integration_id", "provider_id"),
+                        name="unique_integration_provider_rel",
+                    ),
+                ],
+            },
+        ),
+        migrations.AddConstraint(
+            model_name="IntegrationProviderRelationship",
+            constraint=RowLevelSecurityConstraint(
+                "tenant_id",
+                name="rls_on_integrationproviderrelationship",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ),
+        migrations.AddField(
+            model_name="integration",
+            name="providers",
+            field=models.ManyToManyField(
+                blank=True,
+                related_name="integrations",
+                through="api.IntegrationProviderRelationship",
+                to="api.provider",
+            ),
+        ),
+    ]
@@ -21,6 +21,7 @@ from uuid6 import uuid7
 from api.db_utils import (
    CustomUserManager,
    FindingDeltaEnumField,
+    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
    ProviderEnumField,
@@ -1138,3 +1139,80 @@ class ScanSummary(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "scan-summaries"
+
+
+class Integration(RowLevelSecurityProtectedModel):
+    class IntegrationChoices(models.TextChoices):
+        S3 = "amazon_s3", _("Amazon S3")
+        SAML = "saml", _("SAML")
+        AWS_SECURITY_HUB = "aws_security_hub", _("AWS Security Hub")
+        JIRA = "jira", _("JIRA")
+        SLACK = "slack", _("Slack")
+
+    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
+    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
+    updated_at = models.DateTimeField(auto_now=True, editable=False)
+    enabled = models.BooleanField(default=False)
+    connected = models.BooleanField(null=True, blank=True)
+    connection_last_checked_at = models.DateTimeField(null=True, blank=True)
+    integration_type = IntegrationTypeEnumField(choices=IntegrationChoices.choices)
+    configuration = models.JSONField(default=dict)
+    _credentials = models.BinaryField(db_column="credentials")
+
+    providers = models.ManyToManyField(
+        Provider,
+        related_name="integrations",
+        through="IntegrationProviderRelationship",
+        blank=True,
+    )
+
+    class Meta(RowLevelSecurityProtectedModel.Meta):
+        db_table = "integrations"
+
+        constraints = [
+            RowLevelSecurityConstraint(
+                field="tenant_id",
+                name="rls_on_%(class)s",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ]
+
+    class JSONAPIMeta:
+        resource_name = "integrations"
+
+    @property
+    def credentials(self):
+        if isinstance(self._credentials, memoryview):
+            encrypted_bytes = self._credentials.tobytes()
+        elif isinstance(self._credentials, str):
+            encrypted_bytes = self._credentials.encode()
+        else:
+            encrypted_bytes = self._credentials
+        decrypted_data = fernet.decrypt(encrypted_bytes)
+        return json.loads(decrypted_data.decode())
+
+    @credentials.setter
+    def credentials(self, value):
+        encrypted_data = fernet.encrypt(json.dumps(value).encode())
+        self._credentials = encrypted_data
+
+
+class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
+    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
+    integration = models.ForeignKey(Integration, on_delete=models.CASCADE)
+    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
+    inserted_at = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        db_table = "integration_provider_mappings"
+        constraints = [
+            models.UniqueConstraint(
+                fields=["integration_id", "provider_id"],
+                name="unique_integration_provider_rel",
+            ),
+            RowLevelSecurityConstraint(
+                field="tenant_id",
+                name="rls_on_%(class)s",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ]
@@ -2,8 +2,7 @@ from typing import Any
 from uuid import uuid4

 from django.core.exceptions import ValidationError
-from django.db import DEFAULT_DB_ALIAS
-from django.db import models
+from django.db import DEFAULT_DB_ALIAS, models
 from django.db.backends.ddl_references import Statement, Table

 from api.db_utils import DB_USER, POSTGRES_TENANT_VAR
@@ -59,11 +58,11 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
    drop_sql_query = """
        ALTER TABLE %(table_name)s NO FORCE ROW LEVEL SECURITY;
        ALTER TABLE %(table_name)s DISABLE ROW LEVEL SECURITY;
-        REVOKE ALL ON TABLE %(table_name) TO %(db_user)s;
+        REVOKE ALL ON TABLE %(table_name)s FROM %(db_user)s;
    """

    drop_policy_sql_query = """
-        DROP POLICY IF EXISTS %(db_user)s_%(table_name)s_{statement} on %(table_name)s;
+        DROP POLICY IF EXISTS %(db_user)s_%(raw_table_name)s_{statement} ON %(table_name)s;
    """

    def __init__(
@@ -88,9 +87,7 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
                f"{grant_queries}{self.grant_sql_query.format(statement=statement)}"
            )

-        full_create_sql_query = (
-            f"{self.rls_sql_query}" f"{policy_queries}" f"{grant_queries}"
-        )
+        full_create_sql_query = f"{self.rls_sql_query}{policy_queries}{grant_queries}"

        table_name = model._meta.db_table
        if self.partition_name:
@@ -107,16 +104,20 @@ class RowLevelSecurityConstraint(models.BaseConstraint):

    def remove_sql(self, model: Any, schema_editor: Any) -> Any:
        field_column = schema_editor.quote_name(self.target_field)
+        raw_table_name = model._meta.db_table
+        table_name = raw_table_name
+        if self.partition_name:
+            raw_table_name = f"{raw_table_name}_{self.partition_name}"
+            table_name = raw_table_name
+
        full_drop_sql_query = (
            f"{self.drop_sql_query}"
-            f"{''.join([self.drop_policy_sql_query.format(statement) for statement in self.statements])}"
+            f"{''.join([self.drop_policy_sql_query.format(statement=statement) for statement in self.statements])}"
        )
-        table_name = model._meta.db_table
-        if self.partition_name:
-            table_name = f"{table_name}_{self.partition_name}"
        return Statement(
            full_drop_sql_query,
            table_name=Table(table_name, schema_editor.quote_name),
+            raw_table_name=raw_table_name,
            field_column=field_column,
            db_user=DB_USER,
            partition_name=self.partition_name,
@@ -1,7 +1,19 @@
+from unittest.mock import ANY, Mock, patch
+
 import pytest
 from django.urls import reverse
 from rest_framework import status
-from unittest.mock import patch, ANY, Mock
+
+from api.models import (
+    Membership,
+    ProviderGroup,
+    ProviderGroupMembership,
+    Role,
+    RoleProviderGroupRelationship,
+    User,
+    UserRoleRelationship,
+)
+from api.v1.serializers import TokenSerializer


@pytest.mark.django_db
@@ -304,3 +316,96 @@ class TestProviderViewSet:
            reverse("provider-connection", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+class TestLimitedVisibility:
+    TEST_EMAIL = "rbac@rbac.com"
+    TEST_PASSWORD = "thisisapassword123"
+
+    @pytest.fixture
+    def limited_admin_user(
+        self, django_db_setup, django_db_blocker, tenants_fixture, providers_fixture
+    ):
+        with django_db_blocker.unblock():
+            tenant = tenants_fixture[0]
+            provider = providers_fixture[0]
+            user = User.objects.create_user(
+                name="testing",
+                email=self.TEST_EMAIL,
+                password=self.TEST_PASSWORD,
+            )
+            Membership.objects.create(
+                user=user,
+                tenant=tenant,
+                role=Membership.RoleChoices.OWNER,
+            )
+
+            role = Role.objects.create(
+                name="limited_visibility",
+                tenant=tenant,
+                manage_users=True,
+                manage_account=True,
+                manage_billing=True,
+                manage_providers=True,
+                manage_integrations=True,
+                manage_scans=True,
+                unlimited_visibility=False,
+            )
+            UserRoleRelationship.objects.create(
+                user=user,
+                role=role,
+                tenant=tenant,
+            )
+
+            provider_group = ProviderGroup.objects.create(
+                name="limited_visibility_group",
+                tenant=tenant,
+            )
+            ProviderGroupMembership.objects.create(
+                tenant=tenant,
+                provider=provider,
+                provider_group=provider_group,
+            )
+
+            RoleProviderGroupRelationship.objects.create(
+                tenant=tenant, role=role, provider_group=provider_group
+            )
+
+        return user
+
+    @pytest.fixture
+    def authenticated_client_rbac_limited(
+        self, limited_admin_user, tenants_fixture, client
+    ):
+        client.user = limited_admin_user
+        tenant_id = tenants_fixture[0].id
+        serializer = TokenSerializer(
+            data={
+                "type": "tokens",
+                "email": self.TEST_EMAIL,
+                "password": self.TEST_PASSWORD,
+                "tenant_id": tenant_id,
+            }
+        )
+        serializer.is_valid(raise_exception=True)
+        access_token = serializer.validated_data["access"]
+        client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
+        return client
+
+    def test_integrations(
+        self, authenticated_client_rbac_limited, integrations_fixture, providers_fixture
+    ):
+        # Integration 2 is related to provider1 and provider 2
+        # This user cannot see provider 2
+        integration = integrations_fixture[1]
+
+        response = authenticated_client_rbac_limited.get(
+            reverse("integration-detail", kwargs={"pk": integration.id})
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+        assert integration.providers.count() == 2
+        assert (
+            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
+        )
@@ -1,25 +1,24 @@
 from datetime import datetime, timedelta, timezone
-from unittest.mock import patch, MagicMock
+from unittest.mock import MagicMock, patch

 import pytest
+from rest_framework.exceptions import NotFound, ValidationError
+
+from api.db_router import MainRouter
+from api.exceptions import InvitationTokenExpiredException
+from api.models import Invitation, Provider
+from api.utils import (
+    get_prowler_provider_kwargs,
+    initialize_prowler_provider,
+    merge_dicts,
+    prowler_provider_connection_test,
+    return_prowler_provider,
+    validate_invitation,
+)
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
-from rest_framework.exceptions import ValidationError, NotFound
-
-from api.db_router import MainRouter
-from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation
-from api.models import Provider
-from api.utils import (
-    merge_dicts,
-    return_prowler_provider,
-    initialize_prowler_provider,
-    prowler_provider_connection_test,
-    get_prowler_provider_kwargs,
-)
-from api.utils import validate_invitation


 class TestMergeDicts:
@@ -144,6 +143,18 @@ class TestProwlerProviderConnectionTest:
            key="value", provider_id="1234567890", raise_on_exception=False
        )

+    @pytest.mark.django_db
+    @patch("api.utils.return_prowler_provider")
+    def test_prowler_provider_connection_test_without_secret(
+        self, mock_return_prowler_provider, providers_fixture
+    ):
+        mock_return_prowler_provider.return_value = MagicMock()
+        connection = prowler_provider_connection_test(providers_fixture[0])
+
+        assert connection.is_connected is False
+        assert isinstance(connection.error, Provider.secret.RelatedObjectDoesNotExist)
+        assert str(connection.error) == "Provider has no secret."
+

 class TestGetProwlerProviderKwargs:
    @pytest.mark.parametrize(
@@ -14,6 +14,7 @@ from django.urls import reverse
 from rest_framework import status

 from api.models import (
+    Integration,
    Invitation,
    Membership,
    Provider,
@@ -39,6 +40,14 @@ def today_after_n_days(n_days: int) -> str:
    )


+class TestViewSet:
+    def test_security_headers(self, client):
+        response = client.get("/")
+        assert response.headers["X-Content-Type-Options"] == "nosniff"
+        assert response.headers["X-Frame-Options"] == "DENY"
+        assert response.headers["Referrer-Policy"] == "strict-origin-when-cross-origin"
+
+
@pytest.mark.django_db
 class TestUserViewSet:
    def test_users_list(self, authenticated_client, create_test_user):
@@ -2200,9 +2209,12 @@ class TestScanViewSet:
        dummy_task.id = "dummy-task-id"
        dummy_task_data = {"id": dummy_task.id, "state": StateChoices.EXECUTING}

-        with patch("api.v1.views.Task.objects.get", return_value=dummy_task), patch(
-            "api.v1.views.TaskSerializer",
-            return_value=type("DummySerializer", (), {"data": dummy_task_data}),
+        with (
+            patch("api.v1.views.Task.objects.get", return_value=dummy_task),
+            patch(
+                "api.v1.views.TaskSerializer",
+                return_value=type("DummySerializer", (), {"data": dummy_task_data}),
+            ),
        ):
            url = reverse("scan-report", kwargs={"pk": scan.id})
            response = authenticated_client.get(url)
@@ -2284,6 +2296,25 @@ class TestScanViewSet:
        assert f'filename="{expected_filename}"' in content_disposition
        assert response.content == b"s3 zip content"

+    def test_report_s3_success_no_local_files(
+        self, authenticated_client, scans_fixture, monkeypatch
+    ):
+        """
+        When output_location is a local path and glob.glob returns an empty list,
+        the view should return HTTP 404 with detail "The scan has no reports."
+        """
+        scan = scans_fixture[0]
+        scan.output_location = "/tmp/nonexistent_report_pattern.zip"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+        monkeypatch.setattr("api.v1.views.glob.glob", lambda pattern: [])
+
+        url = reverse("scan-report", kwargs={"pk": scan.id})
+        response = authenticated_client.get(url)
+
+        assert response.status_code == 404
+        assert response.json()["errors"]["detail"] == "The scan has no reports."
+
    def test_report_local_file(
        self, authenticated_client, scans_fixture, tmp_path, monkeypatch
    ):
@@ -4568,3 +4599,415 @@ class TestScheduleViewSet:
            reverse("schedule-daily"), data=json_payload, format="json"
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+
+@pytest.mark.django_db
+class TestIntegrationViewSet:
+    def test_integrations_list(self, authenticated_client, integrations_fixture):
+        response = authenticated_client.get(reverse("integration-list"))
+        assert response.status_code == status.HTTP_200_OK
+        assert len(response.json()["data"]) == len(integrations_fixture)
+
+    def test_integrations_retrieve(self, authenticated_client, integrations_fixture):
+        integration1, *_ = integrations_fixture
+        response = authenticated_client.get(
+            reverse("integration-detail", kwargs={"pk": integration1.id}),
+        )
+        assert response.status_code == status.HTTP_200_OK
+        assert response.json()["data"]["id"] == str(integration1.id)
+        assert (
+            response.json()["data"]["attributes"]["configuration"]
+            == integration1.configuration
+        )
+
+    def test_integrations_invalid_retrieve(self, authenticated_client):
+        response = authenticated_client.get(
+            reverse(
+                "integration-detail",
+                kwargs={"pk": "f498b103-c760-4785-9a3e-e23fafbb7b02"},
+            )
+        )
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    @pytest.mark.parametrize(
+        "include_values, expected_resources",
+        [
+            ("providers", ["providers"]),
+        ],
+    )
+    def test_integrations_list_include(
+        self,
+        include_values,
+        expected_resources,
+        authenticated_client,
+        integrations_fixture,
+    ):
+        response = authenticated_client.get(
+            reverse("integration-list"), {"include": include_values}
+        )
+        assert response.status_code == status.HTTP_200_OK
+        assert len(response.json()["data"]) == len(integrations_fixture)
+        assert "included" in response.json()
+
+        included_data = response.json()["included"]
+        for expected_type in expected_resources:
+            assert any(
+                d.get("type") == expected_type for d in included_data
+            ), f"Expected type '{expected_type}' not found in included data"
+
+    @pytest.mark.parametrize(
+        "integration_type, configuration, credentials",
+        [
+            # Amazon S3 - AWS credentials
+            (
+                Integration.IntegrationChoices.S3,
+                {
+                    "bucket_name": "bucket-name",
+                    "output_directory": "output-directory",
+                },
+                {
+                    "role_arn": "arn:aws",
+                    "external_id": "external-id",
+                },
+            ),
+            # Amazon S3 - No credentials (AWS self-hosted)
+            (
+                Integration.IntegrationChoices.S3,
+                {
+                    "bucket_name": "bucket-name",
+                    "output_directory": "output-directory",
+                },
+                {},
+            ),
+        ],
+    )
+    def test_integrations_create_valid(
+        self,
+        authenticated_client,
+        providers_fixture,
+        integration_type,
+        configuration,
+        credentials,
+    ):
+        provider = Provider.objects.first()
+
+        data = {
+            "data": {
+                "type": "integrations",
+                "attributes": {
+                    "integration_type": integration_type,
+                    "configuration": configuration,
+                    "credentials": credentials,
+                },
+                "relationships": {
+                    "providers": {
+                        "data": [{"type": "providers", "id": str(provider.id)}]
+                    }
+                },
+            }
+        }
+        response = authenticated_client.post(
+            reverse("integration-list"),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_201_CREATED
+        assert Integration.objects.count() == 1
+        integration = Integration.objects.first()
+        assert integration.configuration == data["data"]["attributes"]["configuration"]
+        assert (
+            integration.integration_type
+            == data["data"]["attributes"]["integration_type"]
+        )
+        assert "credentials" not in response.json()["data"]["attributes"]
+        assert (
+            str(provider.id)
+            == data["data"]["relationships"]["providers"]["data"][0]["id"]
+        )
+
+    def test_integrations_create_valid_relationships(
+        self,
+        authenticated_client,
+        providers_fixture,
+    ):
+        provider1, provider2, *_ = providers_fixture
+
+        data = {
+            "data": {
+                "type": "integrations",
+                "attributes": {
+                    "integration_type": Integration.IntegrationChoices.S3,
+                    "configuration": {
+                        "bucket_name": "bucket-name",
+                        "output_directory": "output-directory",
+                    },
+                    "credentials": {
+                        "role_arn": "arn:aws",
+                        "external_id": "external-id",
+                    },
+                },
+                "relationships": {
+                    "providers": {
+                        "data": [
+                            {"type": "providers", "id": str(provider1.id)},
+                            {"type": "providers", "id": str(provider2.id)},
+                        ]
+                    }
+                },
+            }
+        }
+        response = authenticated_client.post(
+            reverse("integration-list"),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_201_CREATED
+        assert Integration.objects.first().providers.count() == 2
+
+    @pytest.mark.parametrize(
+        "attributes, error_code, error_pointer",
+        (
+            [
+                (
+                    {
+                        "integration_type": "whatever",
+                        "configuration": {
+                            "bucket_name": "bucket-name",
+                            "output_directory": "output-directory",
+                        },
+                        "credentials": {
+                            "role_arn": "arn:aws",
+                            "external_id": "external-id",
+                        },
+                    },
+                    "invalid_choice",
+                    "integration_type",
+                ),
+                (
+                    {
+                        "integration_type": "amazon_s3",
+                        "configuration": {},
+                        "credentials": {
+                            "role_arn": "arn:aws",
+                            "external_id": "external-id",
+                        },
+                    },
+                    "required",
+                    "bucket_name",
+                ),
+                (
+                    {
+                        "integration_type": "amazon_s3",
+                        "configuration": {
+                            "bucket_name": "bucket_name",
+                            "output_directory": "output_directory",
+                            "invalid_key": "invalid_value",
+                        },
+                        "credentials": {
+                            "role_arn": "arn:aws",
+                            "external_id": "external-id",
+                        },
+                    },
+                    "invalid",
+                    None,
+                ),
+                (
+                    {
+                        "integration_type": "amazon_s3",
+                        "configuration": {
+                            "bucket_name": "bucket_name",
+                            "output_directory": "output_directory",
+                        },
+                        "credentials": {"invalid_key": "invalid_key"},
+                    },
+                    "invalid",
+                    None,
+                ),
+            ]
+        ),
+    )
+    def test_integrations_invalid_create(
+        self,
+        authenticated_client,
+        attributes,
+        error_code,
+        error_pointer,
+    ):
+        data = {
+            "data": {
+                "type": "integrations",
+                "attributes": attributes,
+            }
+        }
+        response = authenticated_client.post(
+            reverse("integration-list"),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+        assert response.json()["errors"][0]["code"] == error_code
+        assert (
+            response.json()["errors"][0]["source"]["pointer"]
+            == f"/data/attributes/{error_pointer}"
+            if error_pointer
+            else "/data"
+        )
+
+    def test_integrations_partial_update(
+        self, authenticated_client, integrations_fixture
+    ):
+        integration, *_ = integrations_fixture
+        data = {
+            "data": {
+                "type": "integrations",
+                "id": str(integration.id),
+                "attributes": {
+                    "credentials": {
+                        "aws_access_key_id": "new_value",
+                    },
+                    # integration_type is `amazon_s3`
+                    "configuration": {
+                        "bucket_name": "new_bucket_name",
+                        "output_directory": "new_output_directory",
+                    },
+                },
+            }
+        }
+        response = authenticated_client.patch(
+            reverse("integration-detail", kwargs={"pk": integration.id}),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_200_OK
+        integration.refresh_from_db()
+        assert integration.credentials["aws_access_key_id"] == "new_value"
+        assert integration.configuration["bucket_name"] == "new_bucket_name"
+        assert integration.configuration["output_directory"] == "new_output_directory"
+
+    def test_integrations_partial_update_relationships(
+        self, authenticated_client, integrations_fixture
+    ):
+        integration, *_ = integrations_fixture
+        data = {
+            "data": {
+                "type": "integrations",
+                "id": str(integration.id),
+                "attributes": {
+                    "credentials": {
+                        "aws_access_key_id": "new_value",
+                    },
+                    # integration_type is `amazon_s3`
+                    "configuration": {
+                        "bucket_name": "new_bucket_name",
+                        "output_directory": "new_output_directory",
+                    },
+                },
+                "relationships": {"providers": {"data": []}},
+            }
+        }
+
+        assert integration.providers.count() > 0
+        response = authenticated_client.patch(
+            reverse("integration-detail", kwargs={"pk": integration.id}),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_200_OK
+        integration.refresh_from_db()
+        assert integration.providers.count() == 0
+
+    def test_integrations_partial_update_invalid_content_type(
+        self, authenticated_client, integrations_fixture
+    ):
+        integration, *_ = integrations_fixture
+        response = authenticated_client.patch(
+            reverse("integration-detail", kwargs={"pk": integration.id}),
+            data={},
+        )
+        assert response.status_code == status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
+
+    def test_integrations_partial_update_invalid_content(
+        self, authenticated_client, integrations_fixture
+    ):
+        integration, *_ = integrations_fixture
+        data = {
+            "data": {
+                "type": "integrations",
+                "id": str(integration.id),
+                "attributes": {"invalid_config": "value"},
+            }
+        }
+        response = authenticated_client.patch(
+            reverse("integration-detail", kwargs={"pk": integration.id}),
+            data=json.dumps(data),
+            content_type="application/vnd.api+json",
+        )
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    def test_integrations_delete(
+        self,
+        authenticated_client,
+        integrations_fixture,
+    ):
+        integration, *_ = integrations_fixture
+        response = authenticated_client.delete(
+            reverse("integration-detail", kwargs={"pk": integration.id})
+        )
+        assert response.status_code == status.HTTP_204_NO_CONTENT
+
+    def test_integrations_delete_invalid(self, authenticated_client):
+        response = authenticated_client.delete(
+            reverse(
+                "integration-detail",
+                kwargs={"pk": "e67d0283-440f-48d1-b5f8-38d0763474f4"},
+            )
+        )
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    @pytest.mark.parametrize(
+        "filter_name, filter_value, expected_count",
+        (
+            [
+                ("inserted_at", TODAY, 2),
+                ("inserted_at.gte", "2024-01-01", 2),
+                ("inserted_at.lte", "2024-01-01", 0),
+                ("integration_type", Integration.IntegrationChoices.S3, 2),
+                ("integration_type", Integration.IntegrationChoices.SLACK, 0),
+                (
+                    "integration_type__in",
+                    f"{Integration.IntegrationChoices.S3},{Integration.IntegrationChoices.SLACK}",
+                    2,
+                ),
+            ]
+        ),
+    )
+    def test_integrations_filters(
+        self,
+        authenticated_client,
+        integrations_fixture,
+        filter_name,
+        filter_value,
+        expected_count,
+    ):
+        response = authenticated_client.get(
+            reverse("integration-list"),
+            {f"filter[{filter_name}]": filter_value},
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+        assert len(response.json()["data"]) == expected_count
+
+    @pytest.mark.parametrize(
+        "filter_name",
+        (
+            [
+                "invalid",
+            ]
+        ),
+    )
+    def test_integrations_filters_invalid(self, authenticated_client, filter_name):
+        response = authenticated_client.get(
+            reverse("integration-list"),
+            {f"filter[{filter_name}]": "whatever"},
+        )
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
@@ -130,7 +130,10 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
        Connection: A connection object representing the result of the connection test for the specified provider.
    """
    prowler_provider = return_prowler_provider(provider)
-    prowler_provider_kwargs = provider.secret.secret
+    try:
+        prowler_provider_kwargs = provider.secret.secret
+    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
+        return Connection(is_connected=False, error=secret_error)
    return prowler_provider.test_connection(
        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
    )
@@ -0,0 +1,122 @@
+from drf_spectacular.utils import extend_schema_field
+from rest_framework_json_api import serializers
+from rest_framework_json_api.serializers import ValidationError
+
+
+class BaseValidateSerializer(serializers.Serializer):
+    def validate(self, data):
+        if hasattr(self, "initial_data"):
+            initial_data = set(self.initial_data.keys()) - {"id", "type"}
+            unknown_keys = initial_data - set(self.fields.keys())
+            if unknown_keys:
+                raise ValidationError(f"Invalid fields: {unknown_keys}")
+        return data
+
+
+# Integrations
+
+
+class S3ConfigSerializer(BaseValidateSerializer):
+    bucket_name = serializers.CharField()
+    output_directory = serializers.CharField()
+
+    class Meta:
+        resource_name = "integrations"
+
+
+class AWSCredentialSerializer(BaseValidateSerializer):
+    role_arn = serializers.CharField(required=False)
+    external_id = serializers.CharField(required=False)
+    role_session_name = serializers.CharField(required=False)
+    session_duration = serializers.IntegerField(
+        required=False, min_value=900, max_value=43200
+    )
+    aws_access_key_id = serializers.CharField(required=False)
+    aws_secret_access_key = serializers.CharField(required=False)
+    aws_session_token = serializers.CharField(required=False)
+
+    class Meta:
+        resource_name = "integrations"
+
+
+@extend_schema_field(
+    {
+        "oneOf": [
+            {
+                "type": "object",
+                "title": "AWS Credentials",
+                "properties": {
+                    "role_arn": {
+                        "type": "string",
+                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
+                        "assumption.",
+                    },
+                    "external_id": {
+                        "type": "string",
+                        "description": "An identifier to enhance security for role assumption.",
+                    },
+                    "aws_access_key_id": {
+                        "type": "string",
+                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
+                        "AWS credentials.",
+                    },
+                    "aws_secret_access_key": {
+                        "type": "string",
+                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
+                        "no AWS credentials are pre-configured.",
+                    },
+                    "aws_session_token": {
+                        "type": "string",
+                        "description": "The session token for temporary credentials, if applicable.",
+                    },
+                    "session_duration": {
+                        "type": "integer",
+                        "minimum": 900,
+                        "maximum": 43200,
+                        "default": 3600,
+                        "description": "The duration (in seconds) for the role session.",
+                    },
+                    "role_session_name": {
+                        "type": "string",
+                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
+                        "The regex used to validate this parameter is a string of characters consisting of "
+                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
+                        "underscores or any of the following characters: =,.@-\n\n"
+                        "Examples:\n"
+                        "- MySession123\n"
+                        "- User_Session-1\n"
+                        "- Test.Session@2",
+                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
+                    },
+                },
+            },
+        ]
+    }
+)
+class IntegrationCredentialField(serializers.JSONField):
+    pass
+
+
+@extend_schema_field(
+    {
+        "oneOf": [
+            {
+                "type": "object",
+                "title": "Amazon S3",
+                "properties": {
+                    "bucket_name": {
+                        "type": "string",
+                        "description": "The name of the S3 bucket where files will be stored.",
+                    },
+                    "output_directory": {
+                        "type": "string",
+                        "description": "The directory path within the bucket where files will be saved.",
+                    },
+                },
+                "required": ["bucket_name", "output_directory"],
+            },
+        ]
+    }
+)
+class IntegrationConfigField(serializers.JSONField):
+    pass
@@ -16,6 +16,8 @@ from rest_framework_simplejwt.tokens import RefreshToken
 from api.models import (
    ComplianceOverview,
    Finding,
+    Integration,
+    IntegrationProviderRelationship,
    Invitation,
    InvitationRoleRelationship,
    Membership,
@@ -34,6 +36,12 @@ from api.models import (
    UserRoleRelationship,
 )
 from api.rls import Tenant
+from api.v1.serializer_utils.integrations import (
+    AWSCredentialSerializer,
+    IntegrationConfigField,
+    IntegrationCredentialField,
+    S3ConfigSerializer,
+)

 # Tokens

@@ -1606,8 +1614,8 @@ class RoleSerializer(RLSSerializer, BaseWriteSerializer):
            "manage_account",
            # Disable for the first release
            # "manage_billing",
-            # "manage_integrations",
            # /Disable for the first release
+            "manage_integrations",
            "manage_providers",
            "manage_scans",
            "permission_state",
@@ -2013,3 +2021,201 @@ class ScheduleDailyCreateSerializer(serializers.Serializer):
            if unknown_keys:
                raise ValidationError(f"Invalid fields: {unknown_keys}")
        return data
+
+
+# Integrations
+
+
+class BaseWriteIntegrationSerializer(BaseWriteSerializer):
+    @staticmethod
+    def validate_integration_data(
+        integration_type: str,
+        providers: list[Provider],  # noqa
+        configuration: dict,
+        credentials: dict,
+    ):
+        if integration_type == Integration.IntegrationChoices.S3:
+            config_serializer = S3ConfigSerializer
+            credentials_serializers = [AWSCredentialSerializer]
+            # TODO: This will be required for AWS Security Hub
+            # if providers and not all(
+            #     provider.provider == Provider.ProviderChoices.AWS
+            #     for provider in providers
+            # ):
+            #     raise serializers.ValidationError(
+            #         {"providers": "All providers must be AWS for the S3 integration."}
+            #     )
+        else:
+            raise serializers.ValidationError(
+                {
+                    "integration_type": f"Integration type not supported yet: {integration_type}"
+                }
+            )
+
+        config_serializer(data=configuration).is_valid(raise_exception=True)
+
+        for cred_serializer in credentials_serializers:
+            try:
+                cred_serializer(data=credentials).is_valid(raise_exception=True)
+                break
+            except ValidationError:
+                continue
+        else:
+            raise ValidationError(
+                {"credentials": "Invalid credentials for the integration type."}
+            )
+
+
+class IntegrationSerializer(RLSSerializer):
+    """
+    Serializer for the Integration model.
+    """
+
+    providers = serializers.ResourceRelatedField(
+        queryset=Provider.objects.all(), many=True
+    )
+
+    class Meta:
+        model = Integration
+        fields = [
+            "id",
+            "inserted_at",
+            "updated_at",
+            "enabled",
+            "connected",
+            "connection_last_checked_at",
+            "integration_type",
+            "configuration",
+            "providers",
+            "url",
+        ]
+
+    included_serializers = {
+        "providers": "api.v1.serializers.ProviderIncludeSerializer",
+    }
+
+    def to_representation(self, instance):
+        representation = super().to_representation(instance)
+        allowed_providers = self.context.get("allowed_providers")
+        if allowed_providers:
+            allowed_provider_ids = {str(provider.id) for provider in allowed_providers}
+            representation["providers"] = [
+                provider
+                for provider in representation["providers"]
+                if provider["id"] in allowed_provider_ids
+            ]
+        return representation
+
+
+class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
+    credentials = IntegrationCredentialField(write_only=True)
+    configuration = IntegrationConfigField()
+    providers = serializers.ResourceRelatedField(
+        queryset=Provider.objects.all(), many=True, required=False
+    )
+
+    class Meta:
+        model = Integration
+        fields = [
+            "inserted_at",
+            "updated_at",
+            "enabled",
+            "connected",
+            "connection_last_checked_at",
+            "integration_type",
+            "configuration",
+            "credentials",
+            "providers",
+        ]
+        extra_kwargs = {
+            "inserted_at": {"read_only": True},
+            "updated_at": {"read_only": True},
+            "connected": {"read_only": True},
+            "enabled": {"read_only": True},
+            "connection_last_checked_at": {"read_only": True},
+        }
+
+    def validate(self, attrs):
+        integration_type = attrs.get("integration_type")
+        providers = attrs.get("providers")
+        configuration = attrs.get("configuration")
+        credentials = attrs.get("credentials")
+
+        validated_attrs = super().validate(attrs)
+        self.validate_integration_data(
+            integration_type, providers, configuration, credentials
+        )
+        return validated_attrs
+
+    def create(self, validated_data):
+        tenant_id = self.context.get("tenant_id")
+
+        providers = validated_data.pop("providers", [])
+        integration = Integration.objects.create(tenant_id=tenant_id, **validated_data)
+
+        through_model_instances = [
+            IntegrationProviderRelationship(
+                integration=integration,
+                provider=provider,
+                tenant_id=tenant_id,
+            )
+            for provider in providers
+        ]
+        IntegrationProviderRelationship.objects.bulk_create(through_model_instances)
+
+        return integration
+
+
+class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
+    credentials = IntegrationCredentialField(write_only=True, required=False)
+    configuration = IntegrationConfigField(required=False)
+    providers = serializers.ResourceRelatedField(
+        queryset=Provider.objects.all(), many=True, required=False
+    )
+
+    class Meta:
+        model = Integration
+        fields = [
+            "inserted_at",
+            "updated_at",
+            "enabled",
+            "connected",
+            "connection_last_checked_at",
+            "integration_type",
+            "configuration",
+            "credentials",
+            "providers",
+        ]
+        extra_kwargs = {
+            "inserted_at": {"read_only": True},
+            "updated_at": {"read_only": True},
+            "connected": {"read_only": True},
+            "connection_last_checked_at": {"read_only": True},
+            "integration_type": {"read_only": True},
+        }
+
+    def validate(self, attrs):
+        integration_type = self.instance.integration_type
+        providers = attrs.get("providers")
+        configuration = attrs.get("configuration") or self.instance.configuration
+        credentials = attrs.get("credentials") or self.instance.credentials
+
+        validated_attrs = super().validate(attrs)
+        self.validate_integration_data(
+            integration_type, providers, configuration, credentials
+        )
+        return validated_attrs
+
+    def update(self, instance, validated_data):
+        tenant_id = self.context.get("tenant_id")
+        if validated_data.get("providers") is not None:
+            instance.providers.clear()
+            new_relationships = [
+                IntegrationProviderRelationship(
+                    integration=instance, provider=provider, tenant_id=tenant_id
+                )
+                for provider in validated_data["providers"]
+            ]
+            IntegrationProviderRelationship.objects.bulk_create(new_relationships)
+
+        return super().update(instance, validated_data)
@@ -10,6 +10,7 @@ from api.v1.views import (
    FindingViewSet,
    GithubSocialLoginView,
    GoogleSocialLoginView,
+    IntegrationViewSet,
    InvitationAcceptViewSet,
    InvitationViewSet,
    MembershipViewSet,
@@ -47,6 +48,7 @@ router.register(
 )
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
+router.register(r"integrations", IntegrationViewSet, basename="integration")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -1,6 +1,7 @@
 import glob
 import os

+import sentry_sdk
 from allauth.socialaccount.providers.github.views import GitHubOAuth2Adapter
 from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
 from botocore.exceptions import ClientError, NoCredentialsError, ParamValidationError
@@ -57,6 +58,7 @@ from api.db_router import MainRouter
 from api.filters import (
    ComplianceOverviewFilter,
    FindingFilter,
+    IntegrationFilter,
    InvitationFilter,
    MembershipFilter,
    ProviderFilter,
@@ -74,6 +76,7 @@ from api.filters import (
 from api.models import (
    ComplianceOverview,
    Finding,
+    Integration,
    Invitation,
    Membership,
    Provider,
@@ -102,6 +105,9 @@ from api.v1.serializers import (
    FindingDynamicFilterSerializer,
    FindingMetadataSerializer,
    FindingSerializer,
+    IntegrationCreateSerializer,
+    IntegrationSerializer,
+    IntegrationUpdateSerializer,
    InvitationAcceptSerializer,
    InvitationCreateSerializer,
    InvitationSerializer,
@@ -239,7 +245,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.5.0"
+        spectacular_settings.VERSION = "1.6.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -295,6 +301,11 @@ class SchemaView(SpectacularAPIView):
                "description": "Endpoints for task management, allowing retrieval of task status and "
                "revoking tasks that have not started.",
            },
+            {
+                "name": "Integration",
+                "description": "Endpoints for managing third-party integrations, including registration, configuration,"
+                " retrieval, and deletion of integrations such as S3, JIRA, or other services.",
+            },
        ]
        return super().get(request, *args, **kwargs)

@@ -1280,7 +1291,14 @@ class ScanViewSet(BaseRLSViewSet):
            filename = os.path.basename(output_location.split("/")[-1])
        else:
            zip_files = glob.glob(output_location)
-            file_path = zip_files[0]
+            try:
+                file_path = zip_files[0]
+            except IndexError as e:
+                sentry_sdk.capture_exception(e)
+                return Response(
+                    {"detail": "The scan has no reports."},
+                    status=status.HTTP_404_NOT_FOUND,
+                )
            with open(file_path, "rb") as f:
                file_content = f.read()
            filename = os.path.basename(file_path)
@@ -2433,3 +2451,67 @@ class ScheduleViewSet(BaseRLSViewSet):
                )
            },
        )
+
+
+@extend_schema_view(
+    list=extend_schema(
+        tags=["Integration"],
+        summary="List all integrations",
+        description="Retrieve a list of all configured integrations with options for filtering by various criteria.",
+    ),
+    retrieve=extend_schema(
+        tags=["Integration"],
+        summary="Retrieve integration details",
+        description="Fetch detailed information about a specific integration by its ID.",
+    ),
+    create=extend_schema(
+        tags=["Integration"],
+        summary="Create a new integration",
+        description="Register a new integration with the system, providing necessary configuration details.",
+    ),
+    partial_update=extend_schema(
+        tags=["Integration"],
+        summary="Partially update an integration",
+        description="Modify certain fields of an existing integration without affecting other settings.",
+    ),
+    destroy=extend_schema(
+        tags=["Integration"],
+        summary="Delete an integration",
+        description="Remove an integration from the system by its ID.",
+    ),
+)
+@method_decorator(CACHE_DECORATOR, name="list")
+@method_decorator(CACHE_DECORATOR, name="retrieve")
+class IntegrationViewSet(BaseRLSViewSet):
+    queryset = Integration.objects.all()
+    serializer_class = IntegrationSerializer
+    http_method_names = ["get", "post", "patch", "delete"]
+    filterset_class = IntegrationFilter
+    ordering = ["integration_type", "-inserted_at"]
+    # RBAC required permissions
+    required_permissions = [Permissions.MANAGE_INTEGRATIONS]
+    allowed_providers = None
+
+    def get_queryset(self):
+        user_roles = get_role(self.request.user)
+        if user_roles.unlimited_visibility:
+            # User has unlimited visibility, return all integrations
+            queryset = Integration.objects.filter(tenant_id=self.request.tenant_id)
+        else:
+            # User lacks permission, filter providers based on provider groups associated with the role
+            allowed_providers = get_providers(user_roles)
+            queryset = Integration.objects.filter(providers__in=allowed_providers)
+            self.allowed_providers = allowed_providers
+        return queryset
+
+    def get_serializer_class(self):
+        if self.action == "create":
+            return IntegrationCreateSerializer
+        elif self.action == "partial_update":
+            return IntegrationUpdateSerializer
+        return super().get_serializer_class()
+
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        context["allowed_providers"] = self.allowed_providers
+        return context
@@ -2,9 +2,8 @@ import json
 import logging
 from enum import StrEnum

-from django_guid.log_filters import CorrelationId
-
 from config.env import env
+from django_guid.log_filters import CorrelationId


 class BackendLogger(StrEnum):
@@ -39,9 +38,9 @@ class NDJSONFormatter(logging.Formatter):
            "funcName": record.funcName,
            "process": record.process,
            "thread": record.thread,
-            "transaction_id": record.transaction_id
-            if hasattr(record, "transaction_id")
-            else None,
+            "transaction_id": (
+                record.transaction_id if hasattr(record, "transaction_id") else None
+            ),
        }

        # Add REST API extra fields
@@ -236,3 +236,8 @@ DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY = env.str(
 )
 DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN = env.str("DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN", "")
 DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION = env.str("DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION", "")
+
+# HTTP Security Headers
+SECURE_CONTENT_TYPE_NOSNIFF = True
+X_FRAME_OPTIONS = "DENY"
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
@@ -2,6 +2,8 @@ import sentry_sdk
 from config.env import env

 IGNORED_EXCEPTIONS = [
+    # Provider is not connected due to credentials errors
+    "is not connected",
    # Authentication Errors from AWS
    "InvalidToken",
    "AccessDeniedException",
@@ -11,15 +13,47 @@ IGNORED_EXCEPTIONS = [
    "AuthFailure",
    "InvalidClientTokenId",
    "AccessDenied",
-    # Shodan Check
-    "No Shodan API Key",
-    # For now we don't want to log the RequestLimitExceeded errors
-    "RequestLimitExceeded",
+    "No Shodan API Key",  # Shodan Check
+    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
    "ThrottlingException",
    "Rate exceeded",
-    # The following comes from urllib3
-    # eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    "Pool is closed",
+    "SubscriptionRequiredException",
+    "UnknownOperationException",
+    "OptInRequired",
+    "ReadTimeout",
+    "LimitExceeded",
+    "ConnectTimeoutError",
+    "ExpiredToken",
+    "IncompleteSignature",
+    "RegionDisabledException",
+    "TooManyRequestsException",
+    "SignatureDoesNotMatch",
+    "InvalidParameterValueException",
+    "InvalidInputException",
+    "ValidationException",
+    "AWSSecretAccessKeyInvalidError",
+    "InvalidAction",
+    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
+    # Authentication Errors from GCP
+    "ClientAuthenticationError",
+    "AuthorizationFailed",
+    "Reauthentication is needed",
+    "Permission denied to get service",
+    "API has not been used in project",
+    "HttpError 404 when requesting",
+    "GCPNoAccesibleProjectsError",
+    # Authentication Errors from Azure
+    "ClientAuthenticationError",
+    "AuthorizationFailed",
+    "Subscription Not Registered",
+    "AzureNotValidClientIdError",
+    "AzureNotValidClientSecretError",
+    "AzureNotValidTenantIdError",
+    "AzureTenantIdAndClientSecretNotBelongingToClientIdError",
+    "AzureTenantIdAndClientIdNotBelongingToClientSecretError",
+    "AzureClientIdAndClientSecretNotBelongingToTenantIdError",
+    "AzureHTTPResponseError",
+    "Error with credentials provided",
 ]


@@ -1,13 +1,13 @@
 from config.env import env

-# Google Oauth settings
-GOOGLE_OAUTH_CLIENT_ID = env("DJANGO_GOOGLE_OAUTH_CLIENT_ID", default="")
-GOOGLE_OAUTH_CLIENT_SECRET = env("DJANGO_GOOGLE_OAUTH_CLIENT_SECRET", default="")
-GOOGLE_OAUTH_CALLBACK_URL = env("DJANGO_GOOGLE_OAUTH_CALLBACK_URL", default="")
+# Provider Oauth settings
+GOOGLE_OAUTH_CLIENT_ID = env("SOCIAL_GOOGLE_OAUTH_CLIENT_ID", default="")
+GOOGLE_OAUTH_CLIENT_SECRET = env("SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET", default="")
+GOOGLE_OAUTH_CALLBACK_URL = env("SOCIAL_GOOGLE_OAUTH_CALLBACK_URL", default="")

-GITHUB_OAUTH_CLIENT_ID = env("DJANGO_GITHUB_OAUTH_CLIENT_ID", default="")
-GITHUB_OAUTH_CLIENT_SECRET = env("DJANGO_GITHUB_OAUTH_CLIENT_SECRET", default="")
-GITHUB_OAUTH_CALLBACK_URL = env("DJANGO_GITHUB_OAUTH_CALLBACK_URL", default="")
+GITHUB_OAUTH_CLIENT_ID = env("SOCIAL_GITHUB_OAUTH_CLIENT_ID", default="")
+GITHUB_OAUTH_CLIENT_SECRET = env("SOCIAL_GITHUB_OAUTH_CLIENT_SECRET", default="")
+GITHUB_OAUTH_CALLBACK_URL = env("SOCIAL_GITHUB_OAUTH_CALLBACK_URL", default="")

 # Allauth settings
 ACCOUNT_LOGIN_METHODS = {"email"}  # Use Email / Password authentication
@@ -15,6 +15,8 @@ from api.db_utils import rls_transaction
 from api.models import (
    ComplianceOverview,
    Finding,
+    Integration,
+    IntegrationProviderRelationship,
    Invitation,
    Membership,
    Provider,
@@ -877,6 +879,46 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
    )


+@pytest.fixture
+def integrations_fixture(providers_fixture):
+    provider1, provider2, *_ = providers_fixture
+    tenant_id = provider1.tenant_id
+    integration1 = Integration.objects.create(
+        tenant_id=tenant_id,
+        enabled=True,
+        connected=True,
+        integration_type="amazon_s3",
+        configuration={"key": "value"},
+        credentials={"psswd": "1234"},
+    )
+    IntegrationProviderRelationship.objects.create(
+        tenant_id=tenant_id,
+        integration=integration1,
+        provider=provider1,
+    )
+
+    integration2 = Integration.objects.create(
+        tenant_id=tenant_id,
+        enabled=True,
+        connected=True,
+        integration_type="amazon_s3",
+        configuration={"key": "value"},
+        credentials={"psswd": "1234"},
+    )
+    IntegrationProviderRelationship.objects.create(
+        tenant_id=tenant_id,
+        integration=integration2,
+        provider=provider1,
+    )
+    IntegrationProviderRelationship.objects.create(
+        tenant_id=tenant_id,
+        integration=integration2,
+        provider=provider2,
+    )
+
+    return integration1, integration2
+
+
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

@@ -1,3 +1,4 @@
+from pathlib import Path
 from shutil import rmtree

 from celery import chain, shared_task
@@ -264,10 +265,14 @@ def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
    uploaded = _upload_to_s3(tenant_id, output_directory, scan_id)

    if uploaded:
+        # Remove the local files after upload
+        try:
+            rmtree(Path(output_directory).parent, ignore_errors=True)
+        except FileNotFoundError as e:
+            logger.error(f"Error deleting output files: {e}")
+
        output_directory = uploaded
        uploaded = True
-        # Remove the local files after upload
-        rmtree(DJANGO_TMP_OUTPUT_DIRECTORY, ignore_errors=True)
    else:
        uploaded = False

@@ -89,7 +89,7 @@ for accountId in $ACCOUNTS_IN_ORGS; do
        # Run Prowler
        echo -e "Assessing AWS Account: $accountId, using Role: $ROLE on $(date)"
        # remove -g cislevel for a full report and add other formats if needed
-        ./prowler/prowler.py --role arn:"$PARTITION":iam::"$accountId":role/"$ROLE" --compliance cis_1.5_aws -M html
+        ./prowler/prowler-cli.py --role arn:"$PARTITION":iam::"$accountId":role/"$ROLE" --compliance cis_1.5_aws -M html
        echo "Report stored locally at: prowler/output/ directory"
        TOTAL_SEC=$((SECONDS - START_TIME))
        echo -e "Completed AWS Account: $accountId, using Role: $ROLE on $(date)"
@@ -17,7 +17,7 @@ spec:
            image: toniblyx/prowler:latest
            imagePullPolicy: Always
            command:
-            - "./prowler.py"
+            - "./prowler-cli.py"
            args: [ "-B", "$(awsS3Bucket)" ]
            env:
            - name: AWS_ACCESS_KEY_ID
@@ -562,8 +562,11 @@ def get_section_containers_format1(data, section_1, section_2):

            direct_internal_items.append(internal_section_container)

+        # Cut the title if it's too long
+        tittle_external = section[:70] + " ..." if len(section) > 70 else section
+
        accordion_item = dbc.AccordionItem(
-            title=f"{section}", children=direct_internal_items
+            title=f"{tittle_external}", children=direct_internal_items
        )
        section_container = html.Div(
            [
@@ -0,0 +1,23 @@
+import warnings
+
+from dashboard.common_methods import get_section_container_iso
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ATTRIBUTES_CATEGORY",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_NAME",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+    return get_section_container_iso(
+        aux, "REQUIREMENTS_ATTRIBUTES_CATEGORY", "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID"
+    )
@@ -0,0 +1,23 @@
+import warnings
+
+from dashboard.common_methods import get_section_container_iso
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ATTRIBUTES_CATEGORY",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_NAME",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+    return get_section_container_iso(
+        aux, "REQUIREMENTS_ATTRIBUTES_CATEGORY", "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID"
+    )
@@ -0,0 +1,23 @@
+import warnings
+
+from dashboard.common_methods import get_section_container_iso
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ATTRIBUTES_CATEGORY",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID",
+            "REQUIREMENTS_ATTRIBUTES_OBJETIVE_NAME",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+    return get_section_container_iso(
+        aux, "REQUIREMENTS_ATTRIBUTES_CATEGORY", "REQUIREMENTS_ATTRIBUTES_OBJETIVE_ID"
+    )
@@ -1,6 +1,6 @@
 import warnings

-from dashboard.common_methods import get_section_containers_format4
+from dashboard.common_methods import get_section_containers_format1

 warnings.filterwarnings("ignore")

@@ -9,12 +9,15 @@ def get_table(data):
    aux = data[
        [
            "REQUIREMENTS_ID",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
            "CHECKID",
            "STATUS",
            "REGION",
            "ACCOUNTID",
            "RESOURCEID",
        ]
-    ]
+    ].copy()

-    return get_section_containers_format4(aux, "REQUIREMENTS_ID")
+    return get_section_containers_format1(
+        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
+    )
@@ -294,7 +294,7 @@ Each Prowler check has metadata associated which is stored at the same level of
    # Code holds different methods to remediate the FAIL finding
    "Code": {
      # CLI holds the command in the provider native CLI to remediate it
-      "CLI": "https://docs.prowler.com/checks/public_8#cli-command",
+      "CLI": "aws ec2 modify-image-attribute --region <REGION> --image-id <EC2_AMI_ID> --launch-permission {\"Remove\":[{\"Group\":\"all\"}]}",
      # NativeIaC holds the native IaC code to remediate it, use "https://docs.bridgecrew.io/docs"
      "NativeIaC": "",
      # Other holds the other commands, scripts or code to remediate it, use "https://www.trendmicro.com/cloudoneconformity"
@@ -18,7 +18,7 @@ This file should inside the *.vscode* folder and its name has to be *launch.json
            "name": "Debug AWS Check",
            "type": "debugpy",
            "request": "launch",
-            "program": "prowler.py",
+            "program": "prowler-cli.py",
            "args": [
                "aws",
                "--log-level",
@@ -33,7 +33,7 @@ This file should inside the *.vscode* folder and its name has to be *launch.json
            "name": "Debug Azure Check",
            "type": "debugpy",
            "request": "launch",
-            "program": "prowler.py",
+            "program": "prowler-cli.py",
            "args": [
                "azure",
                "--sp-env-auth",
@@ -49,7 +49,7 @@ This file should inside the *.vscode* folder and its name has to be *launch.json
            "name": "Debug GCP Check",
            "type": "debugpy",
            "request": "launch",
-            "program": "prowler.py",
+            "program": "prowler-cli.py",
            "args": [
                "gcp",
                "--log-level",
@@ -64,7 +64,7 @@ This file should inside the *.vscode* folder and its name has to be *launch.json
            "name": "Debug K8s Check",
            "type": "debugpy",
            "request": "launch",
-            "program": "prowler.py",
+            "program": "prowler-cli.py",
            "args": [
                "kubernetes",
                "--log-level",
@@ -219,7 +219,7 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),
    git clone https://github.com/prowler-cloud/prowler
    cd prowler
    poetry install
-    poetry run python prowler.py -v
+    poetry run python prowler-cli.py -v
    ```
    ???+ note
        If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
@@ -29,7 +29,7 @@ mkdir /tmp/poetry
 poetry config cache-dir /tmp/poetry
 eval $(poetry env activate)
 poetry install
-python prowler.py -v
+python prowler-cli.py -v
 ```
 > [!IMPORTANT]
 > Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
@@ -86,7 +86,7 @@ The following list includes all the Azure checks with configurable variables tha
 ## Kubernetes

 ### Configurable Checks
-The following list includes all the Azure checks with configurable variables that can be changed in the configuration yaml file:
+The following list includes all the Kubernetes checks with configurable variables that can be changed in the configuration yaml file:

 | Check Name                                                    | Value                                            | Type            |
 |---------------------------------------------------------------|--------------------------------------------------|-----------------|
@@ -96,6 +96,17 @@ The following list includes all the Azure checks with configurable variables tha
 | `apiserver_strong_ciphers`                                    | `apiserver_strong_ciphers`                       | String          |
 | `kubelet_strong_ciphers_only`                                 | `kubelet_strong_ciphers`                         | String          |

+
+## Microsoft365
+
+### Configurable Checks
+The following list includes all the Microsoft365 checks with configurable variables that can be changed in the configuration yaml file:
+
+| Check Name                                                    | Value                                            | Type            |
+|---------------------------------------------------------------|--------------------------------------------------|-----------------|
+| `entra_admin_users_sign_in_frequency_enabled`                 | `sign_in_frequency`                              | Integer         |
+
+
 ## Config YAML File Structure

 ???+ note
@@ -493,4 +504,10 @@ kubernetes:
      "TLS_RSA_WITH_AES_128_GCM_SHA256",
    ]

+# Microsoft365 Configuration
+microsoft365:
+  # Conditional Access Policy
+  # policy.session_controls.sign_in_frequency.frequency in hours
+  sign_in_frequency: 4
+
 ```
@@ -0,0 +1,191 @@
+# Managing Users and Roles
+
+The **Prowler App** supports multiple users within a single tenant, enabling seamless collaboration by allowing team members to easily share insights and manage security findings.
+
+[Roles](#roles) help you control user permissions, determining what actions each user can perform and the data they can access within Prowler. By default, each account includes an immutable **admin** role, ensuring that your account always retains administrative access.
+
+## Membership
+
+To get to User-Invitation Management we will focus on the Membership section.
+
+???+ note
+    **Only users that have the _Invite and Manage Users_ or _admin_ permission can access this section.**
+
+<img src="../img/rbac/membership.png" alt="Membership tab" width="700"/>
+
+### Users
+
+#### Editing a User
+
+Follow these steps to edit a user of your account:
+
+1. Navigate to **Users** from the side menu.
+2. Click on the edit button of the user you want to modify.
+
+    <img src="../img/rbac/user_edit.png" alt="Edit User" width="700"/>
+
+3. Edit the user fields you need and save your changes.
+
+    <img src="../img/rbac/user_edit_details.png" alt="Edit User Details" width="700"/>
+
+#### Removing a User
+
+Follow these steps to remove a user of your account:
+
+1. Navigate to **Users** from the side menu.
+2. Click on the delete button of your current user.
+> **Note: Each user will be able to delete himself and not others, regardless of his permissions.**
+
+    <img src="../img/rbac/user_remove.png" alt="Remove User" width="700"/>
+
+### Invitations
+
+#### Inviting Users
+
+???+note
+    _Please be aware that at this time, an email address can only be associated with a single Prowler account._
+
+Follow these steps to invite a user to your account:
+
+1. Navigate to **Users** from the side menu.
+2. Click on the **Invite User** button on the top right-hand corner of the screen.
+
+    <img src="../img/rbac/invite.png" alt="Invite User" width="700"/>
+
+3. In the Invite User screen, enter the email address of the user you want to invite.
+4. Pick a Role for the user. You can also change the roles for users and pending invites later. To learn more about the roles and what they can do, see [Roles](#roles).
+
+    <img src="../img/rbac/invitation_info.png" alt="Invitation info" width="700"/>
+
+5. Click on the **Send Invitation** button to send the invitation to the user.
+6. After clicking you will see a summary of the status of the invitation. You could access this view again from the invitation menu.
+
+    <img src="../img/rbac/invitation_details.png" alt="Invitation details" width="700"/>
+    <img src="../img/rbac/invitation_details_1.png" alt="Invitation button" width="700"/>
+
+7. To allow the user to join your Prowler account you will need to share the link with the user. They will only need to access this URL and follow the steps to create a user and complete their registration. **Note: Invitations will expire after 7 days.**
+
+    <img src="../img/rbac/invitation_sign-up.png" alt="Invitation sign-up" width="700"/>
+
+???+note
+    If you are a [Prowler Cloud](https://cloud.prowler.com/sign-in) user, the invited user will receive an email with the link to accept the invitation.
+
+#### Editing Invitation
+
+Follow these steps to edit an invitation:
+
+1. Navigate to **Invitations** from the side menu.
+2. Click on the edit button of the invitation and modify the email, the role or both. **Note: Editing an invitation will not reset its expiration time.**
+
+    <img src="../img/rbac/invitation_edit.png" alt="Invitation edit" width="700"/>
+    <img src="../img/rbac/invitation_edit_1.png" alt="Invitation edit details" width="700"/>
+
+#### Cancelling Invitation
+
+Follow these steps to cancel an invitation:
+
+1. Navigate to **Invitations** from the side menu.
+2. Click on the revoke button of the invitation.
+
+    <img src="../img/rbac/invitation_revoke.png" alt="Invitation revoke" width="700"/>
+
+#### Sending Invitation Again
+
+To resend the invitation to the user it is necessary to explicitly **delete the previous invitation and create a new invitation**.
+
+## Managing Groups and Roles
+
+The Roles section in Prowler is designed to facilitate the assignment of custom user privileges. This section allows administrators to define roles with specific permissions for Prowler administrative tasks and Account visibility.
+
+???+ note
+    **Only users that have the _Manage Account_ or _admin_ permission can access this section.**
+
+### Provider Groups
+
+Provider Groups control visibility across specific providers. When creating a new role, you can assign specific groups to define their Cloud Provider visibility. This ensures that users with that role have access only to the Cloud Providers that are required.
+
+By default, a new user role does not have visibility into any group.
+
+Alternatively, to grant the role unlimited visibility across all providers, check the Grant Unlimited Visibility checkbox.
+
+#### Creating a Provider Group
+
+Follow these steps to create a provider group in your account:
+
+1. 1. Navigate to **Provider Groups** from the side menu..
+2. In this view you can select the provider groups you want to assign to one or more roles.
+3. Click on the **Create Group** button on the center of the screen.
+
+    <img src="../img/rbac/provider_group.png" alt="Create Provider Group" width="700"/>
+
+#### Editing a Provider Group
+
+Follow these steps to edit a provider group on your account:
+
+1. 1. Navigate to **Provider Groups** from the side menu..
+2. Click on the edit button of the provider group you want to modify.
+
+    <img src="../img/rbac/provider_group_edit.png" alt="Edit Provider Group" width="700"/>
+
+3. Change the provider group parameters you need and save the changes.
+
+    <img src="../img/rbac/provider_group_edit_1.png" alt="Edit Provider Group Details" width="700"/>
+
+#### Removing a Provider Group
+
+Follow these steps to remove a provider group of your account:
+
+1. 1. Navigate to **Provider Groups** from the side menu..
+2. Click on the delete button of the provider group you want to remove.
+
+    <img src="../img/rbac/provider_group_remove.png" alt="Remove Provider Group" width="700"/>
+
+### Roles
+
+#### Creating a Role
+
+Follow these steps to create a role for your account:
+
+1. Navigate to **Roles** from the side menu.
+2. Click on the **Add Role** button on the top right-hand corner of the screen.
+
+    <img src="../img/rbac/role_create.png" alt="Create Role" width="700"/>
+
+3. In the Add Role screen, enter the role name, the administration permissions and the groups of providers to which the Role will have access to.
+4. In the Groups and Account Visibility section, you will see a list of available groups with checkboxes next to them. To assign a group to the user role, simply click the checkbox next to the group name. If you need to assign multiple groups, repeat the process for each group you wish to add.
+
+    <img src="../img/rbac/role_create_1.png" alt="Role parameters" width="700"/>
+
+#### Editing a Role
+
+Follow these steps to edit a role on your account:
+
+1. Navigate to **Roles** from the side menu.
+2. Click on the edit button of the role you want to modify.
+
+    <img src="../img/rbac/role_edit.png" alt="Edit Role" width="700"/>
+
+3. Adjust the settings as needed and save the changes.
+
+    <img src="../img/rbac/role_edit_details.png" alt="Edit Role Details" width="700"/>
+
+#### Removing a Role
+
+Follow these steps to remove a role of your account:
+
+1. Navigate to **Roles** from the side menu.
+2. Click on the delete button of the role you want to remove.
+
+    <img src="../img/rbac/role_remove.png" alt="Remove Role" width="700"/>
+
+## RBAC Administrative Permissions
+
+Assign administrative permissions by selecting from the following options:
+
+**Invite and Manage Users:** Invite new users and manage existing ones.<br>
+**Manage Account:** Adjust account settings and delete users.<br>
+**Manage Scans:** Run and review scans.<br>
+**Manage Cloud Providers:** Add or modify connected cloud providers.<br>
+**Manage Integrations:** Add or modify the Prowler Integrations.
+
+To grant all administrative permissions, select the **Grant all admin permissions** option.
@@ -0,0 +1,52 @@
+# Social Login Configuration
+
+The **Prowler App** supports social login using Google and GitHub OAuth providers. This document guides you through configuring the required environment variables to enable social authentication.
+
+<img src="../img/social-login/social_login_buttons.png" alt="Social login buttons" width="700" />
+
+## Configuring Social Login Credentials
+
+To enable social login with Google and GitHub, you must define the following environment variables:
+
+### Google OAuth Configuration
+
+Set the following environment variables for Google OAuth:
+
+```env
+SOCIAL_GOOGLE_OAUTH_CLIENT_ID=""
+SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET=""
+```
+
+### GitHub OAuth Configuration
+
+Set the following environment variables for GitHub OAuth:
+
+```env
+SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
+SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""
+```
+
+### Important Notes
+
+- If either `SOCIAL_GOOGLE_OAUTH_CLIENT_ID` or `SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET` is empty or not defined, the Google login button will be disabled.
+- If either `SOCIAL_GITHUB_OAUTH_CLIENT_ID` or `SOCIAL_GITHUB_OAUTH_CLIENT_SECRET` is empty or not defined, the GitHub login button will be disabled.
+
+
+<img src="../img/social-login/social_login_buttons_disabled.png" alt="Social login buttons disabled" width="700" />
+
+## Obtaining OAuth Credentials
+
+To obtain `CLIENT_ID` and `CLIENT_SECRET` for each provider, follow their official documentation:
+
+- **Google OAuth**: [Google OAuth Credentials Setup](https://developers.google.com/identity/protocols/oauth2)
+- **GitHub OAuth**: [GitHub OAuth App Setup](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app)
+
+### Steps Overview
+
+For both providers, the process generally involves:
+
+1. Registering your application in the provider's developer portal.
+2. Defining the authorized redirect URL (`SOCIAL_<PROVIDER>_OAUTH_CALLBACK_URL`).
+3. Copying the generated `CLIENT_ID` and `CLIENT_SECRET` into the corresponding environment variables.
+
+Once completed, ensure your environment variables are correctly loaded in your Prowler deployment to activate social login.
@@ -9,11 +9,23 @@ You can also access to the auto-generated **Prowler API** documentation at [http
    If you are a [Prowler Cloud](https://cloud.prowler.com/sign-in) user you can see API docs at [https://api.prowler.com/api/v1/docs](https://api.prowler.com/api/v1/docs)

 ## **Step 1: Sign Up**
+### **Sign up with Email**
 To get started, sign up using your email and password:

 <img src="../../img/sign-up-button.png" alt="Sign Up Button" width="320"/>
 <img src="../../img/sign-up.png" alt="Sign Up" width="285"/>

+### **Sign up with Social Login**
+
+If Social Login is enabled, you can sign up using your preferred provider (e.g., Google, GitHub).
+
+???+ note "How Social Login Works"
+    - If your email is already registered, you will be logged in, and your social account will be linked.
+    - If your email is not registered, a new account will be created using your social account email.
+
+???+ note "Enable Social Login"
+    See [how to configure Social Login for Prowler](prowler-app-social-login.md) to enable this feature in your own deployments.
+
 ---

 ## **Step 2: Log In**
@@ -54,6 +66,11 @@ Optionally, provide a **Provider Alias** for easier identification. Follow the i
 For AWS, enter your `AWS Account ID` and choose one of the following methods to connect:

 #### **Step 4.1.1: IAM Access Keys**
+
+[Video - Static User Credentials](https://www.youtube.com/watch?v=CtmZxduNHlE&ab_channel=Prowler "Video - Static User Credentials")
+
+<iframe width="320" height="180" src="https://www.youtube-nocookie.com/embed/CtmZxduNHlE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>
+
 1. Select `Connect via Credentials`.

    <img src="../../img/connect-aws-credentials.png" alt="AWS Credentials" width="350"/>
@@ -63,6 +80,11 @@ For AWS, enter your `AWS Account ID` and choose one of the following methods to
    <img src="../../img/aws-credentials.png" alt="AWS Credentials" width="350"/>

 #### **Step 4.1.2: IAM Role**
+
+[Video - Assume Role](https://www.youtube.com/watch?v=RPgIWOCERzY "Video - Assume Role")
+
+<iframe width="320" height="180" src="https://www.youtube-nocookie.com/embed/RPgIWOCERzY " title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>
+
 1. Select `Connect assuming IAM Role`.

    <img src="../../img/connect-aws-role.png" alt="AWS Role" width="350"/>
@@ -172,3 +194,18 @@ While the scan is running, start exploring the findings in these sections:
 - **Browse All Findings**: Detailed list of findings detected, where you can filter by severity, service, and more. <img src="../../img/findings.png" alt="Findings" width="700"/>

 To view all `new` findings that have not been seen prior to this scan, click the `Delta` filter and select `new`. To view all `changed` findings that have had a status change (from `PASS` to `FAIL` for example), click the `Delta` filter and select `changed`.
+
+## **Step 9: Download the Outputs**
+
+Once the scan is complete, you can download the output files generated by Prowler as a single `zip` file. This archive contains the CSV, JSON-OSCF, and HTML reports detailing the findings.
+
+To download these files, click the **Download** button. This button becomes available only after the scan has finished.
+
+<img src="../../img/download_output.png" alt="Download output" width="700"/>
+
+This action downloads a `zip` file containing an `output` folder, which includes the files mentioned above: CSV, JSON-OSCF, and HTML reports.
+
+<img src="../../img/output_folder.png" alt="Output folder" width="700"/>
+
+???+ note "API Note"
+    To learn more about the API endpoint the UI uses to download ZIP exports, see: [Prowler API Reference - Download Scan Output](https://api.prowler.com/api/v1/docs#tag/Scan/operation/scans_report_retrieve)
@@ -120,117 +120,147 @@ The JSON-OCSF output format implements the [Detection Finding](https://schema.oc

 ```json
 [{
-    "metadata": {
-        "event_code": "cloudtrail_multi_region_enabled",
-        "product": {
-            "name": "Prowler",
-            "vendor_name": "Prowler",
-            "version": "4.2.4"
-        },
-        "version": "1.1.0"
-    },
-    "severity_id": 4,
-    "severity": "High",
-    "status": "New",
-    "status_code": "FAIL",
-    "status_detail": "No CloudTrail trails enabled and logging were found.",
-    "status_id": 1,
-    "activity_name": "Create",
-    "activity_id": 1,
-    "finding_info": {
-        "created_time": "2024-04-08T11:33:51.870861",
-        "desc": "Ensure CloudTrail is enabled in all regions",
-        "product_uid": "prowler",
-        "title": "Ensure CloudTrail is enabled in all regions",
-        "uid": "prowler-aws-cloudtrail_multi_region_enabled-123456789012-ap-northeast-1-123456789012",
-        "types": ["Software and Configuration Checks","Industry and Regulatory Standards","CIS AWS Foundations Benchmark"],
-    },
-    "resources": [
-        {
-            "cloud_partition": "aws",
-            "region": "ap-northeast-1",
-            "group": {
-                "name": "cloudtrail"
-            },
-            "labels": [],
-            "name": "123456789012",
-            "type": "AwsCloudTrailTrail",
-            "uid": "arn:aws:cloudtrail:ap-northeast-1:123456789012:trail",
-            "data": {
-                "details": ""
-            },
-        }
-    ],
-    "category_name": "Findings",
-    "category_uid": 2,
-    "class_name": "DetectionFinding",
-    "class_uid": 2004,
-    "cloud": {
-        "account": {
-            "name": "test-account",
-            "type": "AWS_Account",
-            "type_id": 10,
-            "uid": "123456789012"
-        },
-        "org": {
-            "name": "",
-            "uid": ""
-        },
-        "provider": "aws",
-        "region": "ap-northeast-1"
-    },
-    "event_time": "2024-04-08T11:33:51.870861",
-    "remediation": {
-        "desc": "Ensure Logging is set to ON on all regions (even if they are not being used at the moment.",
-        "references": [
-            "aws cloudtrail create-trail --name <trail_name> --bucket-name <s3_bucket_for_cloudtrail> --is-multi-region-trail aws cloudtrail update-trail --name <trail_name> --is-multi-region-trail ",
-            "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrailconcepts.html#cloudtrail-concepts-management-events"
-        ]
-    },
-    "type_uid": 200401,
-    "type_name": "Create",
-    "unmapped": {
-        "related_url": "",
-        "categories": ["forensics-ready"],
-        "depends_on": [],
-        "related_to": [],
-        "notes": "",
-        "compliance": {
-            "CISA": [
-                "your-systems-3",
-                "your-data-2"
-            ],
-            "SOC2": [
-                "cc_2_1",
-                "cc_7_2",
-                "cc_a_1_2"
-            ],
-            "CIS-1.4": [
-                "3.1"
-            ],
-            "CIS-1.5": [
-                "3.1"
-            ],
-            "GDPR": [
-                "article_25",
-                "article_30"
-            ],
-            "AWS-Foundational-Security-Best-Practices": [
-                "cloudtrail"
-            ],
-            "ISO27001-2013": [
-                "A.12.4"
-            ],
-            "HIPAA": [
-                "164_308_a_1_ii_d",
-                "164_308_a_3_ii_a",
-                "164_308_a_6_ii",
-                "164_312_b",
-                "164_312_e_2_i"
-            ],
-        }
-    },
-}]
+     "message": "Potential secrets found in ECS task definition manufacturer-api with revision 7: Secrets in container manufacturer-api -> Secret Keyword on the environment variable DB_PASSWORD.",
+     "metadata": {
+         "event_code": "ecs_task_definitions_no_environment_secrets",
+         "product": {
+             "name": "Prowler",
+             "uid": "prowler",
+             "vendor_name": "Prowler",
+             "version": "5.3.0"
+         },
+         "profiles": [
+             "cloud",
+             "datetime"
+         ],
+         "tenant_uid": "",
+         "version": "1.3.0"
+     },
+     "severity_id": 5,
+     "severity": "Critical",
+     "status": "New",
+     "status_code": "FAIL",
+     "status_detail": "Potential secrets found in ECS task definition manufacturer-api with revision 7: Secrets in container manufacturer-api -> Secret Keyword on the environment variable DB_PASSWORD.",
+     "status_id": 1,
+     "unmapped": {
+         "related_url": "",
+         "categories": [
+             "secrets"
+         ],
+         "depends_on": [],
+         "related_to": [],
+         "notes": "",
+         "compliance": {
+             "MITRE-ATTACK": [
+                 "T1552"
+             ],
+             "AWS-Foundational-Security-Best-Practices": [
+                 "ecs"
+             ],
+             "KISA-ISMS-P-2023": [
+                 "2.7.1",
+                 "2.11.2"
+             ],
+             "KISA-ISMS-P-2023-korean": [
+                 "2.7.1",
+                 "2.11.2"
+             ],
+             "AWS-Well-Architected-Framework-Security-Pillar": [
+                 "SEC02-BP03"
+             ]
+         }
+     },
+     "activity_name": "Create",
+     "activity_id": 1,
+     "finding_info": {
+         "created_time": 1737995806,
+         "created_time_dt": "2025-01-27T17:36:46.855898",
+         "desc": "Check if secrets exists in ECS task definitions environment variables.",
+         "product_uid": "prowler",
+         "title": "Check if secrets exists in ECS task definitions environment variables",
+         "types": [
+             "Protect",
+             "Secure development",
+             "Credentials not hard-coded"
+         ],
+         "uid": "prowler-aws-ecs_task_definitions_no_environment_secrets-123456789012-eu-central-1-manufacturer-api:7"
+     },
+     "resources": [
+         {
+             "cloud_partition": "aws",
+             "region": "eu-central-1",
+             "data": {
+                 "details": "",
+                 "metadata": {
+                     "name": "manufacturer-api",
+                     "arn": "arn:aws:ecs:eu-central-1:123456789012:task-definition/manufacturer-api:7",
+                     "revision": "7",
+                     "region": "eu-central-1",
+                     "container_definitions": [
+                         {
+                             "name": "manufacturer-api",
+                             "privileged": false,
+                             "readonly_rootfilesystem": false,
+                             "user": "",
+                             "environment": [
+                                 {
+                                     "name": "DB_HOST",
+                                     "value": "some.cluster.eu-central-1.rds.amazonaws.com"
+                                 },
+                                 {
+                                     "name": "DB_PASSWORD",
+                                     "value": "somePassword"
+                                 }
+                             ],
+                             "log_driver": "",
+                             "log_option": ""
+                         }
+                     ],
+                     "pid_mode": "",
+                     "tags": [],
+                     "network_mode": "awsvpc"
+                 }
+             },
+             "group": {
+                 "name": "ecs"
+             },
+             "labels": [],
+             "name": "manufacturer-api:7",
+             "type": "AwsEcsTaskDefinition",
+             "uid": "arn:aws:ecs:eu-central-1:123456789012:task-definition/manufacturer-api:7"
+         }
+     ],
+     "category_name": "Findings",
+     "category_uid": 2,
+     "class_name": "Detection Finding",
+     "class_uid": 2004,
+     "cloud": {
+         "account": {
+             "name": "",
+             "type": "AWS Account",
+             "type_id": 10,
+             "uid": "123456789012",
+             "labels": []
+         },
+         "org": {
+             "name": "",
+             "uid": ""
+         },
+         "provider": "aws",
+         "region": "eu-central-1"
+     },
+     "remediation": {
+         "desc": "Use Secrets Manager or Parameter Store to securely provide credentials to containers without hardcoding the secrets in code or passing them through environment variables. It is currently not possible to delete task definition revisions which contain plaintext secrets. AWS is looking into implementing this feature in 2023, and it is therefore recommended that all plaintext secrets are rotated at the same time as moving the secrets to Secrets Manager or Parameter Store.",
+         "references": [
+             "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html"
+         ]
+     },
+     "risk_details": "The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.",
+     "time": 1737995806,
+     "time_dt": "2025-01-27T17:36:46.855898",
+     "type_uid": 200401,
+     "type_name": "Detection Finding: Create"
+ }]
 ```

 ???+ note
@@ -331,7 +361,7 @@ The following is the mapping between the native JSON and the Detection Finding f

 | Native JSON Prowler v3 | JSON-OCSF v.1.1.0 |
 | --- |---|
-| AssessmentStartTime | event_time |
+| AssessmentStartTime | time_dt |
 | FindingUniqueId | finding_info.uid |
 | Provider | cloud.provider |
 | CheckID | metadata.event_code |
@@ -49,24 +49,28 @@ nav:
      - Overview: index.md
      - Requirements: getting-started/requirements.md
  - Tutorials:
-      - Prowler App: tutorials/prowler-app.md
-      - Miscellaneous: tutorials/misc.md
-      - Reporting: tutorials/reporting.md
-      - Compliance: tutorials/compliance.md
-      - Dashboard: tutorials/dashboard.md
-      - Fixer (remediations): tutorials/fixer.md
-      - Quick Inventory: tutorials/quick-inventory.md
-      - Slack Integration: tutorials/integrations.md
-      - Configuration File: tutorials/configuration_file.md
-      - Logging: tutorials/logging.md
-      - Mutelist: tutorials/mutelist.md
-      - Check Aliases: tutorials/check-aliases.md
-      - Custom Metadata: tutorials/custom-checks-metadata.md
-      - Scan Unused Services: tutorials/scan-unused-services.md
-      - Pentesting: tutorials/pentesting.md
-      - Parallel Execution: tutorials/parallel-execution.md
-      - Developer Guide: developer-guide/introduction.md
-      - Prowler Check Kreator: tutorials/prowler-check-kreator.md
+      - Prowler App:
+          - Getting Started: tutorials/prowler-app.md
+          - Role-Based Access Control: tutorials/prowler-app-rbac.md
+          - Social Login: tutorials/prowler-app-social-login.md
+      - CLI:
+          - Miscellaneous: tutorials/misc.md
+          - Reporting: tutorials/reporting.md
+          - Compliance: tutorials/compliance.md
+          - Dashboard: tutorials/dashboard.md
+          - Fixer (remediations): tutorials/fixer.md
+          - Quick Inventory: tutorials/quick-inventory.md
+          - Slack Integration: tutorials/integrations.md
+          - Configuration File: tutorials/configuration_file.md
+          - Logging: tutorials/logging.md
+          - Mutelist: tutorials/mutelist.md
+          - Check Aliases: tutorials/check-aliases.md
+          - Custom Metadata: tutorials/custom-checks-metadata.md
+          - Scan Unused Services: tutorials/scan-unused-services.md
+          - Pentesting: tutorials/pentesting.md
+          - Parallel Execution: tutorials/parallel-execution.md
+          - Developer Guide: developer-guide/introduction.md
+          - Prowler Check Kreator: tutorials/prowler-check-kreator.md
      - AWS:
          - Authentication: tutorials/aws/authentication.md
          - Assume Role: tutorials/aws/role-assumption.md
@@ -441,14 +441,14 @@ isodate = ">=0.6.1,<1.0.0"

 [[package]]
 name = "azure-mgmt-containerservice"
-version = "34.0.0"
+version = "34.1.0"
 description = "Microsoft Azure Container Service Management Client Library for Python"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "azure_mgmt_containerservice-34.0.0-py3-none-any.whl", hash = "sha256:34be8172241e3c2c444682407970a938f60e3b2bd06304eaae0a1ba641f2262d"},
-    {file = "azure_mgmt_containerservice-34.0.0.tar.gz", hash = "sha256:822d07828b746a5ea5408a8b3770f41dc424d6c4c28de53c29611b62bef8aea3"},
+    {file = "azure_mgmt_containerservice-34.1.0-py3-none-any.whl", hash = "sha256:1faa1714e0100c6ee4cfb8d2eadb1c270b548a84b0070c74e9fe646056a5cb12"},
+    {file = "azure_mgmt_containerservice-34.1.0.tar.gz", hash = "sha256:637a6cf8f06636c016ad151d76f9c7ba75bd05d4334b3dd7837eb8b517f30dbe"},
 ]

 [package.dependencies]
@@ -631,20 +631,21 @@ msrest = ">=0.6.21"

 [[package]]
 name = "azure-mgmt-storage"
-version = "21.2.1"
+version = "22.1.1"
 description = "Microsoft Azure Storage Management Client Library for Python"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "azure-mgmt-storage-21.2.1.tar.gz", hash = "sha256:503a7ff9c31254092b0656445f5728bfdfda2d09d46a82e97019eaa9a1ecec64"},
-    {file = "azure_mgmt_storage-21.2.1-py3-none-any.whl", hash = "sha256:f97df1fa39cde9dbacf2cd96c9cba1fc196932185e24853e276f74b18a0bd031"},
+    {file = "azure_mgmt_storage-22.1.1-py3-none-any.whl", hash = "sha256:a4a4064918dcfa4f1cbebada5bf064935d66f2a3647a2f46a1f1c9348736f5d9"},
+    {file = "azure_mgmt_storage-22.1.1.tar.gz", hash = "sha256:25aaa5ae8c40c30e2f91f8aae6f52906b0557e947d5c1b9817d4ff9decc11340"},
 ]

 [package.dependencies]
 azure-common = ">=1.1"
 azure-mgmt-core = ">=1.3.2"
 isodate = ">=0.6.1"
+typing-extensions = ">=4.6.0"

 [[package]]
 name = "azure-mgmt-subscription"
@@ -1777,14 +1778,14 @@ grpcio-gcp = ["grpcio-gcp (>=0.2.2,<1.0.dev0)"]

 [[package]]
 name = "google-api-python-client"
-version = "2.162.0"
+version = "2.163.0"
 description = "Google API Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 groups = ["main"]
 files = [
-    {file = "google_api_python_client-2.162.0-py2.py3-none-any.whl", hash = "sha256:49365fa4f7795fe81a747f5544d6528ea94314fa59664e0ea1005f603facf1ec"},
-    {file = "google_api_python_client-2.162.0.tar.gz", hash = "sha256:5f8bc934a5b6eea73a7d12d999e6585c1823179f48340234acb385e2502e735a"},
+    {file = "google_api_python_client-2.163.0-py2.py3-none-any.whl", hash = "sha256:080e8bc0669cb4c1fb8efb8da2f5b91a2625d8f0e7796cfad978f33f7016c6c4"},
+    {file = "google_api_python_client-2.163.0.tar.gz", hash = "sha256:88dee87553a2d82176e2224648bf89272d536c8f04dcdda37ef0a71473886dd7"},
 ]

 [package.dependencies]
@@ -2090,14 +2091,14 @@ files = [

 [[package]]
 name = "jinja2"
-version = "3.1.5"
+version = "3.1.6"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 groups = ["main", "dev", "docs"]
 files = [
-    {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
-    {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
+    {file = "jinja2-3.1.6-py3-none-any.whl", hash = "sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"},
+    {file = "jinja2-3.1.6.tar.gz", hash = "sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d"},
 ]

 [package.dependencies]
@@ -2160,6 +2161,8 @@ python-versions = "*"
 groups = ["dev"]
 files = [
    {file = "jsonpath-ng-1.7.0.tar.gz", hash = "sha256:f6f5f7fd4e5ff79c785f1573b394043b39849fb2bb47bcead935d12b00beab3c"},
+    {file = "jsonpath_ng-1.7.0-py2-none-any.whl", hash = "sha256:898c93fc173f0c336784a3fa63d7434297544b7198124a68f9a3ef9597b0ae6e"},
+    {file = "jsonpath_ng-1.7.0-py3-none-any.whl", hash = "sha256:f3d7f9e848cba1b6da28c55b1c26ff915dc9e0b1ba7e752a53d6da8d5cbd00b6"},
 ]

 [package.dependencies]
@@ -2644,26 +2647,21 @@ pyyaml = ">=5.1"

 [[package]]
 name = "mkdocs-git-revision-date-localized-plugin"
-version = "1.3.0"
+version = "1.4.1"
 description = "Mkdocs plugin that enables displaying the localized date of the last git modification of a markdown file."
 optional = false
 python-versions = ">=3.8"
 groups = ["docs"]
 files = [
-    {file = "mkdocs_git_revision_date_localized_plugin-1.3.0-py3-none-any.whl", hash = "sha256:c99377ee119372d57a9e47cff4e68f04cce634a74831c06bc89b33e456e840a1"},
-    {file = "mkdocs_git_revision_date_localized_plugin-1.3.0.tar.gz", hash = "sha256:439e2f14582204050a664c258861c325064d97cdc848c541e48bb034a6c4d0cb"},
+    {file = "mkdocs_git_revision_date_localized_plugin-1.4.1-py3-none-any.whl", hash = "sha256:bb1eca7f156e0c8a587167662923d76efed7f7e0c06b84471aa5ae72a744a434"},
+    {file = "mkdocs_git_revision_date_localized_plugin-1.4.1.tar.gz", hash = "sha256:364d7c4c45c4f333c750e34bc298ac685a7a8bf9b7b52890d52b2f90f1812c4b"},
 ]

 [package.dependencies]
 babel = ">=2.7.0"
-GitPython = "*"
+gitpython = ">=3.1.44"
 mkdocs = ">=1.0"
-pytz = "*"
-
-[package.extras]
-all = ["GitPython", "babel (>=2.7.0)", "click", "codecov", "mkdocs (>=1.0)", "mkdocs-gen-files", "mkdocs-git-authors-plugin", "mkdocs-material", "mkdocs-static-i18n", "pytest", "pytest-cov", "pytz"]
-base = ["GitPython", "babel (>=2.7.0)", "mkdocs (>=1.0)", "pytz"]
-dev = ["click", "codecov", "mkdocs-gen-files", "mkdocs-git-authors-plugin", "mkdocs-material", "mkdocs-static-i18n", "pytest", "pytest-cov"]
+pytz = ">=2025.1"

 [[package]]
 name = "mkdocs-material"
@@ -2709,14 +2707,14 @@ files = [

 [[package]]
 name = "mock"
-version = "5.1.0"
+version = "5.2.0"
 description = "Rolling backport of unittest.mock for all Pythons"
 optional = false
 python-versions = ">=3.6"
 groups = ["dev"]
 files = [
-    {file = "mock-5.1.0-py3-none-any.whl", hash = "sha256:18c694e5ae8a208cdb3d2c20a993ca1a7b0efa258c247a1e565150f477f83744"},
-    {file = "mock-5.1.0.tar.gz", hash = "sha256:5e96aad5ccda4718e0a229ed94b2024df75cc2d55575ba5762d31f5767b8767d"},
+    {file = "mock-5.2.0-py3-none-any.whl", hash = "sha256:7ba87f72ca0e915175596069dbbcc7c75af7b5e9b9bc107ad6349ede0819982f"},
+    {file = "mock-5.2.0.tar.gz", hash = "sha256:4e460e818629b4b173f32d08bf30d3af8123afbb8e04bb5707a1fd4799e503f0"},
 ]

 [package.extras]
@@ -4946,14 +4944,14 @@ files = [

 [[package]]
 name = "tzlocal"
-version = "5.3"
+version = "5.3.1"
 description = "tzinfo object for the local timezone"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "tzlocal-5.3-py3-none-any.whl", hash = "sha256:3814135a1bb29763c6e4f08fd6e41dbb435c7a60bfbb03270211bcc537187d8c"},
-    {file = "tzlocal-5.3.tar.gz", hash = "sha256:2fafbfc07e9d8b49ade18f898d6bcd37ae88ce3ad6486842a2e4f03af68323d2"},
+    {file = "tzlocal-5.3.1-py3-none-any.whl", hash = "sha256:eb1a66c3ef5847adf7a834f1be0800581b683b5608e74f86ecbcef8ab91bb85d"},
+    {file = "tzlocal-5.3.1.tar.gz", hash = "sha256:cceffc7edecefea1f595541dbd6e990cb1ea3d19bf01b2809f362a03dd7921fd"},
 ]

 [package.dependencies]
@@ -5338,4 +5336,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">3.9.1,<3.13"
-content-hash = "df864469828067bcf537b4b5d0b7ab4d711598561bca1cb0ebda59f2e5f6f832"
+content-hash = "0023fa78be2b6e67ca726e0045d7953b2e72b723d8afd80e52b733c11061b66f"
@@ -58,6 +58,11 @@ from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
 from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
 from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
 from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_azure import AzureISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
+    KubernetesISO27001,
+)
 from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
@@ -521,6 +526,19 @@ def prowler():
                )
                generated_outputs["compliance"].append(ens)
                ens.batch_write_data_to_file()
+            elif compliance_name.startswith("iso27001_"):
+                # Generate ISO27001 Finding Object
+                filename = (
+                    f"{output_options.output_directory}/compliance/"
+                    f"{output_options.output_filename}_{compliance_name}.csv"
+                )
+                iso27001 = AzureISO27001(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    file_path=filename,
+                )
+                generated_outputs["compliance"].append(iso27001)
+                iso27001.batch_write_data_to_file()
            else:
                filename = (
                    f"{output_options.output_directory}/compliance/"
@@ -575,6 +593,19 @@ def prowler():
                )
                generated_outputs["compliance"].append(ens)
                ens.batch_write_data_to_file()
+            elif compliance_name.startswith("iso27001_"):
+                # Generate ISO27001 Finding Object
+                filename = (
+                    f"{output_options.output_directory}/compliance/"
+                    f"{output_options.output_filename}_{compliance_name}.csv"
+                )
+                iso27001 = GCPISO27001(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    file_path=filename,
+                )
+                generated_outputs["compliance"].append(iso27001)
+                iso27001.batch_write_data_to_file()
            else:
                filename = (
                    f"{output_options.output_directory}/compliance/"
@@ -603,6 +634,19 @@ def prowler():
                )
                generated_outputs["compliance"].append(cis)
                cis.batch_write_data_to_file()
+            elif compliance_name.startswith("iso27001_"):
+                # Generate ISO27001 Finding Object
+                filename = (
+                    f"{output_options.output_directory}/compliance/"
+                    f"{output_options.output_filename}_{compliance_name}.csv"
+                )
+                iso27001 = KubernetesISO27001(
+                    findings=finding_outputs,
+                    compliance=bulk_compliance_frameworks[compliance_name],
+                    file_path=filename,
+                )
+                generated_outputs["compliance"].append(iso27001)
+                iso27001.batch_write_data_to_file()
            else:
                filename = (
                    f"{output_options.output_directory}/compliance/"
@@ -2932,7 +2932,7 @@
      ]
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r1.aws.warch.1",
      "Description": "Sistema de gestión",
      "Attributes": [
        {
@@ -2956,7 +2956,7 @@
      "Checks": []
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r2.aws.warch.1",
      "Description": "Sistema de gestión de la seguridad con mejora continua",
      "Attributes": [
        {
@@ -2980,7 +2980,7 @@
      "Checks": []
    },
    {
-      "Id": "op.pl.2.aws.warch.1",
+      "Id": "op.pl.2.r3.aws.warch.1",
      "Description": "Validación de datos",
      "Attributes": [
        {
@@ -4304,32 +4304,6 @@
      ],
      "Checks": []
    },
-    {
-      "Id": "op.mon.3.aws.cwl.1",
-      "Description": "Vigilancia",
-      "Attributes": [
-        {
-          "IdGrupoControl": "op.mon.3",
-          "Marco": "operacional",
-          "Categoria": "monitorización del sistema",
-          "DescripcionControl": "Deberá asegurarse que todos los servicios que se utilicen en la arquitectura de la aplicación desplegada en AWS estén generando logs",
-          "Nivel": "alto",
-          "Tipo": "requisito",
-          "Dimensiones": [
-            "confidencialidad",
-            "integridad",
-            "trazabilidad",
-            "autenticidad",
-            "disponibilidad"
-          ],
-          "ModoEjecucion": "automatico",
-          "Dependencias": []
-        }
-      ],
-      "Checks": [
-        "cloudtrail_cloudwatch_logging_enabled"
-      ]
-    },
    {
      "Id": "mp.com.2.aws.vpn.1",
      "Description": "Protección de la confidencialidad",
--- a/Show More
+++ b/Show More