chore(postgres): use pgbouncer

chore: align Next.js version to 14.2.29 across Prowler and Cloud (#7962 )
docs: update changelog (#7960 )
2026-05-14 00:02:47 +00:00 · 2025-06-09 13:08:57 +02:00 · 2025-06-06 13:54:42 +02:00 · 2025-06-06 13:17:38 +02:00 · 2025-06-06 12:38:14 +02:00 · 2025-06-06 10:42:14 +02:00
656 changed files with 81896 additions and 5932 deletions
@@ -16,7 +16,7 @@ AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
 PROWLER_API_VERSION="stable"
 # PostgreSQL settings
 # If running Django and celery on host, use 'localhost', else use 'postgres-db'
-POSTGRES_HOST=postgres-db
+POSTGRES_HOST=postgres-db-proxy
 POSTGRES_PORT=5432
 POSTGRES_ADMIN_USER=prowler_admin
 POSTGRES_ADMIN_PASSWORD=postgres
@@ -24,6 +24,10 @@ POSTGRES_USER=prowler
 POSTGRES_PASSWORD=postgres
 POSTGRES_DB=prowler_db

+# Celery-Prowler task settings
+TASK_RETRY_DELAY_SECONDS=0.1
+TASK_RETRY_ATTEMPTS=5
+
 # Valkey settings
 # If running Valkey and celery on host, use localhost, else use 'valkey'
 VALKEY_HOST=valkey
@@ -81,7 +81,7 @@ jobs:
      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
@@ -94,7 +94,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
@@ -48,12 +48,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -85,6 +85,14 @@ jobs:
            api/README.md
            api/mkdocs.yml

+      - name: Replace @master with current branch in pyproject.toml
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
+          echo "Using branch: $BRANCH_NAME"
+          sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
+
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -92,9 +100,15 @@ jobs:
          python -m pip install --upgrade pip
          pipx install poetry==2.1.1

+      - name: Update poetry.lock after the branch name change
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry lock
+
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -179,7 +193,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.API_WORKING_DIR }}
          push: false
@@ -0,0 +1,67 @@
+name: Create Backport Label
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  create_label:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+    steps:
+      - name: Create backport label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+          OWNER_REPO: ${{ github.repository }}
+        run: |
+          VERSION_ONLY=${RELEASE_TAG#v} # Remove 'v' prefix if present (e.g., v3.2.0 -> 3.2.0)
+
+          # Check if it's a minor version (X.Y.0)
+          if [[ "$VERSION_ONLY" =~ ^[0-9]+\.[0-9]+\.0$ ]]; then
+            echo "Release ${RELEASE_TAG} (version ${VERSION_ONLY}) is a minor version. Proceeding to create backport label."
+
+            TWO_DIGIT_VERSION=${VERSION_ONLY%.0} # Extract X.Y from X.Y.0 (e.g., 5.6 from 5.6.0)
+
+            FINAL_LABEL_NAME="backport-to-v${TWO_DIGIT_VERSION}"
+            FINAL_DESCRIPTION="Backport PR to the v${TWO_DIGIT_VERSION} branch"
+
+            echo "Effective label name will be: ${FINAL_LABEL_NAME}"
+            echo "Effective description will be: ${FINAL_DESCRIPTION}"
+
+            # Check if the label already exists
+            STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${OWNER_REPO}/labels/${FINAL_LABEL_NAME}")
+
+            if [ "${STATUS_CODE}" -eq 200 ]; then
+              echo "Label '${FINAL_LABEL_NAME}' already exists."
+            elif [ "${STATUS_CODE}" -eq 404 ]; then
+              echo "Label '${FINAL_LABEL_NAME}' does not exist. Creating it..."
+              # Prepare JSON data payload
+              JSON_DATA=$(printf '{"name":"%s","description":"%s","color":"B60205"}' "${FINAL_LABEL_NAME}" "${FINAL_DESCRIPTION}")
+
+              CREATE_STATUS_CODE=$(curl -s -o /tmp/curl_create_response.json -w "%{http_code}" -X POST \
+              -H "Accept: application/vnd.github.v3+json" \
+              -H "Authorization: token ${GITHUB_TOKEN}" \
+              --data "${JSON_DATA}" \
+              "https://api.github.com/repos/${OWNER_REPO}/labels")
+
+              CREATE_RESPONSE_BODY=$(cat /tmp/curl_create_response.json)
+              rm -f /tmp/curl_create_response.json
+
+              if [ "$CREATE_STATUS_CODE" -eq 201 ]; then
+                echo "Label '${FINAL_LABEL_NAME}' created successfully."
+              else
+                echo "Error creating label '${FINAL_LABEL_NAME}'. Status: $CREATE_STATUS_CODE"
+                echo "Response: $CREATE_RESPONSE_BODY"
+                exit 1
+              fi
+            else
+              echo "Error checking for label '${FINAL_LABEL_NAME}'. HTTP Status: ${STATUS_CODE}"
+              exit 1
+            fi
+          else
+            echo "Release ${RELEASE_TAG} (version ${VERSION_ONLY}) is not a minor version. Skipping backport label creation."
+            exit 0
+          fi
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@690e5c7aff8347c3885096f3962a0633d9129607 # v3.88.23
+        uses: trufflesecurity/trufflehog@b06f6d72a3791308bb7ba59c2b8cb7a083bd17e4 # v3.88.26
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -12,11 +12,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}

      - name: Set short git commit SHA
        id: vars
        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
+          shortSha=$(git rev-parse --short ${{ github.event.pull_request.merge_commit_sha }})
          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV

      - name: Trigger pull request
@@ -26,9 +28,10 @@ jobs:
          repository: ${{ secrets.CLOUD_DISPATCH }}
          event-type: prowler-pull-request-merged
          client-payload: '{
-            "PROWLER_COMMIT_SHA": "${{ github.sha }}",
+            "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
-            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }}
+            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
+            "PROWLER_PR_URL":${{ toJson(github.event.pull_request.html_url) }}
          }'
@@ -62,7 +62,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -127,7 +127,7 @@ jobs:

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
@@ -25,17 +25,31 @@ jobs:
            MINOR_VERSION=${BASH_REMATCH[2]}
            FIX_VERSION=${BASH_REMATCH[3]}

+            # Export version components to GitHub environment
+            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"
+
            if (( MAJOR_VERSION == 5 )); then
                if (( FIX_VERSION == 0 )); then
                  echo "Minor Release: $PROWLER_VERSION"

+                  # Set up next minor version for master
                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"

                  TARGET_BRANCH=${BASE_BRANCH}
                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"

+                  # Set up patch version for version branch
+                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
+                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
                else
                  echo "Patch Release: $PROWLER_VERSION"

@@ -74,7 +88,6 @@ jobs:

            git --no-pager diff

-
      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
@@ -92,3 +105,41 @@ jobs:
              ### License

              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+
+      - name: Handle patch version for minor release
+        if: env.FIX_VERSION == '0'
+        run: |
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"
+
+            set -e
+
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml
+
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py
+
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env
+
+            git --no-pager diff
+
+      - name: Create Pull Request for patch version
+        if: env.FIX_VERSION == '0'
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.VERSION_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            body: |
+              ### Description
+
+              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}
+
+              ### License
+
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -56,12 +56,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -51,7 +51,7 @@ jobs:

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -115,6 +115,7 @@ jobs:
          files: |
            ./prowler/providers/aws/**
            ./tests/providers/aws/**
+            .poetry.lock

      - name: AWS - Test
        if: steps.aws-changed-files.outputs.any_changed == 'true'
@@ -129,6 +130,7 @@ jobs:
          files: |
            ./prowler/providers/azure/**
            ./tests/providers/azure/**
+            .poetry.lock

      - name: Azure - Test
        if: steps.azure-changed-files.outputs.any_changed == 'true'
@@ -143,6 +145,7 @@ jobs:
          files: |
            ./prowler/providers/gcp/**
            ./tests/providers/gcp/**
+            .poetry.lock

      - name: GCP - Test
        if: steps.gcp-changed-files.outputs.any_changed == 'true'
@@ -157,12 +160,28 @@ jobs:
          files: |
            ./prowler/providers/kubernetes/**
            ./tests/providers/kubernetes/**
+            .poetry.lock

      - name: Kubernetes - Test
        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
        run: |
          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes

+      # Test GitHub
+      - name: GitHub - Check if any file has changed
+        id: github-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/github/**
+            ./tests/providers/github/**
+            .poetry.lock
+
+      - name: GitHub - Test
+        if: steps.github-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
+
      # Test NHN
      - name: NHN - Check if any file has changed
        id: nhn-changed-files
@@ -171,6 +190,7 @@ jobs:
          files: |
            ./prowler/providers/nhn/**
            ./tests/providers/nhn/**
+            .poetry.lock

      - name: NHN - Test
        if: steps.nhn-changed-files.outputs.any_changed == 'true'
@@ -185,6 +205,7 @@ jobs:
          files: |
            ./prowler/providers/m365/**
            ./tests/providers/m365/**
+            .poetry.lock

      - name: M365 - Test
        if: steps.m365-changed-files.outputs.any_changed == 'true'
@@ -210,4 +231,4 @@ jobs:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
          flags: prowler
-          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./lib_coverage.xml,./config_coverage.xml
+          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./github_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./lib_coverage.xml,./config_coverage.xml
@@ -71,7 +71,7 @@ jobs:
          pipx install poetry==2.1.1

      - name: Setup Python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          # cache: ${{ env.CACHE }}
@@ -28,7 +28,7 @@ jobs:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: 3.9 #install the python needed

@@ -81,7 +81,7 @@ jobs:
      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -96,7 +96,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -48,12 +48,12 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          category: "/language:${{matrix.language}}"
@@ -50,7 +50,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.UI_WORKING_DIR }}
          # Always build using `prod` target
@@ -42,6 +42,9 @@ junit-reports/
 # VSCode files
 .vscode/

+# Cursor files
+.cursorignore
+
 # Terraform
 .terraform*
 *.tfstate
@@ -3,7 +3,7 @@
  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
 </p>
 <p align="center">
-  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
+  <b><i>Prowler</b> is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.
 </p>
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
@@ -43,15 +43,29 @@

 # Description

-**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.
+**Prowler** is an open-source security tool designed to assess and enforce security best practices across AWS, Azure, Google Cloud, and Kubernetes. It supports tasks such as security audits, incident response, continuous monitoring, system hardening, forensic readiness, and remediation processes.
+
+Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:
+
+- **Industry Standards:** CIS, NIST 800, NIST CSF, and CISA
+- **Regulatory Compliance and Governance:** RBI, FedRAMP, and PCI-DSS
+- **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC
+- **Frameworks for Organizational Governance and Quality Control:** SOC2 and GXP
+- **AWS-Specific Frameworks:** AWS Foundational Technical Review (FTR) and AWS Well-Architected Framework (Security Pillar)
+- **National Security Standards:** ENS (Spanish National Security Scheme)
+- **Custom Security Frameworks:** Tailored to your needs
+
+## Prowler CLI and Prowler Cloud
+
+Prowler offers a Command Line Interface (CLI), known as Prowler Open Source, and an additional service built on top of it, called <a href="https://prowler.com">Prowler Cloud</a>.

 ## Prowler App

-Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.
+Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

 ![Prowler App](docs/img/overview.png)

->More details at [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)
+>For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)

 ## Prowler CLI

@@ -60,6 +74,7 @@ prowler <provider>
 ```
 ![Prowler CLI Execution](docs/img/short-display.png)

+
 ## Prowler Dashboard

 ```console
@@ -67,26 +82,34 @@ prowler dashboard
 ```
 ![Prowler Dashboard](docs/img/dashboard.png)

-It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.
+# Prowler at a Glance

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 564 | 82 | 33 | 10 |
-| GCP | 79 | 13 | 7 | 3 |
-| Azure | 140 | 18 | 8 | 3 |
-| Kubernetes | 83 | 7 | 4 | 7 |
-| M365 | 44 | 2 | 1 | 0 |
+| AWS | 567 | 82 | 36 | 10 |
+| GCP | 79 | 13 | 9 | 3 |
+| Azure | 142 | 18 | 10 | 3 |
+| Kubernetes | 83 | 7 | 5 | 7 |
+| GitHub | 16 | 2 | 1 | 0 |
+| M365 | 69 | 7 | 2 | 2 |
 | NHN (Unofficial) | 6 | 2 | 1 | 0 |

-> You can list the checks, services, compliance frameworks and categories with `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.
+> [!Note]
+> The numbers in the table are updated periodically.
+
+> [!Tip]
+> For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit [**Prowler Hub**](https://hub.prowler.com).
+
+> [!Note]
+> Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories: `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.

 # 💻 Installation

 ## Prowler App

-Prowler App can be installed in different ways, depending on your environment:
+Prowler App offers flexible installation methods tailored to various environments:

-> See how to use Prowler App in the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).
+> For detailed instructions on using Prowler App, refer to the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).

 ### Docker Compose

@@ -102,8 +125,16 @@ curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/mast
 docker compose up -d
 ```

-> Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
-> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
+> Containers are built for `linux/amd64`.
+
+### Configuring Your Workstation for Prowler App
+
+If your workstation's architecture is incompatible, you can resolve this by:
+
+- **Setting the environment variable**: `DOCKER_DEFAULT_PLATFORM=linux/amd64`
+- **Using the following flag in your Docker command**: `--platform linux/amd64`
+
+> Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

 ### From GitHub

@@ -129,12 +160,12 @@ python manage.py migrate --database admin
 gunicorn -c config/guniconf.py config.wsgi:application
 ```
 > [!IMPORTANT]
-> Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
+> As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.
 >
-> If your poetry version is below 2.0.0 you must keep using `poetry shell` to activate your environment.
-> In case you have any doubts, consult the Poetry environment activation guide: https://python-poetry.org/docs/managing-environments/#activating-the-environment
+> If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.
+> For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.

-> Now, you can access the API documentation at http://localhost:8080/api/v1/docs.
+> After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs.

 **Commands to run the API Worker**

@@ -172,29 +203,31 @@ npm run build
 npm start
 ```

-> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.
+> Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.

 ## Prowler CLI
 ### Pip package
-Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python > 3.9.1, < 3.13:
+Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/). Consequently, it can be installed using pip with Python >3.9.1, <3.13:

 ```console
 pip install prowler
 prowler -v
 ```
->More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)
+>For further guidance, refer to [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)

 ### Containers

-The available versions of Prowler CLI are the following:
+**Available Versions of Prowler CLI**

- `latest`: in sync with `master` branch (bear in mind that it is not a stable version)
- `v4-latest`: in sync with `v4` branch (bear in mind that it is not a stable version)
- `v3-latest`: in sync with `v3` branch (bear in mind that it is not a stable version)
- `<x.y.z>` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.
- `stable`: this tag always point to the latest release.
- `v4-stable`: this tag always point to the latest release for v4.
- `v3-stable`: this tag always point to the latest release for v3.
+The following versions of Prowler CLI are available, depending on your requirements:
+
+- `latest`: Synchronizes with the `master` branch. Note that this version is not stable.
+- `v4-latest`: Synchronizes with the `v4` branch. Note that this version is not stable.
+- `v3-latest`: Synchronizes with the `v3` branch. Note that this version is not stable.
+- `<x.y.z>` (release): Stable releases corresponding to specific versions. You can find the complete list of releases [here](https://github.com/prowler-cloud/prowler/releases).
+- `stable`: Always points to the latest release.
+- `v4-stable`: Always points to the latest release for v4.
+- `v3-stable`: Always points to the latest release for v3.

 The container images are available here:
 - Prowler CLI:
@@ -206,7 +239,7 @@ The container images are available here:

 ### From GitHub

-Python > 3.9.1, < 3.13 is required with pip and poetry:
+Python >3.9.1, <3.13 is required with pip and Poetry:

 ``` console
 git clone https://github.com/prowler-cloud/prowler
@@ -216,25 +249,46 @@ poetry install
 python prowler-cli.py -v
 ```
 > [!IMPORTANT]
-> Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
->
-> If your poetry version is below 2.0.0 you must keep using `poetry shell` to activate your environment.
-> In case you have any doubts, consult the Poetry environment activation guide: https://python-poetry.org/docs/managing-environments/#activating-the-environment
+> To clone Prowler on Windows, configure Git to support long file paths by running the following command: `git config core.longpaths true`.

-> If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
-# 📐✏️ High level architecture
+> [!IMPORTANT]
+> As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.
+>
+> If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.
+> For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.
+
+# ✏️ High level architecture

 ## Prowler App
-The **Prowler App** consists of three main components:
+**Prowler App** is composed of three key components:

- **Prowler UI**: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
- **Prowler API**: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
- **Prowler SDK**: A Python SDK that integrates with the Prowler CLI for advanced functionality.
+- **Prowler UI**: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.
+- **Prowler API**: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.
+- **Prowler SDK**: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.

 ![Prowler App Architecture](docs/img/prowler-app-architecture.png)

 ## Prowler CLI
-You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.
+
+**Running Prowler**
+
+Prowler can be executed across various environments, offering flexibility to meet your needs. It can be run from:
+
+- Your own workstation
+
+- A Kubernetes Job
+
+- Google Compute Engine
+
+- Azure Virtual Machines (VMs)
+
+- Amazon EC2 instances
+
+- AWS Fargate or other container platforms
+
+- CloudShell
+
+And many more environments.

 ![Architecture](docs/img/architecture.png)

@@ -242,23 +296,36 @@ You can run Prowler from your workstation, a Kubernetes Job, a Google Compute En

 ## General
 - `Allowlist` now is called `Mutelist`.
- The `--quiet` option has been deprecated, now use the `--status` flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
- All `INFO` finding's status has changed to `MANUAL`.
- The CSV output format is common for all the providers.
+- The `--quiet` option has been deprecated. Use the `--status` flag to filter findings based on their status: PASS, FAIL, or MANUAL.
+- All findings with an `INFO` status have been reclassified as `MANUAL`.
+- The CSV output format is standardized across all providers.

-We have deprecated some of our outputs formats:
- The native JSON is replaced for the JSON [OCSF](https://schema.ocsf.io/) v1.1.0, common for all the providers.
+**Deprecated Output Formats**
+
+The following formats are now deprecated:
+- Native JSON has been replaced with JSON in [OCSF] v1.1.0 format, which is standardized across all providers (https://schema.ocsf.io/).

 ## AWS
- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
- To send only FAILS to AWS Security Hub, now use either `--send-sh-only-fails` or `--security-hub --status FAIL`.
+
+**AWS Flag Deprecation**
+
+The flag --sts-endpoint-region has been deprecated due to the adoption of AWS STS regional tokens.
+
+**Sending FAIL Results to AWS Security Hub**
+
+- To send only FAILS to AWS Security Hub, use one of the following options: `--send-sh-only-fails` or `--security-hub --status FAIL`.


 # 📖 Documentation

-Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/
+**Documentation Resources**
+
+For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/

 # 📃 License

-Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
-<http://www.apache.org/licenses/LICENSE-2.0>
+**Prowler License Information**
+
+Prowler is licensed under the Apache License 2.0, as indicated in each file within the repository. Obtaining a Copy of the License
+
+A copy of the License is available at <http://www.apache.org/licenses/LICENSE-2.0>
@@ -2,12 +2,68 @@

 All notable changes to the **Prowler API** are documented in this file.

+## [v1.9.0] (Prowler UNRELEASED)

-## [v1.7.0] (UNRELEASED)
+### Added
+- Support GCP Service Account key. [(#7824)](https://github.com/prowler-cloud/prowler/pull/7824)
+- Added new `GET /compliance-overviews` endpoints to retrieve compliance metadata and specific requirements statuses [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877).
+
+### Changed
+- Reworked `GET /compliance-overviews` to return proper requirement metrics [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877).
+
+---
+
+## [v1.8.3] (Prowler v5.7.3)
+
+### Added
+- Database backend to handle already closed connections [(#7935)](https://github.com/prowler-cloud/prowler/pull/7935).
+
+### Changed
+- Renamed field encrypted_password to password for M365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784)
+
+### Fixed
+- Fixed transaction persistence with RLS operations [(#7916)](https://github.com/prowler-cloud/prowler/pull/7916).
+- Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932).
+- Fixed the connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)
+
+
+---
+
+## [v1.8.2] (Prowler v5.7.2)
+
+### Fixed
+- Fixed task lookup to use task_kwargs instead of task_args for scan report resolution. [(#7830)](https://github.com/prowler-cloud/prowler/pull/7830)
+- Fixed Kubernetes UID validation to allow valid context names [(#7871)](https://github.com/prowler-cloud/prowler/pull/7871)
+- Fixed a race condition when creating background tasks [(#7876)](https://github.com/prowler-cloud/prowler/pull/7876).
+- Fixed an error when modifying or retrieving tenants due to missing user UUID in transaction context [(#7890)](https://github.com/prowler-cloud/prowler/pull/7890).
+
+---
+
+## [v1.8.1] (Prowler v5.7.1)
+
+### Fixed
+- Added database index to improve performance on finding lookup [(#7800)](https://github.com/prowler-cloud/prowler/pull/7800).
+
+---
+
+## [v1.8.0] (Prowler v5.7.0)
+
+### Added
+- Added huge improvements to `/findings/metadata` and resource related filters for findings [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added improvements to `/overviews` endpoints [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added new queue to perform backfill background tasks [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
+- Added new endpoints to retrieve latest findings and metadata [(#7743)](https://github.com/prowler-cloud/prowler/pull/7743).
+- Added export support for Prowler ThreatScore in M365 [(7783)](https://github.com/prowler-cloud/prowler/pull/7783)
+
+---
+
+## [v1.7.0] (Prowler v5.6.0)

 ### Added

 - Added M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563).
+- Added a `compliance/` folder and ZIP‐export functionality for all compliance reports.[(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
+- Added a new API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).

 ---

@@ -37,18 +37,17 @@ COPY pyproject.toml ./
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

-COPY src/backend/ ./backend/
-
 ENV PATH="/home/prowler/.local/bin:$PATH"

 # Add `--no-root` to avoid installing the current project as a package
 RUN poetry install --no-root && \
    rm -rf ~/.cache/pip

-COPY docker-entrypoint.sh ./docker-entrypoint.sh
-
 RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"

+COPY src/backend/ ./backend/
+COPY docker-entrypoint.sh ./docker-entrypoint.sh
+
 WORKDIR /home/prowler/backend

 # Development image
@@ -235,6 +235,7 @@ To view the logs for any component (e.g., Django, Celery worker), you can use th

 ```console
 docker logs -f $(docker ps --format "{{.Names}}" | grep 'api-')
+```

 ## Applying migrations

@@ -28,7 +28,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill -E --max-tasks-per-child 1
 }

 start_worker_beat() {
@@ -1469,14 +1469,14 @@ with-social = ["django-allauth[socialaccount] (>=64.0.0)"]

 [[package]]
 name = "django"
-version = "5.1.7"
+version = "5.1.8"
 description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design."
 optional = false
 python-versions = ">=3.10"
 groups = ["main", "dev"]
 files = [
-    {file = "Django-5.1.7-py3-none-any.whl", hash = "sha256:1323617cb624add820cb9611cdcc788312d250824f92ca6048fda8625514af2b"},
-    {file = "Django-5.1.7.tar.gz", hash = "sha256:30de4ee43a98e5d3da36a9002f287ff400b43ca51791920bfb35f6917bfe041c"},
+    {file = "Django-5.1.8-py3-none-any.whl", hash = "sha256:11b28fa4b00e59d0def004e9ee012fefbb1065a5beb39ee838983fd24493ad4f"},
+    {file = "Django-5.1.8.tar.gz", hash = "sha256:42e92a1dd2810072bcc40a39a212b693f94406d0ba0749e68eb642f31dc770b4"},
 ]

 [package.dependencies]
@@ -2237,14 +2237,14 @@ tornado = ["tornado (>=0.2)"]

 [[package]]
 name = "h11"
-version = "0.14.0"
+version = "0.16.0"
 description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "h11-0.14.0-py3-none-any.whl", hash = "sha256:e3fe4ac4b851c468cc8363d500db52c2ead036020723024a109d37346efaa761"},
-    {file = "h11-0.14.0.tar.gz", hash = "sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d"},
+    {file = "h11-0.16.0-py3-none-any.whl", hash = "sha256:63cf8bbe7522de3bf65932fda1d9c2772064ffb3dae62d55932da54b31cb6c86"},
+    {file = "h11-0.16.0.tar.gz", hash = "sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1"},
 ]

 [[package]]
@@ -2277,19 +2277,19 @@ files = [

 [[package]]
 name = "httpcore"
-version = "1.0.8"
+version = "1.0.9"
 description = "A minimal low-level HTTP client."
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "httpcore-1.0.8-py3-none-any.whl", hash = "sha256:5254cf149bcb5f75e9d1b2b9f729ea4a4b883d1ad7379fc632b727cec23674be"},
-    {file = "httpcore-1.0.8.tar.gz", hash = "sha256:86e94505ed24ea06514883fd44d2bc02d90e77e7979c8eb71b90f41d364a1bad"},
+    {file = "httpcore-1.0.9-py3-none-any.whl", hash = "sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55"},
+    {file = "httpcore-1.0.9.tar.gz", hash = "sha256:6e34463af53fd2ab5d807f399a9b45ea31c3dfa2276f15a2c3f00afff6e176e8"},
 ]

 [package.dependencies]
 certifi = "*"
-h11 = ">=0.13,<0.15"
+h11 = ">=0.16"

 [package.extras]
 asyncio = ["anyio (>=4.0,<5.0)"]
@@ -3657,7 +3657,7 @@ tzlocal = "5.3.1"
 type = "git"
 url = "https://github.com/prowler-cloud/prowler.git"
 reference = "master"
-resolved_reference = "0edf19928269b6d42d1c463ab13b90d7c21a65e4"
+resolved_reference = "9828824b737b8deda61f4a6646b54e0ad45033b9"

 [[package]]
 name = "psutil"
@@ -5483,4 +5483,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "f3ede96fb76c14d02da37c1132b41a14fa4045787807446fac2cd1750be193e0"
+content-hash = "051924735a7069c8393fefc18fc2c310b196ea24ad41b8c984dc5852683d0407"
@@ -7,7 +7,7 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django==5.1.7",
+  "django==5.1.8",
  "django-allauth==65.4.1",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
@@ -35,7 +35,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.7.0"
+version = "1.9.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -1,5 +1,4 @@
 from django.core.exceptions import ObjectDoesNotExist
-from django.db import transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
 from rest_framework.filters import SearchFilter
@@ -47,11 +46,9 @@ class BaseViewSet(ModelViewSet):


 class BaseRLSViewSet(BaseViewSet):
-    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            return super().dispatch(request, *args, **kwargs)
-
    def initial(self, request, *args, **kwargs):
+        super().initial(request, *args, **kwargs)
+
        # Ideally, this logic would be in the `.setup()` method but DRF view sets don't call it
        # https://docs.djangoproject.com/en/5.1/ref/class-based-views/base/#django.views.generic.base.View.setup
        if request.auth is None:
@@ -61,9 +58,19 @@ class BaseRLSViewSet(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
-            return super().initial(request, *args, **kwargs)
+        self.request.tenant_id = tenant_id
+
+        self._rls_cm = rls_transaction(tenant_id)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response

    def get_serializer_context(self):
        context = super().get_serializer_context()
@@ -73,8 +80,7 @@ class BaseRLSViewSet(BaseViewSet):

 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            tenant = super().dispatch(request, *args, **kwargs)
+        tenant = super().dispatch(request, *args, **kwargs)

        try:
            # If the request is a POST, create the admin role
@@ -109,16 +115,8 @@ class BaseTenantViewset(BaseViewSet):
                pass  # Tenant might not exist, handle gracefully

    def initial(self, request, *args, **kwargs):
-        if (
-            request.resolver_match.url_name != "tenant-detail"
-            and request.method != "DELETE"
-        ):
-            user_id = str(request.user.id)
+        super().initial(request, *args, **kwargs)

-            with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
-                return super().initial(request, *args, **kwargs)
-
-        # TODO: DRY this when we have time
        if request.auth is None:
            raise NotAuthenticated

@@ -126,20 +124,28 @@ class BaseTenantViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
-            return super().initial(request, *args, **kwargs)
+        user_id = str(request.user.id)
+
+        self._rls_cm = rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response


 class BaseUserViewset(BaseViewSet):
-    def dispatch(self, request, *args, **kwargs):
-        with transaction.atomic():
-            return super().dispatch(request, *args, **kwargs)
-
    def initial(self, request, *args, **kwargs):
+        super().initial(request, *args, **kwargs)
+
        # TODO refactor after improving RLS on users
        if request.stream is not None and request.stream.method == "POST":
-            return super().initial(request, *args, **kwargs)
+            return
        if request.auth is None:
            raise NotAuthenticated

@@ -147,6 +153,16 @@ class BaseUserViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
-            self.request.tenant_id = tenant_id
-            return super().initial(request, *args, **kwargs)
+        self.request.tenant_id = tenant_id
+
+        self._rls_cm = rls_transaction(tenant_id)
+        self._rls_cm.__enter__()
+
+    def finalize_response(self, request, response, *args, **kwargs):
+        response = super().finalize_response(request, response, *args, **kwargs)
+
+        if hasattr(self, "_rls_cm"):
+            self._rls_cm.__exit__(None, None, None)
+            del self._rls_cm
+
+        return response
@@ -1,12 +1,38 @@
 from types import MappingProxyType

+from api.models import Provider
+from prowler.config.config import get_available_compliance_frameworks
 from prowler.lib.check.compliance_models import Compliance
 from prowler.lib.check.models import CheckMetadata

-from api.models import Provider
-
 PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
 PROWLER_CHECKS = {}
+AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
+
+
+def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
+    """
+    Retrieve and cache the list of available compliance frameworks for a specific cloud provider.
+
+    This function lazily loads and caches the available compliance frameworks (e.g., CIS, MITRE, ISO)
+    for each provider type (AWS, Azure, GCP, etc.) on first access. Subsequent calls for the same
+    provider will return the cached result.
+
+    Args:
+        provider_type (Provider.ProviderChoices): The cloud provider type for which to retrieve
+            available compliance frameworks (e.g., "aws", "azure", "gcp", "m365").
+
+    Returns:
+        list[str]: A list of framework identifiers (e.g., "cis_1.4_aws", "mitre_attack_azure") available
+        for the given provider.
+    """
+    global AVAILABLE_COMPLIANCE_FRAMEWORKS
+    if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
+        AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
+            get_available_compliance_frameworks(provider_type)
+        )
+
+    return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]


 def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
@@ -164,6 +190,8 @@ def generate_compliance_overview_template(prowler_compliance: dict):
                total_checks = len(requirement.Checks)
                checks_dict = {check: None for check in requirement.Checks}

+                req_status_val = "MANUAL" if total_checks == 0 else "PASS"
+
                # Build requirement dictionary
                requirement_dict = {
                    "name": requirement.Name or requirement.Id,
@@ -178,20 +206,18 @@ def generate_compliance_overview_template(prowler_compliance: dict):
                        "manual": 0,
                        "total": total_checks,
                    },
-                    "status": "PASS",
+                    "status": req_status_val,
                }

-                # Update requirements status
-                if total_checks == 0:
+                # Update requirements status counts for the framework
+                if req_status_val == "MANUAL":
                    requirements_status["manual"] += 1
+                elif req_status_val == "PASS":
+                    requirements_status["passed"] += 1

                # Add requirement to compliance requirements
                compliance_requirements[requirement.Id] = requirement_dict

-            # Calculate pending requirements
-            pending_requirements = total_requirements - requirements_status["manual"]
-            requirements_status["passed"] = pending_requirements
-
            # Build compliance dictionary
            compliance_dict = {
                "framework": compliance_data.Framework,
@@ -1,3 +1,4 @@
+import re
 import secrets
 import uuid
 from contextlib import contextmanager
@@ -152,6 +153,28 @@ def delete_related_daily_task(provider_id: str):
    PeriodicTask.objects.filter(name=task_name).delete()


+def create_objects_in_batches(
+    tenant_id: str, model, objects: list, batch_size: int = 500
+):
+    """
+    Bulk-create model instances in repeated, per-tenant RLS transactions.
+
+    All chunks execute in their own transaction, so no single transaction
+    grows too large.
+
+    Args:
+        tenant_id (str): UUID string of the tenant under which to set RLS.
+        model: Django model class whose `.objects.bulk_create()` will be called.
+        objects (list): List of model instances (unsaved) to bulk-create.
+        batch_size (int): Maximum number of objects per bulk_create call.
+    """
+    total = len(objects)
+    for i in range(0, total, batch_size):
+        chunk = objects[i : i + batch_size]
+        with rls_transaction(value=tenant_id, parameter=POSTGRES_TENANT_VAR):
+            model.objects.bulk_create(chunk, batch_size)
+
+
 # Postgres Enums


@@ -227,6 +250,167 @@ def register_enum(apps, schema_editor, enum_class):  # noqa: F841
        register_adapter(enum_class, enum_adapter)


+def _should_create_index_on_partition(
+    partition_name: str, all_partitions: bool = False
+) -> bool:
+    """
+    Determine if we should create an index on this partition.
+
+    Args:
+        partition_name: The name of the partition (e.g., "findings_2025_aug", "findings_default")
+        all_partitions: If True, create on all partitions. If False, only current/future partitions.
+
+    Returns:
+        bool: True if index should be created on this partition, False otherwise.
+    """
+    if all_partitions:
+        return True
+
+    # Extract date from partition name if it follows the pattern
+    # Partition names look like: findings_2025_aug, findings_2025_jul, etc.
+    date_pattern = r"(\d{4})_([a-z]{3})$"
+    match = re.search(date_pattern, partition_name)
+
+    if not match:
+        # If we can't parse the date, include it to be safe (e.g., default partition)
+        return True
+
+    try:
+        year_str, month_abbr = match.groups()
+        year = int(year_str)
+
+        # Map month abbreviations to numbers
+        month_map = {
+            "jan": 1,
+            "feb": 2,
+            "mar": 3,
+            "apr": 4,
+            "may": 5,
+            "jun": 6,
+            "jul": 7,
+            "aug": 8,
+            "sep": 9,
+            "oct": 10,
+            "nov": 11,
+            "dec": 12,
+        }
+
+        month = month_map.get(month_abbr.lower())
+        if month is None:
+            # Unknown month abbreviation, include it to be safe
+            return True
+
+        partition_date = datetime(year, month, 1, tzinfo=timezone.utc)
+
+        # Get current month start
+        now = datetime.now(timezone.utc)
+        current_month_start = now.replace(
+            day=1, hour=0, minute=0, second=0, microsecond=0
+        )
+
+        # Include current month and future partitions
+        return partition_date >= current_month_start
+
+    except (ValueError, TypeError):
+        # If date parsing fails, include it to be safe
+        return True
+
+
+def create_index_on_partitions(
+    apps,  # noqa: F841
+    schema_editor,
+    parent_table: str,
+    index_name: str,
+    columns: str,
+    method: str = "BTREE",
+    where: str = "",
+    all_partitions: bool = True,
+):
+    """
+    Create an index on existing partitions of `parent_table`.
+
+    Args:
+        parent_table: The name of the root table (e.g. "findings").
+        index_name: A short name for the index (will be prefixed per-partition).
+        columns: The parenthesized column list, e.g. "tenant_id, scan_id, status".
+        method: The index method—BTREE, GIN, etc. Defaults to BTREE.
+        where: Optional WHERE clause (without the leading "WHERE"), e.g. "status = 'FAIL'".
+        all_partitions: Whether to create indexes on all partitions or just current/future ones.
+                       Defaults to False (current/future only) to avoid maintenance overhead
+                       on old partitions where the index may not be needed.
+
+    Examples:
+        # Create index only on current and future partitions (recommended for new indexes)
+        create_index_on_partitions(
+            apps, schema_editor,
+            parent_table="findings",
+            index_name="new_performance_idx",
+            columns="tenant_id, status, severity",
+            all_partitions=False  # Default behavior
+        )
+
+        # Create index on all partitions (use when migrating existing critical indexes)
+        create_index_on_partitions(
+            apps, schema_editor,
+            parent_table="findings",
+            index_name="critical_existing_idx",
+            columns="tenant_id, scan_id",
+            all_partitions=True
+        )
+    """
+    with connection.cursor() as cursor:
+        cursor.execute(
+            """
+            SELECT inhrelid::regclass::text
+            FROM pg_inherits
+            WHERE inhparent = %s::regclass
+            """,
+            [parent_table],
+        )
+        partitions = [row[0] for row in cursor.fetchall()]
+
+    where_sql = f" WHERE {where}" if where else ""
+    for partition in partitions:
+        if _should_create_index_on_partition(partition, all_partitions):
+            idx_name = f"{partition.replace('.', '_')}_{index_name}"
+            sql = (
+                f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {idx_name} "
+                f"ON {partition} USING {method} ({columns})"
+                f"{where_sql};"
+            )
+            schema_editor.execute(sql)
+
+
+def drop_index_on_partitions(
+    apps,  # noqa: F841
+    schema_editor,
+    parent_table: str,
+    index_name: str,
+):
+    """
+    Drop the per-partition indexes that were created by create_index_on_partitions.
+
+    Args:
+        parent_table: The name of the root table (e.g. "findings").
+        index_name: The same short name used when creating them.
+    """
+    with connection.cursor() as cursor:
+        cursor.execute(
+            """
+            SELECT inhrelid::regclass::text
+            FROM pg_inherits
+            WHERE inhparent = %s::regclass
+            """,
+            [parent_table],
+        )
+        partitions = [row[0] for row in cursor.fetchall()]
+
+    for partition in partitions:
+        idx_name = f"{partition.replace('.', '_')}_{index_name}"
+        sql = f"DROP INDEX CONCURRENTLY IF EXISTS {idx_name};"
+        schema_editor.execute(sql)
+
+
 # Postgres enum definition for member role


@@ -3,7 +3,7 @@ from rest_framework import status
 from rest_framework.exceptions import APIException
 from rest_framework_json_api.exceptions import exception_handler
 from rest_framework_json_api.serializers import ValidationError
-from rest_framework_simplejwt.exceptions import TokenError, InvalidToken
+from rest_framework_simplejwt.exceptions import InvalidToken, TokenError


 class ModelValidationError(ValidationError):
@@ -32,6 +32,31 @@ class InvitationTokenExpiredException(APIException):
    default_code = "token_expired"


+# Task Management Exceptions (non-HTTP)
+class TaskManagementError(Exception):
+    """Base exception for task management errors."""
+
+    def __init__(self, task=None):
+        self.task = task
+        super().__init__()
+
+
+class TaskFailedException(TaskManagementError):
+    """Raised when a task has failed."""
+
+
+class TaskNotFoundException(TaskManagementError):
+    """Raised when a task is not found."""
+
+
+class TaskInProgressException(TaskManagementError):
+    """Raised when a task is running but there's no related Task object to return."""
+
+    def __init__(self, task_result=None):
+        self.task_result = task_result
+        super().__init__()
+
+
 def custom_exception_handler(exc, context):
    if isinstance(exc, django_validation_error):
        if hasattr(exc, "error_dict"):
@@ -39,7 +64,12 @@ def custom_exception_handler(exc, context):
        else:
            exc = ValidationError(detail=exc.messages[0], code=exc.code)
    elif isinstance(exc, (TokenError, InvalidToken)):
-        exc.detail["messages"] = [
-            message_item["message"] for message_item in exc.detail["messages"]
-        ]
+        if (
+            hasattr(exc, "detail")
+            and isinstance(exc.detail, dict)
+            and "messages" in exc.detail
+        ):
+            exc.detail["messages"] = [
+                message_item["message"] for message_item in exc.detail["messages"]
+            ]
    return exception_handler(exc, context)
@@ -22,7 +22,7 @@ from api.db_utils import (
    StatusEnumField,
 )
 from api.models import (
-    ComplianceOverview,
+    ComplianceRequirementOverview,
    Finding,
    Integration,
    Invitation,
@@ -81,6 +81,114 @@ class ChoiceInFilter(BaseInFilter, ChoiceFilter):
    pass


+class CommonFindingFilters(FilterSet):
+    # We filter providers from the scan in findings
+    provider = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
+    provider__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
+    provider_type = ChoiceFilter(
+        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
+    )
+    provider_type__in = ChoiceInFilter(
+        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
+    )
+    provider_uid = CharFilter(field_name="scan__provider__uid", lookup_expr="exact")
+    provider_uid__in = CharInFilter(field_name="scan__provider__uid", lookup_expr="in")
+    provider_uid__icontains = CharFilter(
+        field_name="scan__provider__uid", lookup_expr="icontains"
+    )
+    provider_alias = CharFilter(field_name="scan__provider__alias", lookup_expr="exact")
+    provider_alias__in = CharInFilter(
+        field_name="scan__provider__alias", lookup_expr="in"
+    )
+    provider_alias__icontains = CharFilter(
+        field_name="scan__provider__alias", lookup_expr="icontains"
+    )
+
+    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
+
+    uid = CharFilter(field_name="uid")
+    delta = ChoiceFilter(choices=Finding.DeltaChoices.choices)
+    status = ChoiceFilter(choices=StatusChoices.choices)
+    severity = ChoiceFilter(choices=SeverityChoices)
+    impact = ChoiceFilter(choices=SeverityChoices)
+    muted = BooleanFilter(
+        help_text="If this filter is not provided, muted and non-muted findings will be returned."
+    )
+
+    resources = UUIDInFilter(field_name="resource__id", lookup_expr="in")
+
+    region = CharFilter(method="filter_resource_region")
+    region__in = CharInFilter(field_name="resource_regions", lookup_expr="overlap")
+    region__icontains = CharFilter(
+        field_name="resource_regions", lookup_expr="icontains"
+    )
+
+    service = CharFilter(method="filter_resource_service")
+    service__in = CharInFilter(field_name="resource_services", lookup_expr="overlap")
+    service__icontains = CharFilter(
+        field_name="resource_services", lookup_expr="icontains"
+    )
+
+    resource_uid = CharFilter(field_name="resources__uid")
+    resource_uid__in = CharInFilter(field_name="resources__uid", lookup_expr="in")
+    resource_uid__icontains = CharFilter(
+        field_name="resources__uid", lookup_expr="icontains"
+    )
+
+    resource_name = CharFilter(field_name="resources__name")
+    resource_name__in = CharInFilter(field_name="resources__name", lookup_expr="in")
+    resource_name__icontains = CharFilter(
+        field_name="resources__name", lookup_expr="icontains"
+    )
+
+    resource_type = CharFilter(method="filter_resource_type")
+    resource_type__in = CharInFilter(field_name="resource_types", lookup_expr="overlap")
+    resource_type__icontains = CharFilter(
+        field_name="resources__type", lookup_expr="icontains"
+    )
+
+    # Temporarily disabled until we implement tag filtering in the UI
+    # resource_tag_key = CharFilter(field_name="resources__tags__key")
+    # resource_tag_key__in = CharInFilter(
+    #     field_name="resources__tags__key", lookup_expr="in"
+    # )
+    # resource_tag_key__icontains = CharFilter(
+    #     field_name="resources__tags__key", lookup_expr="icontains"
+    # )
+    # resource_tag_value = CharFilter(field_name="resources__tags__value")
+    # resource_tag_value__in = CharInFilter(
+    #     field_name="resources__tags__value", lookup_expr="in"
+    # )
+    # resource_tag_value__icontains = CharFilter(
+    #     field_name="resources__tags__value", lookup_expr="icontains"
+    # )
+    # resource_tags = CharInFilter(
+    #     method="filter_resource_tag",
+    #     lookup_expr="in",
+    #     help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
+    #     "separated by commas.",
+    # )
+
+    def filter_resource_service(self, queryset, name, value):
+        return queryset.filter(resource_services__contains=[value])
+
+    def filter_resource_region(self, queryset, name, value):
+        return queryset.filter(resource_regions__contains=[value])
+
+    def filter_resource_type(self, queryset, name, value):
+        return queryset.filter(resource_types__contains=[value])
+
+    def filter_resource_tag(self, queryset, name, value):
+        overall_query = Q()
+        for key_value_pair in value:
+            tag_key, tag_value = key_value_pair.split(":", 1)
+            overall_query |= Q(
+                resources__tags__key__icontains=tag_key,
+                resources__tags__value__icontains=tag_value,
+            )
+        return queryset.filter(overall_query).distinct()
+
+
 class TenantFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
@@ -257,94 +365,7 @@ class ResourceFilter(ProviderRelationshipFilterSet):
        return queryset.filter(tags__text_search=value)


-class FindingFilter(FilterSet):
-    # We filter providers from the scan in findings
-    provider = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
-    )
-    provider_uid = CharFilter(field_name="scan__provider__uid", lookup_expr="exact")
-    provider_uid__in = CharInFilter(field_name="scan__provider__uid", lookup_expr="in")
-    provider_uid__icontains = CharFilter(
-        field_name="scan__provider__uid", lookup_expr="icontains"
-    )
-    provider_alias = CharFilter(field_name="scan__provider__alias", lookup_expr="exact")
-    provider_alias__in = CharInFilter(
-        field_name="scan__provider__alias", lookup_expr="in"
-    )
-    provider_alias__icontains = CharFilter(
-        field_name="scan__provider__alias", lookup_expr="icontains"
-    )
-
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-
-    uid = CharFilter(field_name="uid")
-    delta = ChoiceFilter(choices=Finding.DeltaChoices.choices)
-    status = ChoiceFilter(choices=StatusChoices.choices)
-    severity = ChoiceFilter(choices=SeverityChoices)
-    impact = ChoiceFilter(choices=SeverityChoices)
-    muted = BooleanFilter(
-        help_text="If this filter is not provided, muted and non-muted findings will be returned."
-    )
-
-    resources = UUIDInFilter(field_name="resource__id", lookup_expr="in")
-
-    region = CharFilter(field_name="resources__region")
-    region__in = CharInFilter(field_name="resources__region", lookup_expr="in")
-    region__icontains = CharFilter(
-        field_name="resources__region", lookup_expr="icontains"
-    )
-
-    service = CharFilter(field_name="resources__service")
-    service__in = CharInFilter(field_name="resources__service", lookup_expr="in")
-    service__icontains = CharFilter(
-        field_name="resources__service", lookup_expr="icontains"
-    )
-
-    resource_uid = CharFilter(field_name="resources__uid")
-    resource_uid__in = CharInFilter(field_name="resources__uid", lookup_expr="in")
-    resource_uid__icontains = CharFilter(
-        field_name="resources__uid", lookup_expr="icontains"
-    )
-
-    resource_name = CharFilter(field_name="resources__name")
-    resource_name__in = CharInFilter(field_name="resources__name", lookup_expr="in")
-    resource_name__icontains = CharFilter(
-        field_name="resources__name", lookup_expr="icontains"
-    )
-
-    resource_type = CharFilter(field_name="resources__type")
-    resource_type__in = CharInFilter(field_name="resources__type", lookup_expr="in")
-    resource_type__icontains = CharFilter(
-        field_name="resources__type", lookup_expr="icontains"
-    )
-
-    # Temporarily disabled until we implement tag filtering in the UI
-    # resource_tag_key = CharFilter(field_name="resources__tags__key")
-    # resource_tag_key__in = CharInFilter(
-    #     field_name="resources__tags__key", lookup_expr="in"
-    # )
-    # resource_tag_key__icontains = CharFilter(
-    #     field_name="resources__tags__key", lookup_expr="icontains"
-    # )
-    # resource_tag_value = CharFilter(field_name="resources__tags__value")
-    # resource_tag_value__in = CharInFilter(
-    #     field_name="resources__tags__value", lookup_expr="in"
-    # )
-    # resource_tag_value__icontains = CharFilter(
-    #     field_name="resources__tags__value", lookup_expr="icontains"
-    # )
-    # resource_tags = CharInFilter(
-    #     method="filter_resource_tag",
-    #     lookup_expr="in",
-    #     help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
-    #     "separated by commas.",
-    # )
-
+class FindingFilter(CommonFindingFilters):
    scan = UUIDFilter(method="filter_scan_id")
    scan__in = UUIDInFilter(method="filter_scan_id_in")

@@ -385,6 +406,15 @@ class FindingFilter(FilterSet):
            },
        }

+    def filter_resource_type(self, queryset, name, value):
+        return queryset.filter(resource_types__contains=[value])
+
+    def filter_resource_region(self, queryset, name, value):
+        return queryset.filter(resource_regions__contains=[value])
+
+    def filter_resource_service(self, queryset, name, value):
+        return queryset.filter(resource_services__contains=[value])
+
    def filter_queryset(self, queryset):
        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
            self.data.get("inserted_at")
@@ -503,16 +533,6 @@ class FindingFilter(FilterSet):

        return queryset.filter(id__lt=end)

-    def filter_resource_tag(self, queryset, name, value):
-        overall_query = Q()
-        for key_value_pair in value:
-            tag_key, tag_value = key_value_pair.split(":", 1)
-            overall_query |= Q(
-                resources__tags__key__icontains=tag_key,
-                resources__tags__value__icontains=tag_value,
-            )
-        return queryset.filter(overall_query).distinct()
-
    @staticmethod
    def maybe_date_to_datetime(value):
        dt = value
@@ -521,6 +541,31 @@ class FindingFilter(FilterSet):
        return dt


+class LatestFindingFilter(CommonFindingFilters):
+    class Meta:
+        model = Finding
+        fields = {
+            "id": ["exact", "in"],
+            "uid": ["exact", "in"],
+            "delta": ["exact", "in"],
+            "status": ["exact", "in"],
+            "severity": ["exact", "in"],
+            "impact": ["exact", "in"],
+            "check_id": ["exact", "in", "icontains"],
+        }
+        filter_overrides = {
+            FindingDeltaEnumField: {
+                "filter_class": CharFilter,
+            },
+            StatusEnumField: {
+                "filter_class": CharFilter,
+            },
+            SeverityEnumField: {
+                "filter_class": CharFilter,
+            },
+        }
+
+
 class ProviderSecretFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
@@ -592,12 +637,11 @@ class RoleFilter(FilterSet):

 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    provider_type = ChoiceFilter(choices=Provider.ProviderChoices.choices)
-    provider_type__in = ChoiceInFilter(choices=Provider.ProviderChoices.choices)
-    scan_id = UUIDFilter(field_name="scan__id")
+    scan_id = UUIDFilter(field_name="scan_id")
+    region = CharFilter(field_name="region")

    class Meta:
-        model = ComplianceOverview
+        model = ComplianceRequirementOverview
        fields = {
            "inserted_at": ["date", "gte", "lte"],
            "compliance_id": ["exact", "icontains"],
@@ -12,6 +12,7 @@ from api.models import (
    Provider,
    Resource,
    ResourceFindingMapping,
+    ResourceScanSummary,
    Scan,
    StatusChoices,
 )
@@ -133,6 +134,7 @@ class Command(BaseCommand):
                        region=random.choice(possible_regions),
                        service=random.choice(possible_services),
                        type=random.choice(possible_types),
+                        inserted_at="2024-10-01T00:00:00Z",
                    )
                )

@@ -181,6 +183,10 @@ class Command(BaseCommand):
                            "servicename": assigned_resource.service,
                            "resourcetype": assigned_resource.type,
                        },
+                        resource_types=[assigned_resource.type],
+                        resource_regions=[assigned_resource.region],
+                        resource_services=[assigned_resource.service],
+                        inserted_at="2024-10-01T00:00:00Z",
                    )
                )

@@ -197,12 +203,22 @@ class Command(BaseCommand):

            # Create ResourceFindingMapping
            mappings = []
-            for index, f in enumerate(findings):
+            scan_resource_cache: set[tuple] = set()
+            for index, finding_instance in enumerate(findings):
+                resource_instance = resources[findings_resources_mapping[index]]
                mappings.append(
                    ResourceFindingMapping(
                        tenant_id=tenant_id,
-                        resource=resources[findings_resources_mapping[index]],
-                        finding=f,
+                        resource=resource_instance,
+                        finding=finding_instance,
+                    )
+                )
+                scan_resource_cache.add(
+                    (
+                        str(resource_instance.id),
+                        resource_instance.service,
+                        resource_instance.region,
+                        resource_instance.type,
                    )
                )

@@ -220,6 +236,38 @@ class Command(BaseCommand):
                    "Resource-finding mappings created successfully.\n\n"
                )
            )
+
+            with rls_transaction(tenant_id):
+                scan.progress = 99
+                scan.save()
+
+            self.stdout.write(self.style.WARNING("Creating finding filter values..."))
+            resource_scan_summaries = [
+                ResourceScanSummary(
+                    tenant_id=tenant_id,
+                    scan_id=str(scan.id),
+                    resource_id=resource_id,
+                    service=service,
+                    region=region,
+                    resource_type=resource_type,
+                )
+                for resource_id, service, region, resource_type in scan_resource_cache
+            ]
+            num_batches = ceil(len(resource_scan_summaries) / batch_size)
+            with rls_transaction(tenant_id):
+                for i in tqdm(
+                    range(0, len(resource_scan_summaries), batch_size),
+                    total=num_batches,
+                ):
+                    with rls_transaction(tenant_id):
+                        ResourceScanSummary.objects.bulk_create(
+                            resource_scan_summaries[i : i + batch_size],
+                            ignore_conflicts=True,
+                        )
+
+            self.stdout.write(
+                self.style.SUCCESS("Finding filter values created successfully.\n\n")
+            )
        except Exception as e:
            self.stdout.write(self.style.ERROR(f"Failed to populate test data: {e}"))
            scan_state = "failed"
@@ -0,0 +1,81 @@
+# Generated by Django 5.1.7 on 2025-05-05 10:01
+
+import uuid
+
+import django.db.models.deletion
+import uuid6
+from django.db import migrations, models
+
+import api.rls
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0017_m365_provider"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ResourceScanSummary",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("scan_id", models.UUIDField(db_index=True, default=uuid6.uuid7)),
+                ("resource_id", models.UUIDField(db_index=True, default=uuid.uuid4)),
+                ("service", models.CharField(max_length=100)),
+                ("region", models.CharField(max_length=100)),
+                ("resource_type", models.CharField(max_length=100)),
+                (
+                    "tenant",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
+                    ),
+                ),
+            ],
+            options={
+                "db_table": "resource_scan_summaries",
+                "indexes": [
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "service"],
+                        name="rss_tenant_scan_svc_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "region"],
+                        name="rss_tenant_scan_reg_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "resource_type"],
+                        name="rss_tenant_scan_type_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "region", "service"],
+                        name="rss_tenant_scan_reg_svc_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "service", "resource_type"],
+                        name="rss_tenant_scan_svc_type_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "region", "resource_type"],
+                        name="rss_tenant_scan_reg_type_idx",
+                    ),
+                ],
+                "unique_together": {("tenant_id", "scan_id", "resource_id")},
+            },
+        ),
+        migrations.AddConstraint(
+            model_name="resourcescansummary",
+            constraint=api.rls.RowLevelSecurityConstraint(
+                "tenant_id",
+                name="rls_on_resourcescansummary",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ),
+    ]
@@ -0,0 +1,42 @@
+import django.contrib.postgres.fields
+import django.contrib.postgres.indexes
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0018_resource_scan_summaries"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="finding",
+            name="resource_regions",
+            field=django.contrib.postgres.fields.ArrayField(
+                base_field=models.CharField(max_length=100),
+                blank=True,
+                null=True,
+                size=None,
+            ),
+        ),
+        migrations.AddField(
+            model_name="finding",
+            name="resource_services",
+            field=django.contrib.postgres.fields.ArrayField(
+                base_field=models.CharField(max_length=100),
+                blank=True,
+                null=True,
+                size=None,
+            ),
+        ),
+        migrations.AddField(
+            model_name="finding",
+            name="resource_types",
+            field=django.contrib.postgres.fields.ArrayField(
+                base_field=models.CharField(max_length=100),
+                blank=True,
+                null=True,
+                size=None,
+            ),
+        ),
+    ]
@@ -0,0 +1,86 @@
+from functools import partial
+
+from django.db import migrations
+
+from api.db_utils import create_index_on_partitions, drop_index_on_partitions
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0019_finding_denormalize_resource_fields"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_service_idx",
+                columns="resource_services",
+                method="GIN",
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_service_idx",
+            ),
+        ),
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_region_idx",
+                columns="resource_regions",
+                method="GIN",
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_region_idx",
+            ),
+        ),
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_rtype_idx",
+                columns="resource_types",
+                method="GIN",
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="gin_find_rtype_idx",
+            ),
+        ),
+        migrations.RunPython(
+            partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="findings_uid_idx",
+            ),
+            reverse_code=partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="findings_uid_idx",
+                columns="uid",
+                method="BTREE",
+            ),
+        ),
+        migrations.RunPython(
+            partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="findings_filter_idx",
+            ),
+            reverse_code=partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="findings_filter_idx",
+                columns="scan_id, impact, severity, status, check_id, delta",
+                method="BTREE",
+            ),
+        ),
+    ]
@@ -0,0 +1,37 @@
+import django.contrib.postgres.indexes
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0020_findings_new_performance_indexes_partitions"),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name="finding",
+            index=django.contrib.postgres.indexes.GinIndex(
+                fields=["resource_services"], name="gin_find_service_idx"
+            ),
+        ),
+        migrations.AddIndex(
+            model_name="finding",
+            index=django.contrib.postgres.indexes.GinIndex(
+                fields=["resource_regions"], name="gin_find_region_idx"
+            ),
+        ),
+        migrations.AddIndex(
+            model_name="finding",
+            index=django.contrib.postgres.indexes.GinIndex(
+                fields=["resource_types"], name="gin_find_rtype_idx"
+            ),
+        ),
+        migrations.RemoveIndex(
+            model_name="finding",
+            name="findings_uid_idx",
+        ),
+        migrations.RemoveIndex(
+            model_name="finding",
+            name="findings_filter_idx",
+        ),
+    ]
@@ -0,0 +1,38 @@
+# Generated by Django 5.1.8 on 2025-05-12 10:04
+
+from django.contrib.postgres.operations import AddIndexConcurrently
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0021_findings_new_performance_indexes_parent"),
+        ("django_celery_beat", "0019_alter_periodictasks_options"),
+    ]
+
+    operations = [
+        AddIndexConcurrently(
+            model_name="scan",
+            index=models.Index(
+                condition=models.Q(("state", "completed")),
+                fields=["tenant_id", "provider_id", "state", "-inserted_at"],
+                name="scans_prov_state_ins_desc_idx",
+            ),
+        ),
+        AddIndexConcurrently(
+            model_name="scansummary",
+            index=models.Index(
+                fields=["tenant_id", "scan_id", "service"],
+                name="ss_tenant_scan_service_idx",
+            ),
+        ),
+        AddIndexConcurrently(
+            model_name="scansummary",
+            index=models.Index(
+                fields=["tenant_id", "scan_id", "severity"],
+                name="ss_tenant_scan_severity_idx",
+            ),
+        ),
+    ]
@@ -0,0 +1,28 @@
+# Generated by Django 5.1.8 on 2025-05-12 10:18
+
+from django.contrib.postgres.operations import AddIndexConcurrently
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0022_scan_summaries_performance_indexes"),
+    ]
+
+    operations = [
+        AddIndexConcurrently(
+            model_name="resource",
+            index=models.Index(
+                fields=["tenant_id", "id"], name="resources_tenant_id_idx"
+            ),
+        ),
+        AddIndexConcurrently(
+            model_name="resource",
+            index=models.Index(
+                fields=["tenant_id", "provider_id"],
+                name="resources_tenant_provider_idx",
+            ),
+        ),
+    ]
@@ -0,0 +1,29 @@
+from functools import partial
+
+from django.db import migrations
+
+from api.db_utils import create_index_on_partitions, drop_index_on_partitions
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0023_resources_lookup_optimization"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="find_tenant_uid_inserted_idx",
+                columns="tenant_id, uid, inserted_at DESC",
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="find_tenant_uid_inserted_idx",
+            ),
+        )
+    ]
@@ -0,0 +1,17 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0024_findings_uid_index_partitions"),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name="finding",
+            index=models.Index(
+                fields=["tenant_id", "uid", "-inserted_at"],
+                name="find_tenant_uid_inserted_idx",
+            ),
+        ),
+    ]
@@ -0,0 +1,14 @@
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0025_findings_uid_index_parent"),
+    ]
+
+    operations = [
+        migrations.RunSQL(
+            "ALTER TYPE provider_secret_type ADD VALUE IF NOT EXISTS 'service_account';",
+            reverse_sql=migrations.RunSQL.noop,
+        ),
+    ]
@@ -0,0 +1,124 @@
+# Generated by Django 5.1.8 on 2025-05-21 11:37
+
+import uuid
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import api.db_utils
+import api.rls
+from api.rls import RowLevelSecurityConstraint
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0026_provider_secret_gcp_service_account"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ComplianceRequirementOverview",
+            fields=[
+                (
+                    "id",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                ("inserted_at", models.DateTimeField(auto_now_add=True)),
+                ("compliance_id", models.TextField(blank=False)),
+                ("framework", models.TextField(blank=False)),
+                ("version", models.TextField(blank=True)),
+                ("description", models.TextField(blank=True)),
+                ("region", models.TextField(blank=False)),
+                ("requirement_id", models.TextField(blank=False)),
+                (
+                    "requirement_status",
+                    api.db_utils.StatusEnumField(
+                        choices=[
+                            ("FAIL", "Fail"),
+                            ("PASS", "Pass"),
+                            ("MANUAL", "Manual"),
+                        ]
+                    ),
+                ),
+                ("passed_checks", models.IntegerField(default=0)),
+                ("failed_checks", models.IntegerField(default=0)),
+                ("total_checks", models.IntegerField(default=0)),
+                (
+                    "scan",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="compliance_requirements_overviews",
+                        related_query_name="compliance_requirements_overview",
+                        to="api.scan",
+                    ),
+                ),
+                (
+                    "tenant",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
+                    ),
+                ),
+            ],
+            options={
+                "db_table": "compliance_requirements_overviews",
+                "abstract": False,
+                "indexes": [
+                    models.Index(
+                        fields=["tenant_id", "scan_id"], name="cro_tenant_scan_idx"
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "compliance_id"],
+                        name="cro_scan_comp_idx",
+                    ),
+                    models.Index(
+                        fields=["tenant_id", "scan_id", "compliance_id", "region"],
+                        name="cro_scan_comp_reg_idx",
+                    ),
+                    models.Index(
+                        fields=[
+                            "tenant_id",
+                            "scan_id",
+                            "compliance_id",
+                            "requirement_id",
+                        ],
+                        name="cro_scan_comp_req_idx",
+                    ),
+                    models.Index(
+                        fields=[
+                            "tenant_id",
+                            "scan_id",
+                            "compliance_id",
+                            "requirement_id",
+                            "region",
+                        ],
+                        name="cro_scan_comp_req_reg_idx",
+                    ),
+                ],
+                "constraints": [
+                    models.UniqueConstraint(
+                        fields=(
+                            "tenant_id",
+                            "scan_id",
+                            "compliance_id",
+                            "requirement_id",
+                            "region",
+                        ),
+                        name="unique_tenant_compliance_requirement_overview",
+                    )
+                ],
+            },
+        ),
+        migrations.AddConstraint(
+            model_name="ComplianceRequirementOverview",
+            constraint=RowLevelSecurityConstraint(
+                "tenant_id",
+                name="rls_on_compliancerequirementoverview",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ),
+    ]
@@ -0,0 +1,29 @@
+from functools import partial
+
+from django.db import migrations
+
+from api.db_utils import create_index_on_partitions, drop_index_on_partitions
+
+
+class Migration(migrations.Migration):
+    atomic = False
+
+    dependencies = [
+        ("api", "0027_compliance_requirement_overviews"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="find_tenant_scan_check_idx",
+                columns="tenant_id, scan_id, check_id",
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="find_tenant_scan_check_idx",
+            ),
+        )
+    ]
@@ -0,0 +1,17 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0028_findings_check_index_partitions"),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name="finding",
+            index=models.Index(
+                fields=["tenant_id", "scan_id", "check_id"],
+                name="find_tenant_scan_check_idx",
+            ),
+        ),
+    ]
@@ -5,6 +5,7 @@ from uuid import UUID, uuid4
 from cryptography.fernet import Fernet
 from django.conf import settings
 from django.contrib.auth.models import AbstractBaseUser
+from django.contrib.postgres.fields import ArrayField
 from django.contrib.postgres.indexes import GinIndex
 from django.contrib.postgres.search import SearchVector, SearchVectorField
 from django.core.validators import MinLengthValidator
@@ -217,9 +218,13 @@ class Provider(RowLevelSecurityProtectedModel):

    @staticmethod
    def validate_m365_uid(value):
-        if not re.match(r"^[a-zA-Z0-9-]+\.onmicrosoft\.com$", value):
+        if not re.match(
+            r"""^(?!-)[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?(?:\.(?!-)[A-Za-z0-9]"""
+            r"""(?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*\.[A-Za-z]{2,}$""",
+            value,
+        ):
            raise ModelValidationError(
-                detail="M365 tenant ID must be a valid domain.",
+                detail="M365 domain ID must be a valid domain.",
                code="m365-uid",
                pointer="/data/attributes/uid",
            )
@@ -237,7 +242,7 @@ class Provider(RowLevelSecurityProtectedModel):
    @staticmethod
    def validate_kubernetes_uid(value):
        if not re.match(
-            r"^[a-z0-9][A-Za-z0-9_.:\/-]{1,250}$",
+            r"^[a-zA-Z0-9][a-zA-Z0-9._@:\/-]{1,250}$",
            value,
        ):
            raise ModelValidationError(
@@ -425,6 +430,7 @@ class Scan(RowLevelSecurityProtectedModel):
        PeriodicTask, on_delete=models.CASCADE, null=True, blank=True
    )
    output_location = models.CharField(blank=True, null=True, max_length=200)
+
    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
@@ -447,6 +453,11 @@ class Scan(RowLevelSecurityProtectedModel):
                fields=["tenant_id", "provider_id", "state", "inserted_at"],
                name="scans_prov_state_insert_idx",
            ),
+            models.Index(
+                fields=["tenant_id", "provider_id", "state", "-inserted_at"],
+                condition=Q(state=StateChoices.COMPLETED),
+                name="scans_prov_state_ins_desc_idx",
+            ),
        ]

    class JSONAPIMeta:
@@ -573,6 +584,11 @@ class Resource(RowLevelSecurityProtectedModel):
                name="resource_tenant_metadata_idx",
            ),
            GinIndex(fields=["text_search"], name="gin_resources_search_idx"),
+            models.Index(fields=["tenant_id", "id"], name="resources_tenant_id_idx"),
+            models.Index(
+                fields=["tenant_id", "provider_id"],
+                name="resources_tenant_provider_idx",
+            ),
        ]

        constraints = [
@@ -673,6 +689,21 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    muted = models.BooleanField(default=False, null=False)
    compliance = models.JSONField(default=dict, null=True, blank=True)

+    # Denormalize resource data for performance
+    resource_regions = ArrayField(
+        models.CharField(max_length=100), blank=True, null=True
+    )
+    resource_services = ArrayField(
+        models.CharField(max_length=100),
+        blank=True,
+        null=True,
+    )
+    resource_types = ArrayField(
+        models.CharField(max_length=100),
+        blank=True,
+        null=True,
+    )
+
    # Relationships
    scan = models.ForeignKey(to=Scan, related_name="findings", on_delete=models.CASCADE)

@@ -713,18 +744,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
        ]

        indexes = [
-            models.Index(fields=["uid"], name="findings_uid_idx"),
-            models.Index(
-                fields=[
-                    "scan_id",
-                    "impact",
-                    "severity",
-                    "status",
-                    "check_id",
-                    "delta",
-                ],
-                name="findings_filter_idx",
-            ),
            models.Index(fields=["tenant_id", "id"], name="findings_tenant_and_id_idx"),
            GinIndex(fields=["text_search"], name="gin_findings_search_idx"),
            models.Index(fields=["tenant_id", "scan_id"], name="find_tenant_scan_idx"),
@@ -736,19 +755,46 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
                condition=Q(delta="new"),
                name="find_delta_new_idx",
            ),
+            models.Index(
+                fields=["tenant_id", "uid", "-inserted_at"],
+                name="find_tenant_uid_inserted_idx",
+            ),
+            GinIndex(fields=["resource_services"], name="gin_find_service_idx"),
+            GinIndex(fields=["resource_regions"], name="gin_find_region_idx"),
+            GinIndex(fields=["resource_types"], name="gin_find_rtype_idx"),
+            models.Index(
+                fields=["tenant_id", "scan_id", "check_id"],
+                name="find_tenant_scan_check_idx",
+            ),
        ]

    class JSONAPIMeta:
        resource_name = "findings"

    def add_resources(self, resources: list[Resource] | None):
-        # Add new relationships with the tenant_id field
+        if not resources:
+            return
+
+        self.resource_regions = self.resource_regions or []
+        self.resource_services = self.resource_services or []
+        self.resource_types = self.resource_types or []
+
+        # Deduplication
+        regions = set(self.resource_regions)
+        services = set(self.resource_services)
+        types = set(self.resource_types)
+
        for resource in resources:
            ResourceFindingMapping.objects.update_or_create(
                resource=resource, finding=self, tenant_id=self.tenant_id
            )
+            regions.add(resource.region)
+            services.add(resource.service)
+            types.add(resource.type)

-        # Save the instance
+        self.resource_regions = list(regions)
+        self.resource_services = list(services)
+        self.resource_types = list(types)
        self.save()


@@ -808,6 +854,7 @@ class ProviderSecret(RowLevelSecurityProtectedModel):
    class TypeChoices(models.TextChoices):
        STATIC = "static", _("Key-value pairs")
        ROLE = "role", _("Role assumption")
+        SERVICE_ACCOUNT = "service_account", _("GCP Service Account Key")

    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
@@ -1100,6 +1147,78 @@ class ComplianceOverview(RowLevelSecurityProtectedModel):
        resource_name = "compliance-overviews"


+class ComplianceRequirementOverview(RowLevelSecurityProtectedModel):
+    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
+    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
+    compliance_id = models.TextField(blank=False)
+    framework = models.TextField(blank=False)
+    version = models.TextField(blank=True)
+    description = models.TextField(blank=True)
+    region = models.TextField(blank=False)
+
+    requirement_id = models.TextField(blank=False)
+    requirement_status = StatusEnumField(choices=StatusChoices)
+    passed_checks = models.IntegerField(default=0)
+    failed_checks = models.IntegerField(default=0)
+    total_checks = models.IntegerField(default=0)
+
+    scan = models.ForeignKey(
+        Scan,
+        on_delete=models.CASCADE,
+        related_name="compliance_requirements_overviews",
+        related_query_name="compliance_requirements_overview",
+    )
+
+    class Meta(RowLevelSecurityProtectedModel.Meta):
+        db_table = "compliance_requirements_overviews"
+
+        constraints = [
+            models.UniqueConstraint(
+                fields=(
+                    "tenant_id",
+                    "scan_id",
+                    "compliance_id",
+                    "requirement_id",
+                    "region",
+                ),
+                name="unique_tenant_compliance_requirement_overview",
+            ),
+            RowLevelSecurityConstraint(
+                field="tenant_id",
+                name="rls_on_%(class)s",
+                statements=["SELECT", "INSERT", "DELETE"],
+            ),
+        ]
+        indexes = [
+            models.Index(fields=["tenant_id", "scan_id"], name="cro_tenant_scan_idx"),
+            models.Index(
+                fields=["tenant_id", "scan_id", "compliance_id"],
+                name="cro_scan_comp_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "compliance_id", "region"],
+                name="cro_scan_comp_reg_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "compliance_id", "requirement_id"],
+                name="cro_scan_comp_req_idx",
+            ),
+            models.Index(
+                fields=[
+                    "tenant_id",
+                    "scan_id",
+                    "compliance_id",
+                    "requirement_id",
+                    "region",
+                ],
+                name="cro_scan_comp_req_reg_idx",
+            ),
+        ]
+
+    class JSONAPIMeta:
+        resource_name = "compliance-requirements-overviews"
+
+
 class ScanSummary(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
@@ -1150,7 +1269,15 @@ class ScanSummary(RowLevelSecurityProtectedModel):
            models.Index(
                fields=["tenant_id", "scan_id"],
                name="scan_summaries_tenant_scan_idx",
-            )
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "service"],
+                name="ss_tenant_scan_service_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "severity"],
+                name="ss_tenant_scan_severity_idx",
+            ),
        ]

    class JSONAPIMeta:
@@ -1232,3 +1359,52 @@ class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
+
+
+class ResourceScanSummary(RowLevelSecurityProtectedModel):
+    scan_id = models.UUIDField(default=uuid7, db_index=True)
+    resource_id = models.UUIDField(default=uuid4, db_index=True)
+    service = models.CharField(max_length=100)
+    region = models.CharField(max_length=100)
+    resource_type = models.CharField(max_length=100)
+
+    class Meta:
+        db_table = "resource_scan_summaries"
+        unique_together = (("tenant_id", "scan_id", "resource_id"),)
+
+        indexes = [
+            # Single-dimension lookups:
+            models.Index(
+                fields=["tenant_id", "scan_id", "service"],
+                name="rss_tenant_scan_svc_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "region"],
+                name="rss_tenant_scan_reg_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "resource_type"],
+                name="rss_tenant_scan_type_idx",
+            ),
+            # Two-dimension cross-filters:
+            models.Index(
+                fields=["tenant_id", "scan_id", "region", "service"],
+                name="rss_tenant_scan_reg_svc_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "service", "resource_type"],
+                name="rss_tenant_scan_svc_type_idx",
+            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "region", "resource_type"],
+                name="rss_tenant_scan_reg_type_idx",
+            ),
+        ]
+
+        constraints = [
+            RowLevelSecurityConstraint(
+                field="tenant_id",
+                name="rls_on_%(class)s",
+                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
+            ),
+        ]
@@ -1,4 +1,4 @@
-from rest_framework_json_api.pagination import JsonApiPageNumberPagination
+from drf_spectacular_jsonapi.schemas.pagination import JsonApiPageNumberPagination


 class ComplianceOverviewPagination(JsonApiPageNumberPagination):
@@ -1,12 +1,12 @@
-from unittest.mock import patch, MagicMock
+from unittest.mock import MagicMock, patch

 from api.compliance import (
+    generate_compliance_overview_template,
+    generate_scan_compliance,
    get_prowler_provider_checks,
    get_prowler_provider_compliance,
-    load_prowler_compliance,
    load_prowler_checks,
-    generate_scan_compliance,
-    generate_compliance_overview_template,
+    load_prowler_compliance,
 )
 from api.models import Provider

@@ -69,7 +69,7 @@ class TestCompliance:

        load_prowler_compliance()

-        from api.compliance import PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE, PROWLER_CHECKS
+        from api.compliance import PROWLER_CHECKS, PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE

        assert PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE == {
            "template_key": "template_value"
@@ -268,7 +268,7 @@ class TestCompliance:
                                "manual": 0,
                                "total": 0,
                            },
-                            "status": "PASS",
+                            "status": "MANUAL",
                        },
                    },
                    "requirements_status": {
@@ -3,9 +3,13 @@ from enum import Enum
 from unittest.mock import patch

 import pytest
+from django.conf import settings
+from freezegun import freeze_time

 from api.db_utils import (
+    _should_create_index_on_partition,
    batch_delete,
+    create_objects_in_batches,
    enum_to_choices,
    generate_random_token,
    one_week_from_now,
@@ -138,3 +142,88 @@ class TestBatchDelete:
        )
        assert Provider.objects.all().count() == 0
        assert summary == {"api.Provider": create_test_providers}
+
+
+class TestShouldCreateIndexOnPartition:
+    @freeze_time("2025-05-15 00:00:00Z")
+    @pytest.mark.parametrize(
+        "partition_name, all_partitions, expected",
+        [
+            ("any_name", True, True),
+            ("findings_default", True, True),
+            ("findings_2022_jan", True, True),
+            ("foo_bar", False, True),
+            ("findings_2025_MAY", False, True),
+            ("findings_2025_may", False, True),
+            ("findings_2025_jun", False, True),
+            ("findings_2025_apr", False, False),
+            ("findings_2025_xyz", False, True),
+        ],
+    )
+    def test_partition_inclusion_logic(self, partition_name, all_partitions, expected):
+        assert (
+            _should_create_index_on_partition(partition_name, all_partitions)
+            is expected
+        )
+
+    @freeze_time("2025-05-15 00:00:00Z")
+    def test_invalid_date_components(self):
+        # even if regex matches but int conversion fails, we fallback True
+        # (e.g. year too big, month number parse error)
+        bad_name = "findings_99999_jan"
+        assert _should_create_index_on_partition(bad_name, False) is True
+
+        bad_name2 = "findings_2025_abc"
+        # abc not in month_map → fallback True
+        assert _should_create_index_on_partition(bad_name2, False) is True
+
+
+@pytest.mark.django_db
+class TestCreateObjectsInBatches:
+    @pytest.fixture
+    def tenant(self, tenants_fixture):
+        return tenants_fixture[0]
+
+    def make_provider_instances(self, tenant, count):
+        """
+        Return a list of `count` unsaved Provider instances for the given tenant.
+        """
+        base_uid = 1000
+        return [
+            Provider(
+                tenant=tenant,
+                uid=str(base_uid + i),
+                provider=Provider.ProviderChoices.AWS,
+            )
+            for i in range(count)
+        ]
+
+    def test_exact_multiple_of_batch(self, tenant):
+        total = 6
+        batch_size = 3
+        objs = self.make_provider_instances(tenant, total)
+
+        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
+
+        qs = Provider.objects.filter(tenant=tenant)
+        assert qs.count() == total
+
+    def test_non_multiple_of_batch(self, tenant):
+        total = 7
+        batch_size = 3
+        objs = self.make_provider_instances(tenant, total)
+
+        create_objects_in_batches(str(tenant.id), Provider, objs, batch_size=batch_size)
+
+        qs = Provider.objects.filter(tenant=tenant)
+        assert qs.count() == total
+
+    def test_batch_size_default(self, tenant):
+        default_size = settings.DJANGO_DELETION_BATCH_SIZE
+        total = default_size + 2
+        objs = self.make_provider_instances(tenant, total)
+
+        create_objects_in_batches(str(tenant.id), Provider, objs)
+
+        qs = Provider.objects.filter(tenant=tenant)
+        assert qs.count() == total
@@ -0,0 +1,379 @@
+import json
+from uuid import uuid4
+
+import pytest
+from django_celery_results.models import TaskResult
+from rest_framework import status
+from rest_framework.response import Response
+
+from api.exceptions import (
+    TaskFailedException,
+    TaskInProgressException,
+    TaskNotFoundException,
+)
+from api.models import Task, User
+from api.rls import Tenant
+from api.v1.mixins import PaginateByPkMixin, TaskManagementMixin
+
+
+@pytest.mark.django_db
+class TestPaginateByPkMixin:
+    @pytest.fixture
+    def tenant(self):
+        return Tenant.objects.create(name="Test Tenant")
+
+    @pytest.fixture
+    def users(self, tenant):
+        # Create 5 users with proper email field
+        users = []
+        for i in range(5):
+            user = User.objects.create(email=f"user{i}@example.com", name=f"User {i}")
+            users.append(user)
+        return users
+
+    class DummyView(PaginateByPkMixin):
+        def __init__(self, page):
+            self._page = page
+
+        def paginate_queryset(self, qs):
+            return self._page
+
+        def get_serializer(self, queryset, many):
+            class S:
+                def __init__(self, data):
+                    # serialize to list of ids
+                    self.data = [obj.id for obj in data] if many else queryset.id
+
+            return S(queryset)
+
+        def get_paginated_response(self, data):
+            return Response({"results": data}, status=status.HTTP_200_OK)
+
+    def test_no_pagination(self, users):
+        base_qs = User.objects.all().order_by("id")
+        view = self.DummyView(page=None)
+        resp = view.paginate_by_pk(
+            request=None, base_queryset=base_qs, manager=User.objects
+        )
+        # since no pagination, should return all ids in order
+        expected = [u.id for u in base_qs]
+        assert isinstance(resp, Response)
+        assert resp.data == expected
+
+    def test_with_pagination(self, users):
+        base_qs = User.objects.all().order_by("id")
+        # simulate paging to first 2 ids
+        page = [base_qs[1].id, base_qs[3].id]
+        view = self.DummyView(page=page)
+        resp = view.paginate_by_pk(
+            request=None, base_queryset=base_qs, manager=User.objects
+        )
+        # should fetch only those two users, in the same order as page
+        assert resp.status_code == status.HTTP_200_OK
+        assert resp.data == {"results": page}
+
+
+@pytest.mark.django_db
+class TestTaskManagementMixin:
+    class DummyView(TaskManagementMixin):
+        pass
+
+    @pytest.fixture
+    def tenant(self):
+        return Tenant.objects.create(name="Test Tenant")
+
+    @pytest.fixture(autouse=True)
+    def cleanup(self):
+        Task.objects.all().delete()
+        TaskResult.objects.all().delete()
+
+    def test_no_task_and_no_taskresult_raises_not_found(self):
+        view = self.DummyView()
+        with pytest.raises(TaskNotFoundException):
+            view.check_task_status("task_xyz", {"foo": "bar"})
+
+    def test_no_task_and_no_taskresult_returns_none_when_not_raising(self):
+        view = self.DummyView()
+        result = view.check_task_status(
+            "task_xyz", {"foo": "bar"}, raise_on_not_found=False
+        )
+        assert result is None
+
+    def test_taskresult_pending_raises_in_progress(self):
+        task_kwargs = {"foo": "bar"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_xyz",
+            task_kwargs=json.dumps(task_kwargs),
+            status="PENDING",
+        )
+        view = self.DummyView()
+        with pytest.raises(TaskInProgressException) as excinfo:
+            view.check_task_status("task_xyz", task_kwargs, raise_on_not_found=False)
+        assert hasattr(excinfo.value, "task_result")
+        assert excinfo.value.task_result == tr
+
+    def test_taskresult_started_raises_in_progress(self):
+        task_kwargs = {"foo": "bar"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_xyz",
+            task_kwargs=json.dumps(task_kwargs),
+            status="STARTED",
+        )
+        view = self.DummyView()
+        with pytest.raises(TaskInProgressException) as excinfo:
+            view.check_task_status("task_xyz", task_kwargs, raise_on_not_found=False)
+        assert hasattr(excinfo.value, "task_result")
+        assert excinfo.value.task_result == tr
+
+    def test_taskresult_progress_raises_in_progress(self):
+        task_kwargs = {"foo": "bar"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_xyz",
+            task_kwargs=json.dumps(task_kwargs),
+            status="PROGRESS",
+        )
+        view = self.DummyView()
+        with pytest.raises(TaskInProgressException) as excinfo:
+            view.check_task_status("task_xyz", task_kwargs, raise_on_not_found=False)
+        assert hasattr(excinfo.value, "task_result")
+        assert excinfo.value.task_result == tr
+
+    def test_taskresult_failure_raises_failed(self):
+        task_kwargs = {"a": 1}
+        TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_fail",
+            task_kwargs=json.dumps(task_kwargs),
+            status="FAILURE",
+        )
+        view = self.DummyView()
+        with pytest.raises(TaskFailedException):
+            view.check_task_status("task_fail", task_kwargs, raise_on_not_found=False)
+
+    def test_taskresult_failure_returns_none_when_not_raising(self):
+        task_kwargs = {"a": 1}
+        TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_fail",
+            task_kwargs=json.dumps(task_kwargs),
+            status="FAILURE",
+        )
+        view = self.DummyView()
+        result = view.check_task_status(
+            "task_fail", task_kwargs, raise_on_failed=False, raise_on_not_found=False
+        )
+        assert result is None
+
+    def test_taskresult_success_returns_none(self):
+        task_kwargs = {"x": 2}
+        TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_ok",
+            task_kwargs=json.dumps(task_kwargs),
+            status="SUCCESS",
+        )
+        view = self.DummyView()
+        # should not raise, and returns None
+        assert (
+            view.check_task_status("task_ok", task_kwargs, raise_on_not_found=False)
+            is None
+        )
+
+    def test_taskresult_revoked_returns_none(self):
+        task_kwargs = {"x": 2}
+        TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="task_revoked",
+            task_kwargs=json.dumps(task_kwargs),
+            status="REVOKED",
+        )
+        view = self.DummyView()
+        # should not raise, and returns None
+        assert (
+            view.check_task_status(
+                "task_revoked", task_kwargs, raise_on_not_found=False
+            )
+            is None
+        )
+
+    def test_task_with_failed_status_raises_failed(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="FAILURE",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        with pytest.raises(TaskFailedException) as excinfo:
+            view.check_task_status("scan_task", task_kwargs)
+        # Check that the exception contains the expected task
+        assert hasattr(excinfo.value, "task")
+        assert excinfo.value.task == task
+
+    def test_task_with_cancelled_status_raises_failed(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="REVOKED",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        with pytest.raises(TaskFailedException) as excinfo:
+            view.check_task_status("scan_task", task_kwargs)
+        # Check that the exception contains the expected task
+        assert hasattr(excinfo.value, "task")
+        assert excinfo.value.task == task
+
+    def test_task_with_failed_status_returns_task_when_not_raising(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="FAILURE",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.check_task_status("scan_task", task_kwargs, raise_on_failed=False)
+        assert result == task
+
+    def test_task_with_completed_status_returns_none(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="SUCCESS",
+        )
+        Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.check_task_status("scan_task", task_kwargs)
+        assert result is None
+
+    def test_task_with_executing_status_returns_task(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="STARTED",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.check_task_status("scan_task", task_kwargs)
+        assert result is not None
+        assert result.pk == task.pk
+
+    def test_task_with_pending_status_returns_task(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="PENDING",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.check_task_status("scan_task", task_kwargs)
+        assert result is not None
+        assert result.pk == task.pk
+
+    def test_get_task_response_if_running_returns_none_for_completed_task(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="SUCCESS",
+        )
+        Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.get_task_response_if_running("scan_task", task_kwargs)
+        assert result is None
+
+    def test_get_task_response_if_running_returns_none_for_no_task(self):
+        view = self.DummyView()
+        result = view.get_task_response_if_running(
+            "nonexistent", {"foo": "bar"}, raise_on_not_found=False
+        )
+        assert result is None
+
+    def test_get_task_response_if_running_returns_202_for_executing_task(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="STARTED",
+        )
+        task = Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.get_task_response_if_running("scan_task", task_kwargs)
+
+        assert isinstance(result, Response)
+        assert result.status_code == status.HTTP_202_ACCEPTED
+        assert "Content-Location" in result.headers
+        # The response should contain the serialized task data
+        assert result.data is not None
+        assert "id" in result.data
+        assert str(result.data["id"]) == str(task.id)
+
+    def test_get_task_response_if_running_returns_none_for_available_task(self, tenant):
+        task_kwargs = {"provider_id": "test"}
+        tr = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs),
+            status="PENDING",
+        )
+        Task.objects.create(tenant=tenant, task_runner_task=tr)
+        view = self.DummyView()
+        result = view.get_task_response_if_running("scan_task", task_kwargs)
+        # PENDING maps to AVAILABLE, which is not EXECUTING, so should return None
+        assert result is None
+
+    def test_kwargs_filtering_works_correctly(self, tenant):
+        # Create tasks with different kwargs
+        task_kwargs_1 = {"provider_id": "test1", "scan_type": "full"}
+        task_kwargs_2 = {"provider_id": "test2", "scan_type": "quick"}
+
+        tr1 = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs_1),
+            status="STARTED",
+        )
+        tr2 = TaskResult.objects.create(
+            task_id=str(uuid4()),
+            task_name="scan_task",
+            task_kwargs=json.dumps(task_kwargs_2),
+            status="STARTED",
+        )
+
+        task1 = Task.objects.create(tenant=tenant, task_runner_task=tr1)
+        task2 = Task.objects.create(tenant=tenant, task_runner_task=tr2)
+
+        view = self.DummyView()
+
+        # Should find task1 when searching for its kwargs
+        result1 = view.check_task_status("scan_task", {"provider_id": "test1"})
+        assert result1 is not None
+        assert result1.pk == task1.pk
+
+        # Should find task2 when searching for its kwargs
+        result2 = view.check_task_status("scan_task", {"provider_id": "test2"})
+        assert result2 is not None
+        assert result2.pk == task2.pk
+
+        # Should not find anything when searching for non-existent kwargs
+        result3 = view.check_task_status(
+            "scan_task", {"provider_id": "test3"}, raise_on_not_found=False
+        )
+        assert result3 is None
@@ -1,11 +1,14 @@
 from datetime import datetime, timezone

 from allauth.socialaccount.providers.oauth2.client import OAuth2Client
+from django.contrib.postgres.aggregates import ArrayAgg
+from django.db.models import Subquery
 from rest_framework.exceptions import NotFound, ValidationError

 from api.db_router import MainRouter
 from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Provider
+from api.models import Invitation, Provider, Resource
+from api.v1.serializers import FindingMetadataSerializer
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
@@ -205,3 +208,33 @@ def validate_invitation(
        )

    return invitation
+
+
+# ToRemove after removing the fallback mechanism in /findings/metadata
+def get_findings_metadata_no_aggregations(tenant_id: str, filtered_queryset):
+    filtered_ids = filtered_queryset.order_by().values("id")
+
+    relevant_resources = Resource.all_objects.filter(
+        tenant_id=tenant_id, findings__id__in=Subquery(filtered_ids)
+    ).only("service", "region", "type")
+
+    aggregation = relevant_resources.aggregate(
+        services=ArrayAgg("service", flat=True),
+        regions=ArrayAgg("region", flat=True),
+        resource_types=ArrayAgg("type", flat=True),
+    )
+
+    services = sorted(set(aggregation["services"] or []))
+    regions = sorted({region for region in aggregation["regions"] or [] if region})
+    resource_types = sorted(set(aggregation["resource_types"] or []))
+
+    result = {
+        "services": services,
+        "regions": regions,
+        "resource_types": resource_types,
+    }
+
+    serializer = FindingMetadataSerializer(data=result)
+    serializer.is_valid(raise_exception=True)
+
+    return serializer.data
@@ -0,0 +1,222 @@
+from django.urls import reverse
+from django_celery_results.models import TaskResult
+from rest_framework import status
+from rest_framework.response import Response
+
+from api.exceptions import (
+    TaskFailedException,
+    TaskInProgressException,
+    TaskNotFoundException,
+)
+from api.models import StateChoices, Task
+from api.v1.serializers import TaskSerializer
+
+
+class PaginateByPkMixin:
+    """
+    Mixin to paginate on a list of PKs (cheaper than heavy JOINs),
+    re-fetch the full objects with the desired select/prefetch,
+    re-sort them to preserve DB ordering, then serialize + return.
+    """
+
+    def paginate_by_pk(
+        self,
+        request,  # noqa: F841
+        base_queryset,
+        manager,
+        select_related: list[str] | None = None,
+        prefetch_related: list[str] | None = None,
+    ) -> Response:
+        pk_list = base_queryset.values_list("id", flat=True)
+        page = self.paginate_queryset(pk_list)
+        if page is None:
+            return Response(self.get_serializer(base_queryset, many=True).data)
+
+        queryset = manager.filter(id__in=page)
+        if select_related:
+            queryset = queryset.select_related(*select_related)
+        if prefetch_related:
+            queryset = queryset.prefetch_related(*prefetch_related)
+
+        queryset = sorted(queryset, key=lambda obj: page.index(obj.id))
+
+        serialized = self.get_serializer(queryset, many=True).data
+        return self.get_paginated_response(serialized)
+
+
+class TaskManagementMixin:
+    """
+    Mixin to manage task status checking.
+
+    This mixin provides functionality to check if a task with specific parameters
+    is running, completed, failed, or doesn't exist. It returns the task when running
+    and raises specific exceptions for failed/not found scenarios that can be handled
+    at the view level.
+    """
+
+    def check_task_status(
+        self,
+        task_name: str,
+        task_kwargs: dict,
+        raise_on_failed: bool = True,
+        raise_on_not_found: bool = True,
+    ) -> Task | None:
+        """
+        Check the status of a task with given name and kwargs.
+
+        This method first checks for a related Task object, and if not found,
+        checks TaskResult directly. If a TaskResult is found and running but
+        there's no related Task, it raises TaskInProgressException.
+
+        Args:
+            task_name (str): The name of the task to check
+            task_kwargs (dict): The kwargs to match against the task
+            raise_on_failed (bool): Whether to raise exception if task failed
+            raise_on_not_found (bool): Whether to raise exception if task not found
+
+        Returns:
+            Task | None: The task instance if found (regardless of state), None if not found and raise_on_not_found=False
+
+        Raises:
+            TaskFailedException: If task failed and raise_on_failed=True
+            TaskNotFoundException: If task not found and raise_on_not_found=True
+            TaskInProgressException: If task is running but no related Task object exists
+        """
+        # First, try to find a Task object with related TaskResult
+        try:
+            # Build the filter for task kwargs
+            task_filter = {
+                "task_runner_task__task_name": task_name,
+            }
+
+            # Add kwargs filters - we need to check if the task kwargs contain our parameters
+            for key, value in task_kwargs.items():
+                task_filter["task_runner_task__task_kwargs__contains"] = str(value)
+
+            task = (
+                Task.objects.filter(**task_filter)
+                .select_related("task_runner_task")
+                .order_by("-inserted_at")
+                .first()
+            )
+
+            if task:
+                # Get task state using the same logic as TaskSerializer
+                task_state_mapping = {
+                    "PENDING": StateChoices.AVAILABLE,
+                    "STARTED": StateChoices.EXECUTING,
+                    "PROGRESS": StateChoices.EXECUTING,
+                    "SUCCESS": StateChoices.COMPLETED,
+                    "FAILURE": StateChoices.FAILED,
+                    "REVOKED": StateChoices.CANCELLED,
+                }
+
+                celery_status = (
+                    task.task_runner_task.status if task.task_runner_task else None
+                )
+                task_state = task_state_mapping.get(
+                    celery_status or "", StateChoices.AVAILABLE
+                )
+
+                # Check task state and raise exceptions accordingly
+                if task_state in (StateChoices.FAILED, StateChoices.CANCELLED):
+                    if raise_on_failed:
+                        raise TaskFailedException(task=task)
+                    return task
+                elif task_state == StateChoices.COMPLETED:
+                    return None
+
+                return task
+
+        except Task.DoesNotExist:
+            pass
+
+        # If no Task found, check TaskResult directly
+        try:
+            # Build the filter for TaskResult
+            task_result_filter = {
+                "task_name": task_name,
+            }
+
+            # Add kwargs filters - check if the task kwargs contain our parameters
+            for key, value in task_kwargs.items():
+                task_result_filter["task_kwargs__contains"] = str(value)
+
+            task_result = (
+                TaskResult.objects.filter(**task_result_filter)
+                .order_by("-date_created")
+                .first()
+            )
+
+            if task_result:
+                # Check if the TaskResult indicates a running task
+                if task_result.status in ["PENDING", "STARTED", "PROGRESS"]:
+                    # Task is running but no related Task object exists
+                    raise TaskInProgressException(task_result=task_result)
+                elif task_result.status == "FAILURE":
+                    if raise_on_failed:
+                        raise TaskFailedException(task=None)
+                # For other statuses (SUCCESS, REVOKED), we don't have a Task to return,
+                # so we treat it as not found
+
+        except TaskResult.DoesNotExist:
+            pass
+
+        # No task found at all
+        if raise_on_not_found:
+            raise TaskNotFoundException()
+        return None
+
+    def get_task_response_if_running(
+        self,
+        task_name: str,
+        task_kwargs: dict,
+        raise_on_failed: bool = True,
+        raise_on_not_found: bool = True,
+    ) -> Response | None:
+        """
+        Get a 202 response with task details if the task is currently running.
+
+        This method is useful for endpoints that should return task status when
+        a background task is in progress, similar to the compliance overview endpoints.
+
+        Args:
+            task_name (str): The name of the task to check
+            task_kwargs (dict): The kwargs to match against the task
+
+        Returns:
+            Response | None: 202 response with task details if running, None otherwise
+        """
+        task = self.check_task_status(
+            task_name=task_name,
+            task_kwargs=task_kwargs,
+            raise_on_failed=raise_on_failed,
+            raise_on_not_found=raise_on_not_found,
+        )
+
+        if not task:
+            return None
+
+        # Get task state
+        task_state_mapping = {
+            "PENDING": StateChoices.AVAILABLE,
+            "STARTED": StateChoices.EXECUTING,
+            "PROGRESS": StateChoices.EXECUTING,
+            "SUCCESS": StateChoices.COMPLETED,
+            "FAILURE": StateChoices.FAILED,
+            "REVOKED": StateChoices.CANCELLED,
+        }
+
+        celery_status = task.task_runner_task.status if task.task_runner_task else None
+        task_state = task_state_mapping.get(celery_status or "", StateChoices.AVAILABLE)
+
+        if task_state == StateChoices.EXECUTING:
+            self.response_serializer_class = TaskSerializer
+            serializer = TaskSerializer(task)
+            return Response(
+                data=serializer.data,
+                status=status.HTTP_202_ACCEPTED,
+                headers={
+                    "Content-Location": reverse("task-detail", kwargs={"pk": task.id})
+                },
+            )
@@ -119,9 +119,9 @@ from rest_framework_json_api import serializers
                        "type": "email",
                        "description": "User microsoft email address.",
                    },
-                    "encrypted_password": {
+                    "password": {
                        "type": "string",
-                        "description": "User encrypted password.",
+                        "description": "User password.",
                    },
                },
                "required": [
@@ -129,7 +129,7 @@ from rest_framework_json_api import serializers
                    "client_secret",
                    "tenant_id",
                    "user",
-                    "encrypted_password",
+                    "password",
                ],
            },
            {
@@ -154,6 +154,17 @@ from rest_framework_json_api import serializers
                },
                "required": ["client_id", "client_secret", "refresh_token"],
            },
+            {
+                "type": "object",
+                "title": "GCP Service Account Key",
+                "properties": {
+                    "service_account_key": {
+                        "type": "object",
+                        "description": "The service account key for GCP.",
+                    }
+                },
+                "required": ["service_account_key"],
+            },
            {
                "type": "object",
                "title": "Kubernetes Static Credentials",
@@ -14,7 +14,6 @@ from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
 from rest_framework_simplejwt.tokens import RefreshToken

 from api.models import (
-    ComplianceOverview,
    Finding,
    Integration,
    IntegrationProviderRelationship,
@@ -31,6 +30,7 @@ from api.models import (
    RoleProviderGroupRelationship,
    Scan,
    StateChoices,
+    StatusChoices,
    Task,
    User,
    UserRoleRelationship,
@@ -960,6 +960,15 @@ class ScanReportSerializer(serializers.Serializer):
        fields = ["id"]


+class ScanComplianceReportSerializer(serializers.Serializer):
+    id = serializers.CharField(source="scan")
+    name = serializers.CharField()
+
+    class Meta:
+        resource_name = "scan-reports"
+        fields = ["id", "name"]
+
+
 class ResourceTagSerializer(RLSSerializer):
    """
    Serializer for the ResourceTag model
@@ -1150,6 +1159,8 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                )
        elif secret_type == ProviderSecret.TypeChoices.ROLE:
            serializer = AWSRoleAssumptionProviderSecret(data=secret)
+        elif secret_type == ProviderSecret.TypeChoices.SERVICE_ACCOUNT:
+            serializer = GCPServiceAccountProviderSecret(data=secret)
        else:
            raise serializers.ValidationError(
                {"secret_type": f"Secret type not supported: {secret_type}"}
@@ -1188,7 +1199,7 @@ class M365ProviderSecret(serializers.Serializer):
    client_secret = serializers.CharField()
    tenant_id = serializers.CharField()
    user = serializers.EmailField()
-    encrypted_password = serializers.CharField()
+    password = serializers.CharField()

    class Meta:
        resource_name = "provider-secrets"
@@ -1203,6 +1214,13 @@ class GCPProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


+class GCPServiceAccountProviderSecret(serializers.Serializer):
+    service_account_key = serializers.JSONField()
+
+    class Meta:
+        resource_name = "provider-secrets"
+
+
 class KubernetesProviderSecret(serializers.Serializer):
    kubeconfig_content = serializers.CharField()

@@ -1661,130 +1679,61 @@ class RoleProviderGroupRelationshipSerializer(RLSSerializer, BaseWriteSerializer
 # Compliance overview


-class ComplianceOverviewSerializer(RLSSerializer):
+class ComplianceOverviewSerializer(serializers.Serializer):
    """
-    Serializer for the ComplianceOverview model.
+    Serializer for compliance requirement status aggregated by compliance framework.
+
+    This serializer is used to format aggregated compliance framework data,
+    providing counts of passed, failed, and manual requirements along with
+    an overall global status for each framework.
    """

-    requirements_status = serializers.SerializerMethodField(
-        read_only=True, method_name="get_requirements_status"
-    )
-    provider_type = serializers.SerializerMethodField(read_only=True)
+    # Add ID field which will be used for resource identification
+    id = serializers.CharField()
+    framework = serializers.CharField()
+    version = serializers.CharField()
+    requirements_passed = serializers.IntegerField()
+    requirements_failed = serializers.IntegerField()
+    requirements_manual = serializers.IntegerField()
+    total_requirements = serializers.IntegerField()

-    class Meta:
-        model = ComplianceOverview
-        fields = [
-            "id",
-            "inserted_at",
-            "compliance_id",
-            "framework",
-            "version",
-            "requirements_status",
-            "region",
-            "provider_type",
-            "scan",
-            "url",
-        ]
-
-    @extend_schema_field(
-        {
-            "type": "object",
-            "properties": {
-                "passed": {"type": "integer"},
-                "failed": {"type": "integer"},
-                "manual": {"type": "integer"},
-                "total": {"type": "integer"},
-            },
-        }
-    )
-    def get_requirements_status(self, obj):
-        return {
-            "passed": obj.requirements_passed,
-            "failed": obj.requirements_failed,
-            "manual": obj.requirements_manual,
-            "total": obj.total_requirements,
-        }
-
-    @extend_schema_field(serializers.CharField(allow_null=True))
-    def get_provider_type(self, obj):
-        """
-        Retrieves the provider_type from scan.provider.provider_type.
-        """
-        try:
-            return obj.scan.provider.provider
-        except AttributeError:
-            return None
+    class JSONAPIMeta:
+        resource_name = "compliance-overviews"


-class ComplianceOverviewFullSerializer(ComplianceOverviewSerializer):
-    requirements = serializers.SerializerMethodField(read_only=True)
+class ComplianceOverviewDetailSerializer(serializers.Serializer):
+    """
+    Serializer for detailed compliance requirement information.

-    class Meta(ComplianceOverviewSerializer.Meta):
-        fields = ComplianceOverviewSerializer.Meta.fields + [
-            "description",
-            "requirements",
-        ]
+    This serializer formats the aggregated requirement data, showing detailed status
+    and counts for each requirement across all regions.
+    """

-    @extend_schema_field(
-        {
-            "type": "object",
-            "properties": {
-                "requirement_id": {
-                    "type": "object",
-                    "properties": {
-                        "name": {"type": "string"},
-                        "checks": {
-                            "type": "object",
-                            "properties": {
-                                "check_name": {
-                                    "type": "object",
-                                    "properties": {
-                                        "status": {
-                                            "type": "string",
-                                            "enum": ["PASS", "FAIL", None],
-                                        },
-                                    },
-                                }
-                            },
-                            "description": "Each key in the 'checks' object is a check name, with values as "
-                            "'PASS', 'FAIL', or null.",
-                        },
-                        "status": {
-                            "type": "string",
-                            "enum": ["PASS", "FAIL", "MANUAL"],
-                        },
-                        "attributes": {
-                            "type": "array",
-                            "items": {
-                                "type": "object",
-                            },
-                        },
-                        "description": {"type": "string"},
-                        "checks_status": {
-                            "type": "object",
-                            "properties": {
-                                "total": {"type": "integer"},
-                                "pass": {"type": "integer"},
-                                "fail": {"type": "integer"},
-                                "manual": {"type": "integer"},
-                            },
-                        },
-                    },
-                }
-            },
-        }
-    )
-    def get_requirements(self, obj):
-        """
-        Returns the detailed structure of requirements.
-        """
-        return obj.requirements
+    id = serializers.CharField()
+    framework = serializers.CharField()
+    version = serializers.CharField()
+    description = serializers.CharField()
+    status = serializers.ChoiceField(choices=StatusChoices.choices)
+
+    class JSONAPIMeta:
+        resource_name = "compliance-requirements-details"
+
+
+class ComplianceOverviewAttributesSerializer(serializers.Serializer):
+    id = serializers.CharField()
+    framework = serializers.CharField()
+    version = serializers.CharField()
+    description = serializers.CharField()
+    attributes = serializers.JSONField()
+
+    class JSONAPIMeta:
+        resource_name = "compliance-requirements-attributes"


 class ComplianceOverviewMetadataSerializer(serializers.Serializer):
    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)

-    class Meta:
+    class JSONAPIMeta:
        resource_name = "compliance-overviews-metadata"


@@ -26,6 +26,7 @@ INSTALLED_APPS = [
    "rest_framework",
    "corsheaders",
    "drf_spectacular",
+    "drf_spectacular_jsonapi",
    "django_guid",
    "rest_framework_json_api",
    "django_celery_results",
@@ -111,6 +112,7 @@ SPECTACULAR_SETTINGS = {
    "PREPROCESSING_HOOKS": [
        "drf_spectacular_jsonapi.hooks.fix_nested_path_parameters",
    ],
+    "TITLE": "API Reference - Prowler",
 }

 WSGI_APPLICATION = "config.wsgi.application"
@@ -126,6 +128,7 @@ DJANGO_GUID = {
 }

 DATABASE_ROUTERS = ["api.db_router.MainRouter"]
+POSTGRES_EXTRA_DB_BACKEND_BASE = "database_backend"


 # Password validation
@@ -97,4 +97,6 @@ sentry_sdk.init(
        # possible.
        "continuous_profiling_auto_start": True,
    },
+    attach_stacktrace=True,
+    ignore_errors=IGNORED_EXCEPTIONS,
 )
@@ -10,10 +10,12 @@ from django.urls import reverse
 from django_celery_results.models import TaskResult
 from rest_framework import status
 from rest_framework.test import APIClient
+from tasks.jobs.backfill import backfill_resource_scan_summaries

 from api.db_utils import rls_transaction
 from api.models import (
    ComplianceOverview,
+    ComplianceRequirementOverview,
    Finding,
    Integration,
    IntegrationProviderRelationship,
@@ -28,6 +30,7 @@ from api.models import (
    Scan,
    ScanSummary,
    StateChoices,
+    StatusChoices,
    Task,
    User,
    UserRoleRelationship,
@@ -776,6 +779,114 @@ def compliance_overviews_fixture(scans_fixture, tenants_fixture):
    return compliance_overview1, compliance_overview2


+@pytest.fixture
+def compliance_requirements_overviews_fixture(scans_fixture, tenants_fixture):
+    """Fixture for ComplianceRequirementOverview objects used by the new ComplianceOverviewViewSet."""
+    tenant = tenants_fixture[0]
+    scan1, scan2, scan3 = scans_fixture
+
+    # Create ComplianceRequirementOverview objects for scan1
+    requirement_overview1 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="aws_account_security_onboarding_aws",
+        framework="AWS-Account-Security-Onboarding",
+        version="1.0",
+        description="Description for AWS Account Security Onboarding",
+        region="eu-west-1",
+        requirement_id="requirement1",
+        requirement_status=StatusChoices.PASS,
+        passed_checks=2,
+        failed_checks=0,
+        total_checks=2,
+    )
+
+    requirement_overview2 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="aws_account_security_onboarding_aws",
+        framework="AWS-Account-Security-Onboarding",
+        version="1.0",
+        description="Description for AWS Account Security Onboarding",
+        region="eu-west-1",
+        requirement_id="requirement2",
+        requirement_status=StatusChoices.PASS,
+        passed_checks=2,
+        failed_checks=0,
+        total_checks=2,
+    )
+
+    requirement_overview3 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="aws_account_security_onboarding_aws",
+        framework="AWS-Account-Security-Onboarding",
+        version="1.0",
+        description="Description for AWS Account Security Onboarding",
+        region="eu-west-2",
+        requirement_id="requirement1",
+        requirement_status=StatusChoices.PASS,
+        passed_checks=2,
+        failed_checks=0,
+        total_checks=2,
+    )
+
+    requirement_overview4 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="aws_account_security_onboarding_aws",
+        framework="AWS-Account-Security-Onboarding",
+        version="1.0",
+        description="Description for AWS Account Security Onboarding",
+        region="eu-west-2",
+        requirement_id="requirement2",
+        requirement_status=StatusChoices.FAIL,
+        passed_checks=1,
+        failed_checks=1,
+        total_checks=2,
+    )
+
+    requirement_overview5 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="aws_account_security_onboarding_aws",
+        framework="AWS-Account-Security-Onboarding",
+        version="1.0",
+        description="Description for AWS Account Security Onboarding (MANUAL)",
+        region="eu-west-2",
+        requirement_id="requirement3",
+        requirement_status=StatusChoices.MANUAL,
+        passed_checks=0,
+        failed_checks=0,
+        total_checks=0,
+    )
+
+    # Create a different compliance framework for testing
+    requirement_overview6 = ComplianceRequirementOverview.objects.create(
+        tenant=tenant,
+        scan=scan1,
+        compliance_id="cis_1.4_aws",
+        framework="CIS-1.4-AWS",
+        version="1.4",
+        description="CIS AWS Foundations Benchmark v1.4.0",
+        region="eu-west-1",
+        requirement_id="cis_requirement1",
+        requirement_status=StatusChoices.FAIL,
+        passed_checks=0,
+        failed_checks=3,
+        total_checks=3,
+    )
+
+    return (
+        requirement_overview1,
+        requirement_overview2,
+        requirement_overview3,
+        requirement_overview4,
+        requirement_overview5,
+        requirement_overview6,
+    )
+
+
 def get_api_tokens(
    api_client, user_email: str, user_password: str, tenant_id: str = None
 ) -> tuple[str, str]:
@@ -920,6 +1031,55 @@ def integrations_fixture(providers_fixture):
    return integration1, integration2


+@pytest.fixture
+def backfill_scan_metadata_fixture(scans_fixture, findings_fixture):
+    for scan_instance in scans_fixture:
+        tenant_id = scan_instance.tenant_id
+        scan_id = scan_instance.id
+        backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)
+
+
+@pytest.fixture(scope="function")
+def latest_scan_finding(authenticated_client, providers_fixture, resources_fixture):
+    provider = providers_fixture[0]
+    tenant_id = str(providers_fixture[0].tenant_id)
+    resource = resources_fixture[0]
+    scan = Scan.objects.create(
+        name="latest completed scan",
+        provider=provider,
+        trigger=Scan.TriggerChoices.MANUAL,
+        state=StateChoices.COMPLETED,
+        tenant_id=tenant_id,
+    )
+    finding = Finding.objects.create(
+        tenant_id=tenant_id,
+        uid="test_finding_uid_1",
+        scan=scan,
+        delta="new",
+        status=Status.FAIL,
+        status_extended="test status extended ",
+        impact=Severity.critical,
+        impact_extended="test impact extended one",
+        severity=Severity.critical,
+        raw_result={
+            "status": Status.FAIL,
+            "impact": Severity.critical,
+            "severity": Severity.critical,
+        },
+        tags={"test": "dev-qa"},
+        check_id="test_check_id",
+        check_metadata={
+            "CheckId": "test_check_id",
+            "Description": "test description apple sauce",
+        },
+        first_seen_at="2024-01-02T00:00:00Z",
+    )
+
+    finding.add_resources([resource])
+    backfill_resource_scan_summaries(tenant_id, str(scan.id))
+    return finding
+
+
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

@@ -0,0 +1,15 @@
+import django.db
+from django.db.backends.postgresql.base import (
+    DatabaseWrapper as BuiltinPostgresDatabaseWrapper,
+)
+from psycopg2 import InterfaceError
+
+
+class DatabaseWrapper(BuiltinPostgresDatabaseWrapper):
+    def create_cursor(self, name=None):
+        try:
+            return super().create_cursor(name=name)
+        except InterfaceError:
+            django.db.close_old_connections()
+            django.db.connection.connect()
+            return super().create_cursor(name=name)
@@ -0,0 +1,61 @@
+from api.db_utils import rls_transaction
+from api.models import (
+    Resource,
+    ResourceFindingMapping,
+    ResourceScanSummary,
+    Scan,
+    StateChoices,
+)
+
+
+def backfill_resource_scan_summaries(tenant_id: str, scan_id: str):
+    with rls_transaction(tenant_id):
+        if ResourceScanSummary.objects.filter(
+            tenant_id=tenant_id, scan_id=scan_id
+        ).exists():
+            return {"status": "already backfilled"}
+
+    with rls_transaction(tenant_id):
+        if not Scan.objects.filter(
+            tenant_id=tenant_id,
+            id=scan_id,
+            state__in=(StateChoices.COMPLETED, StateChoices.FAILED),
+        ).exists():
+            return {"status": "scan is not completed"}
+
+        resource_ids_qs = (
+            ResourceFindingMapping.objects.filter(
+                tenant_id=tenant_id, finding__scan_id=scan_id
+            )
+            .values_list("resource_id", flat=True)
+            .distinct()
+        )
+
+        resource_ids = list(resource_ids_qs)
+
+        if not resource_ids:
+            return {"status": "no resources to backfill"}
+
+        resources_qs = Resource.objects.filter(
+            tenant_id=tenant_id, id__in=resource_ids
+        ).only("id", "service", "region", "type")
+
+        summaries = []
+        for resource in resources_qs.iterator():
+            summaries.append(
+                ResourceScanSummary(
+                    tenant_id=tenant_id,
+                    scan_id=scan_id,
+                    resource_id=str(resource.id),
+                    service=resource.service,
+                    region=resource.region,
+                    resource_type=resource.type,
+                )
+            )
+
+        for i in range(0, len(summaries), 500):
+            ResourceScanSummary.objects.bulk_create(
+                summaries[i : i + 500], ignore_conflicts=True
+            )
+
+    return {"status": "backfilled", "inserted": len(summaries)}
@@ -13,6 +13,41 @@ from prowler.config.config import (
    json_ocsf_file_suffix,
    output_file_timestamp,
 )
+from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
+    AWSWellArchitected,
+)
+from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
+from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
+from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
+from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
+from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
+from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
+from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
+from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
+from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_azure import AzureISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
+    KubernetesISO27001,
+)
+from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
+    AzureMitreAttack,
+)
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_gcp import GCPMitreAttack
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_aws import (
+    ProwlerThreatScoreAWS,
+)
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_azure import (
+    ProwlerThreatScoreAzure,
+)
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_gcp import (
+    ProwlerThreatScoreGCP,
+)
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_m365 import (
+    ProwlerThreatScoreM365,
+)
 from prowler.lib.outputs.csv.csv import CSV
 from prowler.lib.outputs.html.html import HTML
 from prowler.lib.outputs.ocsf.ocsf import OCSF
@@ -20,6 +55,44 @@ from prowler.lib.outputs.ocsf.ocsf import OCSF
 logger = get_task_logger(__name__)


+COMPLIANCE_CLASS_MAP = {
+    "aws": [
+        (lambda name: name.startswith("cis_"), AWSCIS),
+        (lambda name: name == "mitre_attack_aws", AWSMitreAttack),
+        (lambda name: name.startswith("ens_"), AWSENS),
+        (
+            lambda name: name.startswith("aws_well_architected_framework"),
+            AWSWellArchitected,
+        ),
+        (lambda name: name.startswith("iso27001_"), AWSISO27001),
+        (lambda name: name.startswith("kisa"), AWSKISAISMSP),
+        (lambda name: name == "prowler_threatscore_aws", ProwlerThreatScoreAWS),
+    ],
+    "azure": [
+        (lambda name: name.startswith("cis_"), AzureCIS),
+        (lambda name: name == "mitre_attack_azure", AzureMitreAttack),
+        (lambda name: name.startswith("ens_"), AzureENS),
+        (lambda name: name.startswith("iso27001_"), AzureISO27001),
+        (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
+    ],
+    "gcp": [
+        (lambda name: name.startswith("cis_"), GCPCIS),
+        (lambda name: name == "mitre_attack_gcp", GCPMitreAttack),
+        (lambda name: name.startswith("ens_"), GCPENS),
+        (lambda name: name.startswith("iso27001_"), GCPISO27001),
+        (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
+    ],
+    "kubernetes": [
+        (lambda name: name.startswith("cis_"), KubernetesCIS),
+        (lambda name: name.startswith("iso27001_"), KubernetesISO27001),
+    ],
+    "m365": [
+        (lambda name: name.startswith("cis_"), M365CIS),
+        (lambda name: name == "prowler_threatscore_m365", ProwlerThreatScoreM365),
+    ],
+}
+
+
 # Predefined mapping for output formats and their configurations
 OUTPUT_FORMATS_MAPPING = {
    "csv": {
@@ -43,13 +116,17 @@ def _compress_output_files(output_directory: str) -> str:
        str: The full path to the newly created ZIP archive.
    """
    zip_path = f"{output_directory}.zip"
+    parent_dir = os.path.dirname(output_directory)
+    zip_path_abs = os.path.abspath(zip_path)

    with zipfile.ZipFile(zip_path, "w", zipfile.ZIP_DEFLATED) as zipf:
-        for suffix in [config["suffix"] for config in OUTPUT_FORMATS_MAPPING.values()]:
-            zipf.write(
-                f"{output_directory}{suffix}",
-                f"output/{output_directory.split('/')[-1]}{suffix}",
-            )
+        for foldername, _, filenames in os.walk(parent_dir):
+            for filename in filenames:
+                file_path = os.path.join(foldername, filename)
+                if os.path.abspath(file_path) == zip_path_abs:
+                    continue
+                arcname = os.path.relpath(file_path, start=parent_dir)
+                zipf.write(file_path, arcname)

    return zip_path

@@ -102,25 +179,38 @@ def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str:
    Raises:
        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
    """
-    if not base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET:
-        return
+    bucket = base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET
+    if not bucket:
+        return None

    try:
        s3 = get_s3_client()
-        s3_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
+
+        # Upload the ZIP file (outputs) to the S3 bucket
+        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
        s3.upload_file(
            Filename=zip_path,
-            Bucket=base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET,
-            Key=s3_key,
+            Bucket=bucket,
+            Key=zip_key,
        )
-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{s3_key}"
+
+        # Upload the compliance directory to the S3 bucket
+        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
+        for filename in os.listdir(compliance_dir):
+            local_path = os.path.join(compliance_dir, filename)
+            if not os.path.isfile(local_path):
+                continue
+            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
+            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
+
+        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
    except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
        logger.error(f"S3 upload failed: {str(e)}")


 def _generate_output_directory(
    output_directory, prowler_provider: object, tenant_id: str, scan_id: str
-) -> str:
+) -> tuple[str, str]:
    """
    Generate a file system path for the output directory of a prowler scan.

@@ -145,7 +235,8 @@ def _generate_output_directory(

    Example:
        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
-        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56'
+        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
+        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
    """
    path = (
        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
@@ -153,4 +244,10 @@ def _generate_output_directory(
    )
    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)

-    return path
+    compliance_path = (
+        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
+        f"{prowler_provider}-{output_file_timestamp}"
+    )
+    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)
+
+    return path, compliance_path
@@ -13,12 +13,13 @@ from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import rls_transaction
+from api.db_utils import create_objects_in_batches, rls_transaction
 from api.models import (
-    ComplianceOverview,
+    ComplianceRequirementOverview,
    Finding,
    Provider,
    Resource,
+    ResourceScanSummary,
    ResourceTag,
    Scan,
    ScanSummary,
@@ -118,10 +119,11 @@ def perform_prowler_scan(
        ValueError: If the provider cannot be connected.

    """
-    check_status_by_region = {}
    exception = None
    unique_resources = set()
+    scan_resource_cache: set[tuple[str, str, str, str]] = set()
    start_time = time.time()
+    exc = None

    with rls_transaction(tenant_id):
        provider_instance = Provider.objects.get(pk=provider_id)
@@ -137,7 +139,7 @@ def perform_prowler_scan(
                provider_instance.connected = True
            except Exception as e:
                provider_instance.connected = False
-                raise ValueError(
+                exc = ValueError(
                    f"Provider {provider_instance.provider} is not connected: {e}"
                )
            finally:
@@ -146,6 +148,11 @@ def perform_prowler_scan(
                )
                provider_instance.save()

+        # If the provider is not connected, raise an exception outside the transaction.
+        # If raised within the transaction, the transaction will be rolled back and the provider will not be marked as not connected.
+        if exc:
+            raise exc
+
        prowler_scan = ProwlerScan(provider=prowler_provider, checks=checks_to_execute)

        resource_cache = {}
@@ -285,15 +292,15 @@ def perform_prowler_scan(
                    )
                    finding_instance.add_resources([resource_instance])

-                # Update compliance data if applicable
-                if finding.status.value == "MUTED":
-                    continue
-
-                region_dict = check_status_by_region.setdefault(finding.region, {})
-                current_status = region_dict.get(finding.check_id)
-                if current_status == "FAIL":
-                    continue
-                region_dict[finding.check_id] = finding.status.value
+                # Update scan resource summaries
+                scan_resource_cache.add(
+                    (
+                        str(resource_instance.id),
+                        resource_instance.service,
+                        resource_instance.region,
+                        resource_instance.type,
+                    )
+                )

            # Update scan progress
            with rls_transaction(tenant_id):
@@ -314,66 +321,33 @@ def perform_prowler_scan(
            scan_instance.unique_resource_count = len(unique_resources)
            scan_instance.save()

-    if exception is None:
-        try:
-            regions = prowler_provider.get_regions()
-        except AttributeError:
-            regions = set()
-
-        compliance_template = PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE[
-            provider_instance.provider
-        ]
-        compliance_overview_by_region = {
-            region: deepcopy(compliance_template) for region in regions
-        }
-
-        for region, check_status in check_status_by_region.items():
-            compliance_data = compliance_overview_by_region.setdefault(
-                region, deepcopy(compliance_template)
-            )
-            for check_name, status in check_status.items():
-                generate_scan_compliance(
-                    compliance_data,
-                    provider_instance.provider,
-                    check_name,
-                    status,
-                )
-
-        # Prepare compliance overview objects
-        compliance_overview_objects = []
-        for region, compliance_data in compliance_overview_by_region.items():
-            for compliance_id, compliance in compliance_data.items():
-                compliance_overview_objects.append(
-                    ComplianceOverview(
-                        tenant_id=tenant_id,
-                        scan=scan_instance,
-                        region=region,
-                        compliance_id=compliance_id,
-                        framework=compliance["framework"],
-                        version=compliance["version"],
-                        description=compliance["description"],
-                        requirements=compliance["requirements"],
-                        requirements_passed=compliance["requirements_status"]["passed"],
-                        requirements_failed=compliance["requirements_status"]["failed"],
-                        requirements_manual=compliance["requirements_status"]["manual"],
-                        total_requirements=compliance["total_requirements"],
-                    )
-                )
-        try:
-            with rls_transaction(tenant_id):
-                ComplianceOverview.objects.bulk_create(
-                    compliance_overview_objects, batch_size=100
-                )
-        except Exception as overview_exception:
-            import sentry_sdk
-
-            sentry_sdk.capture_exception(overview_exception)
-            logger.error(
-                f"Error storing compliance overview for scan {scan_id}: {overview_exception}"
-            )
    if exception is not None:
        raise exception

+    try:
+        resource_scan_summaries = [
+            ResourceScanSummary(
+                tenant_id=tenant_id,
+                scan_id=scan_id,
+                resource_id=resource_id,
+                service=service,
+                region=region,
+                resource_type=resource_type,
+            )
+            for resource_id, service, region, resource_type in scan_resource_cache
+        ]
+        with rls_transaction(tenant_id):
+            ResourceScanSummary.objects.bulk_create(
+                resource_scan_summaries, batch_size=500, ignore_conflicts=True
+            )
+    except Exception as filter_exception:
+        import sentry_sdk
+
+        sentry_sdk.capture_exception(filter_exception)
+        logger.error(
+            f"Error storing filter values for scan {scan_id}: {filter_exception}"
+        )
+
    serializer = ScanTaskSerializer(instance=scan_instance)
    return serializer.data

@@ -528,3 +502,114 @@ def aggregate_findings(tenant_id: str, scan_id: str):
            for agg in aggregation
        }
        ScanSummary.objects.bulk_create(scan_aggregations, batch_size=3000)
+
+
+def create_compliance_requirements(tenant_id: str, scan_id: str):
+    """
+    Create detailed compliance requirement overview records for a scan.
+
+    This function processes the compliance data collected during a scan and creates
+    individual records for each compliance requirement in each region. These detailed
+    records provide a granular view of compliance status.
+
+    Args:
+        tenant_id (str): The ID of the tenant for which to create records.
+        scan_id (str): The ID of the scan for which to create records.
+
+    Returns:
+        dict: A dictionary containing the number of requirements created and the regions processed.
+
+    Raises:
+        ValidationError: If tenant_id is not a valid UUID.
+    """
+    try:
+        with rls_transaction(tenant_id):
+            scan_instance = Scan.objects.get(pk=scan_id)
+            provider_instance = scan_instance.provider
+            prowler_provider = initialize_prowler_provider(provider_instance)
+
+        # Get check status data by region from findings
+        check_status_by_region = {}
+        with rls_transaction(tenant_id):
+            findings = Finding.objects.filter(scan_id=scan_id, muted=False)
+            for finding in findings:
+                # Get region from resources
+                for resource in finding.resources.all():
+                    region = resource.region
+                    region_dict = check_status_by_region.setdefault(region, {})
+                    current_status = region_dict.get(finding.check_id)
+                    if current_status == "FAIL":
+                        continue
+                    region_dict[finding.check_id] = finding.status
+
+        try:
+            # Try to get regions from provider
+            regions = prowler_provider.get_regions()
+        except (AttributeError, Exception):
+            # If not available, use regions from findings
+            regions = set(check_status_by_region.keys())
+
+        # Get compliance template for the provider
+        compliance_template = PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE[
+            provider_instance.provider
+        ]
+
+        # Create compliance data by region
+        compliance_overview_by_region = {
+            region: deepcopy(compliance_template) for region in regions
+        }
+
+        # Apply check statuses to compliance data
+        for region, check_status in check_status_by_region.items():
+            compliance_data = compliance_overview_by_region.setdefault(
+                region, deepcopy(compliance_template)
+            )
+            for check_name, status in check_status.items():
+                generate_scan_compliance(
+                    compliance_data,
+                    provider_instance.provider,
+                    check_name,
+                    status,
+                )
+
+        # Prepare compliance requirement objects
+        compliance_requirement_objects = []
+        for region, compliance_data in compliance_overview_by_region.items():
+            for compliance_id, compliance in compliance_data.items():
+                # Create an overview record for each requirement within each compliance framework
+                for requirement_id, requirement in compliance["requirements"].items():
+                    compliance_requirement_objects.append(
+                        ComplianceRequirementOverview(
+                            tenant_id=tenant_id,
+                            scan=scan_instance,
+                            region=region,
+                            compliance_id=compliance_id,
+                            framework=compliance["framework"],
+                            version=compliance["version"],
+                            requirement_id=requirement_id,
+                            description=requirement["description"],
+                            passed_checks=requirement["checks_status"]["pass"],
+                            failed_checks=requirement["checks_status"]["fail"],
+                            total_checks=requirement["checks_status"]["total"],
+                            requirement_status=requirement["status"],
+                        )
+                    )
+
+        # Bulk create requirement records
+        create_objects_in_batches(
+            tenant_id, ComplianceRequirementOverview, compliance_requirement_objects
+        )
+
+        return {
+            "requirements_created": len(compliance_requirement_objects),
+            "regions_processed": list(regions),
+            "compliance_frameworks": (
+                list(compliance_overview_by_region.get(list(regions)[0], {}).keys())
+                if regions
+                else []
+            ),
+        }
+
+    except Exception as e:
+        logger.error(f"Error creating compliance requirements for scan {scan_id}: {e}")
+        raise e
@@ -7,22 +7,31 @@ from celery.utils.log import get_task_logger
 from config.celery import RLSTask
 from config.django.base import DJANGO_FINDINGS_BATCH_SIZE, DJANGO_TMP_OUTPUT_DIRECTORY
 from django_celery_beat.models import PeriodicTask
+from tasks.jobs.backfill import backfill_resource_scan_summaries
 from tasks.jobs.connection import check_provider_connection
 from tasks.jobs.deletion import delete_provider, delete_tenant
 from tasks.jobs.export import (
+    COMPLIANCE_CLASS_MAP,
    OUTPUT_FORMATS_MAPPING,
    _compress_output_files,
    _generate_output_directory,
    _upload_to_s3,
 )
-from tasks.jobs.scan import aggregate_findings, perform_prowler_scan
+from tasks.jobs.scan import (
+    aggregate_findings,
+    create_compliance_requirements,
+    perform_prowler_scan,
+)
 from tasks.utils import batched, get_next_execution_datetime

+from api.compliance import get_compliance_frameworks
 from api.db_utils import rls_transaction
 from api.decorators import set_tenant
 from api.models import Finding, Provider, Scan, ScanSummary, StateChoices
 from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
 from prowler.lib.outputs.finding import Finding as FindingOutput

 logger = get_task_logger(__name__)
@@ -96,6 +105,7 @@ def perform_scan_task(

    chain(
        perform_scan_summary_task.si(tenant_id, scan_id),
+        create_compliance_requirements_task.si(tenant_id=tenant_id, scan_id=scan_id),
        generate_outputs.si(
            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
        ),
@@ -206,6 +216,9 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):

    chain(
        perform_scan_summary_task.si(tenant_id, scan_instance.id),
+        create_compliance_requirements_task.si(
+            tenant_id=tenant_id, scan_id=str(scan_instance.id)
+        ),
        generate_outputs.si(
            scan_id=str(scan_instance.id), provider_id=provider_id, tenant_id=tenant_id
        ),
@@ -251,84 +264,134 @@ def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
        logger.info(f"No findings found for scan {scan_id}")
        return {"upload": False}

-    # Initialize the prowler provider
-    prowler_provider = initialize_prowler_provider(Provider.objects.get(id=provider_id))
+    provider_obj = Provider.objects.get(id=provider_id)
+    prowler_provider = initialize_prowler_provider(provider_obj)
+    provider_uid = provider_obj.uid
+    provider_type = provider_obj.provider

-    # Get the provider UID
-    provider_uid = Provider.objects.get(id=provider_id).uid
-
-    # Generate and ensure the output directory exists
-    output_directory = _generate_output_directory(
+    frameworks_bulk = Compliance.get_bulk(provider_type)
+    frameworks_avail = get_compliance_frameworks(provider_type)
+    out_dir, comp_dir = _generate_output_directory(
        DJANGO_TMP_OUTPUT_DIRECTORY, provider_uid, tenant_id, scan_id
    )

-    # Define auxiliary variables
+    def get_writer(writer_map, name, factory, is_last):
+        """
+        Return existing writer_map[name] or create via factory().
+        In both cases set `.close_file = is_last`.
+        """
+        initialization = False
+        if name not in writer_map:
+            writer_map[name] = factory()
+            initialization = True
+        w = writer_map[name]
+        w.close_file = is_last
+
+        return w, initialization
+
    output_writers = {}
+    compliance_writers = {}
+
    scan_summary = FindingOutput._transform_findings_stats(
        ScanSummary.objects.filter(scan_id=scan_id)
    )

-    # Retrieve findings queryset
-    findings_qs = Finding.all_objects.filter(scan_id=scan_id).order_by("uid")
+    qs = Finding.all_objects.filter(scan_id=scan_id).order_by("uid").iterator()
+    for batch, is_last in batched(qs, DJANGO_FINDINGS_BATCH_SIZE):
+        fos = [FindingOutput.transform_api_finding(f, prowler_provider) for f in batch]

-    # Process findings in batches
-    for batch, is_last_batch in batched(
-        findings_qs.iterator(), DJANGO_FINDINGS_BATCH_SIZE
-    ):
-        finding_outputs = [
-            FindingOutput.transform_api_finding(finding, prowler_provider)
-            for finding in batch
-        ]
-
-        # Generate output files
-        for mode, config in OUTPUT_FORMATS_MAPPING.items():
-            kwargs = dict(config.get("kwargs", {}))
+        # Outputs
+        for mode, cfg in OUTPUT_FORMATS_MAPPING.items():
+            cls = cfg["class"]
+            suffix = cfg["suffix"]
+            extra = cfg.get("kwargs", {}).copy()
            if mode == "html":
-                kwargs["provider"] = prowler_provider
-                kwargs["stats"] = scan_summary
+                extra.update(provider=prowler_provider, stats=scan_summary)

-            writer_class = config["class"]
-            if writer_class in output_writers:
-                writer = output_writers[writer_class]
-                writer.transform(finding_outputs)
-                writer.close_file = is_last_batch
-            else:
-                writer = writer_class(
-                    findings=finding_outputs,
-                    file_path=output_directory,
-                    file_extension=config["suffix"],
+            writer, initialization = get_writer(
+                output_writers,
+                cls,
+                lambda cls=cls, fos=fos, suffix=suffix: cls(
+                    findings=fos,
+                    file_path=out_dir,
+                    file_extension=suffix,
                    from_cli=False,
-                )
-                writer.close_file = is_last_batch
-                output_writers[writer_class] = writer
+                ),
+                is_last,
+            )
+            if not initialization:
+                writer.transform(fos)
+            writer.batch_write_data_to_file(**extra)
+            writer._data.clear()

-            # Write the current batch using the writer
-            writer.batch_write_data_to_file(**kwargs)
+        # Compliance CSVs
+        for name in frameworks_avail:
+            compliance_obj = frameworks_bulk[name]

-            # TODO: Refactor the output classes to avoid this manual reset
-            writer._data = []
+            klass = GenericCompliance
+            for condition, cls in COMPLIANCE_CLASS_MAP.get(provider_type, []):
+                if condition(name):
+                    klass = cls
+                    break

-    # Compress output files
-    output_directory = _compress_output_files(output_directory)
+            filename = f"{comp_dir}_{name}.csv"

-    # Save to configured storage
-    uploaded = _upload_to_s3(tenant_id, output_directory, scan_id)
+            writer, initialization = get_writer(
+                compliance_writers,
+                name,
+                lambda klass=klass, fos=fos: klass(
+                    findings=fos,
+                    compliance=compliance_obj,
+                    file_path=filename,
+                    from_cli=False,
+                ),
+                is_last,
+            )
+            if not initialization:
+                writer.transform(fos, compliance_obj, name)
+            writer.batch_write_data_to_file()
+            writer._data.clear()

-    if uploaded:
-        # Remove the local files after upload
+    compressed = _compress_output_files(out_dir)
+    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)
+
+    if upload_uri:
        try:
-            rmtree(Path(output_directory).parent, ignore_errors=True)
-        except FileNotFoundError as e:
+            rmtree(Path(compressed).parent, ignore_errors=True)
+        except Exception as e:
            logger.error(f"Error deleting output files: {e}")
-
-        output_directory = uploaded
-        uploaded = True
+        final_location, did_upload = upload_uri, True
    else:
-        uploaded = False
+        final_location, did_upload = compressed, False

-    # Update the scan instance with the output path
-    Scan.all_objects.filter(id=scan_id).update(output_location=output_directory)
+    Scan.all_objects.filter(id=scan_id).update(output_location=final_location)
+    logger.info(f"Scan outputs at {final_location}")
+    return {"upload": did_upload}

-    logger.info(f"Scan output files generated, output location: {output_directory}")

-    return {"upload": uploaded}
+@shared_task(name="backfill-scan-resource-summaries", queue="backfill")
+def backfill_scan_resource_summaries_task(tenant_id: str, scan_id: str):
+    """
+    Tries to backfill the resource scan summaries table for a given scan.
+
+    Args:
+        tenant_id (str): The tenant identifier.
+        scan_id (str): The scan identifier.
+    """
+    return backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)
+
+
+@shared_task(base=RLSTask, name="scan-compliance-overviews")
+def create_compliance_requirements_task(tenant_id: str, scan_id: str):
+    """
+    Creates detailed compliance requirement records for a scan.
+
+    This task processes the compliance data collected during a scan and creates
+    individual records for each compliance requirement in each region. These detailed
+    records provide a granular view of compliance status.
+
+    Args:
+        tenant_id (str): The tenant ID for which to create records.
+        scan_id (str): The ID of the scan for which to create records.
+    """
+    return create_compliance_requirements(tenant_id=tenant_id, scan_id=scan_id)
@@ -0,0 +1,79 @@
+from uuid import uuid4
+
+import pytest
+from tasks.jobs.backfill import backfill_resource_scan_summaries
+
+from api.models import ResourceScanSummary, Scan, StateChoices
+
+
+@pytest.mark.django_db
+class TestBackfillResourceScanSummaries:
+    @pytest.fixture(scope="function")
+    def resource_scan_summary_data(self, scans_fixture):
+        scan = scans_fixture[0]
+        return ResourceScanSummary.objects.create(
+            tenant_id=scan.tenant_id,
+            scan_id=scan.id,
+            resource_id=str(uuid4()),
+            service="aws",
+            region="us-east-1",
+            resource_type="instance",
+        )
+
+    @pytest.fixture(scope="function")
+    def get_not_completed_scans(self, providers_fixture):
+        provider_id = providers_fixture[0].id
+        tenant_id = providers_fixture[0].tenant_id
+        scan_1 = Scan.objects.create(
+            tenant_id=tenant_id,
+            trigger=Scan.TriggerChoices.MANUAL,
+            state=StateChoices.EXECUTING,
+            provider_id=provider_id,
+        )
+        scan_2 = Scan.objects.create(
+            tenant_id=tenant_id,
+            trigger=Scan.TriggerChoices.MANUAL,
+            state=StateChoices.AVAILABLE,
+            provider_id=provider_id,
+        )
+        return scan_1, scan_2
+
+    def test_already_backfilled(self, resource_scan_summary_data):
+        tenant_id = resource_scan_summary_data.tenant_id
+        scan_id = resource_scan_summary_data.scan_id
+
+        result = backfill_resource_scan_summaries(tenant_id, scan_id)
+
+        assert result == {"status": "already backfilled"}
+
+    def test_not_completed_scan(self, get_not_completed_scans):
+        for scan_instance in get_not_completed_scans:
+            tenant_id = scan_instance.tenant_id
+            scan_id = scan_instance.id
+            result = backfill_resource_scan_summaries(tenant_id, scan_id)
+
+            assert result == {"status": "scan is not completed"}
+
+    def test_successful_backfill_inserts_one_summary(
+        self, resources_fixture, findings_fixture
+    ):
+        tenant_id = findings_fixture[0].tenant_id
+        scan_id = findings_fixture[0].scan_id
+
+        # This scan affects the first two resources
+        resources = resources_fixture[:2]
+
+        result = backfill_resource_scan_summaries(tenant_id, scan_id)
+        assert result == {"status": "backfilled", "inserted": len(resources)}
+
+        # Verify correct values
+        summaries = ResourceScanSummary.objects.filter(
+            tenant_id=tenant_id, scan_id=scan_id
+        )
+        assert summaries.count() == len(resources)
+        for resource in resources:
+            summary = summaries.get(resource_id=resource.id)
+            assert summary.resource_id == resource.id
+            assert summary.service == resource.service
+            assert summary.region == resource.region
+            assert summary.resource_type == resource.type
@@ -0,0 +1,147 @@
+import os
+import zipfile
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+import pytest
+from botocore.exceptions import ClientError
+from tasks.jobs.export import (
+    _compress_output_files,
+    _generate_output_directory,
+    _upload_to_s3,
+    get_s3_client,
+)
+
+
+@pytest.mark.django_db
+class TestOutputs:
+    def test_compress_output_files_creates_zip(self, tmpdir):
+        base_tmp = Path(str(tmpdir.mkdir("compress_output")))
+        output_dir = base_tmp / "output"
+        output_dir.mkdir()
+        file_path = output_dir / "result.csv"
+        file_path.write_text("data")
+
+        zip_path = _compress_output_files(str(output_dir))
+
+        assert zip_path.endswith(".zip")
+        assert os.path.exists(zip_path)
+        with zipfile.ZipFile(zip_path, "r") as zipf:
+            assert "output/result.csv" in zipf.namelist()
+
+    @patch("tasks.jobs.export.boto3.client")
+    @patch("tasks.jobs.export.settings")
+    def test_get_s3_client_success(self, mock_settings, mock_boto_client):
+        mock_settings.DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID = "test"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY = "test"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN = "token"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION = "eu-west-1"
+
+        client_mock = MagicMock()
+        mock_boto_client.return_value = client_mock
+
+        client = get_s3_client()
+        assert client is not None
+        client_mock.list_buckets.assert_called()
+
+    @patch("tasks.jobs.export.boto3.client")
+    @patch("tasks.jobs.export.settings")
+    def test_get_s3_client_fallback(self, mock_settings, mock_boto_client):
+        mock_boto_client.side_effect = [
+            ClientError({"Error": {"Code": "403"}}, "ListBuckets"),
+            MagicMock(),
+        ]
+        client = get_s3_client()
+        assert client is not None
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_success(self, mock_base, mock_get_client, tmpdir):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "test-bucket"
+
+        base_tmp = Path(str(tmpdir.mkdir("upload_success")))
+        zip_path = base_tmp / "outputs.zip"
+        zip_path.write_bytes(b"dummy")
+
+        compliance_dir = base_tmp / "compliance"
+        compliance_dir.mkdir()
+        (compliance_dir / "report.csv").write_text("ok")
+
+        client_mock = MagicMock()
+        mock_get_client.return_value = client_mock
+
+        result = _upload_to_s3("tenant-id", str(zip_path), "scan-id")
+
+        expected_uri = "s3://test-bucket/tenant-id/scan-id/outputs.zip"
+        assert result == expected_uri
+        assert client_mock.upload_file.call_count == 2
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_missing_bucket(self, mock_base, mock_get_client):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = ""
+        result = _upload_to_s3("tenant", "/tmp/fake.zip", "scan")
+        assert result is None
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_skips_non_files(self, mock_base, mock_get_client, tmpdir):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "test-bucket"
+        base_tmp = Path(str(tmpdir.mkdir("upload_skips_non_files")))
+
+        zip_path = base_tmp / "results.zip"
+        zip_path.write_bytes(b"zip")
+
+        compliance_dir = base_tmp / "compliance"
+        compliance_dir.mkdir()
+        (compliance_dir / "subdir").mkdir()
+
+        client_mock = MagicMock()
+        mock_get_client.return_value = client_mock
+
+        result = _upload_to_s3("tenant", str(zip_path), "scan")
+
+        expected_uri = "s3://test-bucket/tenant/scan/results.zip"
+        assert result == expected_uri
+        client_mock.upload_file.assert_called_once()
+
+    @patch(
+        "tasks.jobs.export.get_s3_client",
+        side_effect=ClientError({"Error": {}}, "Upload"),
+    )
+    @patch("tasks.jobs.export.base")
+    @patch("tasks.jobs.export.logger.error")
+    def test_upload_to_s3_failure_logs_error(
+        self, mock_logger, mock_base, mock_get_client, tmpdir
+    ):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "bucket"
+
+        base_tmp = Path(str(tmpdir.mkdir("upload_failure_logs")))
+        zip_path = base_tmp / "zipfile.zip"
+        zip_path.write_bytes(b"zip")
+
+        compliance_dir = base_tmp / "compliance"
+        compliance_dir.mkdir()
+        (compliance_dir / "report.csv").write_text("csv")
+
+        _upload_to_s3("tenant", str(zip_path), "scan")
+        mock_logger.assert_called()
+
+    def test_generate_output_directory_creates_paths(self, tmpdir):
+        from prowler.config.config import output_file_timestamp
+
+        base_tmp = Path(str(tmpdir.mkdir("generate_output")))
+        base_dir = str(base_tmp)
+        tenant_id = "t1"
+        scan_id = "s1"
+        provider = "aws"
+
+        path, compliance = _generate_output_directory(
+            base_dir, provider, tenant_id, scan_id
+        )
+
+        assert os.path.isdir(os.path.dirname(path))
+        assert os.path.isdir(os.path.dirname(compliance))
+
+        assert path.endswith(f"{provider}-{output_file_timestamp}")
+        assert compliance.endswith(f"{provider}-{output_file_timestamp}")
@@ -1,16 +1,19 @@
 import json
 import uuid
+from datetime import datetime
 from unittest.mock import MagicMock, patch

 import pytest
 from tasks.jobs.scan import (
    _create_finding_delta,
    _store_resources,
+    create_compliance_requirements,
    perform_prowler_scan,
 )
 from tasks.utils import CustomEncoder

 from api.models import (
+    ComplianceRequirementOverview,
    Finding,
    Provider,
    Resource,
@@ -206,6 +209,10 @@ class TestPerformScan:
        scan.refresh_from_db()
        assert scan.state == StateChoices.FAILED

+        provider.refresh_from_db()
+        assert provider.connected is False
+        assert isinstance(provider.connection_last_checked_at, datetime)
+
    @pytest.mark.parametrize(
        "last_status, new_status, expected_delta",
        [
@@ -230,7 +237,7 @@ class TestPerformScan:
    ):
        tenant_id = uuid.uuid4()
        provider_instance = MagicMock()
-        provider_instance.id = "provider456"
+        provider_instance.id = "provider123"

        finding = MagicMock()
        finding.resource_uid = "resource_uid_123"
@@ -245,15 +252,16 @@ class TestPerformScan:
        resource_instance.region = finding.region

        mock_get_or_create_resource.return_value = (resource_instance, True)
+
        tag_instance = MagicMock()
        mock_get_or_create_tag.return_value = (tag_instance, True)

        resource, resource_uid_tuple = _store_resources(
-            finding, tenant_id, provider_instance
+            finding, str(tenant_id), provider_instance
        )

        mock_get_or_create_resource.assert_called_once_with(
-            tenant_id=tenant_id,
+            tenant_id=str(tenant_id),
            provider=provider_instance,
            uid=finding.resource_uid,
            defaults={
@@ -300,11 +308,11 @@ class TestPerformScan:
        mock_get_or_create_tag.return_value = (tag_instance, True)

        resource, resource_uid_tuple = _store_resources(
-            finding, tenant_id, provider_instance
+            finding, str(tenant_id), provider_instance
        )

        mock_get_or_create_resource.assert_called_once_with(
-            tenant_id=tenant_id,
+            tenant_id=str(tenant_id),
            provider=provider_instance,
            uid=finding.resource_uid,
            defaults={
@@ -358,14 +366,14 @@ class TestPerformScan:
        ]

        resource, resource_uid_tuple = _store_resources(
-            finding, tenant_id, provider_instance
+            finding, str(tenant_id), provider_instance
        )

        mock_get_or_create_tag.assert_any_call(
-            tenant_id=tenant_id, key="tag1", value="value1"
+            tenant_id=str(tenant_id), key="tag1", value="value1"
        )
        mock_get_or_create_tag.assert_any_call(
-            tenant_id=tenant_id, key="tag2", value="value2"
+            tenant_id=str(tenant_id), key="tag2", value="value2"
        )
        resource_instance.upsert_or_delete_tags.assert_called_once()
        tags_passed = resource_instance.upsert_or_delete_tags.call_args[1]["tags"]
@@ -377,3 +385,808 @@ class TestPerformScan:


 # TODO Add tests for aggregations
+
+
+@pytest.mark.django_db
+class TestCreateComplianceRequirements:
+    def test_create_compliance_requirements_success(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+        findings_fixture,
+        resources_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch("tasks.jobs.scan.generate_scan_compliance"),
+            patch("tasks.jobs.scan.create_objects_in_batches") as mock_create_objects,
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.return_value = [
+                "us-east-1",
+                "us-west-2",
+            ]
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {
+                "cis_1.4_aws": {
+                    "framework": "CIS AWS Foundations Benchmark",
+                    "version": "1.4.0",
+                    "requirements": {
+                        "1.1": {
+                            "description": "Ensure root access key does not exist",
+                            "checks_status": {
+                                "pass": 0,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "PASS",
+                        },
+                        "1.2": {
+                            "description": "Ensure MFA is enabled for root account",
+                            "checks_status": {
+                                "pass": 0,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "FAIL",
+                        },
+                    },
+                },
+                "aws_account_security_onboarding_aws": {
+                    "framework": "AWS Account Security Onboarding",
+                    "version": "1.0",
+                    "requirements": {
+                        "requirement1": {
+                            "description": "Basic security requirement",
+                            "checks_status": {
+                                "pass": 1,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "PASS",
+                        },
+                    },
+                },
+            }
+
+            mock_findings_filter.return_value = []
+
+            result = create_compliance_requirements(tenant_id, scan_id)
+
+            assert "requirements_created" in result
+            assert "regions_processed" in result
+            assert "compliance_frameworks" in result
+            assert result["regions_processed"] == ["us-east-1", "us-west-2"]
+            assert result["requirements_created"] == 6
+            assert len(result["compliance_frameworks"]) == 2
+
+            mock_create_objects.assert_called_once()
+            call_args = mock_create_objects.call_args[0]
+            assert call_args[0] == tenant_id
+            assert call_args[1] == ComplianceRequirementOverview
+            assert len(call_args[2]) == 6
+
+            compliance_objects = call_args[2]
+            for obj in compliance_objects:
+                assert isinstance(obj, ComplianceRequirementOverview)
+                assert obj.tenant.id == tenant.id
+                assert obj.scan == scan
+                assert obj.region in ["us-east-1", "us-west-2"]
+                assert obj.compliance_id in [
+                    "cis_1.4_aws",
+                    "aws_account_security_onboarding_aws",
+                ]
+
+    def test_create_compliance_requirements_with_findings(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches"),
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_finding1 = MagicMock()
+            mock_finding1.check_id = "check1"
+            mock_finding1.status = "PASS"
+            mock_resource1 = MagicMock()
+            mock_resource1.region = "us-east-1"
+            mock_finding1.resources.all.return_value = [mock_resource1]
+
+            mock_finding2 = MagicMock()
+            mock_finding2.check_id = "check2"
+            mock_finding2.status = "FAIL"
+            mock_resource2 = MagicMock()
+            mock_resource2.region = "us-west-2"
+            mock_finding2.resources.all.return_value = [mock_resource2]
+
+            mock_findings_filter.return_value = [mock_finding1, mock_finding2]
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.return_value = [
+                "us-east-1",
+                "us-west-2",
+            ]
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {"check_1": None},
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 3,
+                            },
+                            "status": "FAIL",
+                        },
+                        "req_2": {
+                            "description": "Test Requirement 2",
+                            "checks": {"check_2": None},
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "PASS",
+                        },
+                    },
+                }
+            }
+
+            result = create_compliance_requirements(tenant_id, scan_id)
+
+            mock_findings_filter.assert_called_once_with(scan_id=scan_id, muted=False)
+            assert mock_generate_compliance.call_count == 2
+            assert result["requirements_created"] == 4
+            assert set(result["regions_processed"]) == {"us-east-1", "us-west-2"}
+
+    def test_create_compliance_requirements_no_provider_regions(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch("tasks.jobs.scan.generate_scan_compliance"),
+            patch("tasks.jobs.scan.create_objects_in_batches"),
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.KUBERNETES
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_finding = MagicMock()
+            mock_finding.check_id = "check1"
+            mock_finding.status = "PASS"
+            mock_resource = MagicMock()
+            mock_resource.region = "default"
+            mock_finding.resources.all.return_value = [mock_resource]
+            mock_findings_filter.return_value = [mock_finding]
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.side_effect = AttributeError(
+                "No get_regions method"
+            )
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {
+                "kubernetes_cis": {
+                    "framework": "CIS Kubernetes Benchmark",
+                    "version": "1.6.0",
+                    "requirements": {
+                        "1.1": {
+                            "description": "Test requirement",
+                            "checks_status": {
+                                "pass": 0,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "PASS",
+                        },
+                    },
+                },
+            }
+
+            result = create_compliance_requirements(tenant_id, scan_id)
+
+            assert result["regions_processed"] == ["default"]
+
+    def test_create_compliance_requirements_empty_findings(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches"),
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_findings_filter.return_value = []
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.return_value = ["us-east-1"]
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {
+                "cis_1.4_aws": {
+                    "framework": "CIS AWS Foundations Benchmark",
+                    "version": "1.4.0",
+                    "requirements": {
+                        "1.1": {
+                            "description": "Test requirement",
+                            "checks_status": {
+                                "pass": 0,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "PASS",
+                        },
+                    },
+                },
+            }
+
+            mock_findings_filter.return_value = []
+
+            result = create_compliance_requirements(tenant_id, scan_id)
+
+            assert result["regions_processed"] == ["us-east-1"]
+            assert result["requirements_created"] == 1
+            mock_generate_compliance.assert_not_called()
+
+    def test_create_compliance_requirements_error_handling(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_initialize_prowler_provider.side_effect = Exception(
+                "Provider initialization failed"
+            )
+
+            with pytest.raises(Exception, match="Provider initialization failed"):
+                create_compliance_requirements(tenant_id, scan_id)
+
+    def test_create_compliance_requirements_muted_findings_excluded(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch("tasks.jobs.scan.generate_scan_compliance"),
+            patch("tasks.jobs.scan.create_objects_in_batches"),
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_findings_filter.return_value = []
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.return_value = ["us-east-1"]
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {}
+
+            mock_findings_filter.return_value = []
+
+            create_compliance_requirements(tenant_id, scan_id)
+
+            mock_findings_filter.assert_called_once_with(scan_id=scan_id, muted=False)
+
+    def test_create_compliance_requirements_check_status_priority(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches"),
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            provider = providers_fixture[0]
+
+            provider.provider = Provider.ProviderChoices.AWS
+            provider.save()
+            scan.provider = provider
+            scan.save()
+
+            tenant_id = str(tenant.id)
+            scan_id = str(scan.id)
+
+            mock_finding1 = MagicMock()
+            mock_finding1.check_id = "check1"
+            mock_finding1.status = "PASS"
+            mock_resource1 = MagicMock()
+            mock_resource1.region = "us-east-1"
+            mock_finding1.resources.all.return_value = [mock_resource1]
+
+            mock_finding2 = MagicMock()
+            mock_finding2.check_id = "check1"
+            mock_finding2.status = "FAIL"
+            mock_resource2 = MagicMock()
+            mock_resource2.region = "us-east-1"
+            mock_finding2.resources.all.return_value = [mock_resource2]
+
+            mock_findings_filter.return_value = [mock_finding1, mock_finding2]
+
+            mock_prowler_provider_instance = MagicMock()
+            mock_prowler_provider_instance.get_regions.return_value = ["us-east-1"]
+            mock_initialize_prowler_provider.return_value = (
+                mock_prowler_provider_instance
+            )
+
+            mock_compliance_template.__getitem__.return_value = {
+                "cis_1.4_aws": {
+                    "framework": "CIS AWS Foundations Benchmark",
+                    "version": "1.4.0",
+                    "requirements": {
+                        "1.1": {
+                            "description": "Test requirement",
+                            "checks_status": {
+                                "pass": 0,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 1,
+                            },
+                            "status": "PASS",
+                        },
+                    },
+                },
+            }
+
+            create_compliance_requirements(tenant_id, scan_id)
+
+            assert mock_generate_compliance.call_count == 1
+
+    def test_compliance_overview_aggregation_requirement_fail_priority(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches") as mock_create_objects,
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            providers_fixture[0]
+
+            mock_findings_filter.return_value = []
+
+            mock_prowler_provider = MagicMock()
+            mock_prowler_provider.get_regions.return_value = [
+                "us-east-1",
+                "us-west-2",
+                "eu-west-1",
+            ]
+            mock_initialize_prowler_provider.return_value = mock_prowler_provider
+
+            mock_compliance_template.__getitem__.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {"check_1": None},
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 3,
+                            },
+                            "status": "FAIL",
+                        }
+                    },
+                }
+            }
+
+            mock_generate_compliance.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {
+                                "check_1": {
+                                    "us-east-1": {"status": "PASS"},
+                                    "us-west-2": {"status": "FAIL"},
+                                    "eu-west-1": {"status": "PASS"},
+                                }
+                            },
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 3,
+                            },
+                            "status": "FAIL",
+                        }
+                    },
+                }
+            }
+
+            created_objects = []
+            mock_create_objects.side_effect = (
+                lambda tenant_id, model, objs, batch_size=500: created_objects.extend(
+                    objs
+                )
+            )
+
+            create_compliance_requirements(str(tenant.id), str(scan.id))
+
+            assert len(created_objects) == 3
+            assert all(obj.requirement_status == "FAIL" for obj in created_objects)
+
+    def test_compliance_overview_aggregation_requirement_pass_all_regions(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches") as mock_create_objects,
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            providers_fixture[0]
+
+            mock_findings_filter.return_value = []
+
+            mock_prowler_provider = MagicMock()
+            mock_prowler_provider.get_regions.return_value = ["us-east-1", "us-west-2"]
+            mock_initialize_prowler_provider.return_value = mock_prowler_provider
+
+            mock_compliance_template.__getitem__.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {"check_1": None},
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "PASS",
+                        }
+                    },
+                }
+            }
+
+            mock_generate_compliance.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {
+                                "check_1": {
+                                    "us-east-1": {"status": "PASS"},
+                                    "us-west-2": {"status": "PASS"},
+                                }
+                            },
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "PASS",
+                        }
+                    },
+                }
+            }
+
+            created_objects = []
+            mock_create_objects.side_effect = (
+                lambda tenant_id, model, objs, batch_size=500: created_objects.extend(
+                    objs
+                )
+            )
+
+            create_compliance_requirements(str(tenant.id), str(scan.id))
+
+            assert len(created_objects) == 2
+            assert all(obj.requirement_status == "PASS" for obj in created_objects)
+
+    def test_compliance_overview_aggregation_multiple_requirements_mixed_status(
+        self,
+        tenants_fixture,
+        scans_fixture,
+        providers_fixture,
+    ):
+        with (
+            patch("api.db_utils.rls_transaction"),
+            patch(
+                "tasks.jobs.scan.initialize_prowler_provider"
+            ) as mock_initialize_prowler_provider,
+            patch(
+                "tasks.jobs.scan.PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE"
+            ) as mock_compliance_template,
+            patch(
+                "tasks.jobs.scan.generate_scan_compliance"
+            ) as mock_generate_compliance,
+            patch("tasks.jobs.scan.create_objects_in_batches") as mock_create_objects,
+            patch("api.models.Finding.objects.filter") as mock_findings_filter,
+        ):
+            tenant = tenants_fixture[0]
+            scan = scans_fixture[0]
+            providers_fixture[0]
+
+            mock_findings_filter.return_value = []
+
+            mock_prowler_provider = MagicMock()
+            mock_prowler_provider.get_regions.return_value = ["us-east-1", "us-west-2"]
+            mock_initialize_prowler_provider.return_value = mock_prowler_provider
+
+            mock_compliance_template.__getitem__.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {"check_1": None},
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "PASS",
+                        },
+                        "req_2": {
+                            "description": "Test Requirement 2",
+                            "checks": {"check_2": None},
+                            "checks_status": {
+                                "pass": 1,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "FAIL",
+                        },
+                    },
+                }
+            }
+
+            mock_generate_compliance.return_value = {
+                "test_compliance": {
+                    "framework": "Test Framework",
+                    "version": "1.0",
+                    "requirements": {
+                        "req_1": {
+                            "description": "Test Requirement 1",
+                            "checks": {
+                                "check_1": {
+                                    "us-east-1": {"status": "PASS"},
+                                    "us-west-2": {"status": "PASS"},
+                                }
+                            },
+                            "checks_status": {
+                                "pass": 2,
+                                "fail": 0,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "PASS",
+                        },
+                        "req_2": {
+                            "description": "Test Requirement 2",
+                            "checks": {
+                                "check_2": {
+                                    "us-east-1": {"status": "PASS"},
+                                    "us-west-2": {"status": "FAIL"},
+                                }
+                            },
+                            "checks_status": {
+                                "pass": 1,
+                                "fail": 1,
+                                "manual": 0,
+                                "total": 2,
+                            },
+                            "status": "FAIL",
+                        },
+                    },
+                }
+            }
+
+            created_objects = []
+            mock_create_objects.side_effect = (
+                lambda tenant_id, model, objs, batch_size=500: created_objects.extend(
+                    objs
+                )
+            )
+
+            create_compliance_requirements(str(tenant.id), str(scan.id))
+
+            assert len(created_objects) == 4
+            req_1_objects = [
+                obj for obj in created_objects if obj.requirement_id == "req_1"
+            ]
+            req_2_objects = [
+                obj for obj in created_objects if obj.requirement_id == "req_2"
+            ]
+            assert len(req_1_objects) == 2
+            assert len(req_2_objects) == 2
+            assert all(obj.requirement_status == "PASS" for obj in req_1_objects)
+            assert all(obj.requirement_status == "FAIL" for obj in req_2_objects)
@@ -0,0 +1,415 @@
+import uuid
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+import pytest
+from tasks.tasks import generate_outputs
+
+
+@pytest.mark.django_db
+class TestGenerateOutputs:
+    def setup_method(self):
+        self.scan_id = str(uuid.uuid4())
+        self.provider_id = str(uuid.uuid4())
+        self.tenant_id = str(uuid.uuid4())
+
+    def test_no_findings_returns_early(self):
+        with patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter:
+            mock_filter.return_value.exists.return_value = False
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": False}
+            mock_filter.assert_called_once_with(scan_id=self.scan_id)
+
+    @patch("tasks.tasks.rmtree")
+    @patch("tasks.tasks._upload_to_s3")
+    @patch("tasks.tasks._compress_output_files")
+    @patch("tasks.tasks.get_compliance_frameworks")
+    @patch("tasks.tasks.Compliance.get_bulk")
+    @patch("tasks.tasks.initialize_prowler_provider")
+    @patch("tasks.tasks.Provider.objects.get")
+    @patch("tasks.tasks.ScanSummary.objects.filter")
+    @patch("tasks.tasks.Finding.all_objects.filter")
+    def test_generate_outputs_happy_path(
+        self,
+        mock_finding_filter,
+        mock_scan_summary_filter,
+        mock_provider_get,
+        mock_initialize_provider,
+        mock_compliance_get_bulk,
+        mock_get_available_frameworks,
+        mock_compress,
+        mock_upload,
+        mock_rmtree,
+    ):
+        mock_scan_summary_filter.return_value.exists.return_value = True
+
+        mock_provider = MagicMock()
+        mock_provider.uid = "provider-uid"
+        mock_provider.provider = "aws"
+        mock_provider_get.return_value = mock_provider
+
+        prowler_provider = MagicMock()
+        mock_initialize_provider.return_value = prowler_provider
+
+        mock_compliance_get_bulk.return_value = {"cis": MagicMock()}
+        mock_get_available_frameworks.return_value = ["cis"]
+
+        dummy_finding = MagicMock(uid="f1")
+        mock_finding_filter.return_value.order_by.return_value.iterator.return_value = [
+            [dummy_finding],
+            True,
+        ]
+
+        mock_transformed_stats = {"some": "stats"}
+        with (
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value=mock_transformed_stats,
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value={"transformed": "f1"},
+            ),
+            patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": MagicMock(name="JSONWriter"),
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda x: True, MagicMock(name="CSVCompliance"))]},
+            ),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("out-dir", "comp-dir"),
+            ),
+            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
+        ):
+            mock_compress.return_value = "/tmp/zipped.zip"
+            mock_upload.return_value = "s3://bucket/zipped.zip"
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": True}
+            mock_scan_update.return_value.update.assert_called_once_with(
+                output_location="s3://bucket/zipped.zip"
+            )
+            mock_rmtree.assert_called_once_with(
+                Path("/tmp/zipped.zip").parent, ignore_errors=True
+            )
+
+    def test_generate_outputs_fails_upload(self):
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk"),
+            patch("tasks.tasks.get_compliance_frameworks"),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch("tasks.tasks.FindingOutput.transform_api_finding"),
+            patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": MagicMock(name="Writer"),
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda x: True, MagicMock())]},
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value=None),
+            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            result = generate_outputs(
+                scan_id="scan",
+                provider_id="provider",
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": False}
+            mock_scan_update.return_value.update.assert_called_once()
+
+    def test_generate_outputs_triggers_html_extra_update(self):
+        mock_finding_output = MagicMock()
+        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value={"some": "stats"},
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value=mock_finding_output,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/f.zip"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            html_writer_mock = MagicMock()
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "html": {
+                            "class": lambda *args, **kwargs: html_writer_mock,
+                            "suffix": ".html",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                generate_outputs(
+                    scan_id=self.scan_id,
+                    provider_id=self.provider_id,
+                    tenant_id=self.tenant_id,
+                )
+                html_writer_mock.batch_write_data_to_file.assert_called_once()
+
+    def test_transform_called_only_on_second_batch(self):
+        raw1 = MagicMock()
+        raw2 = MagicMock()
+
+        tf1 = MagicMock()
+        tf1.compliance = {}
+        tf2 = MagicMock()
+        tf2.compliance = {}
+
+        writer_instances = []
+
+        class TrackingWriter:
+            def __init__(self, findings, file_path, file_extension, from_cli):
+                self.transform_called = 0
+                self.batch_write_data_to_file = MagicMock()
+                self._data = []
+                self.close_file = False
+                writer_instances.append(self)
+
+            def transform(self, fos):
+                self.transform_called += 1
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk"),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=[]),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                side_effect=[tf1, tf2],
+            ),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("outdir", "compdir"),
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+            patch(
+                "tasks.tasks.batched",
+                return_value=[
+                    ([raw1], False),
+                    ([raw2], True),
+                ],
+            ),
+        ):
+            mock_summary.return_value.exists.return_value = True
+
+            with patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": TrackingWriter,
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ):
+                result = generate_outputs(
+                    scan_id=self.scan_id,
+                    provider_id=self.provider_id,
+                    tenant_id=self.tenant_id,
+                )
+
+        assert result == {"upload": True}
+        assert len(writer_instances) == 1
+        writer = writer_instances[0]
+        assert writer.transform_called == 1
+
+    def test_compliance_transform_called_on_second_batch(self):
+        raw1 = MagicMock()
+        raw2 = MagicMock()
+        compliance_obj = MagicMock()
+        writer_instances = []
+
+        class TrackingComplianceWriter:
+            def __init__(self, *args, **kwargs):
+                self.transform_calls = []
+                self._data = []
+                writer_instances.append(self)
+
+            def transform(self, fos, comp_obj, name):
+                self.transform_calls.append((fos, comp_obj, name))
+
+            def batch_write_data_to_file(self):
+                pass
+
+        two_batches = [
+            ([raw1], False),
+            ([raw2], True),
+        ]
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
+            patch(
+                "tasks.tasks.Provider.objects.get",
+                return_value=MagicMock(uid="UID", provider="aws"),
+            ),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch(
+                "tasks.tasks.Compliance.get_bulk", return_value={"cis": compliance_obj}
+            ),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("outdir", "compdir"),
+            ),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                side_effect=lambda f, prov: f,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
+            patch(
+                "tasks.tasks.Scan.all_objects.filter",
+                return_value=MagicMock(update=lambda **kw: None),
+            ),
+            patch("tasks.tasks.batched", return_value=two_batches),
+            patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda name: True, TrackingComplianceWriter)]},
+            ),
+        ):
+            mock_summary.return_value.exists.return_value = True
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+        assert len(writer_instances) == 1
+        writer = writer_instances[0]
+        assert writer.transform_calls == [([raw2], compliance_obj, "cis")]
+        assert result == {"upload": True}
+
+    def test_generate_outputs_logs_rmtree_exception(self, caplog):
+        mock_finding_output = MagicMock()
+        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value={"some": "stats"},
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value=mock_finding_output,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/file.zip"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+            patch("tasks.tasks.rmtree", side_effect=Exception("Test deletion error")),
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "json": {
+                            "class": lambda *args, **kwargs: MagicMock(),
+                            "suffix": ".json",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                with caplog.at_level("ERROR"):
+                    generate_outputs(
+                        scan_id=self.scan_id,
+                        provider_id=self.provider_id,
+                        tenant_id=self.tenant_id,
+                    )
+                    assert "Error deleting output files" in caplog.text
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 import argparse
+import os
 import re
 import subprocess
 import sys
@@ -122,8 +123,7 @@ def main() -> None:
    args = parser.parse_args()

    metrics_dir = Path(args.metrics_dir)
-    if not metrics_dir.is_dir():
-        sys.exit(f"Metrics directory not found: {metrics_dir}")
+    os.makedirs(metrics_dir, exist_ok=True)

    metrics_data: dict[str, pd.DataFrame] = {}
    for csv_file in sorted(metrics_dir.glob("*.csv")):
@@ -1,2 +1,3 @@
 locust==2.34.1
 matplotlib==3.10.1
+pandas==2.2.3
@@ -180,13 +180,27 @@ class APIUser(APIUserBase):
        )

        endpoint = (
-            f"/findings?filter[{filter_name}]={filter_value}"
+            f"/findings/metadata?filter[{filter_name}]={filter_value}"
            f"&filter[inserted_at]={TARGET_INSERTED_AT}"
            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
        )
        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)

-    @task
+    @task(3)
+    def findings_metadata_resource_filter_scan_large(self):
+        name = "/findings/metadata?filter[resource_filter]&filter[scan_id] - 500k"
+        filter_name, filter_value = get_next_resource_filter(
+            self.available_resource_filters
+        )
+
+        endpoint = (
+            f"/findings/metadata?filter[{filter_name}]={filter_value}"
+            f"&filter[scan]={self.l_scan_id}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task(2)
    def findings_resource_filter_large_scan_include(self):
        name = "/findings?filter[resource_filter][scan]&include - 500k"
        filter_name, filter_value = get_next_resource_filter(
@@ -161,7 +161,7 @@ def update_nav_bar(pathname):
                            html.Span(
                                [
                                    html.Img(src="assets/favicon.ico", className="w-5"),
-                                    "Subscribe to prowler SaaS",
+                                    "Subscribe to Prowler Cloud",
                                ],
                                className="flex items-center gap-x-3 text-white",
                            ),
@@ -1361,6 +1361,9 @@ video {
  .lg\:grid-cols-4 {
    grid-template-columns: repeat(4, minmax(0, 1fr));
  }
+  .lg\:grid-cols-5 {
+    grid-template-columns: repeat(5, minmax(0, 1fr));
+  }

  .lg\:justify-normal {
    justify-content: normal;
@@ -1403,4 +1406,4 @@ video {
  .\32xl\:w-\[9\%\] {
    width: 9%;
  }
-}
+}
@@ -2569,6 +2569,356 @@ def get_section_containers_3_levels(data, section_1, section_2, section_3):
    return html.Div(section_containers, className="compliance-data-layout")


+def get_section_containers_threatscore(data, section_1, section_2, section_3):
+    data["STATUS"] = data["STATUS"].apply(map_status_to_icon)
+    findings_counts_marco = (
+        data.groupby([section_1, "STATUS"]).size().unstack(fill_value=0)
+    )
+    section_containers = []
+    data[section_1] = data[section_1].astype(str)
+    data[section_2] = data[section_2].astype(str)
+    data[section_3] = data[section_3].astype(str)
+
+    data.sort_values(
+        by=section_3,
+        key=lambda x: x.map(extract_numeric_values),
+        ascending=True,
+        inplace=True,
+    )
+
+    for marco in data[section_1].unique():
+        success_marco = findings_counts_marco.loc[marco].get(pass_emoji, 0)
+        failed_marco = findings_counts_marco.loc[marco].get(fail_emoji, 0)
+
+        fig_name = go.Figure(
+            [
+                go.Bar(
+                    name="Failed",
+                    x=[failed_marco],
+                    y=[""],
+                    orientation="h",
+                    marker=dict(color="#e77676"),
+                    width=[0.8],
+                ),
+                go.Bar(
+                    name="Success",
+                    x=[success_marco],
+                    y=[""],
+                    orientation="h",
+                    marker=dict(color="#45cc6e"),
+                    width=[0.8],
+                ),
+            ]
+        )
+        fig_name.update_layout(
+            barmode="stack",
+            margin=dict(l=10, r=10, t=10, b=10),
+            paper_bgcolor="rgba(0,0,0,0)",
+            plot_bgcolor="rgba(0,0,0,0)",
+            showlegend=False,
+            width=350,
+            height=30,
+            xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+            yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+            annotations=[
+                dict(
+                    x=success_marco + failed_marco,
+                    y=0,
+                    xref="x",
+                    yref="y",
+                    text=str(success_marco),
+                    showarrow=False,
+                    font=dict(color="#45cc6e", size=14),
+                    xanchor="left",
+                    yanchor="middle",
+                ),
+                dict(
+                    x=0,
+                    y=0,
+                    xref="x",
+                    yref="y",
+                    text=str(failed_marco),
+                    showarrow=False,
+                    font=dict(color="#e77676", size=14),
+                    xanchor="right",
+                    yanchor="middle",
+                ),
+            ],
+        )
+        fig_name.add_annotation(
+            x=failed_marco,
+            y=0.3,
+            text="|",
+            showarrow=False,
+            font=dict(size=20),
+            xanchor="center",
+            yanchor="middle",
+        )
+
+        graph_div = html.Div(
+            dcc.Graph(
+                figure=fig_name, config={"staticPlot": True}, className="info-bar"
+            ),
+            className="graph-section",
+        )
+        direct_internal_items = []
+
+        for categoria in data[data[section_1] == marco][section_2].unique():
+            specific_data = data[
+                (data[section_1] == marco) & (data[section_2] == categoria)
+            ]
+            findings_counts_categoria = (
+                specific_data.groupby([section_2, "STATUS"])
+                .size()
+                .unstack(fill_value=0)
+            )
+            success_categoria = findings_counts_categoria.loc[categoria].get(
+                pass_emoji, 0
+            )
+            failed_categoria = findings_counts_categoria.loc[categoria].get(
+                fail_emoji, 0
+            )
+
+            fig_section = go.Figure(
+                [
+                    go.Bar(
+                        name="Failed",
+                        x=[failed_categoria],
+                        y=[""],
+                        orientation="h",
+                        marker=dict(color="#e77676"),
+                        width=[0.8],
+                    ),
+                    go.Bar(
+                        name="Success",
+                        x=[success_categoria],
+                        y=[""],
+                        orientation="h",
+                        marker=dict(color="#45cc6e"),
+                        width=[0.8],
+                    ),
+                ]
+            )
+            fig_section.update_layout(
+                barmode="stack",
+                margin=dict(l=10, r=10, t=10, b=10),
+                paper_bgcolor="rgba(0,0,0,0)",
+                plot_bgcolor="rgba(0,0,0,0)",
+                showlegend=False,
+                width=350,
+                height=30,
+                xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+                yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+                annotations=[
+                    dict(
+                        x=success_categoria + failed_categoria,
+                        y=0,
+                        xref="x",
+                        yref="y",
+                        text=str(success_categoria),
+                        showarrow=False,
+                        font=dict(color="#45cc6e", size=14),
+                        xanchor="left",
+                        yanchor="middle",
+                    ),
+                    dict(
+                        x=0,
+                        y=0,
+                        xref="x",
+                        yref="y",
+                        text=str(failed_categoria),
+                        showarrow=False,
+                        font=dict(color="#e77676", size=14),
+                        xanchor="right",
+                        yanchor="middle",
+                    ),
+                ],
+            )
+            fig_section.add_annotation(
+                x=failed_categoria,
+                y=0.3,
+                text="|",
+                showarrow=False,
+                font=dict(size=20),
+                xanchor="center",
+                yanchor="middle",
+            )
+
+            graph_div_section = html.Div(
+                dcc.Graph(
+                    figure=fig_section,
+                    config={"staticPlot": True},
+                    className="info-bar-child",
+                ),
+                className="graph-section-req",
+            )
+            direct_internal_items_idgrupocontrol = []
+
+            for idgrupocontrol in specific_data[section_3].unique():
+                specific_data2 = specific_data[
+                    specific_data[section_3] == idgrupocontrol
+                ]
+                findings_counts_idgrupocontrol = (
+                    specific_data2.groupby([section_3, "STATUS"])
+                    .size()
+                    .unstack(fill_value=0)
+                )
+                success_idgrupocontrol = findings_counts_idgrupocontrol.loc[
+                    idgrupocontrol
+                ].get(pass_emoji, 0)
+                failed_idgrupocontrol = findings_counts_idgrupocontrol.loc[
+                    idgrupocontrol
+                ].get(fail_emoji, 0)
+
+                fig_idgrupocontrol = go.Figure(
+                    [
+                        go.Bar(
+                            name="Failed",
+                            x=[failed_idgrupocontrol],
+                            y=[""],
+                            orientation="h",
+                            marker=dict(color="#e77676"),
+                            width=[0.8],
+                        ),
+                        go.Bar(
+                            name="Success",
+                            x=[success_idgrupocontrol],
+                            y=[""],
+                            orientation="h",
+                            marker=dict(color="#45cc6e"),
+                            width=[0.8],
+                        ),
+                    ]
+                )
+                fig_idgrupocontrol.update_layout(
+                    barmode="stack",
+                    margin=dict(l=10, r=10, t=10, b=10),
+                    paper_bgcolor="rgba(0,0,0,0)",
+                    plot_bgcolor="rgba(0,0,0,0)",
+                    showlegend=False,
+                    width=350,
+                    height=30,
+                    xaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+                    yaxis=dict(showticklabels=False, showgrid=False, zeroline=False),
+                    annotations=[
+                        dict(
+                            x=success_idgrupocontrol + failed_idgrupocontrol,
+                            y=0,
+                            xref="x",
+                            yref="y",
+                            text=str(success_idgrupocontrol),
+                            showarrow=False,
+                            font=dict(color="#45cc6e", size=14),
+                            xanchor="left",
+                            yanchor="middle",
+                        ),
+                        dict(
+                            x=0,
+                            y=0,
+                            xref="x",
+                            yref="y",
+                            text=str(failed_idgrupocontrol),
+                            showarrow=False,
+                            font=dict(color="#e77676", size=14),
+                            xanchor="right",
+                            yanchor="middle",
+                        ),
+                    ],
+                )
+                fig_idgrupocontrol.add_annotation(
+                    x=failed_idgrupocontrol,
+                    y=0.3,
+                    text="|",
+                    showarrow=False,
+                    font=dict(size=20),
+                    xanchor="center",
+                    yanchor="middle",
+                )
+
+                graph_div_idgrupocontrol = html.Div(
+                    dcc.Graph(
+                        figure=fig_idgrupocontrol,
+                        config={"staticPlot": True},
+                        className="info-bar-child",
+                    ),
+                    className="graph-section-req",
+                )
+
+                data_table = dash_table.DataTable(
+                    data=specific_data2.to_dict("records"),
+                    columns=[
+                        {"name": i, "id": i}
+                        for i in [
+                            "CHECKID",
+                            "STATUS",
+                            "REGION",
+                            "ACCOUNTID",
+                            "RESOURCEID",
+                        ]
+                    ],
+                    style_table={"overflowX": "auto"},
+                    style_as_list_view=True,
+                    style_cell={"textAlign": "left", "padding": "5px"},
+                )
+
+                title_internal = f"{idgrupocontrol} - {specific_data2['REQUIREMENTS_DESCRIPTION'].iloc[0]}"
+
+                # Cut the title if it's too long
+                title_internal = (
+                    title_internal[:130] + " ..."
+                    if len(title_internal) > 130
+                    else title_internal
+                )
+
+                internal_accordion_item_2 = dbc.AccordionItem(
+                    title=title_internal,
+                    children=[
+                        graph_div_idgrupocontrol,
+                        html.Div([data_table], className="inner-accordion-content"),
+                    ],
+                )
+                direct_internal_items_idgrupocontrol.append(
+                    html.Div(
+                        [
+                            graph_div_idgrupocontrol,
+                            dbc.Accordion(
+                                [internal_accordion_item_2],
+                                start_collapsed=True,
+                                flush=True,
+                            ),
+                        ],
+                        className="accordion-inner--child",
+                    )
+                )
+
+            internal_accordion_item = dbc.AccordionItem(
+                title=categoria,
+                children=direct_internal_items_idgrupocontrol,
+            )
+            internal_section_container = html.Div(
+                [
+                    graph_div_section,
+                    dbc.Accordion(
+                        [internal_accordion_item], start_collapsed=True, flush=True
+                    ),
+                ],
+                className="accordion-inner--child",
+            )
+            direct_internal_items.append(internal_section_container)
+
+        accordion_item = dbc.AccordionItem(title=marco, children=direct_internal_items)
+        section_container = html.Div(
+            [
+                graph_div,
+                dbc.Accordion([accordion_item], start_collapsed=True, flush=True),
+            ],
+            className="accordion-inner",
+        )
+        section_containers.append(section_container)
+
+    return html.Div(section_containers, className="compliance-data-layout")
+
+
 # This function extracts and compares up to two numeric values, ensuring correct sorting for version-like strings.
 def extract_numeric_values(value):
    numbers = re.findall(r"\d+", str(value))
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,43 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_3_levels
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    data["REQUIREMENTS_DESCRIPTION"] = (
+        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
+    )
+
+    data["REQUIREMENTS_DESCRIPTION"] = data["REQUIREMENTS_DESCRIPTION"].apply(
+        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
+    )
+
+    data["REQUIREMENTS_ATTRIBUTES_SECTION"] = data[
+        "REQUIREMENTS_ATTRIBUTES_SECTION"
+    ].apply(lambda x: x[:80] + "..." if len(str(x)) > 80 else x)
+
+    data["REQUIREMENTS_ATTRIBUTES_SUBSECTION"] = data[
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION"
+    ].apply(lambda x: x[:150] + "..." if len(str(x)) > 150 else x)
+
+    aux = data[
+        [
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+
+    return get_section_containers_3_levels(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_DESCRIPTION",
+    )
@@ -0,0 +1,43 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_3_levels
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    data["REQUIREMENTS_DESCRIPTION"] = (
+        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
+    )
+
+    data["REQUIREMENTS_DESCRIPTION"] = data["REQUIREMENTS_DESCRIPTION"].apply(
+        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
+    )
+
+    data["REQUIREMENTS_ATTRIBUTES_SECTION"] = data[
+        "REQUIREMENTS_ATTRIBUTES_SECTION"
+    ].apply(lambda x: x[:80] + "..." if len(str(x)) > 80 else x)
+
+    data["REQUIREMENTS_ATTRIBUTES_SUBSECTION"] = data[
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION"
+    ].apply(lambda x: x[:150] + "..." if len(str(x)) > 150 else x)
+
+    aux = data[
+        [
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ]
+
+    return get_section_containers_3_levels(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_DESCRIPTION",
+    )
@@ -1,6 +1,6 @@
 import warnings

-from dashboard.common_methods import get_section_containers_cis
+from dashboard.common_methods import get_section_containers_threatscore

 warnings.filterwarnings("ignore")

@@ -11,6 +11,7 @@ def get_table(data):
            "REQUIREMENTS_ID",
            "REQUIREMENTS_DESCRIPTION",
            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
            "CHECKID",
            "STATUS",
            "REGION",
@@ -19,6 +20,9 @@ def get_table(data):
        ]
    ].copy()

-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    return get_section_containers_threatscore(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_ID",
    )
@@ -1,6 +1,6 @@
 import warnings

-from dashboard.common_methods import get_section_containers_cis
+from dashboard.common_methods import get_section_containers_threatscore

 warnings.filterwarnings("ignore")

@@ -11,6 +11,7 @@ def get_table(data):
            "REQUIREMENTS_ID",
            "REQUIREMENTS_DESCRIPTION",
            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
            "CHECKID",
            "STATUS",
            "REGION",
@@ -19,6 +20,9 @@ def get_table(data):
        ]
    ].copy()

-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    return get_section_containers_threatscore(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_ID",
    )
@@ -1,6 +1,6 @@
 import warnings

-from dashboard.common_methods import get_section_containers_cis
+from dashboard.common_methods import get_section_containers_threatscore

 warnings.filterwarnings("ignore")

@@ -11,6 +11,7 @@ def get_table(data):
            "REQUIREMENTS_ID",
            "REQUIREMENTS_DESCRIPTION",
            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
            "CHECKID",
            "STATUS",
            "REGION",
@@ -19,6 +20,9 @@ def get_table(data):
        ]
    ].copy()

-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    return get_section_containers_threatscore(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_ID",
    )
@@ -0,0 +1,28 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_threatscore
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_threatscore(
+        aux,
+        "REQUIREMENTS_ATTRIBUTES_SECTION",
+        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
+        "REQUIREMENTS_ID",
+    )
@@ -57,8 +57,9 @@ def create_layout_overview(
                    html.Div(className="flex", id="azure_card", n_clicks=0),
                    html.Div(className="flex", id="gcp_card", n_clicks=0),
                    html.Div(className="flex", id="k8s_card", n_clicks=0),
+                    html.Div(className="flex", id="m365_card", n_clicks=0),
                ],
-                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-4",
+                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-5",
            ),
            html.H4(
                "Count of Findings by severity",
@@ -89,12 +90,28 @@ def create_layout_overview(
                    ),
                    html.Div(
                        [
-                            (
-                                html.Label(
-                                    "Table Rows:",
-                                    className="text-prowler-stone-900 font-bold text-sm",
-                                    style={"margin-right": "10px"},
-                                )
+                            html.Label(
+                                "Search:",
+                                className="text-prowler-stone-900 font-bold text-sm",
+                                style={"margin-right": "10px"},
+                            ),
+                            dcc.Input(
+                                id="search-input",
+                                type="text",
+                                placeholder="Search by check title, service, region...",
+                                debounce=True,
+                                style={
+                                    "padding": "4px 8px",
+                                    "border": "1px solid #ccc",
+                                    "borderRadius": "4px",
+                                    "marginRight": "20px",
+                                    "width": "250px",
+                                },
+                            ),
+                            html.Label(
+                                "Table Rows:",
+                                className="text-prowler-stone-900 font-bold text-sm",
+                                style={"margin-right": "10px"},
                            ),
                            table_row_dropdown,
                            download_button_csv,
@@ -131,7 +148,7 @@ def create_layout_compliance(
                    html.A(
                        [
                            html.Img(src="assets/favicon.ico", className="w-5 mr-3"),
-                            html.Span("Subscribe to prowler SaaS"),
+                            html.Span("Subscribe to Prowler Cloud"),
                        ],
                        href="https://prowler.pro/",
                        target="_blank",
@@ -76,6 +76,8 @@ def load_csv_files(csv_files):
                result = result.replace("_AZURE", " - AZURE")
            if "KUBERNETES" in result:
                result = result.replace("_KUBERNETES", " - KUBERNETES")
+            if "M65" in result:
+                result = result.replace("_M65", " - M65")
            results.append(result)

    unique_results = set(results)
@@ -267,6 +269,15 @@ def display_data(
            data["REQUIREMENTS_ATTRIBUTES_PROFILE"] = data[
                "REQUIREMENTS_ATTRIBUTES_PROFILE"
            ].apply(lambda x: x.split(" - ")[0])
+
+    # Add the column ACCOUNTID to the data if the provider is m65
+    if "m365" in analytics_input:
+        data.rename(columns={"TENANTID": "ACCOUNTID"}, inplace=True)
+        data.rename(columns={"LOCATION": "REGION"}, inplace=True)
+        if "REQUIREMENTS_ATTRIBUTES_PROFILE" in data.columns:
+            data["REQUIREMENTS_ATTRIBUTES_PROFILE"] = data[
+                "REQUIREMENTS_ATTRIBUTES_PROFILE"
+            ].apply(lambda x: x.split(" - ")[0])
    # Filter the chosen level of the CIS
    if is_level_1:
        data = data[data["REQUIREMENTS_ATTRIBUTES_PROFILE"] == "Level 1"]
@@ -397,7 +408,9 @@ def display_data(
            compliance_module = importlib.import_module(
                f"dashboard.compliance.{current}"
            )
-            data.drop_duplicates(keep="first", inplace=True)
+            data = data.drop_duplicates(
+                subset=["CHECKID", "STATUS", "MUTED", "RESOURCEID", "STATUSEXTENDED"]
+            )

            if "threatscore" in analytics_input:
                data = get_threatscore_mean_by_pillar(data)
@@ -420,6 +433,9 @@ def display_data(
            )

        df = data.copy()
+        # Remove Muted rows
+        if "MUTED" in df.columns:
+            df = df[df["MUTED"] == "False"]
        df = df.groupby(["STATUS"]).size().reset_index(name="counts")
        df = df.sort_values(by=["counts"], ascending=False)

@@ -635,58 +651,114 @@ def get_table(current_compliance, table):


 def get_threatscore_mean_by_pillar(df):
-    modified_df = df[df["STATUS"] == "FAIL"]
+    score_per_pillar = {}
+    max_score_per_pillar = {}

-    modified_df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"] = pd.to_numeric(
-        modified_df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
-    )
+    for _, row in df.iterrows():
+        pillar = (
+            row["REQUIREMENTS_ATTRIBUTES_SECTION"].split(" - ")[0]
+            if isinstance(row["REQUIREMENTS_ATTRIBUTES_SECTION"], str)
+            else "Unknown"
+        )

-    pillar_means = (
-        modified_df.groupby("REQUIREMENTS_ATTRIBUTES_SECTION")[
-            "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"
-        ]
-        .mean()
-        .round(2)
-    )
+        if pillar not in score_per_pillar:
+            score_per_pillar[pillar] = 0
+            max_score_per_pillar[pillar] = 0
+
+        level_of_risk = pd.to_numeric(
+            row["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
+        )
+        level_of_risk = 1 if pd.isna(level_of_risk) else level_of_risk
+
+        weight = 1
+        if "REQUIREMENTS_ATTRIBUTES_WEIGHT" in row and not pd.isna(
+            row["REQUIREMENTS_ATTRIBUTES_WEIGHT"]
+        ):
+            weight = pd.to_numeric(
+                row["REQUIREMENTS_ATTRIBUTES_WEIGHT"], errors="coerce"
+            )
+            weight = 1 if pd.isna(weight) else weight
+
+        max_score_per_pillar[pillar] += level_of_risk * weight
+
+        if row["STATUS"] == "PASS":
+            score_per_pillar[pillar] += level_of_risk * weight

    output = []
-    for pillar, mean in pillar_means.items():
-        output.append(f"{pillar} - [{mean}]")
+    for pillar in max_score_per_pillar:
+        risk_score = 0
+        if max_score_per_pillar[pillar] > 0:
+            risk_score = (score_per_pillar[pillar] / max_score_per_pillar[pillar]) * 100
+
+        output.append(f"{pillar} - [{risk_score:.1f}%]")

    for value in output:
-        if value.split(" - ")[0] in df["REQUIREMENTS_ATTRIBUTES_SECTION"].values:
+        base_pillar = value.split(" - ")[0]
+        if base_pillar in df["REQUIREMENTS_ATTRIBUTES_SECTION"].values:
            df.loc[
-                df["REQUIREMENTS_ATTRIBUTES_SECTION"] == value.split(" - ")[0],
+                df["REQUIREMENTS_ATTRIBUTES_SECTION"] == base_pillar,
                "REQUIREMENTS_ATTRIBUTES_SECTION",
            ] = value
+
    return df


 def get_table_prowler_threatscore(df):
-    df = df[df["STATUS"] == "FAIL"]
+    score_per_pillar = {}
+    max_score_per_pillar = {}
+    pillars = {}

-    # Delete " - " from the column REQUIREMENTS_ATTRIBUTES_SECTION
-    df["REQUIREMENTS_ATTRIBUTES_SECTION"] = (
-        df["REQUIREMENTS_ATTRIBUTES_SECTION"].str.split(" - ").str[0]
-    )
+    df_copy = df.copy()

-    df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"] = pd.to_numeric(
-        df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
-    )
-
-    score_df = (
-        df.groupby("REQUIREMENTS_ATTRIBUTES_SECTION")[
-            "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"
-        ]
-        .mean()
-        .reset_index()
-        .rename(
-            columns={
-                "REQUIREMENTS_ATTRIBUTES_SECTION": "Pillar",
-                "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK": "Score",
-            }
+    for _, row in df_copy.iterrows():
+        pillar = (
+            row["REQUIREMENTS_ATTRIBUTES_SECTION"].split(" - ")[0]
+            if isinstance(row["REQUIREMENTS_ATTRIBUTES_SECTION"], str)
+            else "Unknown"
        )
-    )
+
+        if pillar not in pillars:
+            pillars[pillar] = {"FAIL": 0, "PASS": 0, "MUTED": 0}
+            score_per_pillar[pillar] = 0
+            max_score_per_pillar[pillar] = 0
+
+        level_of_risk = pd.to_numeric(
+            row["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
+        )
+        level_of_risk = 1 if pd.isna(level_of_risk) else level_of_risk
+
+        weight = 1
+        if "REQUIREMENTS_ATTRIBUTES_WEIGHT" in row and not pd.isna(
+            row["REQUIREMENTS_ATTRIBUTES_WEIGHT"]
+        ):
+            weight = pd.to_numeric(
+                row["REQUIREMENTS_ATTRIBUTES_WEIGHT"], errors="coerce"
+            )
+            weight = 1 if pd.isna(weight) else weight
+
+        max_score_per_pillar[pillar] += level_of_risk * weight
+
+        if row["STATUS"] == "PASS":
+            pillars[pillar]["PASS"] += 1
+            score_per_pillar[pillar] += level_of_risk * weight
+        elif row["STATUS"] == "FAIL":
+            pillars[pillar]["FAIL"] += 1
+
+        if "MUTED" in row and row["MUTED"] == "True":
+            pillars[pillar]["MUTED"] += 1
+
+    result_df = []
+
+    for pillar in pillars.keys():
+        risk_score = 0
+        if max_score_per_pillar[pillar] > 0:
+            risk_score = (score_per_pillar[pillar] / max_score_per_pillar[pillar]) * 100
+
+        result_df.append({"Pillar": pillar, "Score": risk_score})
+
+    score_df = pd.DataFrame(result_df)
+
+    score_df = score_df.sort_values("Score", ascending=True)

    fig = px.bar(
        score_df,
@@ -694,22 +766,25 @@ def get_table_prowler_threatscore(df):
        y="Score",
        color="Score",
        color_continuous_scale=[
-            "#45cc6e",
-            "#f4d44d",
            "#e77676",
-        ],  # verde → amarillo → rojo
-        hover_data={"Score": True, "Pillar": True},
-        labels={"Score": "Average Risk Score", "Pillar": "Section"},
+            "#f4d44d",
+            "#45cc6e",
+        ],
+        labels={"Score": "Risk Score (%)", "Pillar": "Section"},
        height=400,
+        text="Score",
    )

+    fig.update_traces(texttemplate="%{text:.1f}%", textposition="outside")
+
    fig.update_layout(
        xaxis_title="Pillar",
-        yaxis_title="Level of Risk",
+        yaxis_title="Risk Score (%)",
        margin=dict(l=20, r=20, t=30, b=20),
        plot_bgcolor="rgba(0,0,0,0)",
        paper_bgcolor="rgba(0,0,0,0)",
-        coloraxis_colorbar=dict(title="Risk"),
+        coloraxis_colorbar=dict(title="Risk %"),
+        yaxis=dict(range=[0, 110]),
    )

    return dcc.Graph(
@@ -74,6 +74,9 @@ gcp_provider_logo = html.Img(
 ks8_provider_logo = html.Img(
    src="assets/images/providers/k8s_provider.png", alt="k8s provider"
 )
+m365_provider_logo = html.Img(
+    src="assets/images/providers/m365_provider.png", alt="m365 provider"
+)


 def load_csv_files(csv_files):
@@ -223,6 +226,8 @@ else:
                accounts.append(account + " - AZURE")
            if "gcp" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
                accounts.append(account + " - GCP")
+            if "m365" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
+                accounts.append(account + " - M365")

    if "ACCOUNT_UID" in data.columns:
        for account in data["ACCOUNT_UID"].unique():
@@ -273,6 +278,8 @@ else:
            services.append(service + " - AZURE")
        if "gcp" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
            services.append(service + " - GCP")
+        if "m365" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
+            services.append(service + " - M365")

    services = ["All"] + services
    services = [
@@ -485,6 +492,7 @@ else:
        Output("azure_card", "children"),
        Output("gcp_card", "children"),
        Output("k8s_card", "children"),
+        Output("m365_card", "children"),
        Output("subscribe_card", "children"),
        Output("info-file-over", "title"),
        Output("severity-filter", "value"),
@@ -499,6 +507,7 @@ else:
        Output("azure_card", "n_clicks"),
        Output("gcp_card", "n_clicks"),
        Output("k8s_card", "n_clicks"),
+        Output("m365_card", "n_clicks"),
    ],
    Input("cloud-account-filter", "value"),
    Input("region-filter", "value"),
@@ -509,10 +518,12 @@ else:
    Input("service-filter", "value"),
    Input("table-rows", "value"),
    Input("status-filter", "value"),
+    Input("search-input", "value"),
    Input("aws_card", "n_clicks"),
    Input("azure_card", "n_clicks"),
    Input("gcp_card", "n_clicks"),
    Input("k8s_card", "n_clicks"),
+    Input("m365_card", "n_clicks"),
    Input("sort_button_check_name", "n_clicks"),
    Input("sort_button_severity", "n_clicks"),
    Input("sort_button_status", "n_clicks"),
@@ -530,10 +541,12 @@ def filter_data(
    service_values,
    table_row_values,
    status_values,
+    search_value,
    aws_clicks,
    azure_clicks,
    gcp_clicks,
    k8s_clicks,
+    m365_clicks,
    sort_button_check_name,
    sort_button_severity,
    sort_button_status,
@@ -554,6 +567,7 @@ def filter_data(
            azure_clicks = 0
            gcp_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if azure_clicks > 0:
        filtered_data = data.copy()
        if azure_clicks % 2 != 0 and "azure" in list(data["PROVIDER"]):
@@ -561,6 +575,7 @@ def filter_data(
            aws_clicks = 0
            gcp_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if gcp_clicks > 0:
        filtered_data = data.copy()
        if gcp_clicks % 2 != 0 and "gcp" in list(data["PROVIDER"]):
@@ -568,6 +583,7 @@ def filter_data(
            aws_clicks = 0
            azure_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if k8s_clicks > 0:
        filtered_data = data.copy()
        if k8s_clicks % 2 != 0 and "kubernetes" in list(data["PROVIDER"]):
@@ -575,6 +591,15 @@ def filter_data(
            aws_clicks = 0
            azure_clicks = 0
            gcp_clicks = 0
+            m365_clicks = 0
+    if m365_clicks > 0:
+        filtered_data = data.copy()
+        if m365_clicks % 2 != 0 and "m365" in list(data["PROVIDER"]):
+            filtered_data = filtered_data[filtered_data["PROVIDER"] == "m365"]
+            aws_clicks = 0
+            azure_clicks = 0
+            gcp_clicks = 0
+            k8s_clicks = 0

    # For all the data, we will add to the status column the value 'MUTED (FAIL)' and 'MUTED (PASS)' depending on the value of the column 'STATUS' and 'MUTED'
    if "MUTED" in filtered_data.columns:
@@ -675,6 +700,8 @@ def filter_data(
                all_account_names.append(account)
            if "gcp" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
                all_account_names.append(account)
+            if "m365" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
+                all_account_names.append(account)

    all_items = all_account_ids + all_account_names + ["All"]

@@ -692,6 +719,8 @@ def filter_data(
                    cloud_accounts_options.append(item + " - AZURE")
                if "gcp" in list(data[data["ACCOUNT_NAME"] == item]["PROVIDER"]):
                    cloud_accounts_options.append(item + " - GCP")
+                if "m365" in list(data[data["ACCOUNT_NAME"] == item]["PROVIDER"]):
+                    cloud_accounts_options.append(item + " - M365")

    # Filter ACCOUNT
    if cloud_account_values == ["All"]:
@@ -790,6 +819,7 @@ def filter_data(
    service_filter_options = ["All"]

    all_items = filtered_data["SERVICE_NAME"].unique()
+
    for item in all_items:
        if item not in service_filter_options and item.__class__.__name__ == "str":
            if "aws" in list(
@@ -808,6 +838,10 @@ def filter_data(
                filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
            ):
                service_filter_options.append(item + " - GCP")
+            if "m365" in list(
+                filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
+            ):
+                service_filter_options.append(item + " - M365")

    # Filter Service
    if service_values == ["All"]:
@@ -1112,6 +1146,15 @@ def filter_data(
        }

        index_count = 0
+        if search_value:
+            search_value = search_value.lower()
+            filtered_data = filtered_data[
+                filtered_data["CHECK_TITLE"].str.lower().str.contains(search_value)
+                | filtered_data["SERVICE_NAME"].str.lower().str.contains(search_value)
+                | filtered_data["REGION"].str.lower().str.contains(search_value)
+                | filtered_data["STATUS"].str.lower().str.contains(search_value)
+            ]
+
        full_filtered_data = filtered_data.copy()
        filtered_data = filtered_data.head(table_row_values)
        # Sort the filtered_data
@@ -1235,6 +1278,10 @@ def filter_data(
                    filtered_data.loc[
                        filtered_data["ACCOUNT_UID"] == account, "ACCOUNT_UID"
                    ] = (account + " - GCP")
+                if "m365" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
+                    filtered_data.loc[
+                        filtered_data["ACCOUNT_UID"] == account, "ACCOUNT_UID"
+                    ] = (account + " - M365")

        table_collapsible = []
        for item in filtered_data.to_dict("records"):
@@ -1302,14 +1349,17 @@ def filter_data(
    k8s_card = create_provider_card(
        "kubernetes", ks8_provider_logo, "Clusters", full_filtered_data
    )
+    m365_card = create_provider_card(
+        "m365", m365_provider_logo, "Accounts", full_filtered_data
+    )

-    # Subscribe to prowler SaaS card
+    # Subscribe to Prowler Cloud card
    subscribe_card = [
        html.Div(
            html.A(
                [
                    html.Img(src="assets/favicon.ico", className="w-5 mr-3"),
-                    html.Span("Subscribe to prowler SaaS"),
+                    html.Span("Subscribe to Prowler Cloud"),
                ],
                href="https://prowler.pro/",
                target="_blank",
@@ -1346,6 +1396,7 @@ def filter_data(
            azure_card,
            gcp_card,
            k8s_card,
+            m365_card,
            subscribe_card,
            list_files,
            severity_values,
@@ -1360,6 +1411,7 @@ def filter_data(
            azure_clicks,
            gcp_clicks,
            k8s_clicks,
+            m365_clicks,
        )
    else:
        return (
@@ -1377,6 +1429,7 @@ def filter_data(
            azure_card,
            gcp_card,
            k8s_card,
+            m365_card,
            subscribe_card,
            list_files,
            severity_values,
@@ -1391,6 +1444,7 @@ def filter_data(
            azure_clicks,
            gcp_clicks,
            k8s_clicks,
+            m365_clicks,
        )


@@ -26,6 +26,25 @@ services:
    ports:
      - ${UI_PORT:-3000}:${UI_PORT:-3000}

+  postgres-proxy:
+    image: edoburu/pgbouncer:latest
+    hostname: "postgres-db-proxy"
+    environment:
+      - DB_HOST=postgres-db
+      - DB_PORT=5432
+      - DB_USER=${POSTGRES_ADMIN_USER}
+      - DB_PASSWORD=${POSTGRES_ADMIN_PASSWORD}
+      - ADMIN_USERS=prowler_admin
+      - AUTH_TYPE=scram-sha-256
+    env_file:
+      - path: ./.env
+        required: false
+    ports:
+      - "5432:5432"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
  postgres:
    image: postgres:16.3-alpine3.20
    hostname: "postgres-db"
@@ -38,8 +57,8 @@ services:
    env_file:
      - path: .env
        required: false
-    ports:
-      - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
+    # ports:
+    #   - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER} -d ${POSTGRES_DB}'"]
      interval: 5s
@@ -70,7 +70,7 @@ The other three cases does not need additional configuration, `--az-cli-auth` an
 Prowler for Azure needs two types of permission scopes to be set:

 - **Microsoft Entra ID permissions**: used to retrieve metadata from the identity assumed by Prowler and specific Entra checks (not mandatory to have access to execute the tool). The permissions required by the tool are the following:
-    - `Directory.Read.All`
+    - `Domain.Read.All`
    - `Policy.Read.All`
    - `UserAuthenticationMethod.Read.All` (used only for the Entra checks related with multifactor authentication)
 - **Subscription scope permissions**: required to launch the checks against your resources, mandatory to launch the tool. It is required to add the following RBAC builtin roles per subscription to the entity that is going to be assumed by the tool:
@@ -81,6 +81,9 @@ Prowler for Azure needs two types of permission scopes to be set:

 To assign the permissions, follow the instructions in the [Microsoft Entra ID permissions](../tutorials/azure/create-prowler-service-principal.md#assigning-the-proper-permissions) section and the [Azure subscriptions permissions](../tutorials/azure/subscriptions.md#assign-the-appropriate-permissions-to-the-identity-that-is-going-to-be-assumed-by-prowler) section, respectively.

+???+ warning
+    Some permissions in `ProwlerRole` are considered **write** permissions, so if you have a `ReadOnly` lock attached to some resources you may get an error and will not get a finding for that check.
+
 #### Checks that require ProwlerRole

 The following checks require the `ProwlerRole` permissions to be executed, if you want to run them, make sure you have assigned the role to the identity that is going to be assumed by Prowler:
@@ -130,7 +133,7 @@ Prowler for M365 currently supports the following authentication types:


 ???+ warning
-    For Prowler App only the Service Principal with an application authentication method is supported.
+    For Prowler App only the Service Principal with User Credentials authentication method is supported.

 ### Service Principal authentication

@@ -145,38 +148,42 @@ export AZURE_TENANT_ID="XXXXXXXXX"
 ```

 If you try to execute Prowler with the `--sp-env-auth` flag and those variables are empty or not exported, the execution is going to fail.
-Follow the instructions in the [Create Prowler Service Principal](../tutorials/azure/create-prowler-service-principal.md) section to create a service principal.
+Follow the instructions in the [Create Prowler Service Principal](../tutorials/microsoft365/getting-started-m365.md#create-the-service-principal-app) section to create a service principal.
+
+With this credentials you will only be able to run the checks that work through MS Graph, this means that you won't run all the provider. If you want to scan all the checks from M365 you will need to use the recommended authentication method.

 ### Service Principal and User Credentials authentication (recommended)

 Authentication flag: `--env-auth`

-This authentication method follows the same approach as the service principal method but introduces two additional environment variables for user credentials:  `M365_USER` and `M365_ENCRYPTED_PASSWORD`.
+This authentication method follows the same approach as the service principal method but introduces two additional environment variables for user credentials:  `M365_USER` and `M365_PASSWORD`.

 ```console
 export AZURE_CLIENT_ID="XXXXXXXXX"
 export AZURE_CLIENT_SECRET="XXXXXXXXX"
 export AZURE_TENANT_ID="XXXXXXXXX"
 export M365_USER="your_email@example.com"
-export M365_ENCRYPTED_PASSWORD="6500780061006d0070006c006500700061007300730077006f0072006400" # replace this to yours
+export M365_PASSWORD="examplepassword"
 ```

-These two new environment variables are required to execute the PowerShell modules needed to retrieve information from M365 services. Prowler will use service principal authentication to log into MS Graph and user credentials to authenticate to Microsoft PowerShell modules.
+These two new environment variables are **required** to execute the PowerShell modules needed to retrieve information from M365 services. Prowler uses Service Principal authentication to access Microsoft Graph and user credentials to authenticate to Microsoft PowerShell modules.

-The `M365_USER` should be your Microsoft account email, and `M365_ENCRYPTED_PASSWORD` must be an encrypted SecureString.
-To convert your password into a valid encrypted string, run the following commands in PowerShell:
+- `M365_USER` should be your Microsoft account email using the **assigned domain in the tenant**. This means it must look like `example@YourCompany.onmicrosoft.com` or `example@YourCompany.com`, but it must be the exact domain assigned to that user in the tenant.

-```console
-$securePassword = ConvertTo-SecureString "examplepassword" -AsPlainText -Force
-$encryptedPassword = $securePassword | ConvertFrom-SecureString
-```
+    ???+ warning
+        The user must not be MFA capable. Microsoft does not allow MFA capable users to authenticate programmatically. See [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity-platform/scenario-desktop-acquire-token-username-password?tabs=dotnet) for more information.

-If everything is done correctly, you will see the encrypted string that you need to set as the `M365_ENCRYPTED_PASSWORD` environment variable.
-```console
-Write-Output $encryptedPassword
-6500780061006d0070006c006500700061007300730077006f0072006400
-```
+    ???+ warning
+        Using a tenant domain other than the one assigned — even if it belongs to the same tenant — will cause Prowler to fail, as Microsoft authentication will not succeed.

+    Ensure you are using the right domain for the user you are trying to authenticate with.
+
+    ![User Domains](../tutorials/microsoft365/img/user-domains.png)
+
+- `M365_PASSWORD` must be the user password.
+
+    ???+ note
+        Before we asked for a encrypted password, but now we ask for the user password directly. Prowler will now handle the password encryption for you.


 ### Interactive Browser authentication
@@ -184,3 +191,254 @@ Write-Output $encryptedPassword
 Authentication flag: `--browser-auth`

 This authentication method requires the user to authenticate against Azure using the default browser to start the scan, also `--tenant-id` flag is required.
+
+With this credentials you will only be able to run the checks that work through MS Graph, this means that you won't run all the provider. If you want to scan all the checks from M365 you will need to use the recommended authentication method.
+
+Since this is a delegated permission authentication method, necessary permissions should be given to the user, not the app.
+
+
+### Needed permissions
+
+Prowler for M365 requires two types of permission scopes to be set (if you want to run the full provider including PowerShell checks). Both must be configured using Microsoft Entra ID:
+
+- **Service Principal Application Permissions**: These are set at the **application** level and are used to retrieve data from the identity being assessed:
+    - `Domain.Read.All`: Required for all services.
+    - `Policy.Read.All`: Required for all services.
+    - `User.Read` (IMPORTANT: this must be set as **delegated**): Required for the sign-in.
+    - `SharePointTenantSettings.Read.All`: Required for SharePoint service.
+    - `AuditLog.Read.All`: Required for Entra service.
+
+- **Powershell Modules Permissions**: These are set at the `M365_USER` level, so the user used to run Prowler must have one of the following roles:
+    - `Global Reader` (recommended): this allows you to read all roles needed.
+    - `Exchange Administrator` and `Teams Administrator`: user needs both roles but with this [roles](https://learn.microsoft.com/en-us/exchange/permissions-exo/permissions-exo#microsoft-365-permissions-in-exchange-online) you can access to the same information as a Global Reader (since only read access is needed, Global Reader is recommended).
+
+In order to know how to assign those permissions and roles follow the instructions in the Microsoft Entra ID [permissions](../tutorials/microsoft365/getting-started-m365.md#grant-required-api-permissions) and [roles](../tutorials/microsoft365/getting-started-m365.md#assign-required-roles-to-your-user) section.
+
+
+### Supported PowerShell versions
+
+You must have PowerShell installed to run certain M365 checks.
+Currently, we support **PowerShell version 7.4 or higher** (7.5 is recommended).
+
+This requirement exists because **PowerShell 5.1** (the version that comes by default on some Windows systems) does not support several cmdlets needed to run the checks properly.
+Additionally, earlier [PowerShell Cross-Platform versions](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.5) are no longer under technical support, which may cause unexpected errors.
+
+
+???+ note
+    Installing powershell will be only needed if you install prowler from pip or other sources, these means that the SDK and API containers contain PowerShell installed by default.
+
+Installing PowerShell is different depending on your OS.
+
+- [Windows](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.5#install-powershell-using-winget-recommended): you will need to update PowerShell to +7.4 to be able to run prowler, if not some checks will not show findings and the provider could not work as expected. This version of PowerShell is [supported](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4#supported-versions-of-windows) on Windows 10, Windows 11, Windows Server 2016 and higher versions.
+
+```console
+winget install --id Microsoft.PowerShell --source winget
+```
+
+
+- [MacOS](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-macos?view=powershell-7.5#install-the-latest-stable-release-of-powershell): installing PowerShell on MacOS needs to have installed [brew](https://brew.sh/), once you have it is just running the command above, Pwsh is only supported in macOS 15 (Sequoia) x64 and Arm64, macOS 14 (Sonoma) x64 and Arm64, macOS 13 (Ventura) x64 and Arm64
+
+```console
+brew install powershell/tap/powershell
+```
+
+Once it's installed run `pwsh` on your terminal to verify it's working.
+
+- Linux: installing PowerShell on Linux depends on the distro you are using:
+
+    - [Ubuntu](https://learn.microsoft.com/es-es/powershell/scripting/install/install-ubuntu?view=powershell-7.5#installation-via-package-repository-the-package-repository): The required version for installing PowerShell +7.4 on Ubuntu are Ubuntu 22.04 and Ubuntu 24.04. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Update the list of packages
+    sudo apt-get update
+
+    # Install pre-requisite packages.
+    sudo apt-get install -y wget apt-transport-https software-properties-common
+
+    # Get the version of Ubuntu
+    source /etc/os-release
+
+    # Download the Microsoft repository keys
+    wget -q https://packages.microsoft.com/config/ubuntu/$VERSION_ID/packages-microsoft-prod.deb
+
+    # Register the Microsoft repository keys
+    sudo dpkg -i packages-microsoft-prod.deb
+
+    # Delete the Microsoft repository keys file
+    rm packages-microsoft-prod.deb
+
+    # Update the list of packages after we added packages.microsoft.com
+    sudo apt-get update
+
+    ###################################
+    # Install PowerShell
+    sudo apt-get install -y powershell
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Alpine](https://learn.microsoft.com/es-es/powershell/scripting/install/install-alpine?view=powershell-7.5#installation-steps): The only supported version for installing PowerShell +7.4 on Alpine is Alpine 3.20. The unique way to install it is downloading the tar.gz package available on [PowerShell github](https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell-7.5.0-linux-musl-x64.tar.gz). You just need to follow the following steps:
+
+    ```console
+    # Install the requirements
+    sudo apk add --no-cache \
+        ca-certificates \
+        less \
+        ncurses-terminfo-base \
+        krb5-libs \
+        libgcc \
+        libintl \
+        libssl3 \
+        libstdc++ \
+        tzdata \
+        userspace-rcu \
+        zlib \
+        icu-libs \
+        curl
+
+    apk -X https://dl-cdn.alpinelinux.org/alpine/edge/main add --no-cache \
+        lttng-ust \
+        openssh-client \
+
+    # Download the powershell '.tar.gz' archive
+    curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell-7.5.0-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz
+
+    # Create the target folder where powershell will be placed
+    sudo mkdir -p /opt/microsoft/powershell/7
+
+    # Expand powershell to the target folder
+    sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
+
+    # Set execute permissions
+    sudo chmod +x /opt/microsoft/powershell/7/pwsh
+
+    # Create the symbolic link that points to pwsh
+    sudo ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Debian](https://learn.microsoft.com/es-es/powershell/scripting/install/install-debian?view=powershell-7.5#installation-on-debian-11-or-12-via-the-package-repository): The required version for installing PowerShell +7.4 on Debian are Debian 11 and Debian 12. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Update the list of packages
+    sudo apt-get update
+
+    # Install pre-requisite packages.
+    sudo apt-get install -y wget
+
+    # Get the version of Debian
+    source /etc/os-release
+
+    # Download the Microsoft repository GPG keys
+    wget -q https://packages.microsoft.com/config/debian/$VERSION_ID/packages-microsoft-prod.deb
+
+    # Register the Microsoft repository GPG keys
+    sudo dpkg -i packages-microsoft-prod.deb
+
+    # Delete the Microsoft repository GPG keys file
+    rm packages-microsoft-prod.deb
+
+    # Update the list of packages after we added packages.microsoft.com
+    sudo apt-get update
+
+    ###################################
+    # Install PowerShell
+    sudo apt-get install -y powershell
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Rhel](https://learn.microsoft.com/es-es/powershell/scripting/install/install-rhel?view=powershell-7.5#installation-via-the-package-repository): The required version for installing PowerShell +7.4 on Red Hat are RHEL 8 and RHEL 9. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Get version of RHEL
+    source /etc/os-release
+    if [ ${VERSION_ID%.*} -lt 8 ]
+    then majorver=7
+    elif [ ${VERSION_ID%.*} -lt 9 ]
+    then majorver=8
+    else majorver=9
+    fi
+
+    # Download the Microsoft RedHat repository package
+    curl -sSL -O https://packages.microsoft.com/config/rhel/$majorver/packages-microsoft-prod.rpm
+
+    # Register the Microsoft RedHat repository
+    sudo rpm -i packages-microsoft-prod.rpm
+
+    # Delete the downloaded package after installing
+    rm packages-microsoft-prod.rpm
+
+    # Update package index files
+    sudo dnf update
+    # Install PowerShell
+    sudo dnf install powershell -y
+    ```
+
+- [Docker](https://learn.microsoft.com/es-es/powershell/scripting/install/powershell-in-docker?view=powershell-7.5#use-powershell-in-a-container): The following command download the latest stable versions of PowerShell:
+
+    ```console
+    docker pull mcr.microsoft.com/dotnet/sdk:9.0
+    ```
+
+    To start an interactive shell of Pwsh you just need to run:
+
+    ```console
+    docker run -it mcr.microsoft.com/dotnet/sdk:9.0 pwsh
+    ```
+
+
+### Needed PowerShell modules
+
+To obtain the required data for this provider, we use several PowerShell cmdlets.
+These cmdlets come from different modules that must be installed.
+
+The installation of these modules will be performed automatically if you run Prowler with the flag `--init-modules`. This an example way of running Prowler and installing the modules:
+
+```console
+python3 prowler-cli.py m365 --verbose --log-level ERROR --env-auth --init-modules
+```
+
+If you already have them installed, there is no problem even if you use the flag because it will automatically check if the needed modules are already installed.
+
+???+ note
+    Prowler installs the modules using `-Scope CurrentUser`.
+    If you encounter any issues with services not working after the automatic installation, try installing the modules manually using `-Scope AllUsers` (administrator permissions are required for this).
+    The command needed to install a module manually is:
+    ```powershell
+    Install-Module -Name "ModuleName" -Scope AllUsers -Force
+    ```
+
+The required modules are:
+
+- [ExchangeOnlineManagement](https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.6.0): Minimum version 3.6.0. Required for several checks across Exchange, Defender, and Purview.
+- [MicrosoftTeams](https://www.powershellgallery.com/packages/MicrosoftTeams/6.6.0): Minimum version 6.6.0. Required for all Teams checks.
+
+## GitHub
+### Authentication
+
+Prowler supports multiple methods to [authenticate with GitHub](https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api). These include:
+
+- **Personal Access Token (PAT)**
+- **OAuth App Token**
+- **GitHub App Credentials**
+
+This flexibility allows you to scan and analyze your GitHub account, including repositories, organizations, and applications, using the method that best suits your use case.
+
+The provided credentials must have the appropriate permissions to perform all the required checks.
+
+???+ note
+    GitHub App Credentials support less checks than other authentication methods.
@@ -53,7 +53,7 @@ Prowler App can be installed in different ways, depending on your environment:
        You can change the environment variables in the `.env` file. Note that it is not recommended to use the default values in production environments.

    ???+ note
-        There is a development mode available, you can use the file https://github.com/prowler-cloud/prowler/blob/master/docker-compose.dev.yml to run the app in development mode.
+        There is a development mode available, you can use the file https://github.com/prowler-cloud/prowler/blob/master/docker-compose-dev.yml to run the app in development mode.

    ???+ warning
        Google and GitHub authentication is only available in [Prowler Cloud](https://prowler.com).
@@ -565,6 +565,7 @@ kubectl logs prowler-XXXXX --namespace prowler-ns
 ???+ note
    By default, `prowler` will scan all namespaces in your active Kubernetes context. Use the flag `--context` to specify the context to be scanned and `--namespaces` to specify the namespaces to be scanned.

+
 #### Microsoft 365

 With M365 you need to specify which auth method is going to be used:
@@ -585,7 +586,31 @@ prowler m365 --browser-auth --tenant-id "XXXXXXXX"

 ```

-See more details about M365 Authentication in [Requirements](getting-started/requirements/#microsoft-365)
+See more details about M365 Authentication in [Requirements](getting-started/requirements.md#microsoft-365)
+
+#### GitHub
+
+Prowler allows you to scan your GitHub account, including your repositories, organizations or applications.
+
+There are several supported login methods:
+
+```console
+# Personal Access Token (PAT):
+prowler github --personal-access-token pat
+
+# OAuth App Token:
+prowler github --oauth-app-token oauth_token
+
+# GitHub App Credentials:
+prowler github --github-app-id app_id --github-app-key app_key
+```
+
+???+ note
+    If no login method is explicitly provided, Prowler will automatically attempt to authenticate using environment variables in the following order of precedence:
+
+      1. `GITHUB_PERSONAL_ACCESS_TOKEN`
+      2. `OAUTH_APP_TOKEN`
+      3. `GITHUB_APP_ID` and `GITHUB_APP_KEY`

 ## Prowler v2 Documentation
 For **Prowler v2 Documentation**, please check it out [here](https://github.com/prowler-cloud/prowler/blob/8818f47333a0c1c1a457453c87af0ea5b89a385f/README.md).
@@ -1,14 +1,14 @@
-# Getting Started with AWS on Prowler Cloud
+# Getting Started with AWS on Prowler Cloud/App

 <iframe width="560" height="380" src="https://www.youtube-nocookie.com/embed/RPgIWOCERzY" title="Prowler Cloud Onboarding AWS" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>

-Set up your AWS account to enable security scanning using Prowler Cloud.
+Set up your AWS account to enable security scanning using Prowler Cloud/App.

 ## Requirements

 To configure your AWS account, you’ll need:

-1. Access to Prowler Cloud
+1. Access to Prowler Cloud/App
 2. Properly configured AWS credentials (either static or via an assumed IAM role)

 ---
@@ -22,9 +22,9 @@ To configure your AWS account, you’ll need:

 ---

-## Step 2: Access Prowler Cloud
+## Step 2: Access Prowler Cloud/App

-1. Navigate to [Prowler Cloud](https://cloud.prowler.com/)
+1. Navigate to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
 2. Go to `Configuration` > `Cloud Providers`

    ![Cloud Providers Page](../img/cloud-providers-page.png)
@@ -117,7 +117,7 @@ This method grants permanent access and is the recommended setup for production
        terraform apply
        ```

-    2. During `plan` and `apply`, you will be prompted for the **External ID**, which is available in the Prowler Cloud UI:
+    2. During `plan` and `apply`, you will be prompted for the **External ID**, which is available in the Prowler Cloud/App UI:

        ![Get External ID](./img/get-external-id-prowler-cloud.png)

@@ -135,7 +135,7 @@ This method grants permanent access and is the recommended setup for production

    ![New Role Info](./img/get-role-arn.png)

-10. Paste the ARN into the corresponding field in Prowler Cloud
+10. Paste the ARN into the corresponding field in Prowler Cloud/App

    ![Input the Role ARN](./img/paste-role-arn-prowler.png)

@@ -171,7 +171,7 @@ You can also configure your AWS account using static credentials (not recommende

        ![CloudShell Output](./img/cloudshell-output.png)

-    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud setup screen.
+    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud/App setup screen.

 === "Short term credentials (Recommended)"

@@ -203,9 +203,9 @@ You can also configure your AWS account using static credentials (not recommende
            }
            ```

-    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud setup screen.
+    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud/App setup screen.

-Complete the form in Prowler Cloud and click `Next`
+Complete the form in Prowler Cloud/App and click `Next`

 ![Filled credentials page](./img/prowler-cloud-credentials-next.png)

@@ -40,7 +40,7 @@ az ad sp create-for-rbac --name "ProwlerApp"

 To allow Prowler to retrieve metadata from the identity assumed and run specific Entra checks, it is needed to assign the following permissions:

- `Directory.Read.All`
+- `Domain.Read.All`
 - `Policy.Read.All`
 - `UserAuthenticationMethod.Read.All` (used only for the Entra checks related with multifactor authentication)

@@ -58,7 +58,7 @@ To assign the permissions you can make it from the Azure Portal or using the Azu
 5. Then click on "+ Add a permission" and select "Microsoft Graph"
 6. Once in the "Microsoft Graph" view, select "Application permissions"
 7. Finally, search for "Directory", "Policy" and "UserAuthenticationMethod" select the following permissions:
-    - `Directory.Read.All`
+    - `Domain.Read.All`
    - `Policy.Read.All`
    - `UserAuthenticationMethod.Read.All`
 8. Click on "Add permissions" to apply the new permissions.
--- a/Show More
+++ b/Show More