poc: examples API token notebooks in DEV

Merge branch 'master' into demo-api-key
poc: examples API token notebooks
2026-06-13 14:11:14 +00:00 · 2025-10-22 15:21:53 +02:00 · 2025-10-22 11:13:41 +02:00 · 2025-10-21 18:07:33 +02:00
598 changed files with 6639 additions and 60557 deletions
@@ -10,15 +10,13 @@ NEXT_PUBLIC_API_BASE_URL=${API_BASE_URL}
 NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
+# Temp URL for feeds need to use actual
+RSS_FEED_URL=https://prowler.com/blog/rss
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
 # Google Tag Manager ID
 NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=""
-#### Code Review Configuration ####
-# Enable Claude Code standards validation on pre-push hook
-# Set to 'true' to validate changes against AGENTS.md standards via Claude Code
-# Set to 'false' to skip validation
-CODE_REVIEW_ENABLED=true
+

 #### Prowler API Configuration ####
 PROWLER_API_VERSION="stable"
@@ -37,8 +35,6 @@ POSTGRES_DB=prowler_db
 # POSTGRES_REPLICA_USER=prowler
 # POSTGRES_REPLICA_PASSWORD=postgres
 # POSTGRES_REPLICA_DB=prowler_db
-# POSTGRES_REPLICA_MAX_ATTEMPTS=3
-# POSTGRES_REPLICA_RETRY_BASE_DELAY=0.5

 # Celery-Prowler task settings
 TASK_RETRY_DELAY_SECONDS=0.1
@@ -128,13 +124,3 @@ LANGSMITH_TRACING=false
 LANGSMITH_ENDPOINT="https://api.smith.langchain.com"
 LANGSMITH_API_KEY=""
 LANGCHAIN_PROJECT=""
-
-# RSS Feed Configuration
-# Multiple feed sources can be configured as a JSON array (must be valid JSON, no trailing commas)
-# Each source requires: id, name, type (github_releases|blog|custom), url, and enabled flag
-# IMPORTANT: Must be a single line with valid JSON (no newlines, no trailing commas)
-# Example with one source:
-RSS_FEED_SOURCES='[{"id":"prowler-releases","name":"Prowler Releases","type":"github_releases","url":"https://github.com/prowler-cloud/prowler/releases.atom","enabled":true}]'
-# Example with multiple sources (no trailing comma after last item):
-# RSS_FEED_SOURCES='[{"id":"prowler-releases","name":"Prowler Releases","type":"github_releases","url":"https://github.com/prowler-cloud/prowler/releases.atom","enabled":true},{"id":"prowler-blog","name":"Prowler Blog","type":"blog","url":"https://prowler.com/blog/rss","enabled":false}]'
-
@@ -8,7 +8,7 @@ body:
    attributes:
      label: Feature search
      options:
-        - label: I have searched the existing issues and this feature has not been requested yet or is already in our [Public Roadmap](https://roadmap.prowler.com/roadmap)
+        - label: I have searched the existing issues and this feature has not been requested yet
          required: true
  - type: dropdown
    id: component
@@ -22,8 +22,8 @@ inputs:
 runs:
  using: 'composite'
  steps:
-    - name: Replace @master with current branch in pyproject.toml (prowler repo only)
-      if: github.event_name == 'pull_request' && github.base_ref == 'master' && github.repository == 'prowler-cloud/prowler'
+    - name: Replace @master with current branch in pyproject.toml
+      if: github.event_name == 'pull_request' && github.base_ref == 'master'
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: |
@@ -37,8 +37,8 @@ runs:
        python -m pip install --upgrade pip
        pipx install poetry==${{ inputs.poetry-version }}

-    - name: Update poetry.lock with latest Prowler commit
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
+    - name: Update SDK resolved_reference to latest commit
+      if: github.event_name == 'push' && github.ref == 'refs/heads/master'
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: |
@@ -50,21 +50,7 @@ runs:
        echo "Updated resolved_reference:"
        grep -A2 -B2 "resolved_reference" poetry.lock

-    - name: Update SDK resolved_reference to latest commit (prowler repo on push)
-      if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha')
-        echo "Latest commit hash: $LATEST_COMMIT"
-        sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / {
-          s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/
-        }' poetry.lock
-        echo "Updated resolved_reference:"
-        grep -A2 -B2 "resolved_reference" poetry.lock
-
-    - name: Update poetry.lock (prowler repo only)
-      if: github.repository == 'prowler-cloud/prowler'
+    - name: Update poetry.lock
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: poetry lock
@@ -83,11 +69,3 @@ runs:
      run: |
        poetry install --no-root
        poetry run pip list
-
-    - name: Update Prowler Cloud API Client
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        poetry remove prowler-cloud-api-client
-        poetry add ./prowler-cloud-api-client
@@ -1,198 +0,0 @@
-# Slack Notification Action
-
-A generic and flexible GitHub composite action for sending Slack notifications using JSON template files. Supports both standalone messages and message updates, with automatic status detection.
-
-## Features
-
- **Template-based**: All messages use JSON template files for consistency
- **Automatic status detection**: Pass `step-outcome` to auto-calculate success/failure
- **Message updates**: Supports updating existing messages (using `chat.update`)
- **Simple API**: Clean and minimal interface
- **Reusable**: Use across all workflows and scenarios
- **Maintainable**: Centralized message templates
-
-## Use Cases
-
-1. **Container releases**: Track push start and completion with automatic status
-2. **Deployments**: Track deployment progress with rich Block Kit formatting
-3. **Custom notifications**: Any scenario where you need to notify Slack
-
-## Inputs
-
-| Input | Description | Required | Default |
-|-------|-------------|----------|---------|
-| `slack-bot-token` | Slack bot token for authentication | Yes | - |
-| `payload-file-path` | Path to JSON file with the Slack message payload | Yes | - |
-| `update-ts` | Message timestamp to update (leave empty for new messages) | No | `''` |
-| `step-outcome` | Step outcome for automatic status detection (sets STATUS_EMOJI and STATUS_TEXT env vars) | No | `''` |
-
-## Outputs
-
-| Output | Description |
-|--------|-------------|
-| `ts` | Timestamp of the Slack message (use for updates) |
-
-## Usage Examples
-
-### Example 1: Container Release with Automatic Status Detection
-
-Using JSON template files with automatic status detection:
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Do the work
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Send completion notification with automatic status detection
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-    step-outcome: ${{ steps.container-push.outcome }}
-```
-
-**Benefits:**
- No status calculation needed in workflow
- Reusable template files
- Clean and concise
- Automatic `STATUS_EMOJI` and `STATUS_TEXT` env vars set by action
- Consistent message format across all workflows
-
-### Example 2: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Determine additional status variables
- name: Determine deployment status
-  if: always()
-  id: deploy-status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "STATUS_COLOR=28a745" >> $GITHUB_ENV
-      echo "STATUS=Completed" >> $GITHUB_ENV
-    else
-      echo "STATUS_COLOR=fc3434" >> $GITHUB_ENV
-      echo "STATUS=Failed" >> $GITHUB_ENV
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ env.STATUS }}
-    STATUS_COLOR: ${{ env.STATUS_COLOR }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-    step-outcome: ${{ steps.deploy.outcome }}
-```
-
-## Automatic Status Detection
-
-When you provide `step-outcome` input, the action automatically sets these environment variables:
-
-| Outcome | STATUS_EMOJI | STATUS_TEXT |
-|---------|--------------|-------------|
-| success | `[✓]` | `completed successfully!` |
-| failure | `[✗]` | `failed` |
-
-These variables are then available in your payload template files.
-
-## Template File Format
-
-All template files must be valid JSON and support environment variable substitution. Example:
-
-```json
-{
-  "channel": "$SLACK_CHANNEL_ID",
-  "text": "$STATUS_EMOJI $COMPONENT container release $RELEASE_TAG push $STATUS_TEXT <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|View run>"
-}
-```
-
-See available templates in [`.github/scripts/slack-messages/`](../../scripts/slack-messages/).
-
-## Requirements
-
- Slack Bot Token with scopes: `chat:write`, `chat:write.public`
- Slack Channel ID where messages will be posted
- JSON template files for your messages
-
-## Benefits
-
- **Consistency**: All notifications use standardized templates
- **Automatic status handling**: No need to calculate success/failure in workflows
- **Clean workflows**: Minimal boilerplate code
- **Reusable templates**: One template for all components
- **Easy to maintain**: Change template once, applies everywhere
- **Version controlled**: All message formats in git
-
-## Related Resources
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
- [Message templates documentation](../../scripts/slack-messages/README.md)
@@ -1,74 +0,0 @@
-name: 'Slack Notification'
-description: 'Generic action to send Slack notifications with optional message updates and automatic status detection'
-inputs:
-  slack-bot-token:
-    description: 'Slack bot token for authentication'
-    required: true
-  payload-file-path:
-    description: 'Path to JSON file with the Slack message payload'
-    required: true
-  update-ts:
-    description: 'Message timestamp to update (only for updates, leave empty for new messages)'
-    required: false
-    default: ''
-  step-outcome:
-    description: 'Outcome of a step to determine status (success/failure) - automatically sets STATUS_TEXT and STATUS_COLOR env vars'
-    required: false
-    default: ''
-outputs:
-  ts:
-    description: 'Timestamp of the Slack message'
-    value: ${{ steps.slack-notification.outputs.ts }}
-runs:
-  using: 'composite'
-  steps:
-    - name: Determine status
-      id: status
-      shell: bash
-      run: |
-        if [[ "${{ inputs.step-outcome }}" == "success" ]]; then
-          echo "STATUS_TEXT=Completed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#6aa84f" >> $GITHUB_ENV
-        elif [[ "${{ inputs.step-outcome }}" == "failure" ]]; then
-          echo "STATUS_TEXT=Failed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#fc3434" >> $GITHUB_ENV
-        else
-          # No outcome provided - pending/in progress state
-          echo "STATUS_COLOR=#dbab09" >> $GITHUB_ENV
-        fi
-
-    - name: Send Slack notification (new message)
-      if: inputs.update-ts == ''
-      id: slack-notification-post
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.postMessage
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Update Slack notification
-      if: inputs.update-ts != ''
-      id: slack-notification-update
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.update
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Set output
-      id: slack-notification
-      shell: bash
-      run: |
-        if [[ "${{ inputs.update-ts }}" == "" ]]; then
-          echo "ts=${{ steps.slack-notification-post.outputs.ts }}" >> $GITHUB_OUTPUT
-        else
-          echo "ts=${{ inputs.update-ts }}" >> $GITHUB_OUTPUT
-        fi
@@ -45,13 +45,22 @@ outputs:
 runs:
  using: 'composite'
  steps:
-    - name: Cache Trivy vulnerability database
-      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+    - name: Run Trivy vulnerability scan (SARIF)
+      if: inputs.upload-sarif == 'true'
+      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
      with:
-        path: ~/.cache/trivy
-        key: trivy-db-${{ runner.os }}-${{ github.run_id }}
-        restore-keys: |
-          trivy-db-${{ runner.os }}-
+        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+        severity: 'CRITICAL,HIGH'
+        exit-code: '0'
+
+    - name: Upload Trivy results to GitHub Security tab
+      if: inputs.upload-sarif == 'true'
+      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        sarif_file: 'trivy-results.sarif'
+        category: 'trivy-container'

    - name: Run Trivy vulnerability scan (JSON)
      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
@@ -61,27 +70,6 @@ runs:
        output: 'trivy-report.json'
        severity: ${{ inputs.severity }}
        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Run Trivy vulnerability scan (SARIF)
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
-      with:
-        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
-        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Upload Trivy results to GitHub Security tab
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-      with:
-        sarif_file: 'trivy-results.sarif'
-        category: 'trivy-container'

    - name: Upload Trivy report artifact
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -121,20 +109,20 @@ runs:
      with:
        script: |
          const comment = require('./.github/scripts/trivy-pr-comment.js');
-
+          
          // Unique identifier to find our comment
          const marker = '<!-- trivy-scan-comment:${{ inputs.image-name }} -->';
          const body = marker + '\n' + comment;
-
+          
          // Find existing comment
          const { data: comments } = await github.rest.issues.listComments({
            owner: context.repo.owner,
            repo: context.repo.repo,
            issue_number: context.issue.number,
          });
-
+          
          const existingComment = comments.find(c => c.body?.includes(marker));
-
+          
          if (existingComment) {
            // Update existing comment
            await github.rest.issues.updateComment({
@@ -1,18 +1,4 @@
-name: 'SDK: CodeQL Config'
-paths:
-  - 'prowler/'
-
+name: "SDK - CodeQL Config"
 paths-ignore:
-  - 'api/'
-  - 'ui/'
-  - 'dashboard/'
-  - 'mcp_server/'
-  - 'tests/**'
-  - 'util/**'
-  - 'contrib/**'
-  - 'examples/**'
-  - 'prowler/**/__pycache__/**'
-  - 'prowler/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "api/"
+  - "ui/"
@@ -1,17 +1,3 @@
-name: 'UI: CodeQL Config'
+name: "UI - CodeQL Config"
 paths:
-  - 'ui/'
-
-paths-ignore:
-  - 'ui/node_modules/**'
-  - 'ui/.next/**'
-  - 'ui/out/**'
-  - 'ui/tests/**'
-  - 'ui/**/*.test.ts'
-  - 'ui/**/*.test.tsx'
-  - 'ui/**/*.spec.ts'
-  - 'ui/**/*.spec.tsx'
-  - 'ui/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "ui/"
@@ -22,13 +22,6 @@ Please add a detailed description of how to review this PR.
 - [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)
 - [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/prowler/CHANGELOG.md), if applicable.

-#### UI
- [ ] All issue/task requirements work as expected on the UI
- [ ] Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
- [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/ui/CHANGELOG.md), if applicable.
-
 #### API
 - [ ] Verify if API specs need to be regenerated.
 - [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
@@ -1,462 +0,0 @@
-# Slack Message Templates
-
-This directory contains reusable message templates for Slack notifications sent from GitHub Actions workflows.
-
-## Usage
-
-These JSON templates are used with the `slackapi/slack-github-action` using the Slack API method (`chat.postMessage` and `chat.update`). All templates support rich Block Kit formatting and message updates.
-
-### Available Templates
-
-**Container Releases**
- `container-release-started.json`: Simple one-line notification when container push starts
- `container-release-completed.json`: Simple one-line notification when container release completes
-
-**Deployments**
- `deployment-started.json`: Deployment start notification with Block Kit formatting
- `deployment-completed.json`: Deployment completion notification (updates the start message)
-
-All templates use the Slack API method and require a Slack Bot Token.
-
-## Setup Requirements
-
-1. Create a Slack App (or use existing)
-2. Add Bot Token Scopes: `chat:write`, `chat:write.public`
-3. Install the app to your workspace
-4. Get the Bot Token from OAuth & Permissions page
-5. Add secrets:
-   - `SLACK_BOT_TOKEN`: Your bot token
-   - `SLACK_CHANNEL_ID`: The channel ID where messages will be posted
-
-Reference: [Sending data using a Slack API method](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
-
-## Environment Variables
-
-### Required Secrets (GitHub Secrets)
- `SLACK_BOT_TOKEN`: Passed as `token` parameter to the action (not as env variable)
- `SLACK_CHANNEL_ID`: Used in payload as env variable
-
-### Container Release Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `RELEASE_TAG` / `PROWLER_VERSION`: The release tag or version being deployed
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
- `STATUS_EMOJI`: Status symbol (calculated: `[✓]` for success, `[✗]` for failure)
- `STATUS_TEXT`: Status text (calculated: "completed successfully!" or "failed")
-
-### Deployment Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `ENVIRONMENT`: Environment name (e.g., "DEVELOPMENT", "PRODUCTION")
- `COMMIT_HASH`: Commit hash being deployed
- `VERSION_DEPLOYED`: Version being deployed
- `GITHUB_ACTOR`: User who triggered the workflow
- `GITHUB_WORKFLOW`: Workflow name
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
-
-All other variables (MESSAGE_TS, STATUS, STATUS_COLOR, STATUS_EMOJI, etc.) are calculated internally within the workflow and should NOT be configured as environment variables.
-
-## Example Workflow Usage
-
-### Using the Generic Slack Notification Action (Recommended)
-
-**Recommended approach**: Use the generic reusable action `.github/actions/slack-notification` which provides maximum flexibility:
-
-#### Example 1: Container Release (Start + Completion)
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API container release ${{ env.RELEASE_TAG }} push started... <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-
-# Build and push container
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Calculate status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Send completion notification
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "${{ steps.push-status.outputs.emoji }} API container release ${{ env.RELEASE_TAG }} push ${{ steps.push-status.outputs.text }} <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-```
-
-#### Example 2: Simple One-Time Message
-
-```yaml
- name: Send notification
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "Deployment completed successfully!"
-      }
-```
-
-#### Example 3: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API deployment to PRODUCTION started",
-        "attachments": [
-          {
-            "color": "dbab09",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\nIn Progress"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Calculate status
- name: Determine status
-  if: always()
-  id: status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "color=28a745" >> $GITHUB_OUTPUT
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status=Completed" >> $GITHUB_OUTPUT
-    else
-      echo "color=fc3434" >> $GITHUB_OUTPUT
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status=Failed" >> $GITHUB_OUTPUT
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "ts": "${{ steps.slack-start.outputs.ts }}",
-        "text": "${{ steps.status.outputs.emoji }} API deployment to PRODUCTION ${{ steps.status.outputs.status }}",
-        "attachments": [
-          {
-            "color": "${{ steps.status.outputs.color }}",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\n${{ steps.status.outputs.emoji }} ${{ steps.status.outputs.status }}"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-```
-
-**Benefits of using the generic action:**
- Maximum flexibility: Build any payload you need directly in the workflow
- No template files needed: Everything inline
- Supports all scenarios: one-time messages, start/update patterns, rich Block Kit
- Easy to customize per use case
- Generic: Works for containers, deployments, or any notification type
-
-For more details, see [Slack Notification Action](../../actions/slack-notification/README.md).
-
-### Using Message Templates (Alternative Approach)
-
-Simple one-line notifications for container releases:
-
-```yaml
-# Step 1: Notify when push starts
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Step 2: Build and push container
- name: Build and push container
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Step 3: Determine push status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status-text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status-text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Notify when push completes (success or failure)
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS_EMOJI: ${{ steps.push-status.outputs.status-emoji }}
-    STATUS_TEXT: ${{ steps.push-status.outputs.status-text }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-```
-
-### Deployment with Update Pattern
-
-For deployments that start with one message and update it with the final status:
-
-```yaml
-# Step 1: Send deployment start notification
- name: Notify Deployment Start
-  id: slack-notification-start
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Step 2: Run your deployment steps
- name: Terraform Plan
-  id: terraform-plan
-  run: terraform plan
-
- name: Terraform Apply
-  id: terraform-apply
-  run: terraform apply -auto-approve
-
-# Step 3: Determine status (calculated internally, not configured)
- name: Determine Status
-  if: always()
-  id: determine-status
-  run: |
-    if [[ "${{ steps.terraform-apply.outcome }}" == "success" ]]; then
-      echo "status=Completed" >> $GITHUB_OUTPUT
-      echo "status-color=28a745" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-    elif [[ "${{ steps.terraform-plan.outcome }}" == "failure" || "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      if [[ "${{ steps.terraform-plan.outcome }}" == "failure" ]]; then
-        echo "plan-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-      if [[ "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-        echo "apply-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-    else
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[?]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[?]" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Update the same Slack message (using calculated values)
- name: Notify Deployment Result
-  if: always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-notification-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ steps.determine-status.outputs.status }}
-    STATUS_COLOR: ${{ steps.determine-status.outputs.status-color }}
-    STATUS_EMOJI: ${{ steps.determine-status.outputs.status-emoji }}
-    PLAN_EMOJI: ${{ steps.determine-status.outputs.plan-emoji }}
-    APPLY_EMOJI: ${{ steps.determine-status.outputs.apply-emoji }}
-    TERRAFORM_PLAN_OUTCOME: ${{ steps.terraform-plan.outcome }}
-    TERRAFORM_APPLY_OUTCOME: ${{ steps.terraform-apply.outcome }}
-  with:
-    method: chat.update
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-```
-
-**Note**: Variables like `STATUS`, `STATUS_COLOR`, `STATUS_EMOJI`, `PLAN_EMOJI`, `APPLY_EMOJI` are calculated by the `determine-status` step based on the outcomes of previous steps. They should NOT be manually configured.
-
-## Key Features
-
-### Benefits of Using Slack API Method
-
- **Rich Block Kit Formatting**: Full support for Slack's Block Kit including headers, sections, fields, colors, and attachments
- **Message Updates**: Update the same message instead of posting multiple messages (using `chat.update` with `ts`)
- **Consistent Experience**: Same look and feel as Prowler Cloud notifications
- **Flexible**: Easy to customize message appearance by editing JSON templates
-
-### Differences from Webhook Method
-
-| Feature | webhook-trigger | Slack API (chat.postMessage) |
-|---------|-----------------|------------------------------|
-| Setup | Workflow Builder webhook | Slack Bot Token + Channel ID |
-| Formatting | Plain text/simple | Full Block Kit support |
-| Message Update | No | Yes (with chat.update) |
-| Authentication | Webhook URL | Bot Token |
-| Scopes Required | None | chat:write, chat:write.public |
-
-## Message Appearance
-
-### Container Release (Simple One-Line)
-
-**Start message:**
-```
-API container release 4.5.0 push started... View run
-```
-
-**Completion message (success):**
-```
-[✓] API container release 4.5.0 push completed successfully! View run
-```
-
-**Completion message (failure):**
-```
-[✗] API container release 4.5.0 push failed View run
-```
-
-All messages are simple one-liners with a clickable "View run" link. The completion message adapts to show success `[✓]` or failure `[✗]` based on the outcome of the container push.
-
-### Deployment Start
- Header: Component and environment
- Yellow bar (color: `dbab09`)
- Status: In Progress
- Details: Commit, version, actor, workflow
- Link: Direct link to deployment run
-
-### Deployment Completion
- Header: Component and environment
- Green bar for success (color: `28a745`) / Red bar for failure (color: `fc3434`)
- Status: [✓] Completed or [✗] Failed
- Details: All deployment info plus terraform outcomes
- Link: Direct link to deployment run
-
-## Adding New Templates
-
-1. Create a new JSON file with Block Kit structure
-2. Use environment variable placeholders (e.g., `$VAR_NAME`)
-3. Include `channel` and `text` fields (required)
-4. Add `blocks` or `attachments` for rich formatting
-5. For update templates, include `ts` field as `$MESSAGE_TS`
-6. Document the template in this README
-7. Reference it in your workflow using `payload-file-path`
-
-## Reference
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\n${{ env.STATUS_TEXT }}\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push ${{ env.STATUS_TEXT }}\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\nStarted\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push started...\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -0,0 +1,115 @@
+name: API - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "api/**"
+      - "prowler/**"
+      - ".github/workflows/api-build-lint-push-containers.yml"
+
+  # Uncomment the code below to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "api/**"
+  #     - ".github/workflows/api-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./api
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-api-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,71 +0,0 @@
-name: 'API: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-code-quality:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-code-quality.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Poetry check
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Ruff lint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff check . --exclude contrib
-
-      - name: Ruff format
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff format --check . --exclude contrib
-
-      - name: Pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
@@ -25,7 +25,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  api-analyze:
+  analyze:
    name: CodeQL Security Analysis
    runs-on: ubuntu-latest
    timeout-minutes: 30
@@ -45,12 +45,12 @@ jobs:
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/api-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          category: '/language:${{ matrix.language }}'
@@ -1,135 +0,0 @@
-name: 'API: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'api/**'
-      - 'prowler/**'
-      - '.github/workflows/api-build-lint-push-containers.yml'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./api
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push API container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push API container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger API deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: api-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,89 +0,0 @@
-name: 'API: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-  IMAGE_NAME: prowler-api
-
-jobs:
-  api-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: api/Dockerfile
-          ignore: DL3013
-
-  api-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/**
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.API_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,228 @@
+name: 'API: Pull Request'
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - '.github/workflows/api-pull-request.yml'
+      - 'api/**'
+      - '!api/docs/**'
+      - '!api/README.md'
+      - '!api/CHANGELOG.md'
+  pull_request:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - '.github/workflows/api-pull-request.yml'
+      - 'api/**'
+      - '!api/docs/**'
+      - '!api/README.md'
+      - '!api/CHANGELOG.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  POSTGRES_HOST: localhost
+  POSTGRES_PORT: 5432
+  POSTGRES_ADMIN_USER: prowler
+  POSTGRES_ADMIN_PASSWORD: S3cret
+  POSTGRES_USER: prowler_user
+  POSTGRES_PASSWORD: prowler
+  POSTGRES_DB: postgres-db
+  VALKEY_HOST: localhost
+  VALKEY_PORT: 6379
+  VALKEY_DB: 0
+  API_WORKING_DIR: ./api
+  IMAGE_NAME: prowler-api
+
+jobs:
+  code-quality:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Poetry check
+        run: poetry check --lock
+
+      - name: Ruff lint
+        run: poetry run ruff check . --exclude contrib
+
+      - name: Ruff format
+        run: poetry run ruff format --check . --exclude contrib
+
+      - name: Pylint
+        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
+
+  security-scans:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Bandit
+        run: poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
+
+      - name: Safety
+        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
+        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
+        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
+
+      - name: Vulture
+        run: poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
+
+  tests:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
+          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      valkey:
+        image: valkey/valkey:7-alpine3.19
+        env:
+          VALKEY_HOST: ${{ env.VALKEY_HOST }}
+          VALKEY_PORT: ${{ env.VALKEY_PORT }}
+          VALKEY_DB: ${{ env.VALKEY_DB }}
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "valkey-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Run tests with pytest
+        run: poetry run pytest --cov=./src/backend --cov-report=xml src/backend
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: api
+
+  dockerfile-lint:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Lint Dockerfile with Hadolint
+        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        with:
+          dockerfile: api/Dockerfile
+          ignore: DL3013
+
+  container-build-and-scan:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      security-events: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build container
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.API_WORKING_DIR }}
+          push: false
+          load: true
+          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Scan container with Trivy
+        uses: ./.github/actions/trivy-scan
+        with:
+          image-name: ${{ env.IMAGE_NAME }}
+          image-tag: ${{ github.sha }}
+          fail-on-critical: 'false'
+          severity: 'CRITICAL'
@@ -1,69 +0,0 @@
-name: 'API: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-security-scans:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-security.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
-
-      - name: Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
-        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
-
-      - name: Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
@@ -1,107 +0,0 @@
-name: 'API: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  POSTGRES_HOST: localhost
-  POSTGRES_PORT: 5432
-  POSTGRES_ADMIN_USER: prowler
-  POSTGRES_ADMIN_PASSWORD: S3cret
-  POSTGRES_USER: prowler_user
-  POSTGRES_PASSWORD: prowler
-  POSTGRES_DB: postgres-db
-  VALKEY_HOST: localhost
-  VALKEY_PORT: 6379
-  VALKEY_DB: 0
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
-          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
-          POSTGRES_USER: ${{ env.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
-          POSTGRES_DB: ${{ env.POSTGRES_DB }}
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      valkey:
-        image: valkey/valkey:7-alpine3.19
-        env:
-          VALKEY_HOST: ${{ env.VALKEY_HOST }}
-          VALKEY_PORT: ${{ env.VALKEY_PORT }}
-          VALKEY_DB: ${{ env.VALKEY_DB }}
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "valkey-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-tests.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Run tests with pytest
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pytest --cov=./src/backend --cov-report=xml src/backend
-
-      - name: Upload coverage reports to Codecov
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: api
@@ -7,6 +7,8 @@ on:
    types:
      - 'labeled'
      - 'closed'
+    paths:
+      - '.github/workflows/backport.yml'

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -38,7 +40,7 @@ jobs:

      - name: Backport PR
        if: steps.label_check.outputs.label_check == 'success'
-        uses: sorenlouv/backport-github-action@516854e7c9f962b9939085c9a92ea28411d1ae90 # v10.2.0
+        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
@@ -26,6 +26,6 @@ jobs:

    steps:
      - name: Check PR title format
-        uses: agenthunt/conventional-commit-checker-action@f1823f632e95a64547566dcd2c7da920e67117ad # v2.0.1
+        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
        with:
          pr-title-regex: '^(feat|fix|docs|style|refactor|perf|test|chore|build|ci|revert)(\([^)]+\))?!?: .+'
@@ -1,33 +1,19 @@
 name: 'Tools: TruffleHog'

-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+on: pull_request

 jobs:
-  scan-secrets:
+  trufflehog:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
    steps:
-      - name: Checkout repository
+      - name: Checkout
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
-
-      - name: Scan for secrets with TruffleHog
-        uses: trufflesecurity/trufflehog@b84c3d14d189e16da175e2c27fa8136603783ffc # v3.90.12
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@466da5b0bb161144f6afca9afe5d57975828c410 # v3.90.8
        with:
-          extra_args: '--results=verified,unknown'
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --only-verified
@@ -1,45 +0,0 @@
-name: Community PR labelling
-
-on:
-  # We need "write" permissions on the PR to be able to add a label.
-  pull_request_target: # We need this to have labelling permissions. There are no user inputs here, so we should be fine.
-    types:
-      - opened
-
-permissions: {}
-
-jobs:
-  label-if-community:
-    name: Add 'community' label if the PR is from a community contributor
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Check if author is org member
-        id: check_membership
-        env:
-          GH_TOKEN: ${{ github.token }}
-          AUTHOR: ${{ github.event.pull_request.user.login }}
-          ORG: ${{ github.repository_owner }}
-        run: |
-          echo "Checking if $AUTHOR is a member of $ORG"
-          if gh api --method GET "orgs/$ORG/members/$AUTHOR" >/dev/null 2>&1; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is an organization member"
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is not an organization member"
-          fi
-
-      - name: Add community label
-        if: steps.check_membership.outputs.is_member == 'false'
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          echo "Adding 'community' label to PR #$PR_NUMBER"
-          gh api /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \
-            -X POST \
-            -f labels[]='community'
@@ -1,29 +1,17 @@
-name: 'Tools: PR Labeler'
+name: Prowler - PR Labeler

 on:
-  pull_request_target:
-    branches:
-      - 'master'
-      - 'v5.*'
-    types:
-      - 'opened'
-      - 'reopened'
-      - 'synchronize'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    pull_request_target:
+      branches:
+        - "master"
+        - "v3"
+        - "v4.*"

 jobs:
  labeler:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: write
-
+    runs-on: ubuntu-latest
    steps:
-      - name: Apply labels to PR
-        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
-        with:
-          sync-labels: true
+    - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
@@ -3,20 +3,28 @@ name: 'MCP: Container Build and Push'
 on:
  push:
    branches:
-      - 'master'
+      - "master"
    paths:
-      - 'mcp_server/**'
-      - '.github/workflows/mcp-container-build-push.yml'
+      - "mcp_server/**"
+      - ".github/workflows/mcp-container-build-push.yml"
+
+  # Uncomment to test this workflow on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "mcp_server/**"
+  #     - ".github/workflows/mcp-container-build-push.yml"
+
  release:
-    types:
-      - 'published'
+    types: [published]

 permissions:
  contents: read

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
+  cancel-in-progress: true

 env:
  # Tags
@@ -33,7 +41,6 @@ jobs:
  setup:
    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
-    timeout-minutes: 5
    outputs:
      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
    steps:
@@ -44,12 +51,8 @@ jobs:
  container-build-push:
    needs: setup
    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
    steps:
-      - name: Checkout repository
+      - name: Checkout
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Login to DockerHub
@@ -61,7 +64,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

-      - name: Build and push MCP container (latest)
+      - name: Build and push container (latest)
        if: github.event_name == 'push'
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
@@ -80,23 +83,8 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

-      - name: Notify container push started
+      - name: Build and push container (release)
        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push MCP container (release)
-        if: github.event_name == 'release'
-        id: container-push
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
@@ -115,31 +103,8 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max

-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger MCP deployment
+      - name: Trigger deployment
+        if: github.event_name == 'push'
        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -1,87 +0,0 @@
-name: 'MCP: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  MCP_WORKING_DIR: ./mcp_server
-  IMAGE_NAME: prowler-mcp
-
-jobs:
-  mcp-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: mcp_server/Dockerfile
-
-  mcp-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for MCP changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/**
-          files_ignore: |
-            mcp_server/README.md
-            mcp_server/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build MCP container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.MCP_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan MCP container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -1,103 +0,0 @@
-name: 'Tools: Check Changelog'
-
-on:
-  pull_request:
-    types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
-      - 'labeled'
-      - 'unlabeled'
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  check-changelog:
-    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    env:
-      MONITORED_FOLDERS: 'api ui prowler mcp_server'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          fetch-depth: 0
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            ui/**
-            prowler/**
-            mcp_server/**
-
-      - name: Check for folder changes and changelog presence
-        id: check-folders
-        run: |
-          missing_changelogs=""
-
-          # Check api folder
-          if [[ "${{ steps.changed-files.outputs.any_changed }}" == "true" ]]; then
-            for folder in $MONITORED_FOLDERS; do
-              # Get files changed in this folder
-              changed_in_folder=$(echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "^${folder}/" || true)
-
-              if [ -n "$changed_in_folder" ]; then
-                echo "Detected changes in ${folder}/"
-
-                # Check if CHANGELOG.md was updated
-                if ! echo "$changed_in_folder" | grep -q "^${folder}/CHANGELOG.md$"; then
-                  echo "No changelog update found for ${folder}/"
-                  missing_changelogs="${missing_changelogs}- \`${folder}\`"$'\n'
-                fi
-              fi
-            done
-          fi
-
-          {
-            echo "missing_changelogs<<EOF"
-            echo -e "${missing_changelogs}"
-            echo "EOF"
-          } >> $GITHUB_OUTPUT
-
-      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        id: find-comment
-        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- changelog-check -->'
-
-      - name: Update PR comment with changelog status
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          edit-mode: replace
-          body: |
-            <!-- changelog-check -->
-            ${{ steps.check-folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
-
-            {0}
-
-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check-folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated.' }}
-
-      - name: Fail if changelog is missing
-        if: steps.check-folders.outputs.missing_changelogs != ''
-        run: |
-          echo "::error::Missing changelog updates in some folders"
-          exit 1
@@ -1,40 +1,42 @@
-name: 'Tools: PR Conflict Checker'
+name: Prowler - PR Conflict Checker

 on:
-  pull_request_target:
+  pull_request:
    types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
+      - opened
+      - synchronize
+      - reopened
    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+      - "master"
+      - "v5.*"
+  # Leaving this commented until we find a way to run it for forks but in Prowler's context
+  # pull_request_target:
+  #   types:
+  #     - opened
+  #     - synchronize
+  #     - reopened
+  #   branches:
+  #     - "master"
+  #     - "v5.*"

 jobs:
-  check-conflicts:
+  conflict-checker:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: write
      issues: write

    steps:
-      - name: Checkout PR head
+      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0

      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
-          files: '**'
+          files: |
+            **

      - name: Check for conflict markers
        id: conflict-check
@@ -49,10 +51,10 @@ jobs:
            if [ -f "$file" ]; then
              echo "Checking file: $file"

-              # Look for conflict markers (more precise regex)
-              if grep -qE '^(<<<<<<<|=======|>>>>>>>)' "$file" 2>/dev/null; then
+              # Look for conflict markers
+              if grep -l "^<<<<<<<\|^=======\|^>>>>>>>" "$file" 2>/dev/null; then
                echo "Conflict markers found in: $file"
-                CONFLICT_FILES="${CONFLICT_FILES}- \`${file}\`"$'\n'
+                CONFLICT_FILES="$CONFLICT_FILES$file "
                HAS_CONFLICTS=true
              fi
            fi
@@ -60,64 +62,114 @@ jobs:

          if [ "$HAS_CONFLICTS" = true ]; then
            echo "has_conflicts=true" >> $GITHUB_OUTPUT
-            {
-              echo "conflict_files<<EOF"
-              echo "$CONFLICT_FILES"
-              echo "EOF"
-            } >> $GITHUB_OUTPUT
-            echo "Conflict markers detected"
+            echo "conflict_files=$CONFLICT_FILES" >> $GITHUB_OUTPUT
+            echo "Conflict markers detected in files: $CONFLICT_FILES"
          else
            echo "has_conflicts=false" >> $GITHUB_OUTPUT
            echo "No conflict markers found in changed files"
          fi

-      - name: Manage conflict label
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          HAS_CONFLICTS: ${{ steps.conflict-check.outputs.has_conflicts }}
-        run: |
-          LABEL_NAME="has-conflicts"
+      - name: Add conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });

-          # Add or remove label based on conflict status
-          if [ "$HAS_CONFLICTS" = "true" ]; then
-            echo "Adding conflict label to PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --add-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          else
-            echo "Removing conflict label from PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --remove-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          fi
+            const hasConflictLabel = labels.some(label => label.name === 'has-conflicts');

-      - name: Find existing comment
+            if (!hasConflictLabel) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: ['has-conflicts']
+              });
+              console.log('Added has-conflicts label');
+            } else {
+              console.log('has-conflicts label already exists');
+            }
+
+      - name: Remove conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            try {
+              await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                name: 'has-conflicts'
+              });
+              console.log('Removed has-conflicts label');
+            } catch (error) {
+              if (error.status === 404) {
+                console.log('has-conflicts label was not present');
+              } else {
+                throw error;
+              }
+            }
+
+      - name: Find existing conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
        id: find-comment
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- conflict-checker-comment -->'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'

-      - name: Create or update comment
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+      - name: Create or update conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ github.event.pull_request.number }}
          edit-mode: replace
          body: |
-            <!-- conflict-checker-comment -->
-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && '⚠️ **Conflict Markers Detected**' || '✅ **Conflict Markers Resolved**' }}
+            ⚠️ **Conflict Markers Detected**

-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && format('This pull request contains unresolved conflict markers in the following files:
-
-            {0}
+            This pull request contains unresolved conflict markers in the following files:
+            ```
+            ${{ steps.conflict-check.outputs.conflict_files }}
+            ```

            Please resolve these conflicts by:
            1. Locating the conflict markers: `<<<<<<<`, `=======`, and `>>>>>>>`
            2. Manually editing the files to resolve the conflicts
            3. Removing all conflict markers
-            4. Committing and pushing the changes', steps.conflict-check.outputs.conflict_files) || 'All conflict markers have been successfully resolved in this pull request.' }}
+            4. Committing and pushing the changes
+
+      - name: Find existing conflict comment when resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
+        id: find-resolved-comment
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'
+
+      - name: Update comment when conflicts resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false' && steps.find-resolved-comment.outputs.comment-id != ''
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          comment-id: ${{ steps.find-resolved-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          edit-mode: replace
+          body: |
+            ✅ **Conflict Markers Resolved**
+
+            All conflict markers have been successfully resolved in this pull request.

      - name: Fail workflow if conflicts detected
        if: steps.conflict-check.outputs.has_conflicts == 'true'
        run: |
-          echo "::error::Workflow failed due to conflict markers detected in the PR"
+          echo "::error::Workflow failed due to conflict markers in files: ${{ steps.conflict-check.outputs.conflict_files }}"
          exit 1
@@ -1,6 +1,6 @@
-name: 'Tools: Prepare Release'
+name: Prowler - Release Preparation

-run-name: 'Prepare Release for Prowler ${{ inputs.prowler_version }}'
+run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}

 on:
  workflow_dispatch:
@@ -10,23 +10,18 @@ on:
        required: true
        type: string

-concurrency:
-  group: ${{ github.workflow }}-${{ inputs.prowler_version }}
-  cancel-in-progress: false
-
 env:
-  PROWLER_VERSION: ${{ inputs.prowler_version }}
+  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}

 jobs:
  prepare-release:
-    if: github.event_name == 'workflow_dispatch' && github.repository == 'prowler-cloud/prowler'
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      contents: write
      pull-requests: write
    steps:
-    - name: Checkout repository
+    - name: Checkout code
      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      with:
        fetch-depth: 0
@@ -39,13 +34,13 @@ jobs:

    - name: Install Poetry
      run: |
-        python3 -m pip install --user poetry==2.1.1
+        python3 -m pip install --user poetry
        echo "$HOME/.local/bin" >> $GITHUB_PATH

    - name: Configure Git
      run: |
-        git config --global user.name 'prowler-bot'
-        git config --global user.email '179230569+prowler-bot@users.noreply.github.com'
+        git config --global user.name "prowler-bot"
+        git config --global user.email "179230569+prowler-bot@users.noreply.github.com"

    - name: Parse version and determine branch
      run: |
@@ -64,84 +59,67 @@ jobs:
          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"

+          # Function to extract the latest version from changelog
+          extract_latest_version() {
+            local changelog_file="$1"
+            if [ -f "$changelog_file" ]; then
+              # Extract the first version entry (most recent) from changelog
+              # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
+              local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
+              echo "$version"
+            else
+              echo ""
+            fi
+          }
+
+          # Read actual versions from changelogs (source of truth)
+          UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
+          API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
+          SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
+          MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
+
+          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
+          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
+          echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
+          echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
+
+          if [ -n "$UI_VERSION" ]; then
+            echo "Read UI version from changelog: $UI_VERSION"
+          else
+            echo "Warning: No UI version found in ui/CHANGELOG.md"
+          fi
+
+          if [ -n "$API_VERSION" ]; then
+            echo "Read API version from changelog: $API_VERSION"
+          else
+            echo "Warning: No API version found in api/CHANGELOG.md"
+          fi
+
+          if [ -n "$SDK_VERSION" ]; then
+            echo "Read SDK version from changelog: $SDK_VERSION"
+          else
+            echo "Warning: No SDK version found in prowler/CHANGELOG.md"
+          fi
+
+          if [ -n "$MCP_VERSION" ]; then
+            echo "Read MCP version from changelog: $MCP_VERSION"
+          else
+            echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
+          fi
+
          echo "Prowler version: $PROWLER_VERSION"
          echo "Branch name: $BRANCH_NAME"
+          echo "UI version: $UI_VERSION"
+          echo "API version: $API_VERSION"
+          echo "SDK version: $SDK_VERSION"
+          echo "MCP version: $MCP_VERSION"
          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
        else
          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
          exit 1
        fi

-    - name: Checkout release branch
-      run: |
-        echo "Checking out branch $BRANCH_NAME for release $PROWLER_VERSION..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME does not exist. For minor releases (X.Y.0), create it manually first. For patch releases (X.Y.Z), the branch should already exist."
-          exit 1
-        fi
-
-    - name: Read changelog versions from release branch
-      run: |
-        # Function to extract the latest version from changelog
-        extract_latest_version() {
-          local changelog_file="$1"
-          if [ -f "$changelog_file" ]; then
-            # Extract the first version entry (most recent) from changelog
-            # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
-            local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
-            echo "$version"
-          else
-            echo ""
-          fi
-        }
-
-        # Read actual versions from changelogs (source of truth)
-        UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
-        API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
-        SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
-        MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
-
-        echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-        echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-        echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
-        echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
-
-        if [ -n "$UI_VERSION" ]; then
-          echo "Read UI version from changelog: $UI_VERSION"
-        else
-          echo "Warning: No UI version found in ui/CHANGELOG.md"
-        fi
-
-        if [ -n "$API_VERSION" ]; then
-          echo "Read API version from changelog: $API_VERSION"
-        else
-          echo "Warning: No API version found in api/CHANGELOG.md"
-        fi
-
-        if [ -n "$SDK_VERSION" ]; then
-          echo "Read SDK version from changelog: $SDK_VERSION"
-        else
-          echo "Warning: No SDK version found in prowler/CHANGELOG.md"
-        fi
-
-        if [ -n "$MCP_VERSION" ]; then
-          echo "Read MCP version from changelog: $MCP_VERSION"
-        else
-          echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
-        fi
-
-        echo "UI version: $UI_VERSION"
-        echo "API version: $API_VERSION"
-        echo "SDK version: $SDK_VERSION"
-        echo "MCP version: $MCP_VERSION"
-
-    - name: Extract and combine changelog entries
+    - name: Extract changelog entries
      run: |
        set -e

@@ -167,8 +145,8 @@ jobs:
          # Remove --- separators
          sed -i '/^---$/d' "$output_file"

-          # Remove only trailing empty lines (not all empty lines)
-          sed -i -e :a -e '/^\s*$/d;N;ba' "$output_file"
+          # Remove trailing empty lines
+          sed -i '/^$/d' "$output_file"
        }

        # Calculate expected versions for this release
@@ -264,15 +242,25 @@ jobs:
          echo "" >> combined_changelog.md
        fi

-        # Add fallback message if no changelogs were added
-        if [ ! -s combined_changelog.md ]; then
-          echo "No component changes detected for this release." >> combined_changelog.md
-        fi
-
        echo "Combined changelog preview:"
        cat combined_changelog.md

-    - name: Verify SDK version in pyproject.toml
+    - name: Checkout existing branch for patch release
+      if: ${{ env.PATCH_VERSION != '0' }}
+      run: |
+        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
+        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists locally, checking out..."
+          git checkout "$BRANCH_NAME"
+        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
+        else
+          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
+          exit 1
+        fi
+
+    - name: Verify version in pyproject.toml
      run: |
        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
@@ -282,7 +270,7 @@ jobs:
        fi
        echo "✓ pyproject.toml version: $CURRENT_VERSION"

-    - name: Verify SDK version in prowler/config/config.py
+    - name: Verify version in prowler/config/config.py
      run: |
        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
@@ -292,7 +280,7 @@ jobs:
        fi
        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"

-    - name: Verify API version in api/pyproject.toml
+    - name: Verify version in api/pyproject.toml
      if: ${{ env.HAS_API_CHANGES == 'true' }}
      run: |
        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
@@ -303,7 +291,7 @@ jobs:
        fi
        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"

-    - name: Verify API prowler dependency in api/pyproject.toml
+    - name: Verify prowler dependency in api/pyproject.toml
      if: ${{ env.PATCH_VERSION != '0' && env.HAS_API_CHANGES == 'true' }}
      run: |
        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
@@ -314,7 +302,7 @@ jobs:
        fi
        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"

-    - name: Verify API version in api/src/backend/api/v1/views.py
+    - name: Verify version in api/src/backend/api/v1/views.py
      if: ${{ env.HAS_API_CHANGES == 'true' }}
      run: |
        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
@@ -325,12 +313,31 @@ jobs:
        fi
        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"

-    - name: Update API prowler dependency for minor release
+    - name: Checkout existing release branch for minor release
+      if: ${{ env.PATCH_VERSION == '0' }}
+      run: |
+        echo "Minor release detected (patch = 0), checking out existing branch $BRANCH_NAME..."
+        if git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
+        else
+          echo "ERROR: Branch $BRANCH_NAME should exist for minor release $PROWLER_VERSION. Please create it manually first."
+          exit 1
+        fi
+
+    - name: Prepare prowler dependency update for minor release
      if: ${{ env.PATCH_VERSION == '0' }}
      run: |
        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')

+        # Create a temporary branch for the PR from the minor version branch
+        TEMP_BRANCH="update-api-dependency-$BRANCH_NAME_TRIMMED-$(date +%s)"
+        echo "TEMP_BRANCH=$TEMP_BRANCH" >> $GITHUB_ENV
+
+        # Create temp branch from the current minor version branch
+        git checkout -b "$TEMP_BRANCH"
+
        # Minor release: update the dependency to use the release branch
        echo "Updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
@@ -348,19 +355,20 @@ jobs:
        poetry lock
        cd ..

+        # Commit and push the temporary branch
+        git add api/pyproject.toml api/poetry.lock
+        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
+        git push origin "$TEMP_BRANCH"
+
        echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"

-    - name: Create PR for API dependency update
+    - name: Create Pull Request against release branch
      if: ${{ env.PATCH_VERSION == '0' }}
      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-        commit-message: 'chore(api): update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}'
-        branch: update-api-dependency-${{ env.BRANCH_NAME }}-${{ github.run_number }}
+        branch: ${{ env.TEMP_BRANCH }}
        base: ${{ env.BRANCH_NAME }}
-        add-paths: |
-          api/pyproject.toml
-          api/poetry.lock
        title: "chore(api): Update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}"
        body: |
          ### Description
@@ -382,7 +390,7 @@ jobs:
          no-changelog

    - name: Create draft release
-      uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+      uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
      with:
        tag_name: ${{ env.PROWLER_VERSION }}
        name: Prowler ${{ env.PROWLER_VERSION }}
@@ -393,6 +401,5 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Clean up temporary files
-      if: always()
      run: |
        rm -f prowler_changelog.md api_changelog.md ui_changelog.md mcp_changelog.md combined_changelog.md
@@ -0,0 +1,77 @@
+name: Prowler - Check Changelog
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+jobs:
+  check-changelog:
+    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    env:
+      MONITORED_FOLDERS: "api ui prowler mcp_server"
+
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Get list of changed files
+        id: changed_files
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt
+          cat changed_files.txt
+
+      - name: Check for folder changes and changelog presence
+        id: check_folders
+        run: |
+          missing_changelogs=""
+
+          for folder in $MONITORED_FOLDERS; do
+            if grep -q "^${folder}/" changed_files.txt; then
+              echo "Detected changes in ${folder}/"
+              if ! grep -q "^${folder}/CHANGELOG.md$" changed_files.txt; then
+                echo "No changelog update found for ${folder}/"
+                missing_changelogs="${missing_changelogs}- \`${folder}\`\n"
+              fi
+            fi
+          done
+
+          echo "missing_changelogs<<EOF" >> $GITHUB_OUTPUT
+          echo -e "${missing_changelogs}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Find existing changelog comment
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        id: find_comment
+        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad #v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '<!-- changelog-check -->'
+
+      - name: Update PR comment with changelog status
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.find_comment.outputs.comment-id }}
+          edit-mode: replace
+          body: |
+            <!-- changelog-check -->
+            ${{ steps.check_folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
+
+            {0}
+
+            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check_folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉' }}
+
+      - name: Fail if changelog is missing
+        if: steps.check_folders.outputs.missing_changelogs != ''
+        run: |
+          echo "ERROR: Missing changelog updates in some folders."
+          exit 1
@@ -1,31 +1,27 @@
-name: 'Tools: PR Merged'
+name: Prowler - Merged Pull Request

 on:
  pull_request_target:
-    branches:
-      - 'master'
-    types:
-      - 'closed'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: false
+    branches: ['master']
+    types: ['closed']

 jobs:
  trigger-cloud-pull-request:
+    name: Trigger Cloud Pull Request
    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
    steps:
-      - name: Calculate short commit SHA
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+
+      - name: Set short git commit SHA
        id: vars
        run: |
-          SHORT_SHA="${{ github.event.pull_request.merge_commit_sha }}"
-          echo "SHORT_SHA=${SHORT_SHA::7}" >> $GITHUB_ENV
+          shortSha=$(git rev-parse --short ${{ github.event.pull_request.merge_commit_sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV

-      - name: Trigger Cloud repository pull request
+      - name: Trigger pull request
        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -35,12 +31,8 @@ jobs:
            {
              "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
              "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-              "PROWLER_PR_NUMBER": "${{ github.event.pull_request.number }}",
              "PROWLER_PR_TITLE": ${{ toJson(github.event.pull_request.title) }},
              "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
              "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }},
-              "PROWLER_PR_MERGED_BY": "${{ github.event.pull_request.merged_by.login }}",
-              "PROWLER_PR_BASE_BRANCH": "${{ github.event.pull_request.base.ref }}",
-              "PROWLER_PR_HEAD_BRANCH": "${{ github.event.pull_request.head.ref }}"
+              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }}
            }
@@ -0,0 +1,202 @@
+name: SDK - Build and Push containers
+
+on:
+  push:
+    branches:
+      # For `v3-latest`
+      - "v3"
+      # For `v4-latest`
+      - "v4.6"
+      # For `latest`
+      - "master"
+    paths-ignore:
+      - ".github/**"
+      - "README.md"
+      - "docs/**"
+      - "ui/**"
+      - "api/**"
+
+  release:
+    types: [published]
+
+env:
+  # AWS Configuration
+  AWS_REGION_STG: eu-west-1
+  AWS_REGION_PLATFORM: eu-west-1
+  AWS_REGION: us-east-1
+
+  # Container's configuration
+  IMAGE_NAME: prowler
+  DOCKERFILE_PATH: ./Dockerfile
+
+  # Tags
+  LATEST_TAG: latest
+  STABLE_TAG: stable
+  # The RELEASE_TAG is set during runtime in releases
+  RELEASE_TAG: ""
+  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
+  PROWLER_VERSION: ""
+  PROWLER_VERSION_MAJOR: ""
+  # TEMPORARY_TAG: temporary
+
+  # Python configuration
+  PYTHON_VERSION: 3.12
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
+
+jobs:
+  # Build Prowler OSS container
+  container-build-push:
+    # needs: dockerfile-linter
+    runs-on: ubuntu-latest
+    outputs:
+      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
+      prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install Poetry
+        run: |
+          pipx install poetry==2.*
+          pipx inject poetry poetry-bumpversion
+
+      - name: Get Prowler version
+        id: get-prowler-version
+        run: |
+          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
+
+          # Store prowler version major just for the release
+          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
+
+          case ${PROWLER_VERSION_MAJOR} in
+          3)
+              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
+              ;;
+
+
+          4)
+              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
+              ;;
+
+          5)
+              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
+              ;;
+
+          *)
+              # Fallback if any other version is present
+              echo "Releasing another Prowler major version, aborting..."
+              exit 1
+              ;;
+          esac
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          # Use local context to get changes
+          # https://github.com/docker/build-push-action#path-context
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+#      - name: Push README to Docker Hub (toniblyx)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}
+#          readme-filepath: ./README.md
+#
+#      - name: Push README to Docker Hub (prowlercloud)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}
+#          readme-filepath: ./README.md
+
+  dispatch-action:
+    needs: container-build-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest commit info (latest)
+        if: github.event_name == 'push'
+        run: |
+          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
+          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
+
+      - name: Dispatch event (latest)
+        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+
+      - name: Dispatch event (release)
+        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
@@ -1,218 +1,146 @@
-name: 'SDK: Bump Version'
+name: SDK - Bump Version

 on:
  release:
-    types:
-      - 'published'
+    types: [published]

-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false

 env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

 jobs:
-  detect-release-type:
+  bump-version:
+    name: Bump Version
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - name: Detect release type and parse version
-        id: detect
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Get Prowler version
+        shell: bash
        run: |
          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
            MAJOR_VERSION=${BASH_REMATCH[1]}
            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
+            FIX_VERSION=${BASH_REMATCH[3]}

-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
+            # Export version components to GitHub environment
+            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"

-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
+            if (( MAJOR_VERSION == 5 )); then
+                if (( FIX_VERSION == 0 )); then
+                  echo "Minor Release: $PROWLER_VERSION"

-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
+                  # Set up next minor version for master
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=${BASE_BRANCH}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  # Set up patch version for version branch
+                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
+                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
+                else
+                  echo "Patch Release: $PROWLER_VERSION"
+
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                fi
            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
+                echo "Releasing another Prowler major version, aborting..."
+                exit 1
            fi
          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
+            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
            exit 1
          fi

-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next minor version
+      - name: Bump versions in files
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"

-          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
-          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"
+            set -e

-          echo "Current version: $PROWLER_VERSION"
-          echo "Next minor version: $NEXT_MINOR_VERSION"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml

-      - name: Bump versions in files for master
-        run: |
-          set -e
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_MINOR_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_MINOR_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env

-          echo "Files modified:"
-          git --no-pager diff
+            git --no-pager diff

-      - name: Create PR for next minor version to master
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.TARGET_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.NEXT_MINOR_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

-      - name: Checkout version branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first patch version
+      - name: Handle patch version for minor release
+        if: env.FIX_VERSION == '0'
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"

-          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+            set -e

-          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml

-          echo "First patch version: $FIRST_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py

-      - name: Bump versions in files for version branch
-        run: |
-          set -e
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${FIRST_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${FIRST_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env
+            git --no-pager diff

-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for first patch version to version branch
+      - name: Create Pull Request for patch version
+        if: env.FIX_VERSION == '0'
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.VERSION_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.FIRST_PATCH_VERSION }} in version branch after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-
-          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Current version: $PROWLER_VERSION"
-          echo "Next patch version: $NEXT_PATCH_VERSION"
-          echo "Target branch: $VERSION_BRANCH"
-
-      - name: Bump versions in files for version branch
-        run: |
-          set -e
-
-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next patch version to version branch
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
-
-            Bump Prowler version to v${{ env.NEXT_PATCH_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -1,90 +0,0 @@
-name: 'SDK: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-code-quality:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: |
-          poetry install --no-root
-          poetry run pip list
-
-      - name: Check Poetry lock file
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Lint with flake8
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
-
-      - name: Check format with black
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run black --exclude api ui --check .
-
-      - name: Lint with pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
@@ -1,41 +1,44 @@
-name: 'SDK: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: SDK - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
-  sdk-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -44,20 +47,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'python'
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - name: Checkout repository
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
-        with:
-          languages: ${{ matrix.language }}
-          config-file: ./.github/codeql/sdk-codeql-config.yml
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/sdk-codeql-config.yml

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
-        with:
-          category: '/language:${{ matrix.language }}'
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        category: "/language:${{matrix.language}}"
@@ -1,217 +0,0 @@
-name: 'SDK: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'v3'      # For v3-latest
-      - 'v4.6'    # For v4-latest
-      - 'master'  # For latest
-    paths-ignore:
-      - '.github/**'
-      - '!.github/workflows/sdk-container-build-push.yml'
-      - 'README.md'
-      - 'docs/**'
-      - 'ui/**'
-      - 'api/**'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Container configuration
-  IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Python configuration
-  PYTHON_VERSION: '3.12'
-
-  # Tags (dynamically set based on version)
-  LATEST_TAG: latest
-  STABLE_TAG: stable
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
-
-  # AWS configuration (for ECR)
-  AWS_REGION: us-east-1
-
-jobs:
-  container-build-push:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-    permissions:
-      contents: read
-      packages: write
-    outputs:
-      prowler_version: ${{ steps.get-prowler-version.outputs.prowler_version }}
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.prowler_version_major }}
-    env:
-      POETRY_VIRTUALENVS_CREATE: 'false'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        run: |
-          pipx install poetry==2.1.1
-          pipx inject poetry poetry-bumpversion
-
-      - name: Get Prowler version and set tags
-        id: get-prowler-version
-        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-          echo "prowler_version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-
-          # Extract major version
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "prowler_version_major=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-
-          # Set version-specific tags
-          case ${PROWLER_VERSION_MAJOR} in
-            3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v3 detected - tags: v3-latest, v3-stable"
-              ;;
-            4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v4 detected - tags: v4-latest, v4-stable"
-              ;;
-            5)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v5 detected - tags: latest, stable"
-              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${PROWLER_VERSION_MAJOR}"
-              exit 1
-              ;;
-          esac
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Public ECR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
-        env:
-          AWS_REGION: ${{ env.AWS_REGION }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push SDK container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push SDK container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  dispatch-v3-deployment:
-    if: needs.container-build-push.outputs.prowler_version_major == '3'
-    needs: container-build-push
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Calculate short SHA
-        id: short-sha
-        run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-      - name: Dispatch v3 deployment (latest)
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"v3-latest","tag":"${{ steps.short-sha.outputs.short_sha }}"}'
-
-      - name: Dispatch v3 deployment (release)
-        if: github.event_name == 'release'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"release","tag":"${{ needs.container-build-push.outputs.prowler_version }}"}'
@@ -1,103 +0,0 @@
-name: 'SDK: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  IMAGE_NAME: prowler
-
-jobs:
-  sdk-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: Dockerfile
-          ignore: DL3013
-
-  sdk-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build SDK container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan SDK container with Trivy
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,286 @@
+name: SDK - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+  pull_request:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Test if changes are in not ignored paths
+        id: are-non-ignored-files-changed
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: ./**
+          files_ignore: |
+            .github/**
+            docs/**
+            permissions/**
+            api/**
+            ui/**
+            prowler/CHANGELOG.md
+            README.md
+            mkdocs.yml
+            .backportrc.json
+            .env
+            docker-compose*
+            examples/**
+            .gitignore
+
+      - name: Install poetry
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          python -m pip install --upgrade pip
+          pipx install poetry==2.1.1
+
+      - name: Set up Python ${{ matrix.python-version }}
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry install --no-root
+          poetry run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
+            && chmod +x /tmp/hadolint
+
+      - name: Poetry check
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry check --lock
+
+      - name: Lint with flake8
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
+
+      - name: Checking format with black
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run black --exclude api ui --check .
+
+      - name: Lint with pylint
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
+
+      - name: Bandit
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
+
+      - name: Safety
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run safety check --ignore 70612 -r pyproject.toml
+
+      - name: Vulture
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
+
+      - name: Dockerfile - Check if Dockerfile has changed
+        id: dockerfile-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            Dockerfile
+
+      - name: Hadolint
+        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
+
+      # Test AWS
+      - name: AWS - Check if any file has changed
+        id: aws-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/aws/**
+            ./tests/providers/aws/**
+            ./poetry.lock
+
+      - name: AWS - Test
+        if: steps.aws-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
+
+      # Test Azure
+      - name: Azure - Check if any file has changed
+        id: azure-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/azure/**
+            ./tests/providers/azure/**
+            ./poetry.lock
+
+      - name: Azure - Test
+        if: steps.azure-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
+
+      # Test GCP
+      - name: GCP - Check if any file has changed
+        id: gcp-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/gcp/**
+            ./tests/providers/gcp/**
+            ./poetry.lock
+
+      - name: GCP - Test
+        if: steps.gcp-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
+
+      # Test Kubernetes
+      - name: Kubernetes - Check if any file has changed
+        id: kubernetes-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/kubernetes/**
+            ./tests/providers/kubernetes/**
+            ./poetry.lock
+
+      - name: Kubernetes - Test
+        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
+
+      # Test GitHub
+      - name: GitHub - Check if any file has changed
+        id: github-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/github/**
+            ./tests/providers/github/**
+            ./poetry.lock
+
+      - name: GitHub - Test
+        if: steps.github-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
+
+      # Test NHN
+      - name: NHN - Check if any file has changed
+        id: nhn-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/nhn/**
+            ./tests/providers/nhn/**
+            ./poetry.lock
+
+      - name: NHN - Test
+        if: steps.nhn-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
+
+      # Test M365
+      - name: M365 - Check if any file has changed
+        id: m365-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/m365/**
+            ./tests/providers/m365/**
+            ./poetry.lock
+
+      - name: M365 - Test
+        if: steps.m365-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
+
+      # Test IaC
+      - name: IaC - Check if any file has changed
+        id: iac-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/iac/**
+            ./tests/providers/iac/**
+            ./poetry.lock
+
+      - name: IaC - Test
+        if: steps.iac-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
+
+      # Test MongoDB Atlas
+      - name: MongoDB Atlas - Check if any file has changed
+        id: mongodb-atlas-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/mongodbatlas/**
+            ./tests/providers/mongodbatlas/**
+            .poetry.lock
+
+      - name: MongoDB Atlas - Test
+        if: steps.mongodb-atlas-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodb_atlas_coverage.xml tests/providers/mongodbatlas
+
+      # Test OCI
+      - name: OCI - Check if any file has changed
+        id: oci-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/oraclecloud/**
+            ./tests/providers/oraclecloud/**
+            ./poetry.lock
+
+      - name: OCI - Test
+        if: steps.oci-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/oraclecloud --cov-report=xml:oci_coverage.xml tests/providers/oraclecloud
+
+      # Common Tests
+      - name: Lib - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
+
+      - name: Config - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
+
+      # Codecov
+      - name: Upload coverage reports to Codecov
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: prowler
+          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./github_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./oci_coverage.xml,./lib_coverage.xml,./config_coverage.xml
@@ -1,119 +1,98 @@
-name: 'SDK: PyPI Release'
+name: SDK - PyPI release

 on:
  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
+    types: [published]

 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: '3.12'
+  PYTHON_VERSION: 3.11
+  # CACHE: "poetry"

 jobs:
-  validate-release:
-    if: github.repository == 'prowler-cloud/prowler'
+  repository-check:
+    name: Repository check
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
    outputs:
-      prowler_version: ${{ steps.parse-version.outputs.version }}
-      major_version: ${{ steps.parse-version.outputs.major }}
-
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
    steps:
-      - name: Parse and validate version
-        id: parse-version
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  release-prowler-job:
+    runs-on: ubuntu-latest
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+    name: Release Prowler to PyPI
+    steps:
+      - name: Repository check
+        working-directory: /tmp
+        run: |
+              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
+                  echo "This action only runs for prowler-cloud/prowler"
+                  exit 1
+              fi
+
+      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-          echo "version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"

-          # Extract major version
-          MAJOR_VERSION="${PROWLER_VERSION%%.*}"
-          echo "major=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Validate major version
-          case ${MAJOR_VERSION} in
-            3|4|5)
-              echo "✓ Releasing Prowler v${MAJOR_VERSION} with tag ${PROWLER_VERSION}"
+          case ${PROWLER_VERSION%%.*} in
+          3)
+              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${MAJOR_VERSION}"
+          4)
+              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
+              ;;
+          5)
+              echo "Releasing Prowler v5 with tag ${PROWLER_VERSION}"
+              ;;
+          *)
+              echo "Releasing another Prowler major version, aborting..."
              exit 1
              ;;
          esac

-  publish-prowler:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler
-      url: https://pypi.org/project/prowler/${{ needs.validate-release.outputs.prowler_version }}/
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Install dependencies
+        run: |
+          pipx install poetry==2.1.1

-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
+      - name: Setup Python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
+          # cache: ${{ env.CACHE }}

      - name: Build Prowler package
-        run: poetry build
+        run: |
+          poetry build

      - name: Publish Prowler package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
-
-  publish-prowler-cloud:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler-cloud
-      url: https://pypi.org/project/prowler-cloud/${{ needs.validate-release.outputs.prowler_version }}/
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
-
-      - name: Install toml package
-        run: pip install toml
-
-      - name: Replicate PyPI package for prowler-cloud
        run: |
-          rm -rf ./dist ./build prowler.egg-info
-          python util/replicate_pypi_package.py
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish

-      - name: Build prowler-cloud package
-        run: poetry build
+      - name: Replicate PyPI package
+        run: |
+          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
+          pip install toml
+          python util/replicate_pypi_package.py
+          poetry build

      - name: Publish prowler-cloud package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
@@ -1,90 +1,68 @@
-name: 'SDK: Refresh AWS Regions'
+# This is a basic workflow to help you get started with Actions
+
+name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: '0 9 * * 1' # Every Monday at 09:00 UTC
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
+    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday

 env:
-  PYTHON_VERSION: '3.12'
-  AWS_REGION: 'us-east-1'
+  GITHUB_BRANCH: "master"
+  AWS_REGION_DEV: us-east-1

+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  refresh-aws-regions:
-    if: github.repository == 'prowler-cloud/prowler'
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      id-token: write
      pull-requests: write
      contents: write
-
+    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
-          ref: 'master'
+          ref: ${{ env.GITHUB_BRANCH }}

-      - name: Set up Python ${{ env.PYTHON_VERSION }}
+      - name: setup python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'pip'
+          python-version: 3.9 #install the python needed

      - name: Install dependencies
-        run: pip install boto3
+        run: |
+          python -m pip install --upgrade pip
+          pip install boto3

-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+      - name: Configure AWS Credentials -- DEV
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
        with:
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
-          role-session-name: prowler-refresh-aws-regions
+          role-session-name: refresh-AWS-regions-dev

-      - name: Update AWS services regions
-        run: python util/update_aws_services_regions.py
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: python3 util/update_aws_services_regions.py

-      - name: Create pull request
-        id: create-pr
+      # Create pull request
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
-          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
-          commit-message: 'feat(aws): update regions for AWS services'
-          branch: 'aws-regions-update-${{ github.run_number }}'
-          title: 'feat(aws): Update regions for AWS services'
-          labels: |
-            status/waiting-for-revision
-            severity/low
-            provider/aws
-            no-changelog
+          commit-message: "feat(regions_update): Update regions for AWS services"
+          branch: "aws-services-regions-updated-${{ github.sha }}"
+          labels: "status/waiting-for-revision, severity/low, provider/aws, no-changelog"
+          title: "chore(regions_update): Changes in regions for AWS services"
          body: |
            ### Description

-            Automated update of AWS service regions from the official AWS IP ranges.
-
-            **Trigger:** ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || github.event_name == 'workflow_dispatch' && 'Manual' || 'Workflow update' }}
-            **Run:** [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
-
-            ### Checklist
-
-            - [x] This is an automated update from AWS official sources
-            - [x] No manual review of region data required
+            This PR updates the regions for AWS services.

            ### License

            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: PR creation result
-        run: |
-          if [[ "${{ steps.create-pr.outputs.pull-request-number }}" ]]; then
-            echo "✓ Pull request #${{ steps.create-pr.outputs.pull-request-number }} created successfully"
-            echo "URL: ${{ steps.create-pr.outputs.pull-request-url }}"
-          else
-            echo "✓ No changes detected - AWS regions are up to date"
-          fi
@@ -1,77 +0,0 @@
-name: 'SDK: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-security-scans:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python 3.12
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: '3.12'
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      - name: Security scan with Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
-
-      - name: Security scan with Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run safety check --ignore 70612 -r pyproject.toml
-
-      - name: Dead code detection with Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
@@ -1,360 +0,0 @@
-name: 'SDK: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-tests:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      # AWS Provider
-      - name: Check if AWS files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-aws
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/aws/**
-            ./tests/**/aws/**
-            ./poetry.lock
-
-      - name: Run AWS tests
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
-
-      - name: Upload AWS coverage to Codecov
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-aws
-          files: ./aws_coverage.xml
-
-      # Azure Provider
-      - name: Check if Azure files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-azure
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/azure/**
-            ./tests/**/azure/**
-            ./poetry.lock
-
-      - name: Run Azure tests
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
-
-      - name: Upload Azure coverage to Codecov
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-azure
-          files: ./azure_coverage.xml
-
-      # GCP Provider
-      - name: Check if GCP files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-gcp
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/gcp/**
-            ./tests/**/gcp/**
-            ./poetry.lock
-
-      - name: Run GCP tests
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
-
-      - name: Upload GCP coverage to Codecov
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-gcp
-          files: ./gcp_coverage.xml
-
-      # Kubernetes Provider
-      - name: Check if Kubernetes files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-kubernetes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/kubernetes/**
-            ./tests/**/kubernetes/**
-            ./poetry.lock
-
-      - name: Run Kubernetes tests
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
-
-      - name: Upload Kubernetes coverage to Codecov
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-kubernetes
-          files: ./kubernetes_coverage.xml
-
-      # GitHub Provider
-      - name: Check if GitHub files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-github
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/github/**
-            ./tests/**/github/**
-            ./poetry.lock
-
-      - name: Run GitHub tests
-        if: steps.changed-github.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
-
-      - name: Upload GitHub coverage to Codecov
-        if: steps.changed-github.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-github
-          files: ./github_coverage.xml
-
-      # NHN Provider
-      - name: Check if NHN files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-nhn
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/nhn/**
-            ./tests/**/nhn/**
-            ./poetry.lock
-
-      - name: Run NHN tests
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
-
-      - name: Upload NHN coverage to Codecov
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-nhn
-          files: ./nhn_coverage.xml
-
-      # M365 Provider
-      - name: Check if M365 files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-m365
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/m365/**
-            ./tests/**/m365/**
-            ./poetry.lock
-
-      - name: Run M365 tests
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
-
-      - name: Upload M365 coverage to Codecov
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-m365
-          files: ./m365_coverage.xml
-
-      # IaC Provider
-      - name: Check if IaC files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-iac
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/iac/**
-            ./tests/**/iac/**
-            ./poetry.lock
-
-      - name: Run IaC tests
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
-
-      - name: Upload IaC coverage to Codecov
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-iac
-          files: ./iac_coverage.xml
-
-      # MongoDB Atlas Provider
-      - name: Check if MongoDB Atlas files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-mongodbatlas
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/mongodbatlas/**
-            ./tests/**/mongodbatlas/**
-            ./poetry.lock
-
-      - name: Run MongoDB Atlas tests
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodbatlas_coverage.xml tests/providers/mongodbatlas
-
-      - name: Upload MongoDB Atlas coverage to Codecov
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-mongodbatlas
-          files: ./mongodbatlas_coverage.xml
-
-      # OCI Provider
-      - name: Check if OCI files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-oraclecloud
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/oraclecloud/**
-            ./tests/**/oraclecloud/**
-            ./poetry.lock
-
-      - name: Run OCI tests
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/oraclecloud --cov-report=xml:oraclecloud_coverage.xml tests/providers/oraclecloud
-
-      - name: Upload OCI coverage to Codecov
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-oraclecloud
-          files: ./oraclecloud_coverage.xml
-
-      # Lib
-      - name: Check if Lib files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-lib
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/lib/**
-            ./tests/lib/**
-            ./poetry.lock
-
-      - name: Run Lib tests
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
-
-      - name: Upload Lib coverage to Codecov
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-lib
-          files: ./lib_coverage.xml
-
-      # Config
-      - name: Check if Config files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-config
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/config/**
-            ./tests/config/**
-            ./poetry.lock
-
-      - name: Run Config tests
-        if: steps.changed-config.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
-
-      - name: Upload Config coverage to Codecov
-        if: steps.changed-config.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-config
-          files: ./config_coverage.xml
@@ -0,0 +1,121 @@
+name: UI - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "ui/**"
+      - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  # Uncomment the below code to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "ui/**"
+  #     - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./ui
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
+  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-ui-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,37 +1,36 @@
-name: 'UI: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: UI - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  schedule:
-    - cron: '00 12 * * *'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    - cron: "00 12 * * *"

 jobs:
-  ui-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -40,20 +39,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'javascript-typescript'
+        language: ["javascript"]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

+      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
-          category: '/language:${{ matrix.language }}'
+          category: "/language:${{matrix.language}}"
@@ -1,143 +0,0 @@
-name: 'UI: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-container-build-push.yml'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./ui
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-
-  # Build args
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push UI container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ needs.setup.outputs.short-sha }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push UI container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger UI deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: ui-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,91 +0,0 @@
-name: 'UI: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  IMAGE_NAME: prowler-ui
-
-jobs:
-  ui-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: ui/Dockerfile
-          ignore: DL3018
-
-  ui-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/**
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build UI container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.UI_WORKING_DIR }}
-          target: prod
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
-
-      - name: Scan UI container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -18,22 +18,6 @@ jobs:
      AUTH_TRUST_HOST: true
      NEXTAUTH_URL: 'http://localhost:3000'
      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
-      E2E_ADMIN_USER: ${{ secrets.E2E_ADMIN_USER }}
-      E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
-      E2E_AWS_PROVIDER_ACCOUNT_ID: ${{ secrets.E2E_AWS_PROVIDER_ACCOUNT_ID }}
-      E2E_AWS_PROVIDER_ACCESS_KEY: ${{ secrets.E2E_AWS_PROVIDER_ACCESS_KEY }}
-      E2E_AWS_PROVIDER_SECRET_KEY: ${{ secrets.E2E_AWS_PROVIDER_SECRET_KEY }}
-      E2E_AWS_PROVIDER_ROLE_ARN: ${{ secrets.E2E_AWS_PROVIDER_ROLE_ARN }}
-      E2E_AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
-      E2E_AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID }}
-      E2E_AZURE_SECRET_ID: ${{ secrets.E2E_AZURE_SECRET_ID }}
-      E2E_AZURE_TENANT_ID: ${{ secrets.E2E_AZURE_TENANT_ID }}
-      E2E_M365_DOMAIN_ID: ${{ secrets.E2E_M365_DOMAIN_ID }}
-      E2E_M365_CLIENT_ID: ${{ secrets.E2E_M365_CLIENT_ID }}
-      E2E_M365_SECRET_ID: ${{ secrets.E2E_M365_SECRET_ID }}
-      E2E_M365_TENANT_ID: ${{ secrets.E2E_M365_TENANT_ID }}
-      E2E_M365_CERTIFICATE_CONTENT: ${{ secrets.E2E_M365_CERTIFICATE_CONTENT }}
-      E2E_NEW_PASSWORD: ${{ secrets.E2E_NEW_PASSWORD }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -75,7 +59,7 @@ jobs:
            echo "All database fixtures loaded successfully!"
          '
      - name: Setup Node.js environment
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
        with:
          node-version: '20.x'
          cache: 'npm'
@@ -0,0 +1,65 @@
+name: UI - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - ".github/workflows/ui-pull-request.yml"
+      - "ui/**"
+  pull_request:
+    branches:
+      - master
+      - "v5.*"
+    paths:
+      - 'ui/**'
+env:
+  UI_WORKING_DIR: ./ui
+  IMAGE_NAME: prowler-ui
+
+jobs:
+  test-and-coverage:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        node-version: [20.x]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+          cache-dependency-path: './ui/package-lock.json'
+      - name: Install dependencies
+        working-directory: ./ui
+        run: npm ci
+      - name: Run Healthcheck
+        working-directory: ./ui
+        run: npm run healthcheck
+      - name: Build the application
+        working-directory: ./ui
+        run: npm run build
+
+  test-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Build Container
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.UI_WORKING_DIR }}
+          # Always build using `prod` target
+          target: prod
+          push: false
+          tags: ${{ env.IMAGE_NAME }}:latest
+          outputs: type=docker
+          build-args: |
+            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
@@ -1,64 +0,0 @@
-name: 'UI: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  NODE_VERSION: '20.x'
-
-jobs:
-  ui-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./ui
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ui/**
-            .github/workflows/ui-tests.yml
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Setup Node.js ${{ env.NODE_VERSION }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm ci
-
-      - name: Run healthcheck
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run healthcheck
-
-      - name: Build application
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run build
@@ -39,12 +39,6 @@ secrets-*/
 # JUnit Reports
 junit-reports/

-# Test and coverage artifacts
-*_coverage.xml
-pytest_*.xml
-.coverage
-htmlcov/
-
 # VSCode files
 .vscode/

@@ -70,6 +64,7 @@ htmlcov/
 ui/.env*
 api/.env*
 mcp_server/.env*
+.env.local

 # Coverage
 .coverage*
@@ -88,6 +83,3 @@ CLAUDE.md
 # MCP Server
 mcp_server/prowler_mcp_server/prowler_app/server.py
 mcp_server/prowler_mcp_server/prowler_app/utils/schema.yaml
-
-# Compliance report
-*.pdf
@@ -10,4 +10,4 @@
 Want some swag as appreciation for your contribution?

 # Prowler Developer Guide
-https://goto.prowler.com/devguide
+https://docs.prowler.com/projects/prowler-open-source/en/latest/developer-guide/introduction/
@@ -46,14 +46,6 @@ help:     ## Show this help.
 	@echo "Prowler Makefile"
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

-##@ Build no cache
-build-no-cache-dev: 
-	docker compose -f docker-compose-dev.yml build --no-cache api-dev worker-dev worker-beat
-
 ##@ Development Environment
 run-api-dev: ## Start development environment with API, PostgreSQL, Valkey, and workers 
-	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat
-
-##@ Development Environment
-build-and-run-api-dev: build-no-cache-dev run-api-dev
-
+	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat --build
@@ -56,7 +56,7 @@ Prowler includes hundreds of built-in controls to ensure compliance with standar

 Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

-![Prowler App](docs/images/products/overview.png)
+![Prowler App](docs/products/img/overview.png)

 >For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)

@@ -73,26 +73,26 @@ prowler <provider>
 ```console
 prowler dashboard
 ```
-![Prowler Dashboard](docs/images/products/dashboard.png)
+![Prowler Dashboard](docs/products/img/dashboard.png)

 # Prowler at a Glance
 > [!Tip]
 > For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit [**Prowler Hub**](https://hub.prowler.com).


-| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface |
-|---|---|---|---|---|---|---|
-| AWS | 576 | 82 | 38 | 10 | Official | UI, API, CLI |
-| GCP | 79 | 13 | 12 | 3 | Official | UI, API, CLI |
-| Azure | 162 | 19 | 12 | 4 | Official | UI, API, CLI |
-| Kubernetes | 83 | 7 | 5 | 7 | Official | UI, API, CLI |
+| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Stage | Interface |
+|---|---|---|---|---|---|---|---|
+| AWS | 576 | 82 | 38 | 10 | Official | Stable | UI, API, CLI |
+| GCP | 79 | 13 | 11 | 3 | Official | Stable | UI, API, CLI |
+| Azure | 162 | 19 | 12 | 4 | Official | Stable | UI, API, CLI |
+| Kubernetes | 83 | 7 | 5 | 7 | Official | Stable | UI, API, CLI |
 | GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
-| M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI |
-| OCI | 51 | 13 | 1 | 10 | Official | UI, API, CLI |
-| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI |
-| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | CLI, API |
-| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI |
-| NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |
+| M365 | 70 | 7 | 3 | 2 | Official | Stable | UI, API, CLI |
+| OCI | 51 | 13 | 1 | 10 | Official | Stable | CLI |
+| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | Beta | CLI |
+| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | Beta | CLI |
+| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | Beta | CLI |
+| NHN | 6 | 2 | 1 | 0 | Unofficial | Beta | CLI |

 > [!Note]
 > The numbers in the table are updated periodically.
@@ -2,37 +2,7 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.15.0] (Prowler UNRELEASED)
-
-### Added
- IaC (Infrastructure as Code) provider support for remote repositories [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751)
- Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
- Support C5 compliance framework for Azure provider [(#9081)](https://github.com/prowler-cloud/prowler/pull/9081)
- Support for Oracle Cloud Infrastructure (OCI) provider [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
- Support muting findings based on simple rules with custom reason [(#9051)](https://github.com/prowler-cloud/prowler/pull/9051)
- Support C5 compliance framework for the GCP provider [(#9097)](https://github.com/prowler-cloud/prowler/pull/9097)
- Support for Amazon Bedrock and OpenAI compatible providers in Lighthouse AI [(#8957)](https://github.com/prowler-cloud/prowler/pull/8957)
- Support for MongoDB Atlas provider [(#9167)](https://github.com/prowler-cloud/prowler/pull/9167)
-
---
-
-## [1.14.2] (Prowler 5.13.2)
-
-### Fixed
- Update unique constraint for `Provider` model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers.
-
-## [1.14.1] (Prowler 5.13.1)
-
-### Fixed
- `/api/v1/overviews/providers` collapses data by provider type so the UI receives a single aggregated record per cloud family even when multiple accounts exist [(#9053)](https://github.com/prowler-cloud/prowler/pull/9053)
- Added retry logic to database transactions to handle Aurora read replica connection failures during scale-down events [(#9064)](https://github.com/prowler-cloud/prowler/pull/9064)
- Security Hub integrations stop failing when they read relationships via the replica by allowing replica relations and saving updates through the primary [(#9080)](https://github.com/prowler-cloud/prowler/pull/9080)
-
---
-
-## [1.14.0] (Prowler 5.13.0)
+## [1.14.0] (Prowler UNRELEASED)

 ### Added
 - Default JWT keys are generated and stored if they are missing from configuration [(#8655)](https://github.com/prowler-cloud/prowler/pull/8655)
@@ -42,7 +12,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - API Key support [(#8805)](https://github.com/prowler-cloud/prowler/pull/8805)
 - SAML role mapping protection for single-admin tenants to prevent accidental lockout [(#8882)](https://github.com/prowler-cloud/prowler/pull/8882)
 - Support for `passed_findings` and `total_findings` fields in compliance requirement overview for accurate Prowler ThreatScore calculation [(#8582)](https://github.com/prowler-cloud/prowler/pull/8582)
- PDF reporting for Prowler ThreatScore [(#8867)](https://github.com/prowler-cloud/prowler/pull/8867)
 - Database read replica support [(#8869)](https://github.com/prowler-cloud/prowler/pull/8869)
 - Support Common Cloud Controls for AWS, Azure and GCP [(#8000)](https://github.com/prowler-cloud/prowler/pull/8000)
 - Add `provider_id__in` filter support to findings and findings severity overview endpoints [(#8951)](https://github.com/prowler-cloud/prowler/pull/8951)
@@ -5,9 +5,6 @@ LABEL maintainer="https://github.com/prowler-cloud/api"
 ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}

-ARG TRIVY_VERSION=0.66.0
-ENV TRIVY_VERSION=${TRIVY_VERSION}
-
 # hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends \
    wget \
@@ -39,24 +36,6 @@ RUN ARCH=$(uname -m) && \
    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
    rm /tmp/powershell.tar.gz

-# Install Trivy for IaC scanning
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        TRIVY_ARCH="Linux-64bit" ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        TRIVY_ARCH="Linux-ARM64" ; \
-    else \
-        echo "Unsupported architecture for Trivy: $ARCH" && exit 1 ; \
-    fi && \
-    wget --progress=dot:giga "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_${TRIVY_ARCH}.tar.gz" -O /tmp/trivy.tar.gz && \
-    tar zxf /tmp/trivy.tar.gz -C /tmp && \
-    mv /tmp/trivy /usr/local/bin/trivy && \
-    chmod +x /usr/local/bin/trivy && \
-    rm /tmp/trivy.tar.gz && \
-    # Create trivy cache directory with proper permissions
-    mkdir -p /tmp/.cache/trivy && \
-    chmod 777 /tmp/.cache/trivy
-
 # Add prowler user
 RUN addgroup --gid 1000 prowler && \
    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
@@ -1256,98 +1256,6 @@ files = [
    {file = "contextlib2-21.6.0.tar.gz", hash = "sha256:ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869"},
 ]

-[[package]]
-name = "contourpy"
-version = "1.3.3"
-description = "Python library for calculating contours of 2D quadrilateral grids"
-optional = false
-python-versions = ">=3.11"
-groups = ["main"]
-files = [
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:709a48ef9a690e1343202916450bc48b9e51c049b089c7f79a267b46cffcdaa1"},
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:23416f38bfd74d5d28ab8429cc4d63fa67d5068bd711a85edb1c3fb0c3e2f381"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:929ddf8c4c7f348e4c0a5a3a714b5c8542ffaa8c22954862a46ca1813b667ee7"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:9e999574eddae35f1312c2b4b717b7885d4edd6cb46700e04f7f02db454e67c1"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:0bf67e0e3f482cb69779dd3061b534eb35ac9b17f163d851e2a547d56dba0a3a"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:51e79c1f7470158e838808d4a996fa9bac72c498e93d8ebe5119bc1e6becb0db"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:598c3aaece21c503615fd59c92a3598b428b2f01bfb4b8ca9c4edeecc2438620"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:322ab1c99b008dad206d406bb61d014cf0174df491ae9d9d0fac6a6fda4f977f"},
-    {file = "contourpy-1.3.3-cp311-cp311-win32.whl", hash = "sha256:fd907ae12cd483cd83e414b12941c632a969171bf90fc937d0c9f268a31cafff"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_amd64.whl", hash = "sha256:3519428f6be58431c56581f1694ba8e50626f2dd550af225f82fb5f5814d2a42"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_arm64.whl", hash = "sha256:15ff10bfada4bf92ec8b31c62bf7c1834c244019b4a33095a68000d7075df470"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b08a32ea2f8e42cf1d4be3169a98dd4be32bafe4f22b6c4cb4ba810fa9e5d2cb"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:556dba8fb6f5d8742f2923fe9457dbdd51e1049c4a43fd3986a0b14a1d815fc6"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92d9abc807cf7d0e047b95ca5d957cf4792fcd04e920ca70d48add15c1a90ea7"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:b2e8faa0ed68cb29af51edd8e24798bb661eac3bd9f65420c1887b6ca89987c8"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:626d60935cf668e70a5ce6ff184fd713e9683fb458898e4249b63be9e28286ea"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4d00e655fcef08aba35ec9610536bfe90267d7ab5ba944f7032549c55a146da1"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:451e71b5a7d597379ef572de31eeb909a87246974d960049a9848c3bc6c41bf7"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:459c1f020cd59fcfe6650180678a9993932d80d44ccde1fa1868977438f0b411"},
-    {file = "contourpy-1.3.3-cp312-cp312-win32.whl", hash = "sha256:023b44101dfe49d7d53932be418477dba359649246075c996866106da069af69"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_amd64.whl", hash = "sha256:8153b8bfc11e1e4d75bcb0bff1db232f9e10b274e0929de9d608027e0d34ff8b"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_arm64.whl", hash = "sha256:07ce5ed73ecdc4a03ffe3e1b3e3c1166db35ae7584be76f65dbbe28a7791b0cc"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:177fb367556747a686509d6fef71d221a4b198a3905fe824430e5ea0fda54eb5"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d002b6f00d73d69333dac9d0b8d5e84d9724ff9ef044fd63c5986e62b7c9e1b1"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:348ac1f5d4f1d66d3322420f01d42e43122f43616e0f194fc1c9f5d830c5b286"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:655456777ff65c2c548b7c454af9c6f33f16c8884f11083244b5819cc214f1b5"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:644a6853d15b2512d67881586bd03f462c7ab755db95f16f14d7e238f2852c67"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4debd64f124ca62069f313a9cb86656ff087786016d76927ae2cf37846b006c9"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:a15459b0f4615b00bbd1e91f1b9e19b7e63aea7483d03d804186f278c0af2659"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ca0fdcd73925568ca027e0b17ab07aad764be4706d0a925b89227e447d9737b7"},
-    {file = "contourpy-1.3.3-cp313-cp313-win32.whl", hash = "sha256:b20c7c9a3bf701366556e1b1984ed2d0cedf999903c51311417cf5f591d8c78d"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_amd64.whl", hash = "sha256:1cadd8b8969f060ba45ed7c1b714fe69185812ab43bd6b86a9123fe8f99c3263"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_arm64.whl", hash = "sha256:fd914713266421b7536de2bfa8181aa8c699432b6763a0ea64195ebe28bff6a9"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:88df9880d507169449d434c293467418b9f6cbe82edd19284aa0409e7fdb933d"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:d06bb1f751ba5d417047db62bca3c8fde202b8c11fb50742ab3ab962c81e8216"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e4e6b05a45525357e382909a4c1600444e2a45b4795163d3b22669285591c1ae"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ab3074b48c4e2cf1a960e6bbeb7f04566bf36b1861d5c9d4d8ac04b82e38ba20"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:6c3d53c796f8647d6deb1abe867daeb66dcc8a97e8455efa729516b997b8ed99"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:50ed930df7289ff2a8d7afeb9603f8289e5704755c7e5c3bbd929c90c817164b"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:4feffb6537d64b84877da813a5c30f1422ea5739566abf0bd18065ac040e120a"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2b7e9480ffe2b0cd2e787e4df64270e3a0440d9db8dc823312e2c940c167df7e"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win32.whl", hash = "sha256:283edd842a01e3dcd435b1c5116798d661378d83d36d337b8dde1d16a5fc9ba3"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_amd64.whl", hash = "sha256:87acf5963fc2b34825e5b6b048f40e3635dd547f590b04d2ab317c2619ef7ae8"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_arm64.whl", hash = "sha256:3c30273eb2a55024ff31ba7d052dde990d7d8e5450f4bbb6e913558b3d6c2301"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:fde6c716d51c04b1c25d0b90364d0be954624a0ee9d60e23e850e8d48353d07a"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:cbedb772ed74ff5be440fa8eee9bd49f64f6e3fc09436d9c7d8f1c287b121d77"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:22e9b1bd7a9b1d652cd77388465dc358dafcd2e217d35552424aa4f996f524f5"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a22738912262aa3e254e4f3cb079a95a67132fc5a063890e224393596902f5a4"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:afe5a512f31ee6bd7d0dda52ec9864c984ca3d66664444f2d72e0dc4eb832e36"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f64836de09927cba6f79dcd00fdd7d5329f3fccc633468507079c829ca4db4e3"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:1fd43c3be4c8e5fd6e4f2baeae35ae18176cf2e5cced681cca908addf1cdd53b"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:6afc576f7b33cf00996e5c1102dc2a8f7cc89e39c0b55df93a0b78c1bd992b36"},
-    {file = "contourpy-1.3.3-cp314-cp314-win32.whl", hash = "sha256:66c8a43a4f7b8df8b71ee1840e4211a3c8d93b214b213f590e18a1beca458f7d"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_amd64.whl", hash = "sha256:cf9022ef053f2694e31d630feaacb21ea24224be1c3ad0520b13d844274614fd"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_arm64.whl", hash = "sha256:95b181891b4c71de4bb404c6621e7e2390745f887f2a026b2d99e92c17892339"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:33c82d0138c0a062380332c861387650c82e4cf1747aaa6938b9b6516762e772"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:ea37e7b45949df430fe649e5de8351c423430046a2af20b1c1961cae3afcda77"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d304906ecc71672e9c89e87c4675dc5c2645e1f4269a5063b99b0bb29f232d13"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ca658cd1a680a5c9ea96dc61cdbae1e85c8f25849843aa799dfd3cb370ad4fbe"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:ab2fd90904c503739a75b7c8c5c01160130ba67944a7b77bbf36ef8054576e7f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b7301b89040075c30e5768810bc96a8e8d78085b47d8be6e4c3f5a0b4ed478a0"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:2a2a8b627d5cc6b7c41a4beff6c5ad5eb848c88255fda4a8745f7e901b32d8e4"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:fd6ec6be509c787f1caf6b247f0b1ca598bef13f4ddeaa126b7658215529ba0f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win32.whl", hash = "sha256:e74a9a0f5e3fff48fb5a7f2fd2b9b70a3fe014a67522f79b7cca4c0c7e43c9ae"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_amd64.whl", hash = "sha256:13b68d6a62db8eafaebb8039218921399baf6e47bf85006fd8529f2a08ef33fc"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_arm64.whl", hash = "sha256:b7448cb5a725bb1e35ce88771b86fba35ef418952474492cf7c764059933ff8b"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:cd5dfcaeb10f7b7f9dc8941717c6c2ade08f587be2226222c12b25f0483ed497"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:0c1fc238306b35f246d61a1d416a627348b5cf0648648a031e14bb8705fcdfe8"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:70f9aad7de812d6541d29d2bbf8feb22ff7e1c299523db288004e3157ff4674e"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5ed3657edf08512fc3fe81b510e35c2012fbd3081d2e26160f27ca28affec989"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:3d1a3799d62d45c18bafd41c5fa05120b96a28079f2393af559b843d1a966a77"},
-    {file = "contourpy-1.3.3.tar.gz", hash = "sha256:083e12155b210502d0bca491432bb04d56dc3432f95a979b429f2848c3dbe880"},
-]
-
-[package.dependencies]
-numpy = ">=1.25"
-
-[package.extras]
-bokeh = ["bokeh", "selenium"]
-docs = ["furo", "sphinx (>=7.2)", "sphinx-copybutton"]
-mypy = ["bokeh", "contourpy[bokeh,docs]", "docutils-stubs", "mypy (==1.17.0)", "types-Pillow"]
-test = ["Pillow", "contourpy[test-no-images]", "matplotlib"]
-test-no-images = ["pytest", "pytest-cov", "pytest-rerunfailures", "pytest-xdist", "wurlitzer"]
-
 [[package]]
 name = "coverage"
 version = "7.5.4"
@@ -1482,22 +1390,6 @@ ssh = ["bcrypt (>=3.1.5)"]
 test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]

-[[package]]
-name = "cycler"
-version = "0.12.1"
-description = "Composable style cycles"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "cycler-0.12.1-py3-none-any.whl", hash = "sha256:85cef7cff222d8644161529808465972e51340599459b8ac3ccbac5a854e0d30"},
-    {file = "cycler-0.12.1.tar.gz", hash = "sha256:88bb128f02ba341da8ef447245a9e138fae777f6a23943da4540077d3601eb1c"},
-]
-
-[package.extras]
-docs = ["ipython", "matplotlib", "numpydoc", "sphinx"]
-tests = ["pytest", "pytest-cov", "pytest-xdist"]
-
 [[package]]
 name = "dash"
 version = "3.1.1"
@@ -2228,87 +2120,6 @@ werkzeug = ">=3.1.0"
 async = ["asgiref (>=3.2)"]
 dotenv = ["python-dotenv"]

-[[package]]
-name = "fonttools"
-version = "4.60.1"
-description = "Tools to manipulate font files"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:9a52f254ce051e196b8fe2af4634c2d2f02c981756c6464dc192f1b6050b4e28"},
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:c7420a2696a44650120cdd269a5d2e56a477e2bfa9d95e86229059beb1c19e15"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee0c0b3b35b34f782afc673d503167157094a16f442ace7c6c5e0ca80b08f50c"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:282dafa55f9659e8999110bd8ed422ebe1c8aecd0dc396550b038e6c9a08b8ea"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:4ba4bd646e86de16160f0fb72e31c3b9b7d0721c3e5b26b9fa2fc931dfdb2652"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0b0835ed15dd5b40d726bb61c846a688f5b4ce2208ec68779bc81860adb5851a"},
-    {file = "fonttools-4.60.1-cp310-cp310-win32.whl", hash = "sha256:1525796c3ffe27bb6268ed2a1bb0dcf214d561dfaf04728abf01489eb5339dce"},
-    {file = "fonttools-4.60.1-cp310-cp310-win_amd64.whl", hash = "sha256:268ecda8ca6cb5c4f044b1fb9b3b376e8cd1b361cef275082429dc4174907038"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:7b4c32e232a71f63a5d00259ca3d88345ce2a43295bb049d21061f338124246f"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3630e86c484263eaac71d117085d509cbcf7b18f677906824e4bace598fb70d2"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5c1015318e4fec75dd4943ad5f6a206d9727adf97410d58b7e32ab644a807914"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e6c58beb17380f7c2ea181ea11e7db8c0ceb474c9dd45f48e71e2cb577d146a1"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec3681a0cb34c255d76dd9d865a55f260164adb9fa02628415cdc2d43ee2c05d"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f4b5c37a5f40e4d733d3bbaaef082149bee5a5ea3156a785ff64d949bd1353fa"},
-    {file = "fonttools-4.60.1-cp311-cp311-win32.whl", hash = "sha256:398447f3d8c0c786cbf1209711e79080a40761eb44b27cdafffb48f52bcec258"},
-    {file = "fonttools-4.60.1-cp311-cp311-win_amd64.whl", hash = "sha256:d066ea419f719ed87bc2c99a4a4bfd77c2e5949cb724588b9dd58f3fd90b92bf"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:7b0c6d57ab00dae9529f3faf187f2254ea0aa1e04215cf2f1a8ec277c96661bc"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:839565cbf14645952d933853e8ade66a463684ed6ed6c9345d0faf1f0e868877"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:8177ec9676ea6e1793c8a084a90b65a9f778771998eb919d05db6d4b1c0b114c"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:996a4d1834524adbb423385d5a629b868ef9d774670856c63c9a0408a3063401"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a46b2f450bc79e06ef3b6394f0c68660529ed51692606ad7f953fc2e448bc903"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6ec722ee589e89a89f5b7574f5c45604030aa6ae24cb2c751e2707193b466fed"},
-    {file = "fonttools-4.60.1-cp312-cp312-win32.whl", hash = "sha256:b2cf105cee600d2de04ca3cfa1f74f1127f8455b71dbad02b9da6ec266e116d6"},
-    {file = "fonttools-4.60.1-cp312-cp312-win_amd64.whl", hash = "sha256:992775c9fbe2cf794786fa0ffca7f09f564ba3499b8fe9f2f80bd7197db60383"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:6f68576bb4bbf6060c7ab047b1574a1ebe5c50a17de62830079967b211059ebb"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:eedacb5c5d22b7097482fa834bda0dafa3d914a4e829ec83cdea2a01f8c813c4"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:b33a7884fabd72bdf5f910d0cf46be50dce86a0362a65cfc746a4168c67eb96c"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:2409d5fb7b55fd70f715e6d34e7a6e4f7511b8ad29a49d6df225ee76da76dd77"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c8651e0d4b3bdeda6602b85fdc2abbefc1b41e573ecb37b6779c4ca50753a199"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:145daa14bf24824b677b9357c5e44fd8895c2a8f53596e1b9ea3496081dc692c"},
-    {file = "fonttools-4.60.1-cp313-cp313-win32.whl", hash = "sha256:2299df884c11162617a66b7c316957d74a18e3758c0274762d2cc87df7bc0272"},
-    {file = "fonttools-4.60.1-cp313-cp313-win_amd64.whl", hash = "sha256:a3db56f153bd4c5c2b619ab02c5db5192e222150ce5a1bc10f16164714bc39ac"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:a884aef09d45ba1206712c7dbda5829562d3fea7726935d3289d343232ecb0d3"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8a44788d9d91df72d1a5eac49b31aeb887a5f4aab761b4cffc4196c74907ea85"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e852d9dda9f93ad3651ae1e3bb770eac544ec93c3807888798eccddf84596537"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:154cb6ee417e417bf5f7c42fe25858c9140c26f647c7347c06f0cc2d47eff003"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:5664fd1a9ea7f244487ac8f10340c4e37664675e8667d6fee420766e0fb3cf08"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:583b7f8e3c49486e4d489ad1deacfb8d5be54a8ef34d6df824f6a171f8511d99"},
-    {file = "fonttools-4.60.1-cp314-cp314-win32.whl", hash = "sha256:66929e2ea2810c6533a5184f938502cfdaea4bc3efb7130d8cc02e1c1b4108d6"},
-    {file = "fonttools-4.60.1-cp314-cp314-win_amd64.whl", hash = "sha256:f3d5be054c461d6a2268831f04091dc82753176f6ea06dc6047a5e168265a987"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:b6379e7546ba4ae4b18f8ae2b9bc5960936007a1c0e30b342f662577e8bc3299"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:9d0ced62b59e0430b3690dbc5373df1c2aa7585e9a8ce38eff87f0fd993c5b01"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:875cb7764708b3132637f6c5fb385b16eeba0f7ac9fa45a69d35e09b47045801"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a184b2ea57b13680ab6d5fbde99ccef152c95c06746cb7718c583abd8f945ccc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:026290e4ec76583881763fac284aca67365e0be9f13a7fb137257096114cb3bc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:f0e8817c7d1a0c2eedebf57ef9a9896f3ea23324769a9a2061a80fe8852705ed"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win32.whl", hash = "sha256:1410155d0e764a4615774e5c2c6fc516259fe3eca5882f034eb9bfdbee056259"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win_amd64.whl", hash = "sha256:022beaea4b73a70295b688f817ddc24ed3e3418b5036ffcd5658141184ef0d0c"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:122e1a8ada290423c493491d002f622b1992b1ab0b488c68e31c413390dc7eb2"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a140761c4ff63d0cb9256ac752f230460ee225ccef4ad8f68affc723c88e2036"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0eae96373e4b7c9e45d099d7a523444e3554360927225c1cdae221a58a45b856"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:596ecaca36367027d525b3b426d8a8208169d09edcf8c7506aceb3a38bfb55c7"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2ee06fc57512144d8b0445194c2da9f190f61ad51e230f14836286470c99f854"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b42d86938e8dda1cd9a1a87a6d82f1818eaf933348429653559a458d027446da"},
-    {file = "fonttools-4.60.1-cp39-cp39-win32.whl", hash = "sha256:8b4eb332f9501cb1cd3d4d099374a1e1306783ff95489a1026bde9eb02ccc34a"},
-    {file = "fonttools-4.60.1-cp39-cp39-win_amd64.whl", hash = "sha256:7473a8ed9ed09aeaa191301244a5a9dbe46fe0bf54f9d6cd21d83044c3321217"},
-    {file = "fonttools-4.60.1-py3-none-any.whl", hash = "sha256:906306ac7afe2156fcf0042173d6ebbb05416af70f6b370967b47f8f00103bbb"},
-    {file = "fonttools-4.60.1.tar.gz", hash = "sha256:ef00af0439ebfee806b25f24c8f92109157ff3fac5731dc7867957812e87b8d9"},
-]
-
-[package.extras]
-all = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "lxml (>=4.0)", "lz4 (>=1.7.4.2)", "matplotlib", "munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\"", "skia-pathops (>=0.5.0)", "sympy", "uharfbuzz (>=0.23.0)", "unicodedata2 (>=15.1.0) ; python_version <= \"3.12\"", "xattr ; sys_platform == \"darwin\"", "zopfli (>=0.1.4)"]
-graphite = ["lz4 (>=1.7.4.2)"]
-interpolatable = ["munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\""]
-lxml = ["lxml (>=4.0)"]
-pathops = ["skia-pathops (>=0.5.0)"]
-plot = ["matplotlib"]
-repacker = ["uharfbuzz (>=0.23.0)"]
-symfont = ["sympy"]
-type1 = ["xattr ; sys_platform == \"darwin\""]
-unicode = ["unicodedata2 (>=15.1.0) ; python_version <= \"3.12\""]
-woff = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "zopfli (>=0.1.4)"]
-
 [[package]]
 name = "freezegun"
 version = "1.5.1"
@@ -2976,117 +2787,6 @@ files = [
 [package.dependencies]
 referencing = ">=0.31.0"

-[[package]]
-name = "kiwisolver"
-version = "1.4.9"
-description = "A fast implementation of the Cassowary constraint solver"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:b4b4d74bda2b8ebf4da5bd42af11d02d04428b2c32846e4c2c93219df8a7987b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:fb3b8132019ea572f4611d770991000d7f58127560c4889729248eb5852a102f"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:84fd60810829c27ae375114cd379da1fa65e6918e1da405f356a775d49a62bcf"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b78efa4c6e804ecdf727e580dbb9cba85624d2e1c6b5cb059c66290063bd99a9"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d4efec7bcf21671db6a3294ff301d2fc861c31faa3c8740d1a94689234d1b415"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:90f47e70293fc3688b71271100a1a5453aa9944a81d27ff779c108372cf5567b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:8fdca1def57a2e88ef339de1737a1449d6dbf5fab184c54a1fca01d541317154"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9cf554f21be770f5111a1690d42313e140355e687e05cf82cb23d0a721a64a48"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fc1795ac5cd0510207482c3d1d3ed781143383b8cfd36f5c645f3897ce066220"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:ccd09f20ccdbbd341b21a67ab50a119b64a403b09288c27481575105283c1586"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:540c7c72324d864406a009d72f5d6856f49693db95d1fbb46cf86febef873634"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_amd64.whl", hash = "sha256:ede8c6d533bc6601a47ad4046080d36b8fc99f81e6f1c17b0ac3c2dc91ac7611"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_arm64.whl", hash = "sha256:7b4da0d01ac866a57dd61ac258c5607b4cd677f63abaec7b148354d2b2cdd536"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:eb14a5da6dc7642b0f3a18f13654847cd8b7a2550e2645a5bda677862b03ba16"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:39a219e1c81ae3b103643d2aedb90f1ef22650deb266ff12a19e7773f3e5f089"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2405a7d98604b87f3fc28b1716783534b1b4b8510d8142adca34ee0bc3c87543"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:dc1ae486f9abcef254b5618dfb4113dd49f94c68e3e027d03cf0143f3f772b61"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8a1f570ce4d62d718dce3f179ee78dac3b545ac16c0c04bb363b7607a949c0d1"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:cb27e7b78d716c591e88e0a09a2139c6577865d7f2e152488c2cc6257f460872"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:15163165efc2f627eb9687ea5f3a28137217d217ac4024893d753f46bce9de26"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:bdee92c56a71d2b24c33a7d4c2856bd6419d017e08caa7802d2963870e315028"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:412f287c55a6f54b0650bd9b6dce5aceddb95864a1a90c87af16979d37c89771"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:2c93f00dcba2eea70af2be5f11a830a742fe6b579a1d4e00f47760ef13be247a"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f117e1a089d9411663a3207ba874f31be9ac8eaa5b533787024dc07aeb74f464"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_amd64.whl", hash = "sha256:be6a04e6c79819c9a8c2373317d19a96048e5a3f90bec587787e86a1153883c2"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_arm64.whl", hash = "sha256:0ae37737256ba2de764ddc12aed4956460277f00c4996d51a197e72f62f5eec7"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:ac5a486ac389dddcc5bef4f365b6ae3ffff2c433324fb38dd35e3fab7c957999"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:f2ba92255faa7309d06fe44c3a4a97efe1c8d640c2a79a5ef728b685762a6fd2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:4a2899935e724dd1074cb568ce7ac0dce28b2cd6ab539c8e001a8578eb106d14"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f6008a4919fdbc0b0097089f67a1eb55d950ed7e90ce2cc3e640abadd2757a04"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:67bb8b474b4181770f926f7b7d2f8c0248cbcb78b660fdd41a47054b28d2a752"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:2327a4a30d3ee07d2fbe2e7933e8a37c591663b96ce42a00bc67461a87d7df77"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:7a08b491ec91b1d5053ac177afe5290adacf1f0f6307d771ccac5de30592d198"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d8fc5c867c22b828001b6a38d2eaeb88160bf5783c6cb4a5e440efc981ce286d"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:3b3115b2581ea35bb6d1f24a4c90af37e5d9b49dcff267eeed14c3893c5b86ab"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:858e4c22fb075920b96a291928cb7dea5644e94c0ee4fcd5af7e865655e4ccf2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ed0fecd28cc62c54b262e3736f8bb2512d8dcfdc2bcf08be5f47f96bf405b145"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_amd64.whl", hash = "sha256:f68208a520c3d86ea51acf688a3e3002615a7f0238002cccc17affecc86a8a54"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_arm64.whl", hash = "sha256:2c1a4f57df73965f3f14df20b80ee29e6a7930a57d2d9e8491a25f676e197c60"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:a5d0432ccf1c7ab14f9949eec60c5d1f924f17c037e9f8b33352fa05799359b8"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efb3a45b35622bb6c16dbfab491a8f5a391fe0e9d45ef32f4df85658232ca0e2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1a12cf6398e8a0a001a059747a1cbf24705e18fe413bc22de7b3d15c67cffe3f"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b67e6efbf68e077dd71d1a6b37e43e1a99d0bff1a3d51867d45ee8908b931098"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5656aa670507437af0207645273ccdfee4f14bacd7f7c67a4306d0dcaeaf6eed"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:bfc08add558155345129c7803b3671cf195e6a56e7a12f3dde7c57d9b417f525"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:40092754720b174e6ccf9e845d0d8c7d8e12c3d71e7fc35f55f3813e96376f78"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:497d05f29a1300d14e02e6441cf0f5ee81c1ff5a304b0d9fb77423974684e08b"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:bdd1a81a1860476eb41ac4bc1e07b3f07259e6d55bbf739b79c8aaedcf512799"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:e6b93f13371d341afee3be9f7c5964e3fe61d5fa30f6a30eb49856935dfe4fc3"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d75aa530ccfaa593da12834b86a0724f58bff12706659baa9227c2ccaa06264c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_amd64.whl", hash = "sha256:dd0a578400839256df88c16abddf9ba14813ec5f21362e1fe65022e00c883d4d"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_arm64.whl", hash = "sha256:d4188e73af84ca82468f09cadc5ac4db578109e52acb4518d8154698d3a87ca2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:5a0f2724dfd4e3b3ac5a82436a8e6fd16baa7d507117e4279b660fe8ca38a3a1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:1b11d6a633e4ed84fc0ddafd4ebfd8ea49b3f25082c04ad12b8315c11d504dc1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61874cdb0a36016354853593cffc38e56fc9ca5aa97d2c05d3dcf6922cd55a11"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:60c439763a969a6af93b4881db0eed8fadf93ee98e18cbc35bc8da868d0c4f0c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92a2f997387a1b79a75e7803aa7ded2cfbe2823852ccf1ba3bcf613b62ae3197"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a31d512c812daea6d8b3be3b2bfcbeb091dbb09177706569bcfc6240dcf8b41c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:52a15b0f35dad39862d376df10c5230155243a2c1a436e39eb55623ccbd68185"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a30fd6fdef1430fd9e1ba7b3398b5ee4e2887783917a687d86ba69985fb08748"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_ppc64le.whl", hash = "sha256:cc9617b46837c6468197b5945e196ee9ca43057bb7d9d1ae688101e4e1dddf64"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_s390x.whl", hash = "sha256:0ab74e19f6a2b027ea4f845a78827969af45ce790e6cb3e1ebab71bdf9f215ff"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:dba5ee5d3981160c28d5490f0d1b7ed730c22470ff7f6cc26cfcfaacb9896a07"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-win_arm64.whl", hash = "sha256:0749fd8f4218ad2e851e11cc4dc05c7cbc0cbc4267bdfdb31782e65aace4ee9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:9928fe1eb816d11ae170885a74d074f57af3a0d65777ca47e9aeb854a1fba386"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d0005b053977e7b43388ddec89fa567f43d4f6d5c2c0affe57de5ebf290dc552"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:2635d352d67458b66fd0667c14cb1d4145e9560d503219034a18a87e971ce4f3"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:767c23ad1c58c9e827b649a9ab7809fd5fd9db266a9cf02b0e926ddc2c680d58"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:72d0eb9fba308b8311685c2268cf7d0a0639a6cd027d8128659f72bdd8a024b4"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f68e4f3eeca8fb22cc3d731f9715a13b652795ef657a13df1ad0c7dc0e9731df"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d84cd4061ae292d8ac367b2c3fa3aad11cb8625a95d135fe93f286f914f3f5a6"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:a60ea74330b91bd22a29638940d115df9dc00af5035a9a2a6ad9399ffb4ceca5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:ce6a3a4e106cf35c2d9c4fa17c05ce0b180db622736845d4315519397a77beaf"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:77937e5e2a38a7b48eef0585114fe7930346993a88060d0bf886086d2aa49ef5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:24c175051354f4a28c5d6a31c93906dc653e2bf234e8a4bbfb964892078898ce"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_amd64.whl", hash = "sha256:0763515d4df10edf6d06a3c19734e2566368980d21ebec439f33f9eb936c07b7"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_arm64.whl", hash = "sha256:0e4e2bf29574a6a7b7f6cb5fa69293b9f96c928949ac4a53ba3f525dffb87f9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:d976bbb382b202f71c67f77b0ac11244021cfa3f7dfd9e562eefcea2df711548"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:2489e4e5d7ef9a1c300a5e0196e43d9c739f066ef23270607d45aba368b91f2d"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:e2ea9f7ab7fbf18fffb1b5434ce7c69a07582f7acc7717720f1d69f3e806f90c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b34e51affded8faee0dfdb705416153819d8ea9250bbbf7ea1b249bdeb5f1122"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d8aacd3d4b33b772542b2e01beb50187536967b514b00003bdda7589722d2a64"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:7cf974dd4e35fa315563ac99d6287a1024e4dc2077b8a7d7cd3d2fb65d283134"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:85bd218b5ecfbee8c8a82e121802dcb519a86044c9c3b2e4aef02fa05c6da370"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:0856e241c2d3df4efef7c04a1e46b1936b6120c9bcf36dd216e3acd84bc4fb21"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_ppc64le.whl", hash = "sha256:9af39d6551f97d31a4deebeac6f45b156f9755ddc59c07b402c148f5dbb6482a"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_s390x.whl", hash = "sha256:bb4ae2b57fc1d8cbd1cf7b1d9913803681ffa903e7488012be5b76dedf49297f"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:aedff62918805fb62d43a4aa2ecd4482c380dc76cd31bd7c8878588a61bd0369"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_amd64.whl", hash = "sha256:1fa333e8b2ce4d9660f2cda9c0e1b6bafcfb2457a9d259faa82289e73ec24891"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_arm64.whl", hash = "sha256:4a48a2ce79d65d363597ef7b567ce3d14d68783d2b2263d98db3d9477805ba32"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:4d1d9e582ad4d63062d34077a9a1e9f3c34088a2ec5135b1f7190c07cf366527"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:deed0c7258ceb4c44ad5ec7d9918f9f14fd05b2be86378d86cf50e63d1e7b771"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:0a590506f303f512dff6b7f75fd2fd18e16943efee932008fe7140e5fa91d80e"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e09c2279a4d01f099f52d5c4b3d9e208e91edcbd1a175c9662a8b16e000fece9"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c9e7cdf45d594ee04d5be1b24dd9d49f3d1590959b2271fb30b5ca2b262c00fb"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:720e05574713db64c356e86732c0f3c5252818d05f9df320f0ad8380641acea5"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:17680d737d5335b552994a2008fab4c851bcd7de33094a82067ef3a576ff02fa"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:85b5352f94e490c028926ea567fc569c52ec79ce131dadb968d3853e809518c2"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:464415881e4801295659462c49461a24fb107c140de781d55518c4b80cb6790f"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:fb940820c63a9590d31d88b815e7a3aa5915cad3ce735ab45f0c730b39547de1"},
-    {file = "kiwisolver-1.4.9.tar.gz", hash = "sha256:c3b22c26c6fd6811b0ae8363b95ca8ce4ea3c202d3d0975b2914310ceb1bcc4d"},
-]
-
 [[package]]
 name = "kombu"
 version = "5.5.4"
@@ -3437,85 +3137,6 @@ dev = ["marshmallow[tests]", "pre-commit (>=3.5,<5.0)", "tox"]
 docs = ["autodocsumm (==0.2.14)", "furo (==2024.8.6)", "sphinx (==8.1.3)", "sphinx-copybutton (==0.5.2)", "sphinx-issues (==5.0.0)", "sphinxext-opengraph (==0.9.1)"]
 tests = ["pytest", "simplejson"]

-[[package]]
-name = "matplotlib"
-version = "3.10.6"
-description = "Python plotting package"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:bc7316c306d97463a9866b89d5cc217824e799fa0de346c8f68f4f3d27c8693d"},
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d00932b0d160ef03f59f9c0e16d1e3ac89646f7785165ce6ad40c842db16cc2e"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8fa4c43d6bfdbfec09c733bca8667de11bfa4970e8324c471f3a3632a0301c15"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ea117a9c1627acaa04dbf36265691921b999cbf515a015298e54e1a12c3af837"},
-    {file = "matplotlib-3.10.6-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:08fc803293b4e1694ee325896030de97f74c141ccff0be886bb5915269247676"},
-    {file = "matplotlib-3.10.6-cp310-cp310-win_amd64.whl", hash = "sha256:2adf92d9b7527fbfb8818e050260f0ebaa460f79d61546374ce73506c9421d09"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:905b60d1cb0ee604ce65b297b61cf8be9f4e6cfecf95a3fe1c388b5266bc8f4f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7bac38d816637343e53d7185d0c66677ff30ffb131044a81898b5792c956ba76"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:942a8de2b5bfff1de31d95722f702e2966b8a7e31f4e68f7cd963c7cd8861cf6"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a3276c85370bc0dfca051ec65c5817d1e0f8f5ce1b7787528ec8ed2d524bbc2f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9df5851b219225731f564e4b9e7f2ac1e13c9e6481f941b5631a0f8e2d9387ce"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_amd64.whl", hash = "sha256:abb5d9478625dd9c9eb51a06d39aae71eda749ae9b3138afb23eb38824026c7e"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_arm64.whl", hash = "sha256:886f989ccfae63659183173bb3fced7fd65e9eb793c3cc21c273add368536951"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:31ca662df6a80bd426f871105fdd69db7543e28e73a9f2afe80de7e531eb2347"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1678bb61d897bb4ac4757b5ecfb02bfb3fddf7f808000fb81e09c510712fda75"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:56cd2d20842f58c03d2d6e6c1f1cf5548ad6f66b91e1e48f814e4fb5abd1cb95"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:662df55604a2f9a45435566d6e2660e41efe83cd94f4288dfbf1e6d1eae4b0bb"},
-    {file = "matplotlib-3.10.6-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:08f141d55148cd1fc870c3387d70ca4df16dee10e909b3b038782bd4bda6ea07"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_amd64.whl", hash = "sha256:590f5925c2d650b5c9d813c5b3b5fc53f2929c3f8ef463e4ecfa7e052044fb2b"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_arm64.whl", hash = "sha256:f44c8d264a71609c79a78d50349e724f5d5fc3684ead7c2a473665ee63d868aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:819e409653c1106c8deaf62e6de6b8611449c2cd9939acb0d7d4e57a3d95cc7a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:59c8ac8382fefb9cb71308dde16a7c487432f5255d8f1fd32473523abecfecdf"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:84e82d9e0fd70c70bc55739defbd8055c54300750cbacf4740c9673a24d6933a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:25f7a3eb42d6c1c56e89eacd495661fc815ffc08d9da750bca766771c0fd9110"},
-    {file = "matplotlib-3.10.6-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f9c862d91ec0b7842920a4cfdaaec29662195301914ea54c33e01f1a28d014b2"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_amd64.whl", hash = "sha256:1b53bd6337eba483e2e7d29c5ab10eee644bc3a2491ec67cc55f7b44583ffb18"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_arm64.whl", hash = "sha256:cbd5eb50b7058b2892ce45c2f4e92557f395c9991f5c886d1bb74a1582e70fd6"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:acc86dd6e0e695c095001a7fccff158c49e45e0758fdf5dcdbb0103318b59c9f"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:e228cd2ffb8f88b7d0b29e37f68ca9aaf83e33821f24a5ccc4f082dd8396bc27"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:658bc91894adeab669cf4bb4a186d049948262987e80f0857216387d7435d833"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8913b7474f6dd83ac444c9459c91f7f0f2859e839f41d642691b104e0af056aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:091cea22e059b89f6d7d1a18e2c33a7376c26eee60e401d92a4d6726c4e12706"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_amd64.whl", hash = "sha256:491e25e02a23d7207629d942c666924a6b61e007a48177fdd231a0097b7f507e"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_arm64.whl", hash = "sha256:3d80d60d4e54cda462e2cd9a086d85cd9f20943ead92f575ce86885a43a565d5"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:70aaf890ce1d0efd482df969b28a5b30ea0b891224bb315810a3940f67182899"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:1565aae810ab79cb72e402b22facfa6501365e73ebab70a0fdfb98488d2c3c0c"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f3b23315a01981689aa4e1a179dbf6ef9fbd17143c3eea77548c2ecfb0499438"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:30fdd37edf41a4e6785f9b37969de57aea770696cb637d9946eb37470c94a453"},
-    {file = "matplotlib-3.10.6-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:bc31e693da1c08012c764b053e702c1855378e04102238e6a5ee6a7117c53a47"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_amd64.whl", hash = "sha256:05be9bdaa8b242bc6ff96330d18c52f1fc59c6fb3a4dd411d953d67e7e1baf98"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_arm64.whl", hash = "sha256:f56a0d1ab05d34c628592435781d185cd99630bdfd76822cd686fb5a0aecd43a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:94f0b4cacb23763b64b5dace50d5b7bfe98710fed5f0cef5c08135a03399d98b"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:cc332891306b9fb39462673d8225d1b824c89783fee82840a709f96714f17a5c"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee1d607b3fb1590deb04b69f02ea1d53ed0b0bf75b2b1a5745f269afcbd3cdd3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:376a624a218116461696b27b2bbf7a8945053e6d799f6502fc03226d077807bf"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:83847b47f6524c34b4f2d3ce726bb0541c48c8e7692729865c3df75bfa0f495a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c7e0518e0d223683532a07f4b512e2e0729b62674f1b3a1a69869f98e6b1c7e3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_arm64.whl", hash = "sha256:4dd83e029f5b4801eeb87c64efd80e732452781c16a9cf7415b7b63ec8f374d7"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:13fcd07ccf17e354398358e0307a1f53f5325dca22982556ddb9c52837b5af41"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:470fc846d59d1406e34fa4c32ba371039cd12c2fe86801159a965956f2575bd1"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f7173f8551b88f4ef810a94adae3128c2530e0d07529f7141be7f8d8c365f051"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:f2d684c3204fa62421bbf770ddfebc6b50130f9cad65531eeba19236d73bb488"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:6f4a69196e663a41d12a728fab8751177215357906436804217d6d9cf0d4d6cf"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:4d6ca6ef03dfd269f4ead566ec6f3fb9becf8dab146fb999022ed85ee9f6b3eb"},
-    {file = "matplotlib-3.10.6.tar.gz", hash = "sha256:ec01b645840dd1996df21ee37f208cd8ba57644779fa20464010638013d3203c"},
-]
-
-[package.dependencies]
-contourpy = ">=1.0.1"
-cycler = ">=0.10"
-fonttools = ">=4.22.0"
-kiwisolver = ">=1.3.1"
-numpy = ">=1.23"
-packaging = ">=20.0"
-pillow = ">=8"
-pyparsing = ">=2.3.1"
-python-dateutil = ">=2.7"
-
-[package.extras]
-dev = ["meson-python (>=0.13.1,<0.17.0)", "pybind11 (>=2.13.2,!=2.13.3)", "setuptools (>=64)", "setuptools_scm (>=7)"]
-
 [[package]]
 name = "mccabe"
 version = "0.7.0"
@@ -4236,131 +3857,6 @@ files = [
 [package.dependencies]
 setuptools = "*"

-[[package]]
-name = "pillow"
-version = "11.3.0"
-description = "Python Imaging Library (Fork)"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "pillow-11.3.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860"},
-    {file = "pillow-11.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e"},
-    {file = "pillow-11.3.0-cp310-cp310-win32.whl", hash = "sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6"},
-    {file = "pillow-11.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f"},
-    {file = "pillow-11.3.0-cp310-cp310-win_arm64.whl", hash = "sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94"},
-    {file = "pillow-11.3.0-cp311-cp311-win32.whl", hash = "sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0"},
-    {file = "pillow-11.3.0-cp311-cp311-win_amd64.whl", hash = "sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac"},
-    {file = "pillow-11.3.0-cp311-cp311-win_arm64.whl", hash = "sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d"},
-    {file = "pillow-11.3.0-cp312-cp312-win32.whl", hash = "sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149"},
-    {file = "pillow-11.3.0-cp312-cp312-win_amd64.whl", hash = "sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d"},
-    {file = "pillow-11.3.0-cp312-cp312-win_arm64.whl", hash = "sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b"},
-    {file = "pillow-11.3.0-cp313-cp313-win32.whl", hash = "sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3"},
-    {file = "pillow-11.3.0-cp313-cp313-win_amd64.whl", hash = "sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51"},
-    {file = "pillow-11.3.0-cp313-cp313-win_arm64.whl", hash = "sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c"},
-    {file = "pillow-11.3.0-cp313-cp313t-win32.whl", hash = "sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_arm64.whl", hash = "sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a"},
-    {file = "pillow-11.3.0-cp314-cp314-win32.whl", hash = "sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214"},
-    {file = "pillow-11.3.0-cp314-cp314-win_amd64.whl", hash = "sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635"},
-    {file = "pillow-11.3.0-cp314-cp314-win_arm64.whl", hash = "sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b"},
-    {file = "pillow-11.3.0-cp314-cp314t-win32.whl", hash = "sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_arm64.whl", hash = "sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d"},
-    {file = "pillow-11.3.0-cp39-cp39-win32.whl", hash = "sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71"},
-    {file = "pillow-11.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada"},
-    {file = "pillow-11.3.0-cp39-cp39-win_arm64.whl", hash = "sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8"},
-    {file = "pillow-11.3.0.tar.gz", hash = "sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523"},
-]
-
-[package.extras]
-docs = ["furo", "olefile", "sphinx (>=8.2)", "sphinx-autobuild", "sphinx-copybutton", "sphinx-inline-tabs", "sphinxext-opengraph"]
-fpx = ["olefile"]
-mic = ["olefile"]
-test-arrow = ["pyarrow"]
-tests = ["check-manifest", "coverage (>=7.4.2)", "defusedxml", "markdown2", "olefile", "packaging", "pyroma", "pytest", "pytest-cov", "pytest-timeout", "pytest-xdist", "trove-classifiers (>=2024.10.12)"]
-typing = ["typing-extensions ; python_version < \"3.10\""]
-xmp = ["defusedxml"]
-
 [[package]]
 name = "platformdirs"
 version = "4.3.8"
@@ -5520,29 +5016,6 @@ attrs = ">=22.2.0"
 rpds-py = ">=0.7.0"
 typing-extensions = {version = ">=4.4.0", markers = "python_version < \"3.13\""}

-[[package]]
-name = "reportlab"
-version = "4.4.4"
-description = "The Reportlab Toolkit"
-optional = false
-python-versions = "<4,>=3.9"
-groups = ["main"]
-files = [
-    {file = "reportlab-4.4.4-py3-none-any.whl", hash = "sha256:299b3b0534e7202bb94ed2ddcd7179b818dcda7de9d8518a57c85a58a1ebaadb"},
-    {file = "reportlab-4.4.4.tar.gz", hash = "sha256:cb2f658b7f4a15be2cc68f7203aa67faef67213edd4f2d4bdd3eb20dab75a80d"},
-]
-
-[package.dependencies]
-charset-normalizer = "*"
-pillow = ">=9.0.0"
-
-[package.extras]
-accel = ["rl_accel (>=0.9.0,<1.1)"]
-bidi = ["rlbidi"]
-pycairo = ["freetype-py (>=2.3.0,<2.4)", "rlPyCairo (>=0.2.0,<1)"]
-renderpm = ["rl_renderPM (>=4.0.3,<4.1)"]
-shaping = ["uharfbuzz"]
-
 [[package]]
 name = "requests"
 version = "2.32.5"
@@ -6786,4 +6259,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "3c9164d668d37d6373eb5200bbe768232ead934d9312b9c68046b1df922789f3"
+content-hash = "03442fd4673006c5a74374f90f53621fd1c9d117279fe6cc0355ef833eb7f9bb"
@@ -33,9 +33,7 @@ dependencies = [
  "xmlsec==1.3.14",
  "h2 (==4.3.0)",
  "markdown (>=3.9,<4.0)",
-  "drf-simple-apikey (==2.2.1)",
-  "matplotlib (>=3.10.6,<4.0.0)",
-  "reportlab (>=4.4.4,<5.0.0)"
+  "drf-simple-apikey (==2.2.1)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -43,7 +41,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.15.0"
+version = "1.14.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -0,0 +1,3 @@
+# from django.contrib import admin
+
+# Register your models here.
@@ -48,9 +48,8 @@ class MainRouter:
        return db == self.admin_db

    def allow_relation(self, obj1, obj2, **hints):  # noqa: F841
-        # Allow relations when both objects originate from allowed connectors
-        allowed_dbs = {self.default_db, self.admin_db, self.replica_db}
-        if {obj1._state.db, obj2._state.db} <= allowed_dbs:
+        # Allow relations if both objects are in either "default" or "admin" db connectors
+        if {obj1._state.db, obj2._state.db} <= {self.default_db, self.admin_db}:
            return True
        return None

@@ -1,35 +1,18 @@
 import re
 import secrets
-import time
 import uuid
 from contextlib import contextmanager
 from datetime import datetime, timedelta, timezone

-from celery.utils.log import get_task_logger
-from config.env import env
 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
-from django.db import (
-    DEFAULT_DB_ALIAS,
-    OperationalError,
-    connection,
-    connections,
-    models,
-    transaction,
-)
+from django.db import DEFAULT_DB_ALIAS, connection, connections, models, transaction
 from django_celery_beat.models import PeriodicTask
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
 from rest_framework_json_api.serializers import ValidationError

-from api.db_router import (
-    READ_REPLICA_ALIAS,
-    get_read_db_alias,
-    reset_read_db_alias,
-    set_read_db_alias,
-)
-
-logger = get_task_logger(__name__)
+from api.db_router import get_read_db_alias, reset_read_db_alias, set_read_db_alias

 DB_USER = settings.DATABASES["default"]["USER"] if not settings.TESTING else "test"
 DB_PASSWORD = (
@@ -45,9 +28,6 @@ TASK_RUNNER_DB_TABLE = "django_celery_results_taskresult"
 POSTGRES_TENANT_VAR = "api.tenant_id"
 POSTGRES_USER_VAR = "api.user_id"

-REPLICA_MAX_ATTEMPTS = env.int("POSTGRES_REPLICA_MAX_ATTEMPTS", default=3)
-REPLICA_RETRY_BASE_DELAY = env.float("POSTGRES_REPLICA_RETRY_BASE_DELAY", default=0.5)
-
 SET_CONFIG_QUERY = "SELECT set_config(%s, %s::text, TRUE);"


@@ -91,51 +71,24 @@ def rls_transaction(
    if db_alias not in connections:
        db_alias = DEFAULT_DB_ALIAS

-    alias = db_alias
-    is_replica = READ_REPLICA_ALIAS and alias == READ_REPLICA_ALIAS
-    max_attempts = REPLICA_MAX_ATTEMPTS if is_replica else 1
+    router_token = None
+    try:
+        if db_alias != DEFAULT_DB_ALIAS:
+            router_token = set_read_db_alias(db_alias)

-    for attempt in range(1, max_attempts + 1):
-        router_token = None
-
-        # On final attempt, fallback to primary
-        if attempt == max_attempts and is_replica:
-            logger.warning(
-                f"RLS transaction failed after {attempt - 1} attempts on replica, "
-                f"falling back to primary DB"
-            )
-            alias = DEFAULT_DB_ALIAS
-
-        conn = connections[alias]
-        try:
-            if alias != DEFAULT_DB_ALIAS:
-                router_token = set_read_db_alias(alias)
-
-            with transaction.atomic(using=alias):
-                with conn.cursor() as cursor:
-                    try:
-                        # just in case the value is a UUID object
-                        uuid.UUID(str(value))
-                    except ValueError:
-                        raise ValidationError("Must be a valid UUID")
-                    cursor.execute(SET_CONFIG_QUERY, [parameter, value])
-                    yield cursor
-            return
-        except OperationalError as e:
-            # If on primary or max attempts reached, raise
-            if not is_replica or attempt == max_attempts:
-                raise
-
-            # Retry with exponential backoff
-            delay = REPLICA_RETRY_BASE_DELAY * (2 ** (attempt - 1))
-            logger.info(
-                f"RLS transaction failed on replica (attempt {attempt}/{max_attempts}), "
-                f"retrying in {delay}s. Error: {e}"
-            )
-            time.sleep(delay)
-        finally:
-            if router_token is not None:
-                reset_read_db_alias(router_token)
+        with transaction.atomic(using=db_alias):
+            conn = connections[db_alias]
+            with conn.cursor() as cursor:
+                try:
+                    # just in case the value is a UUID object
+                    uuid.UUID(str(value))
+                except ValueError:
+                    raise ValidationError("Must be a valid UUID")
+                cursor.execute(SET_CONFIG_QUERY, [parameter, value])
+                yield cursor
+    finally:
+        if router_token is not None:
+            reset_read_db_alias(router_token)


 class CustomUserManager(BaseUserManager):
@@ -27,10 +27,7 @@ from api.models import (
    Finding,
    Integration,
    Invitation,
-    LighthouseProviderConfiguration,
-    LighthouseProviderModels,
    Membership,
-    MuteRule,
    OverviewStatusChoices,
    PermissionChoices,
    Processor,
@@ -248,14 +245,6 @@ class ProviderFilter(FilterSet):
        choices=Provider.ProviderChoices.choices,
        lookup_expr="in",
    )
-    provider_type = ChoiceFilter(
-        choices=Provider.ProviderChoices.choices, field_name="provider"
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )

    class Meta:
        model = Provider
@@ -939,62 +928,3 @@ class TenantApiKeyFilter(FilterSet):
            "revoked": ["exact"],
            "name": ["exact", "icontains"],
        }
-
-
-class LighthouseProviderConfigFilter(FilterSet):
-    provider_type = ChoiceFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_type",
-        lookup_expr="in",
-    )
-    is_active = BooleanFilter()
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = {
-            "provider_type": ["exact", "in"],
-            "is_active": ["exact"],
-        }
-
-
-class LighthouseProviderModelsFilter(FilterSet):
-    provider_type = ChoiceFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_configuration__provider_type",
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_configuration__provider_type",
-        lookup_expr="in",
-    )
-
-    # Allow filtering by model id
-    model_id = CharFilter(field_name="model_id", lookup_expr="exact")
-    model_id__icontains = CharFilter(field_name="model_id", lookup_expr="icontains")
-    model_id__in = CharInFilter(field_name="model_id", lookup_expr="in")
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = {
-            "model_id": ["exact", "icontains", "in"],
-        }
-
-
-class MuteRuleFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    created_by = UUIDFilter(field_name="created_by__id", lookup_expr="exact")
-
-    class Meta:
-        model = MuteRule
-        fields = {
-            "id": ["exact", "in"],
-            "name": ["exact", "icontains"],
-            "reason": ["icontains"],
-            "enabled": ["exact"],
-            "inserted_at": ["gte", "lte"],
-            "updated_at": ["gte", "lte"],
-        }
@@ -24,7 +24,7 @@ class Migration(migrations.Migration):
                (
                    "name",
                    models.CharField(
-                        max_length=100,
+                        max_length=255,
                        validators=[django.core.validators.MinLengthValidator(3)],
                    ),
                ),
@@ -1,266 +0,0 @@
-# Generated by Django 5.1.12 on 2025-10-09 07:50
-
-import json
-import logging
-import uuid
-
-import django.db.models.deletion
-from config.custom_logging import BackendLogger
-from cryptography.fernet import Fernet
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-from api.db_router import MainRouter
-
-logger = logging.getLogger(BackendLogger.API)
-
-
-def migrate_lighthouse_configs_forward(apps, schema_editor):
-    """
-    Migrate data from old LighthouseConfiguration to new multi-provider models.
-    Old system: one LighthouseConfiguration per tenant (always OpenAI).
-    """
-    LighthouseConfiguration = apps.get_model("api", "LighthouseConfiguration")
-    LighthouseProviderConfiguration = apps.get_model(
-        "api", "LighthouseProviderConfiguration"
-    )
-    LighthouseTenantConfiguration = apps.get_model(
-        "api", "LighthouseTenantConfiguration"
-    )
-    LighthouseProviderModels = apps.get_model("api", "LighthouseProviderModels")
-
-    fernet = Fernet(settings.SECRETS_ENCRYPTION_KEY.encode())
-
-    # Migrate only tenants that actually have a LighthouseConfiguration
-    for old_config in (
-        LighthouseConfiguration.objects.using(MainRouter.admin_db)
-        .select_related("tenant")
-        .all()
-    ):
-        tenant = old_config.tenant
-        tenant_id = str(tenant.id)
-
-        try:
-            # Create OpenAI provider configuration for this tenant
-            api_key_decrypted = fernet.decrypt(bytes(old_config.api_key)).decode()
-            credentials_encrypted = fernet.encrypt(
-                json.dumps({"api_key": api_key_decrypted}).encode()
-            )
-            provider_config = LighthouseProviderConfiguration.objects.using(
-                MainRouter.admin_db
-            ).create(
-                tenant=tenant,
-                provider_type="openai",
-                credentials=credentials_encrypted,
-                is_active=old_config.is_active,
-            )
-
-            # Create tenant configuration from old values
-            LighthouseTenantConfiguration.objects.using(MainRouter.admin_db).create(
-                tenant=tenant,
-                business_context=old_config.business_context or "",
-                default_provider="openai",
-                default_models={"openai": old_config.model},
-            )
-
-            # Create initial provider model record
-            LighthouseProviderModels.objects.using(MainRouter.admin_db).create(
-                tenant=tenant,
-                provider_configuration=provider_config,
-                model_id=old_config.model,
-                model_name=old_config.model,
-                default_parameters={},
-            )
-
-        except Exception:
-            logger.exception(
-                "Failed to migrate lighthouse config for tenant %s", tenant_id
-            )
-            continue
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0049_compliancerequirementoverview_passed_failed_findings"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="LighthouseProviderConfiguration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "provider_type",
-                    models.CharField(
-                        choices=[("openai", "OpenAI")],
-                        help_text="LLM provider name",
-                        max_length=50,
-                    ),
-                ),
-                ("base_url", models.URLField(blank=True, null=True)),
-                (
-                    "credentials",
-                    models.BinaryField(
-                        help_text="Encrypted JSON credentials for the provider"
-                    ),
-                ),
-                ("is_active", models.BooleanField(default=True)),
-            ],
-            options={
-                "db_table": "lighthouse_provider_configurations",
-                "abstract": False,
-            },
-        ),
-        migrations.CreateModel(
-            name="LighthouseProviderModels",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("model_id", models.CharField(max_length=100)),
-                ("model_name", models.CharField(max_length=100)),
-                ("default_parameters", models.JSONField(blank=True, default=dict)),
-            ],
-            options={
-                "db_table": "lighthouse_provider_models",
-                "abstract": False,
-            },
-        ),
-        migrations.CreateModel(
-            name="LighthouseTenantConfiguration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("business_context", models.TextField(blank=True, default="")),
-                ("default_provider", models.CharField(blank=True, max_length=50)),
-                ("default_models", models.JSONField(blank=True, default=dict)),
-            ],
-            options={
-                "db_table": "lighthouse_tenant_config",
-                "abstract": False,
-            },
-        ),
-        migrations.AddField(
-            model_name="lighthouseproviderconfiguration",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthouseprovidermodels",
-            name="provider_configuration",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE,
-                related_name="available_models",
-                to="api.lighthouseproviderconfiguration",
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthouseprovidermodels",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthousetenantconfiguration",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="lighthouseproviderconfiguration",
-            index=models.Index(
-                fields=["tenant_id", "provider_type"], name="lh_pc_tenant_type_idx"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseproviderconfiguration",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthouseproviderconfiguration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseproviderconfiguration",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider_type"),
-                name="unique_provider_config_per_tenant",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="lighthouseprovidermodels",
-            index=models.Index(
-                fields=["tenant_id", "provider_configuration"],
-                name="lh_prov_models_cfg_idx",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseprovidermodels",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthouseprovidermodels",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseprovidermodels",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider_configuration", "model_id"),
-                name="unique_provider_model_per_configuration",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthousetenantconfiguration",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthousetenantconfiguration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthousetenantconfiguration",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id",), name="unique_tenant_lighthouse_config"
-            ),
-        ),
-        # Migrate data from old LighthouseConfiguration to new tables
-        # This runs after all tables, indexes, and constraints are created
-        # The old Lighthouse configuration table is not removed, so reverse_code is noop
-        # During rollbacks, the old Lighthouse configuration remains intact while the new tables are removed
-        migrations.RunPython(
-            migrate_lighthouse_configs_forward,
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
@@ -1,34 +0,0 @@
-# Generated by Django 5.1.7 on 2025-10-14 00:00
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0050_lighthouse_multi_llm"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'oraclecloud';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,117 +0,0 @@
-# Generated by Django 5.1.13 on 2025-10-22 11:56
-
-import uuid
-
-import django.contrib.postgres.fields
-import django.core.validators
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0051_oraclecloud_provider"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="MuteRule",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "name",
-                    models.CharField(
-                        help_text="Human-readable name for this rule",
-                        max_length=100,
-                        validators=[django.core.validators.MinLengthValidator(3)],
-                    ),
-                ),
-                (
-                    "reason",
-                    models.TextField(
-                        help_text="Reason for muting",
-                        max_length=500,
-                        validators=[django.core.validators.MinLengthValidator(3)],
-                    ),
-                ),
-                (
-                    "enabled",
-                    models.BooleanField(
-                        default=True, help_text="Whether this rule is currently enabled"
-                    ),
-                ),
-                (
-                    "finding_uids",
-                    django.contrib.postgres.fields.ArrayField(
-                        base_field=models.CharField(max_length=255),
-                        help_text="List of finding UIDs to mute",
-                        size=None,
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "mute_rules",
-                "abstract": False,
-            },
-        ),
-        migrations.AddField(
-            model_name="finding",
-            name="muted_at",
-            field=models.DateTimeField(
-                blank=True, help_text="Timestamp when this finding was muted", null=True
-            ),
-        ),
-        migrations.AlterField(
-            model_name="tenantapikey",
-            name="name",
-            field=models.CharField(
-                max_length=100,
-                validators=[django.core.validators.MinLengthValidator(3)],
-            ),
-        ),
-        migrations.AddField(
-            model_name="muterule",
-            name="created_by",
-            field=models.ForeignKey(
-                help_text="User who created this rule",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="created_mute_rules",
-                to=settings.AUTH_USER_MODEL,
-            ),
-        ),
-        migrations.AddField(
-            model_name="muterule",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="muterule",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_muterule",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="muterule",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "name"), name="unique_mute_rule_name_per_tenant"
-            ),
-        ),
-    ]
@@ -1,25 +0,0 @@
-# Generated by Django 5.1.12 on 2025-10-14 11:46
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0052_mute_rules"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="lighthouseproviderconfiguration",
-            name="provider_type",
-            field=models.CharField(
-                choices=[
-                    ("openai", "OpenAI"),
-                    ("bedrock", "AWS Bedrock"),
-                    ("openai_compatible", "OpenAI Compatible"),
-                ],
-                help_text="LLM provider name",
-                max_length=50,
-            ),
-        )
-    ]
@@ -1,35 +0,0 @@
-# Generated by Django 5.1.10 on 2025-09-09 09:25
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0053_lighthouse_bedrock_openai_compatible"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("oci", "Oracle Cloud Infrastructure"),
-                    ("iac", "IaC"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'iac';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,32 +0,0 @@
-# Generated by Django 5.1.13 on 2025-11-05 08:37
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0054_iac_provider"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("mongodbatlas", "MongoDB Atlas"),
-                    ("iac", "IaC"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                ],
-                default="aws",
-            ),
-        ),
-    ]
@@ -1,24 +0,0 @@
-# Generated by Django 5.1.13 on 2025-11-06 09:20
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0055_mongodbatlas_provider"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                condition=models.Q(("is_deleted", False)),
-                fields=("tenant_id", "provider", "uid"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
@@ -284,9 +284,6 @@ class Provider(RowLevelSecurityProtectedModel):
        KUBERNETES = "kubernetes", _("Kubernetes")
        M365 = "m365", _("M365")
        GITHUB = "github", _("GitHub")
-        MONGODBATLAS = "mongodbatlas", _("MongoDB Atlas")
-        IAC = "iac", _("IaC")
-        ORACLECLOUD = "oraclecloud", _("Oracle Cloud Infrastructure")

    @staticmethod
    def validate_aws_uid(value):
@@ -357,40 +354,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_iac_uid(value):
-        # Validate that it's a valid repository URL (git URL format)
-        if not re.match(
-            r"^(https?://|git@|ssh://)[^\s/]+[^\s]*\.git$|^(https?://)[^\s/]+[^\s]*$",
-            value,
-        ):
-            raise ModelValidationError(
-                detail="IaC provider ID must be a valid repository URL (e.g., https://github.com/user/repo or https://github.com/user/repo.git).",
-                code="iac-uid",
-                pointer="/data/attributes/uid",
-            )
-
-    @staticmethod
-    def validate_oraclecloud_uid(value):
-        if not re.match(
-            r"^ocid1\.([a-z0-9_-]+)\.([a-z0-9_-]+)\.([a-z0-9_-]*)\.([a-z0-9]+)$", value
-        ):
-            raise ModelValidationError(
-                detail="Oracle Cloud Infrastructure provider ID must be a valid tenancy OCID in the format: "
-                "ocid1.<resource_type>.<realm>.<region>.<unique_id>",
-                code="oraclecloud-uid",
-                pointer="/data/attributes/uid",
-            )
-
-    @staticmethod
-    def validate_mongodbatlas_uid(value):
-        if not re.match(r"^[0-9a-fA-F]{24}$", value):
-            raise ModelValidationError(
-                detail="MongoDB Atlas organization ID must be a 24-character hexadecimal string.",
-                code="mongodbatlas-uid",
-                pointer="/data/attributes/uid",
-            )
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -425,8 +388,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid"),
-                condition=Q(is_deleted=False),
+                fields=("tenant_id", "provider", "uid", "is_deleted"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -848,9 +810,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    muted_reason = models.TextField(
        blank=True, null=True, validators=[MinLengthValidator(3)], max_length=500
    )
-    muted_at = models.DateTimeField(
-        null=True, blank=True, help_text="Timestamp when this finding was muted"
-    )
    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Denormalize resource data for performance
@@ -1914,6 +1873,22 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
    def clean(self):
        super().clean()

+        # Validate temperature
+        if not 0 <= self.temperature <= 1:
+            raise ModelValidationError(
+                detail="Temperature must be between 0 and 1",
+                code="invalid_temperature",
+                pointer="/data/attributes/temperature",
+            )
+
+        # Validate max_tokens
+        if not 500 <= self.max_tokens <= 5000:
+            raise ModelValidationError(
+                detail="Max tokens must be between 500 and 5000",
+                code="invalid_max_tokens",
+                pointer="/data/attributes/max_tokens",
+            )
+
    @property
    def api_key_decoded(self):
        """Return the decrypted API key, or None if unavailable or invalid."""
@@ -1938,6 +1913,15 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
                code="invalid_api_key",
                pointer="/data/attributes/api_key",
            )
+
+        # Validate OpenAI API key format
+        openai_key_pattern = r"^sk-[\w-]+T3BlbkFJ[\w-]+$"
+        if not re.match(openai_key_pattern, value):
+            raise ModelValidationError(
+                detail="Invalid OpenAI API key format.",
+                code="invalid_api_key",
+                pointer="/data/attributes/api_key",
+            )
        self.api_key = fernet.encrypt(value.encode())

    def save(self, *args, **kwargs):
@@ -1963,59 +1947,6 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
        resource_name = "lighthouse-configurations"


-class MuteRule(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    # Rule metadata
-    name = models.CharField(
-        max_length=100,
-        validators=[MinLengthValidator(3)],
-        help_text="Human-readable name for this rule",
-    )
-    reason = models.TextField(
-        validators=[MinLengthValidator(3)],
-        max_length=500,
-        help_text="Reason for muting",
-    )
-    enabled = models.BooleanField(
-        default=True, help_text="Whether this rule is currently enabled"
-    )
-
-    # Audit fields
-    created_by = models.ForeignKey(
-        User,
-        on_delete=models.SET_NULL,
-        null=True,
-        related_name="created_mute_rules",
-        help_text="User who created this rule",
-    )
-
-    # Rule criteria - array of finding UIDs
-    finding_uids = ArrayField(
-        models.CharField(max_length=255), help_text="List of finding UIDs to mute"
-    )
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "mute_rules"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=("tenant_id", "name"),
-                name="unique_mute_rule_name_per_tenant",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "mute-rules"
-
-
 class Processor(RowLevelSecurityProtectedModel):
    class ProcessorChoices(models.TextChoices):
        MUTELIST = "mutelist", _("Mutelist")
@@ -2053,189 +1984,3 @@ class Processor(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "processors"
-
-
-class LighthouseProviderConfiguration(RowLevelSecurityProtectedModel):
-    """
-    Per-tenant configuration for an LLM provider (credentials, base URL, activation).
-
-    One configuration per provider type per tenant.
-    """
-
-    class LLMProviderChoices(models.TextChoices):
-        OPENAI = "openai", _("OpenAI")
-        BEDROCK = "bedrock", _("AWS Bedrock")
-        OPENAI_COMPATIBLE = "openai_compatible", _("OpenAI Compatible")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    provider_type = models.CharField(
-        max_length=50,
-        choices=LLMProviderChoices.choices,
-        help_text="LLM provider name",
-    )
-
-    # For OpenAI-compatible providers
-    base_url = models.URLField(blank=True, null=True)
-
-    # Encrypted JSON for provider-specific auth
-    credentials = models.BinaryField(
-        blank=False, null=False, help_text="Encrypted JSON credentials for the provider"
-    )
-
-    is_active = models.BooleanField(default=True)
-
-    def __str__(self):
-        return f"{self.get_provider_type_display()} ({self.tenant_id})"
-
-    def clean(self):
-        super().clean()
-
-    @property
-    def credentials_decoded(self):
-        if not self.credentials:
-            return None
-        try:
-            decrypted_data = fernet.decrypt(bytes(self.credentials))
-            return json.loads(decrypted_data.decode())
-        except (InvalidToken, json.JSONDecodeError) as e:
-            logger.warning("Failed to decrypt provider credentials: %s", e)
-            return None
-        except Exception as e:
-            logger.exception(
-                "Unexpected error while decrypting provider credentials: %s", e
-            )
-            return None
-
-    @credentials_decoded.setter
-    def credentials_decoded(self, value):
-        """
-        Set and encrypt credentials (assumes serializer performed validation).
-        """
-        if not value:
-            raise ModelValidationError(
-                detail="Credentials are required",
-                code="invalid_credentials",
-                pointer="/data/attributes/credentials",
-            )
-        self.credentials = fernet.encrypt(json.dumps(value).encode())
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_provider_configurations"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id", "provider_type"],
-                name="unique_provider_config_per_tenant",
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "provider_type"],
-                name="lh_pc_tenant_type_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-providers"
-
-
-class LighthouseTenantConfiguration(RowLevelSecurityProtectedModel):
-    """
-    Tenant-level Lighthouse settings (business context and defaults).
-    One record per tenant.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    business_context = models.TextField(blank=True, default="")
-
-    # Preferred provider key (e.g., "openai", "bedrock", "openai_compatible")
-    default_provider = models.CharField(max_length=50, blank=True)
-
-    # Mapping of provider -> model id, e.g., {"openai": "gpt-4o", "bedrock": "anthropic.claude-v2"}
-    default_models = models.JSONField(default=dict, blank=True)
-
-    def __str__(self):
-        return f"Lighthouse Tenant Config for {self.tenant_id}"
-
-    def clean(self):
-        super().clean()
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_tenant_config"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id"], name="unique_tenant_lighthouse_config"
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-configurations"
-
-
-class LighthouseProviderModels(RowLevelSecurityProtectedModel):
-    """
-    Per-tenant, per-provider configuration list of available LLM models.
-    RLS-protected; populated via provider API using tenant-scoped credentials.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    # Scope to a specific provider configuration within a tenant
-    provider_configuration = models.ForeignKey(
-        LighthouseProviderConfiguration,
-        on_delete=models.CASCADE,
-        related_name="available_models",
-    )
-    model_id = models.CharField(max_length=100)
-
-    # Human-friendly model name
-    model_name = models.CharField(max_length=100)
-
-    # Model-specific default parameters (e.g., temperature, max_tokens)
-    default_parameters = models.JSONField(default=dict, blank=True)
-
-    def __str__(self):
-        return f"{self.provider_configuration.provider_type}:{self.model_id} ({self.tenant_id})"
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_provider_models"
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id", "provider_configuration", "model_id"],
-                name="unique_provider_model_per_configuration",
-            ),
-        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "provider_configuration"],
-                name="lh_prov_models_cfg_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-models"
@@ -6,14 +6,7 @@ from django.dispatch import receiver
 from django_celery_results.backends.database import DatabaseBackend

 from api.db_utils import delete_related_daily_task
-from api.models import (
-    LighthouseProviderConfiguration,
-    LighthouseTenantConfiguration,
-    Membership,
-    Provider,
-    TenantAPIKey,
-    User,
-)
+from api.models import Membership, Provider, TenantAPIKey, User


 def create_task_result_on_publish(sender=None, headers=None, **kwargs):  # noqa: F841
@@ -63,33 +56,3 @@ def revoke_membership_api_keys(sender, instance, **kwargs):  # noqa: F841
    TenantAPIKey.objects.filter(
        entity=instance.user, tenant_id=instance.tenant.id
    ).update(revoked=True)
-
-
-@receiver(pre_delete, sender=LighthouseProviderConfiguration)
-def cleanup_lighthouse_defaults_before_delete(sender, instance, **kwargs):  # noqa: F841
-    """
-    Ensure tenant Lighthouse defaults do not reference a soon-to-be-deleted provider.
-
-    This runs for both per-instance deletes and queryset (bulk) deletes.
-    """
-    try:
-        tenant_cfg = LighthouseTenantConfiguration.objects.get(
-            tenant_id=instance.tenant_id
-        )
-    except LighthouseTenantConfiguration.DoesNotExist:
-        return
-
-    updated = False
-    defaults = tenant_cfg.default_models or {}
-
-    if instance.provider_type in defaults:
-        defaults.pop(instance.provider_type, None)
-        tenant_cfg.default_models = defaults
-        updated = True
-
-    if tenant_cfg.default_provider == instance.provider_type:
-        tenant_cfg.default_provider = ""
-        updated = True
-
-    if updated:
-        tenant_cfg.save()
@@ -1,39 +0,0 @@
-"""Tests for rls_transaction retry and fallback logic."""
-
-import pytest
-from django.db import DEFAULT_DB_ALIAS
-from rest_framework_json_api.serializers import ValidationError
-
-from api.db_utils import rls_transaction
-
-
-@pytest.mark.django_db
-class TestRLSTransaction:
-    """Simple integration tests for rls_transaction using real DB."""
-
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def test_success_on_primary(self, tenant):
-        """Basic: transaction succeeds on primary database."""
-        with rls_transaction(str(tenant.id), using=DEFAULT_DB_ALIAS) as cursor:
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result == (1,)
-
-    def test_invalid_uuid_raises_validation_error(self):
-        """Invalid UUID raises ValidationError before DB operations."""
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction("not-a-uuid", using=DEFAULT_DB_ALIAS):
-                pass
-
-    def test_custom_parameter_name(self, tenant):
-        """Test custom RLS parameter name."""
-        custom_param = "api.custom_id"
-        with rls_transaction(
-            str(tenant.id), parameter=custom_param, using=DEFAULT_DB_ALIAS
-        ) as cursor:
-            cursor.execute("SELECT current_setting(%s, true)", [custom_param])
-            result = cursor.fetchone()
-            assert result == (str(tenant.id),)
@@ -1,15 +1,12 @@
 from datetime import datetime, timezone
 from enum import Enum
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch

 import pytest
 from django.conf import settings
-from django.db import DEFAULT_DB_ALIAS, OperationalError
 from freezegun import freeze_time
-from rest_framework_json_api.serializers import ValidationError

 from api.db_utils import (
-    POSTGRES_TENANT_VAR,
    _should_create_index_on_partition,
    batch_delete,
    create_objects_in_batches,
@@ -17,22 +14,11 @@ from api.db_utils import (
    generate_api_key_prefix,
    generate_random_token,
    one_week_from_now,
-    rls_transaction,
    update_objects_in_batches,
 )
 from api.models import Provider


-@pytest.fixture
-def enable_read_replica():
-    """
-    Fixture to enable READ_REPLICA_ALIAS for tests that need replica functionality.
-    This avoids polluting the global test configuration.
-    """
-    with patch("api.db_utils.READ_REPLICA_ALIAS", "replica"):
-        yield "replica"
-
-
 class TestEnumToChoices:
    def test_enum_to_choices_simple(self):
        class Color(Enum):
@@ -353,498 +339,3 @@ class TestGenerateApiKeyPrefix:
            prefix = generate_api_key_prefix()
            random_part = prefix[3:]  # Strip 'pk_'
            assert all(char in allowed_chars for char in random_part)
-
-
-@pytest.mark.django_db
-class TestRlsTransaction:
-    def test_rls_transaction_valid_uuid_string(self, tenants_fixture):
-        """Test rls_transaction with valid UUID string."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_valid_uuid_object(self, tenants_fixture):
-        """Test rls_transaction with UUID object."""
-        tenant = tenants_fixture[0]
-
-        with rls_transaction(tenant.id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == str(tenant.id)
-
-    def test_rls_transaction_invalid_uuid_raises_validation_error(self):
-        """Test rls_transaction raises ValidationError for invalid UUID."""
-        invalid_uuid = "not-a-valid-uuid"
-
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction(invalid_uuid):
-                pass
-
-    def test_rls_transaction_uses_default_database_when_no_alias(self, tenants_fixture):
-        """Test rls_transaction uses DEFAULT_DB_ALIAS when no alias specified."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_uses_specified_alias(self, tenants_fixture):
-        """Test rls_transaction uses specified database alias via using parameter."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_connections.__getitem__.assert_called_with(custom_alias)
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_uses_read_replica_from_router(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test rls_transaction uses read replica alias from router."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            mock_set_alias.return_value = "test_token"
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_connections.__getitem__.assert_called()
-                            mock_set_alias.assert_called_once()
-                            mock_reset_alias.assert_called_once()
-
-    def test_rls_transaction_fallback_to_default_when_alias_not_in_connections(
-        self, tenants_fixture
-    ):
-        """Test rls_transaction falls back to DEFAULT_DB_ALIAS when alias not in connections."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        invalid_alias = "nonexistent_db"
-
-        with patch("api.db_utils.get_read_db_alias", return_value=invalid_alias):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-
-                def contains_check(alias):
-                    return alias == DEFAULT_DB_ALIAS
-
-                mock_connections.__contains__.side_effect = contains_check
-                mock_connections.__getitem__.return_value = mock_conn
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                    mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_successful_execution_on_replica_no_retries(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test successful execution on replica without retries."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias", return_value="token"):
-                        with patch("api.db_utils.reset_read_db_alias"):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            assert mock_cursor.execute.call_count == 1
-
-    def test_rls_transaction_retry_with_exponential_backoff_on_operational_error(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test retry with exponential backoff on OperationalError on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Connection error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_sleep.call_count == 2
-                                    mock_sleep.assert_any_call(0.5)
-                                    mock_sleep.assert_any_call(1.0)
-                                    assert mock_logger.info.call_count == 2
-
-    def test_rls_transaction_max_three_attempts_for_replica(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test maximum 3 attempts for replica database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Persistent error")
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                assert mock_atomic.call_count == 3
-
-    def test_rls_transaction_only_one_attempt_for_primary(self, tenants_fixture):
-        """Test only 1 attempt for primary database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with pytest.raises(OperationalError):
-                        with rls_transaction(tenant_id):
-                            pass
-
-                    assert mock_atomic.call_count == 1
-
-    def test_rls_transaction_fallback_to_primary_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test fallback to primary DB after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    mock_logger.warning.assert_called_once()
-                                    warning_msg = mock_logger.warning.call_args[0][0]
-                                    assert "falling back to primary DB" in warning_msg
-
-    def test_rls_transaction_logger_warning_on_fallback(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test logger warnings are emitted on fallback to primary."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_logger.info.call_count == 2
-                                    assert mock_logger.warning.call_count == 1
-
-    def test_rls_transaction_operational_error_raised_immediately_on_primary(
-        self, tenants_fixture
-    ):
-        """Test OperationalError raised immediately on primary without retry."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with pytest.raises(OperationalError):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                        mock_sleep.assert_not_called()
-
-    def test_rls_transaction_operational_error_raised_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test OperationalError raised after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError(
-                        "Persistent replica error"
-                    )
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-    def test_rls_transaction_router_token_set_for_non_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is set when using non-default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_reset_in_finally_block(self, tenants_fixture):
-        """Test router token is reset in finally block even on error."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                mock_atomic.side_effect = Exception("Unexpected error")
-
-                with patch("api.db_utils.set_read_db_alias", return_value="test_token"):
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        with pytest.raises(Exception):
-                            with rls_transaction(tenant_id, using=custom_alias):
-                                pass
-
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_not_set_for_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is not set when using default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_set_alias.assert_not_called()
-                            mock_reset_alias.assert_not_called()
-
-    def test_rls_transaction_set_config_query_executed_with_correct_params(
-        self, tenants_fixture
-    ):
-        """Test SET_CONFIG_QUERY executed with correct parameters."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_custom_parameter(self, tenants_fixture):
-        """Test rls_transaction with custom parameter name."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_param = "api.user_id"
-
-        with rls_transaction(tenant_id, parameter=custom_param) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [custom_param])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_cursor_yielded_correctly(self, tenants_fixture):
-        """Test cursor is yielded correctly."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result[0] == 1
@@ -20,11 +20,8 @@ from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHubConnection
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
-from prowler.providers.github.github_provider import GithubProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider
-from prowler.providers.mongodbatlas.mongodbatlas_provider import MongodbatlasProvider
-from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider


 class TestMergeDicts:
@@ -111,9 +108,6 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.AZURE.value, AzureProvider),
            (Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
            (Provider.ProviderChoices.M365.value, M365Provider),
-            (Provider.ProviderChoices.GITHUB.value, GithubProvider),
-            (Provider.ProviderChoices.MONGODBATLAS.value, MongodbatlasProvider),
-            (Provider.ProviderChoices.ORACLECLOUD.value, OraclecloudProvider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -209,14 +203,6 @@ class TestGetProwlerProviderKwargs:
                Provider.ProviderChoices.GITHUB.value,
                {"organizations": ["provider_uid"]},
            ),
-            (
-                Provider.ProviderChoices.ORACLECLOUD.value,
-                {},
-            ),
-            (
-                Provider.ProviderChoices.MONGODBATLAS.value,
-                {"atlas_organization_id": "provider_uid"},
-            ),
        ],
    )
    def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
@@ -18,11 +18,8 @@ from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.github.github_provider import GithubProvider
-from prowler.providers.iac.iac_provider import IacProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider
-from prowler.providers.mongodbatlas.mongodbatlas_provider import MongodbatlasProvider
-from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider


 class CustomOAuth2Client(OAuth2Client):
@@ -68,11 +65,8 @@ def return_prowler_provider(
    | AzureProvider
    | GcpProvider
    | GithubProvider
-    | IacProvider
    | KubernetesProvider
    | M365Provider
-    | MongodbatlasProvider
-    | OraclecloudProvider
 ]:
    """Return the Prowler provider class based on the given provider type.

@@ -80,7 +74,7 @@ def return_prowler_provider(
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -98,12 +92,6 @@ def return_prowler_provider(
            prowler_provider = M365Provider
        case Provider.ProviderChoices.GITHUB.value:
            prowler_provider = GithubProvider
-        case Provider.ProviderChoices.MONGODBATLAS.value:
-            prowler_provider = MongodbatlasProvider
-        case Provider.ProviderChoices.IAC.value:
-            prowler_provider = IacProvider
-        case Provider.ProviderChoices.ORACLECLOUD.value:
-            prowler_provider = OraclecloudProvider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -140,21 +128,6 @@ def get_prowler_provider_kwargs(
                **prowler_provider_kwargs,
                "organizations": [provider.uid],
            }
-    elif provider.provider == Provider.ProviderChoices.IAC.value:
-        # For IaC provider, uid contains the repository URL
-        # Extract the access token if present in the secret
-        prowler_provider_kwargs = {
-            "scan_repository_url": provider.uid,
-        }
-        if "access_token" in provider.secret.secret:
-            prowler_provider_kwargs["oauth_app_token"] = provider.secret.secret[
-                "access_token"
-            ]
-    elif provider.provider == Provider.ProviderChoices.MONGODBATLAS.value:
-        prowler_provider_kwargs = {
-            **prowler_provider_kwargs,
-            "atlas_organization_id": provider.uid,
-        }

    if mutelist_processor:
        mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
@@ -172,11 +145,8 @@ def initialize_prowler_provider(
    | AzureProvider
    | GcpProvider
    | GithubProvider
-    | IacProvider
    | KubernetesProvider
    | M365Provider
-    | MongodbatlasProvider
-    | OraclecloudProvider
 ):
    """Initialize a Prowler provider instance based on the given provider type.

@@ -185,8 +155,8 @@ def initialize_prowler_provider(
        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `IacProvider`, `KubernetesProvider`, `M365Provider`, `OraclecloudProvider` or `MongodbatlasProvider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
@@ -210,23 +180,9 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
        return Connection(is_connected=False, error=secret_error)

-    # For IaC provider, construct the kwargs properly for test_connection
-    if provider.provider == Provider.ProviderChoices.IAC.value:
-        # Don't pass repository_url from secret, use scan_repository_url with the UID
-        iac_test_kwargs = {
-            "scan_repository_url": provider.uid,
-            "raise_on_exception": False,
-        }
-        # Add access_token if present in the secret
-        if "access_token" in prowler_provider_kwargs:
-            iac_test_kwargs["access_token"] = prowler_provider_kwargs["access_token"]
-        return prowler_provider.test_connection(**iac_test_kwargs)
-    else:
-        return prowler_provider.test_connection(
-            **prowler_provider_kwargs,
-            provider_id=provider.uid,
-            raise_on_exception=False,
-        )
+    return prowler_provider.test_connection(
+        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
+    )


 def prowler_integration_connection_test(integration: Integration) -> Connection:
@@ -12,24 +12,6 @@ from api.models import StateChoices, Task
 from api.v1.serializers import TaskSerializer


-class DisablePaginationMixin:
-    disable_pagination_query_param = "page[disable]"
-    disable_pagination_truthy_values = {"true"}
-
-    def should_disable_pagination(self) -> bool:
-        if not hasattr(self, "request"):
-            return False
-        value = self.request.query_params.get(self.disable_pagination_query_param)
-        if value is None:
-            return False
-        return str(value).lower() in self.disable_pagination_truthy_values
-
-    def paginate_queryset(self, queryset):
-        if self.should_disable_pagination():
-            return None
-        return super().paginate_queryset(queryset)
-
-
 class PaginateByPkMixin:
    """
    Mixin to paginate on a list of PKs (cheaper than heavy JOINs),
@@ -1,209 +0,0 @@
-import re
-
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-
-
-class OpenAICredentialsSerializer(serializers.Serializer):
-    api_key = serializers.CharField()
-
-    def validate_api_key(self, value: str) -> str:
-        pattern = r"^sk-[\w-]+$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError("Invalid OpenAI API key format.")
-        return value
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-class BedrockCredentialsSerializer(serializers.Serializer):
-    """
-    Serializer for AWS Bedrock credentials validation.
-
-    Validates long-term AWS credentials (AKIA) and region format.
-    """
-
-    access_key_id = serializers.CharField()
-    secret_access_key = serializers.CharField()
-    region = serializers.CharField()
-
-    def validate_access_key_id(self, value: str) -> str:
-        """Validate AWS access key ID format (AKIA for long-term credentials)."""
-        pattern = r"^AKIA[0-9A-Z]{16}$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS access key ID format. Must be AKIA followed by 16 alphanumeric characters."
-            )
-        return value
-
-    def validate_secret_access_key(self, value: str) -> str:
-        """Validate AWS secret access key format (40 base64 characters)."""
-        pattern = r"^[A-Za-z0-9/+=]{40}$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS secret access key format. Must be 40 base64 characters."
-            )
-        return value
-
-    def validate_region(self, value: str) -> str:
-        """Validate AWS region format."""
-        pattern = r"^[a-z]{2}-[a-z]+-\d+$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS region format. Expected format like 'us-east-1' or 'eu-west-2'."
-            )
-        return value
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-class BedrockCredentialsUpdateSerializer(BedrockCredentialsSerializer):
-    """
-    Serializer for AWS Bedrock credentials during UPDATE operations.
-
-    Inherits all validation logic from BedrockCredentialsSerializer but makes
-    all fields optional to support partial updates.
-    """
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        # Make all fields optional for updates
-        for field in self.fields.values():
-            field.required = False
-
-
-class OpenAICompatibleCredentialsSerializer(serializers.Serializer):
-    """
-    Minimal serializer for OpenAI-compatible credentials.
-
-    Many OpenAI-compatible providers do not use the same key format as OpenAI.
-    We only require a non-empty API key string. Additional fields can be added later
-    without breaking existing configurations.
-    """
-
-    api_key = serializers.CharField()
-
-    def validate_api_key(self, value: str) -> str:
-        if not isinstance(value, str) or not value.strip():
-            raise serializers.ValidationError("API key is required.")
-        return value.strip()
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "OpenAI Credentials",
-                "properties": {
-                    "api_key": {
-                        "type": "string",
-                        "description": "OpenAI API key. Must start with 'sk-' followed by alphanumeric characters, "
-                        "hyphens, or underscores.",
-                        "pattern": "^sk-[\\w-]+$",
-                    }
-                },
-                "required": ["api_key"],
-            },
-            {
-                "type": "object",
-                "title": "AWS Bedrock Credentials",
-                "properties": {
-                    "access_key_id": {
-                        "type": "string",
-                        "description": "AWS access key ID.",
-                        "pattern": "^AKIA[0-9A-Z]{16}$",
-                    },
-                    "secret_access_key": {
-                        "type": "string",
-                        "description": "AWS secret access key.",
-                        "pattern": "^[A-Za-z0-9/+=]{40}$",
-                    },
-                    "region": {
-                        "type": "string",
-                        "description": "AWS region identifier where Bedrock is available. Examples: us-east-1, "
-                        "us-west-2, eu-west-1, ap-northeast-1.",
-                        "pattern": "^[a-z]{2}-[a-z]+-\\d+$",
-                    },
-                },
-                "required": ["access_key_id", "secret_access_key", "region"],
-            },
-            {
-                "type": "object",
-                "title": "OpenAI Compatible Credentials",
-                "properties": {
-                    "api_key": {
-                        "type": "string",
-                        "description": "API key for OpenAI-compatible provider. The format varies by provider. "
-                        "Note: The 'base_url' field (separate from credentials) is required when using this provider type.",
-                    }
-                },
-                "required": ["api_key"],
-            },
-        ]
-    }
-)
-class LighthouseCredentialsField(serializers.JSONField):
-    pass
@@ -239,71 +239,6 @@ from rest_framework_json_api import serializers
                },
                "required": ["github_app_id", "github_app_key"],
            },
-            {
-                "type": "object",
-                "title": "IaC Repository Credentials",
-                "properties": {
-                    "repository_url": {
-                        "type": "string",
-                        "description": "Repository URL to scan for IaC files.",
-                    },
-                    "access_token": {
-                        "type": "string",
-                        "description": "Optional access token for private repositories.",
-                    },
-                },
-                "required": ["repository_url"],
-            },
-            {
-                "type": "object",
-                "title": "Oracle Cloud Infrastructure (OCI) API Key Credentials",
-                "properties": {
-                    "user": {
-                        "type": "string",
-                        "description": "The OCID of the user to authenticate with.",
-                    },
-                    "fingerprint": {
-                        "type": "string",
-                        "description": "The fingerprint of the API signing key.",
-                    },
-                    "key_file": {
-                        "type": "string",
-                        "description": "The path to the private key file for API signing. Either key_file or key_content must be provided.",
-                    },
-                    "key_content": {
-                        "type": "string",
-                        "description": "The content of the private key for API signing (base64 encoded). Either key_file or key_content must be provided.",
-                    },
-                    "tenancy": {
-                        "type": "string",
-                        "description": "The OCID of the tenancy.",
-                    },
-                    "region": {
-                        "type": "string",
-                        "description": "The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).",
-                    },
-                    "pass_phrase": {
-                        "type": "string",
-                        "description": "The passphrase for the private key, if encrypted.",
-                    },
-                },
-                "required": ["user", "fingerprint", "tenancy", "region"],
-            },
-            {
-                "type": "object",
-                "title": "MongoDB Atlas API Key",
-                "properties": {
-                    "atlas_public_key": {
-                        "type": "string",
-                        "description": "MongoDB Atlas API public key.",
-                    },
-                    "atlas_private_key": {
-                        "type": "string",
-                        "description": "MongoDB Atlas API private key.",
-                    },
-                },
-                "required": ["atlas_public_key", "atlas_private_key"],
-            },
        ]
    }
 )
@@ -6,10 +6,8 @@ from django.conf import settings
 from django.contrib.auth import authenticate
 from django.contrib.auth.models import update_last_login
 from django.contrib.auth.password_validation import validate_password
-from django.db import IntegrityError
 from drf_spectacular.utils import extend_schema_field
 from jwt.exceptions import InvalidKeyError
-from rest_framework.reverse import reverse
 from rest_framework.validators import UniqueTogetherValidator
 from rest_framework_json_api import serializers
 from rest_framework_json_api.relations import SerializerMethodResourceRelatedField
@@ -27,11 +25,7 @@ from api.models import (
    Invitation,
    InvitationRoleRelationship,
    LighthouseConfiguration,
-    LighthouseProviderConfiguration,
-    LighthouseProviderModels,
-    LighthouseTenantConfiguration,
    Membership,
-    MuteRule,
    Processor,
    Provider,
    ProviderGroup,
@@ -60,13 +54,6 @@ from api.v1.serializer_utils.integrations import (
    S3ConfigSerializer,
    SecurityHubConfigSerializer,
 )
-from api.v1.serializer_utils.lighthouse import (
-    BedrockCredentialsSerializer,
-    BedrockCredentialsUpdateSerializer,
-    LighthouseCredentialsField,
-    OpenAICompatibleCredentialsSerializer,
-    OpenAICredentialsSerializer,
-)
 from api.v1.serializer_utils.processors import ProcessorConfigField
 from api.v1.serializer_utils.providers import ProviderSecretField
 from prowler.lib.mutelist.mutelist import Mutelist
@@ -1362,16 +1349,10 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = GCPProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.GITHUB.value:
                serializer = GithubProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.IAC.value:
-                serializer = IacProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.M365.value:
                serializer = M365ProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.ORACLECLOUD.value:
-                serializer = OracleCloudProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.MONGODBATLAS.value:
-                serializer = MongoDBAtlasProviderSecret(data=secret)
            else:
                raise serializers.ValidationError(
                    {"provider": f"Provider type not supported {provider_type}"}
@@ -1468,14 +1449,6 @@ class GCPServiceAccountProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class MongoDBAtlasProviderSecret(serializers.Serializer):
-    atlas_public_key = serializers.CharField()
-    atlas_private_key = serializers.CharField()
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class KubernetesProviderSecret(serializers.Serializer):
    kubeconfig_content = serializers.CharField()

@@ -1493,27 +1466,6 @@ class GithubProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class IacProviderSecret(serializers.Serializer):
-    repository_url = serializers.CharField()
-    access_token = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
-class OracleCloudProviderSecret(serializers.Serializer):
-    user = serializers.CharField()
-    fingerprint = serializers.CharField()
-    key_file = serializers.CharField(required=False)
-    key_content = serializers.CharField(required=False)
-    tenancy = serializers.CharField()
-    region = serializers.CharField()
-    pass_phrase = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
    external_id = serializers.CharField()
@@ -2147,17 +2099,6 @@ class OverviewProviderSerializer(serializers.Serializer):
        }


-class OverviewProviderCountSerializer(serializers.Serializer):
-    id = serializers.CharField(source="provider")
-    count = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "providers-count-overview"
-
-    def get_root_meta(self, _resource, _many):
-        return {"version": "v1"}
-
-
 class OverviewFindingSerializer(serializers.Serializer):
    id = serializers.CharField(default="n/a")
    new = serializers.IntegerField()
@@ -2809,16 +2750,6 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
            "updated_at": {"read_only": True},
        }

-    def validate_temperature(self, value):
-        if not 0 <= value <= 1:
-            raise ValidationError("Temperature must be between 0 and 1.")
-        return value
-
-    def validate_max_tokens(self, value):
-        if not 500 <= value <= 5000:
-            raise ValidationError("Max tokens must be between 500 and 5000.")
-        return value
-
    def validate(self, attrs):
        tenant_id = self.context.get("request").tenant_id
        if LighthouseConfiguration.objects.filter(tenant_id=tenant_id).exists():
@@ -2827,11 +2758,6 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
                    "tenant_id": "Lighthouse configuration already exists for this tenant."
                }
            )
-        api_key = attrs.get("api_key")
-        if api_key is not None:
-            OpenAICredentialsSerializer(data={"api_key": api_key}).is_valid(
-                raise_exception=True
-            )
        return super().validate(attrs)

    def create(self, validated_data):
@@ -2876,24 +2802,6 @@ class LighthouseConfigUpdateSerializer(BaseWriteSerializer):
            "max_tokens": {"required": False},
        }

-    def validate_temperature(self, value):
-        if not 0 <= value <= 1:
-            raise ValidationError("Temperature must be between 0 and 1.")
-        return value
-
-    def validate_max_tokens(self, value):
-        if not 500 <= value <= 5000:
-            raise ValidationError("Max tokens must be between 500 and 5000.")
-        return value
-
-    def validate(self, attrs):
-        api_key = attrs.get("api_key", None)
-        if api_key is not None:
-            OpenAICredentialsSerializer(data={"api_key": api_key}).is_valid(
-                raise_exception=True
-            )
-        return super().validate(attrs)
-
    def update(self, instance, validated_data):
        api_key = validated_data.pop("api_key", None)
        instance = super().update(instance, validated_data)
@@ -3023,606 +2931,3 @@ class TenantApiKeyUpdateSerializer(RLSSerializer, BaseWriteSerializer):
        ):
            raise ValidationError("An API key with this name already exists.")
        return value
-
-
-# Lighthouse: Provider configurations
-
-
-class LighthouseProviderConfigSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseProviderConfiguration.
-    """
-
-    # Decrypted credentials are only returned in to_representation when requested
-    credentials = serializers.JSONField(required=False, read_only=True)
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "provider_type",
-            "base_url",
-            "is_active",
-            "credentials",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "is_active": {"read_only": True},
-            "url": {"read_only": True, "view_name": "lighthouse-providers-detail"},
-        }
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-providers"
-
-    def to_representation(self, instance):
-        data = super().to_representation(instance)
-        # Support JSON:API fields filter: fields[lighthouse-providers]=credentials,base_url
-        fields_param = self.context.get("request", None) and self.context[
-            "request"
-        ].query_params.get("fields[lighthouse-providers]", "")
-
-        creds = instance.credentials_decoded
-
-        requested_fields = (
-            [f.strip() for f in fields_param.split(",")] if fields_param else []
-        )
-
-        if "credentials" in requested_fields:
-            # Return full decrypted credentials JSON
-            data["credentials"] = creds
-        else:
-            # Return masked credentials by default
-            def mask_value(value):
-                if isinstance(value, str):
-                    return "*" * len(value)
-                if isinstance(value, dict):
-                    return {k: mask_value(v) for k, v in value.items()}
-                if isinstance(value, list):
-                    return [mask_value(v) for v in value]
-                return value
-
-            # Always return masked credentials, even if creds is None
-            if creds is not None:
-                data["credentials"] = mask_value(creds)
-            else:
-                # If credentials_decoded returns None, return None for credentials field
-                data["credentials"] = None
-
-        return data
-
-
-class LighthouseProviderConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Create serializer for LighthouseProviderConfiguration.
-    Accepts credentials as JSON; stored encrypted via credentials_decoded.
-    """
-
-    credentials = LighthouseCredentialsField(write_only=True, required=True)
-    base_url = serializers.URLField(
-        required=False,
-        allow_null=True,
-        help_text="Base URL for the LLM provider API. Required for 'openai_compatible' provider type.",
-    )
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "provider_type",
-            "base_url",
-            "credentials",
-            "is_active",
-        ]
-        extra_kwargs = {
-            "is_active": {"required": False},
-            "provider_type": {
-                "help_text": "LLM provider type. Determines which credential format to use. "
-                "See 'credentials' field documentation for provider-specific requirements."
-            },
-        }
-
-    def create(self, validated_data):
-        credentials = validated_data.pop("credentials")
-
-        instance = LighthouseProviderConfiguration(**validated_data)
-        instance.tenant_id = self.context.get("tenant_id")
-        instance.credentials_decoded = credentials
-
-        try:
-            instance.save()
-            return instance
-        except IntegrityError:
-            raise ValidationError(
-                {
-                    "provider_type": "Configuration for this provider already exists for the tenant."
-                }
-            )
-
-    def validate(self, attrs):
-        provider_type = attrs.get("provider_type")
-        credentials = attrs.get("credentials") or {}
-        base_url = attrs.get("base_url")
-
-        if provider_type == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI:
-            try:
-                OpenAICredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            provider_type == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            try:
-                BedrockCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            if not base_url:
-                raise ValidationError({"base_url": "Base URL is required."})
-            try:
-                OpenAICompatibleCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-
-        return super().validate(attrs)
-
-
-class LighthouseProviderConfigUpdateSerializer(BaseWriteSerializer):
-    """
-    Update serializer for LighthouseProviderConfiguration.
-    """
-
-    credentials = LighthouseCredentialsField(write_only=True, required=False)
-    base_url = serializers.URLField(
-        required=False,
-        allow_null=True,
-        help_text="Base URL for the LLM provider API. Required for 'openai_compatible' provider type.",
-    )
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "id",
-            "provider_type",
-            "base_url",
-            "credentials",
-            "is_active",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "provider_type": {"read_only": True},
-            "is_active": {"required": False},
-        }
-
-    def update(self, instance, validated_data):
-        credentials = validated_data.pop("credentials", None)
-
-        for attr, value in validated_data.items():
-            setattr(instance, attr, value)
-
-        if credentials is not None:
-            # Merge partial credentials with existing ones
-            # New values overwrite existing ones, but unspecified fields are preserved
-            existing_credentials = instance.credentials_decoded or {}
-            merged_credentials = {**existing_credentials, **credentials}
-            instance.credentials_decoded = merged_credentials
-
-        instance.save()
-        return instance
-
-    def validate(self, attrs):
-        provider_type = getattr(self.instance, "provider_type", None)
-        credentials = attrs.get("credentials", None)
-        base_url = attrs.get("base_url", None)
-
-        if (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            try:
-                OpenAICredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            try:
-                BedrockCredentialsUpdateSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            if base_url is None:
-                pass
-            elif not base_url:
-                raise ValidationError({"base_url": "Base URL cannot be empty."})
-            try:
-                OpenAICompatibleCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-
-        return super().validate(attrs)
-
-
-# Lighthouse: Tenant configuration
-
-
-class LighthouseTenantConfigSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseTenantConfiguration.
-    """
-
-    # Build singleton URL without pk
-    url = serializers.SerializerMethodField()
-
-    def get_url(self, obj):
-        request = self.context.get("request")
-        return reverse("lighthouse-configurations", request=request)
-
-    class Meta:
-        model = LighthouseTenantConfiguration
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "business_context",
-            "default_provider",
-            "default_models",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True},
-        }
-
-
-class LighthouseTenantConfigUpdateSerializer(BaseWriteSerializer):
-    class Meta:
-        model = LighthouseTenantConfiguration
-        fields = [
-            "id",
-            "business_context",
-            "default_provider",
-            "default_models",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        request = self.context.get("request")
-        tenant_id = self.context.get("tenant_id") or (
-            getattr(request, "tenant_id", None) if request else None
-        )
-
-        default_provider = attrs.get(
-            "default_provider", getattr(self.instance, "default_provider", "")
-        )
-        default_models = attrs.get(
-            "default_models", getattr(self.instance, "default_models", {})
-        )
-
-        if default_provider:
-            supported = set(LighthouseProviderConfiguration.LLMProviderChoices.values)
-            if default_provider not in supported:
-                raise ValidationError(
-                    {"default_provider": f"Unsupported provider '{default_provider}'."}
-                )
-            if not LighthouseProviderConfiguration.objects.filter(
-                tenant_id=tenant_id, provider_type=default_provider, is_active=True
-            ).exists():
-                raise ValidationError(
-                    {
-                        "default_provider": f"No active configuration found for '{default_provider}'."
-                    }
-                )
-
-        if default_models is not None and not isinstance(default_models, dict):
-            raise ValidationError(
-                {"default_models": "Must be an object mapping provider -> model_id."}
-            )
-
-        for provider_type, model_id in (default_models or {}).items():
-            provider_cfg = LighthouseProviderConfiguration.objects.filter(
-                tenant_id=tenant_id, provider_type=provider_type, is_active=True
-            ).first()
-            if not provider_cfg:
-                raise ValidationError(
-                    {
-                        "default_models": f"No active configuration for provider '{provider_type}'."
-                    }
-                )
-            if not LighthouseProviderModels.objects.filter(
-                tenant_id=tenant_id,
-                provider_configuration=provider_cfg,
-                model_id=model_id,
-            ).exists():
-                raise ValidationError(
-                    {
-                        "default_models": f"Invalid model '{model_id}' for provider '{provider_type}'."
-                    }
-                )
-
-        return super().validate(attrs)
-
-
-# Lighthouse: Provider models
-
-
-class LighthouseProviderModelsSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseProviderModels.
-    """
-
-    provider_configuration = serializers.ResourceRelatedField(read_only=True)
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "provider_configuration",
-            "model_id",
-            "model_name",
-            "default_parameters",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True, "view_name": "lighthouse-models-detail"},
-        }
-
-
-class LighthouseProviderModelsCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    provider_configuration = serializers.ResourceRelatedField(
-        queryset=LighthouseProviderConfiguration.objects.all()
-    )
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "provider_configuration",
-            "model_id",
-            "default_parameters",
-        ]
-        extra_kwargs = {
-            "default_parameters": {"required": False},
-        }
-
-
-class LighthouseProviderModelsUpdateSerializer(BaseWriteSerializer):
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "id",
-            "default_parameters",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-        }
-
-
-# Mute Rules
-
-
-class MuteRuleSerializer(RLSSerializer):
-    """
-    Serializer for reading MuteRule instances.
-    """
-
-    finding_uids = serializers.ListField(
-        child=serializers.CharField(),
-        read_only=True,
-        help_text="List of finding UIDs that are muted by this rule",
-    )
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "name",
-            "reason",
-            "enabled",
-            "created_by",
-            "finding_uids",
-        ]
-
-    included_serializers = {
-        "created_by": "api.v1.serializers.UserIncludeSerializer",
-    }
-
-
-class MuteRuleCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for creating new MuteRule instances.
-
-    Accepts finding_ids in the request, converts them to UIDs, and stores in finding_uids.
-    """
-
-    finding_ids = serializers.ListField(
-        child=serializers.UUIDField(),
-        write_only=True,
-        required=True,
-        help_text="List of Finding IDs to mute (will be converted to UIDs)",
-    )
-    finding_uids = serializers.ListField(
-        child=serializers.CharField(),
-        read_only=True,
-        help_text="List of finding UIDs that are muted by this rule",
-    )
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "name",
-            "reason",
-            "enabled",
-            "created_by",
-            "finding_ids",
-            "finding_uids",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "enabled": {"read_only": True},
-            "created_by": {"read_only": True},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant."""
-        tenant_id = self.context.get("tenant_id")
-        if MuteRule.objects.filter(tenant_id=tenant_id, name=value).exists():
-            raise ValidationError("A mute rule with this name already exists.")
-        return value
-
-    def validate_finding_ids(self, value):
-        """Validate that all finding IDs exist and belong to the tenant."""
-        if not value:
-            raise ValidationError("At least one finding_id must be provided.")
-
-        tenant_id = self.context.get("tenant_id")
-
-        # Check that all findings exist and belong to this tenant
-        findings = Finding.all_objects.filter(tenant_id=tenant_id, id__in=value)
-        found_ids = set(findings.values_list("id", flat=True))
-        provided_ids = set(value)
-
-        missing_ids = provided_ids - found_ids
-        if missing_ids:
-            raise ValidationError(
-                f"The following finding IDs do not exist or do not belong to your tenant: {missing_ids}"
-            )
-
-        return value
-
-    def validate(self, data):
-        """Validate the entire mute rule, including overlap detection."""
-        data = super().validate(data)
-
-        tenant_id = self.context.get("tenant_id")
-        finding_ids = data.get("finding_ids", [])
-
-        if not finding_ids:
-            return data
-
-        # Convert finding IDs to UIDs (deduplicate in case multiple findings have same UID)
-        findings = Finding.all_objects.filter(id__in=finding_ids, tenant_id=tenant_id)
-        finding_uids = list(set(findings.values_list("uid", flat=True)))
-
-        # Check for overlaps with existing enabled rules
-        existing_rules = MuteRule.objects.filter(tenant_id=tenant_id, enabled=True)
-
-        for rule in existing_rules:
-            overlap = set(finding_uids) & set(rule.finding_uids)
-            if overlap:
-                raise ConflictException(
-                    detail=f"The following finding UIDs are already muted by rule '{rule.name}': {overlap}"
-                )
-
-        # Store finding_uids in validated_data for create
-        data["finding_uids"] = finding_uids
-
-        return data
-
-    def create(self, validated_data):
-        """Create a new mute rule and set created_by."""
-        # Remove finding_ids from validated_data (we've already converted to finding_uids)
-        validated_data.pop("finding_ids", None)
-
-        # Set created_by to the current user
-        request = self.context.get("request")
-        if request and hasattr(request, "user"):
-            validated_data["created_by"] = request.user
-
-        return super().create(validated_data)
-
-
-class MuteRuleUpdateSerializer(BaseWriteSerializer):
-    """
-    Serializer for updating MuteRule instances.
-    """
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "name",
-            "reason",
-            "enabled",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "name": {"required": False},
-            "reason": {"required": False},
-            "enabled": {"required": False},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant, excluding current instance."""
-        tenant_id = self.context.get("tenant_id")
-        if (
-            MuteRule.objects.filter(tenant_id=tenant_id, name=value)
-            .exclude(id=self.instance.id)
-            .exists()
-        ):
-            raise ValidationError("A mute rule with this name already exists.")
-        return value
@@ -17,11 +17,7 @@ from api.v1.views import (
    InvitationAcceptViewSet,
    InvitationViewSet,
    LighthouseConfigViewSet,
-    LighthouseProviderConfigViewSet,
-    LighthouseProviderModelsViewSet,
-    LighthouseTenantConfigViewSet,
    MembershipViewSet,
-    MuteRuleViewSet,
    OverviewViewSet,
    ProcessorViewSet,
    ProviderGroupProvidersRelationshipView,
@@ -38,12 +34,12 @@ from api.v1.views import (
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
-    TenantApiKeyViewSet,
    TenantFinishACSView,
    TenantMembersViewSet,
    TenantViewSet,
    UserRoleRelationshipView,
    UserViewSet,
+    TenantApiKeyViewSet,
 )

 router = routers.DefaultRouter(trailing_slash=False)
@@ -71,17 +67,6 @@ router.register(
    basename="lighthouseconfiguration",
 )
 router.register(r"api-keys", TenantApiKeyViewSet, basename="api-key")
-router.register(
-    r"lighthouse/providers",
-    LighthouseProviderConfigViewSet,
-    basename="lighthouse-providers",
-)
-router.register(
-    r"lighthouse/models",
-    LighthouseProviderModelsViewSet,
-    basename="lighthouse-models",
-)
-router.register(r"mute-rules", MuteRuleViewSet, basename="mute-rule")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -152,13 +137,6 @@ urlpatterns = [
        ),
        name="provider_group-providers-relationship",
    ),
-    path(
-        "lighthouse/configuration",
-        LighthouseTenantConfigViewSet.as_view(
-            {"get": "list", "patch": "partial_update"}
-        ),
-        name="lighthouse-configurations",
-    ),
    # API endpoint to start SAML SSO flow
    path(
        "auth/saml/initiate/", SAMLInitiateAPIView.as_view(), name="api_saml_initiate"
@@ -1,6 +1,4 @@
-import fnmatch
 import glob
-import json
 import logging
 import os
 from datetime import datetime, timedelta, timezone
@@ -61,14 +59,11 @@ from tasks.tasks import (
    backfill_scan_resource_summaries_task,
    check_integration_connection_task,
    check_lighthouse_connection_task,
-    check_lighthouse_provider_connection_task,
    check_provider_connection_task,
    delete_provider_task,
    delete_tenant_task,
    jira_integration_task,
-    mute_historical_findings_task,
    perform_scan_task,
-    refresh_lighthouse_provider_models_task,
 )

 from api.base_views import BaseRLSViewSet, BaseTenantViewset, BaseUserViewset
@@ -88,10 +83,7 @@ from api.filters import (
    InvitationFilter,
    LatestFindingFilter,
    LatestResourceFilter,
-    LighthouseProviderConfigFilter,
-    LighthouseProviderModelsFilter,
    MembershipFilter,
-    MuteRuleFilter,
    ProcessorFilter,
    ProviderFilter,
    ProviderGroupFilter,
@@ -113,11 +105,7 @@ from api.models import (
    Integration,
    Invitation,
    LighthouseConfiguration,
-    LighthouseProviderConfiguration,
-    LighthouseProviderModels,
-    LighthouseTenantConfiguration,
    Membership,
-    MuteRule,
    Processor,
    Provider,
    ProviderGroup,
@@ -150,7 +138,7 @@ from api.utils import (
    validate_invitation,
 )
 from api.uuid_utils import datetime_to_uuid7, uuid7_start
-from api.v1.mixins import DisablePaginationMixin, PaginateByPkMixin, TaskManagementMixin
+from api.v1.mixins import PaginateByPkMixin, TaskManagementMixin
 from api.v1.serializers import (
    ComplianceOverviewAttributesSerializer,
    ComplianceOverviewDetailSerializer,
@@ -171,18 +159,8 @@ from api.v1.serializers import (
    LighthouseConfigCreateSerializer,
    LighthouseConfigSerializer,
    LighthouseConfigUpdateSerializer,
-    LighthouseProviderConfigCreateSerializer,
-    LighthouseProviderConfigSerializer,
-    LighthouseProviderConfigUpdateSerializer,
-    LighthouseProviderModelsSerializer,
-    LighthouseTenantConfigSerializer,
-    LighthouseTenantConfigUpdateSerializer,
    MembershipSerializer,
-    MuteRuleCreateSerializer,
-    MuteRuleSerializer,
-    MuteRuleUpdateSerializer,
    OverviewFindingSerializer,
-    OverviewProviderCountSerializer,
    OverviewProviderSerializer,
    OverviewServiceSerializer,
    OverviewSeveritySerializer,
@@ -328,7 +306,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.15.0"
+        spectacular_settings.VERSION = "1.14.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -420,12 +398,6 @@ class SchemaView(SpectacularAPIView):
                "description": "Endpoints for API keys management. These can be used as an alternative to JWT "
                "authorization.",
            },
-            {
-                "name": "Mute Rules",
-                "description": "Endpoints for simple mute rules management. These can be used as an alternative to the"
-                " Mutelist Processor if you need to mute specific findings across your tenant with a "
-                "specific reason.",
-            },
        ]
        return super().get(request, *args, **kwargs)

@@ -1444,7 +1416,7 @@ class ProviderGroupProvidersRelationshipView(RelationshipView, BaseRLSViewSet):
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
-class ProviderViewSet(DisablePaginationMixin, BaseRLSViewSet):
+class ProviderViewSet(BaseRLSViewSet):
    queryset = Provider.objects.all()
    serializer_class = ProviderSerializer
    http_method_names = ["get", "post", "patch", "delete"]
@@ -1621,25 +1593,6 @@ class ProviderViewSet(DisablePaginationMixin, BaseRLSViewSet):
        },
        request=None,
    ),
-    threatscore=extend_schema(
-        tags=["Scan"],
-        summary="Retrieve threatscore report",
-        description="Download a specific threatscore report (e.g., 'prowler_threatscore_aws') as a PDF file.",
-        request=None,
-        responses={
-            200: OpenApiResponse(
-                description="PDF file containing the threatscore report"
-            ),
-            202: OpenApiResponse(description="The task is in progress"),
-            401: OpenApiResponse(
-                description="API key missing or user not Authenticated"
-            ),
-            403: OpenApiResponse(description="There is a problem with credentials"),
-            404: OpenApiResponse(
-                description="The scan has no threatscore reports, or the threatscore report generation task has not started yet"
-            ),
-        },
-    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
@@ -1696,9 +1649,6 @@ class ScanViewSet(BaseRLSViewSet):
            if hasattr(self, "response_serializer_class"):
                return self.response_serializer_class
            return ScanComplianceReportSerializer
-        elif self.action == "threatscore":
-            if hasattr(self, "response_serializer_class"):
-                return self.response_serializer_class
        return super().get_serializer_class()

    def partial_update(self, request, *args, **kwargs):
@@ -1803,18 +1753,7 @@ class ScanViewSet(BaseRLSViewSet):
                        status=status.HTTP_502_BAD_GATEWAY,
                    )
                contents = resp.get("Contents", [])
-                keys = []
-                for obj in contents:
-                    key = obj["Key"]
-                    key_basename = os.path.basename(key)
-                    if any(ch in suffix for ch in ("*", "?", "[")):
-                        if fnmatch.fnmatch(key_basename, suffix):
-                            keys.append(key)
-                    elif key_basename == suffix:
-                        keys.append(key)
-                    elif key.endswith(suffix):
-                        # Backward compatibility if suffix already includes directories
-                        keys.append(key)
+                keys = [obj["Key"] for obj in contents if obj["Key"].endswith(suffix)]
                if not keys:
                    return Response(
                        {
@@ -1941,45 +1880,6 @@ class ScanViewSet(BaseRLSViewSet):
        content, filename = loader
        return self._serve_file(content, filename, "text/csv")

-    @action(
-        detail=True,
-        methods=["get"],
-        url_name="threatscore",
-    )
-    def threatscore(self, request, pk=None):
-        scan = self.get_object()
-        running_resp = self._get_task_status(scan)
-        if running_resp:
-            return running_resp
-
-        if not scan.output_location:
-            return Response(
-                {
-                    "detail": "The scan has no reports, or the threatscore report generation task has not started yet."
-                },
-                status=status.HTTP_404_NOT_FOUND,
-            )
-
-        if scan.output_location.startswith("s3://"):
-            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
-            prefix = os.path.join(
-                os.path.dirname(key_prefix),
-                "threatscore",
-                "*_threatscore_report.pdf",
-            )
-            loader = self._load_file(prefix, s3=True, bucket=bucket, list_objects=True)
-        else:
-            base = os.path.dirname(scan.output_location)
-            pattern = os.path.join(base, "threatscore", "*_threatscore_report.pdf")
-            loader = self._load_file(pattern, s3=False)
-
-        if isinstance(loader, Response):
-            return loader
-
-        content, filename = loader
-        return self._serve_file(content, filename, "application/pdf")
-
    def create(self, request, *args, **kwargs):
        input_serializer = self.get_serializer(data=request.data)
        input_serializer.is_valid(raise_exception=True)
@@ -3704,13 +3604,6 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
            "each provider are considered in the aggregation to ensure accurate and up-to-date insights."
        ),
    ),
-    providers_count=extend_schema(
-        summary="Get provider counts grouped by type",
-        description=(
-            "Retrieve the number of providers grouped by provider type. "
-            "This endpoint counts every provider in the tenant, including those without completed scans."
-        ),
-    ),
    findings=extend_schema(
        summary="Get aggregated findings data",
        description=(
@@ -3762,8 +3655,6 @@ class OverviewViewSet(BaseRLSViewSet):
    def get_serializer_class(self):
        if self.action == "providers":
            return OverviewProviderSerializer
-        elif self.action == "providers_count":
-            return OverviewProviderCountSerializer
        elif self.action == "findings":
            return OverviewFindingSerializer
        elif self.action == "findings_severity":
@@ -3812,7 +3703,10 @@ class OverviewViewSet(BaseRLSViewSet):

        findings_aggregated = (
            queryset.filter(scan_id__in=latest_scan_ids)
-            .values(provider=F("scan__provider__provider"))
+            .values(
+                "scan__provider_id",
+                provider=F("scan__provider__provider"),
+            )
            .annotate(
                findings_passed=Coalesce(Sum("_pass"), 0),
                findings_failed=Coalesce(Sum("fail"), 0),
@@ -3821,16 +3715,13 @@ class OverviewViewSet(BaseRLSViewSet):
            )
        )

-        resources_queryset = Resource.all_objects.filter(tenant_id=tenant_id)
-        if hasattr(self, "allowed_providers"):
-            resources_queryset = resources_queryset.filter(
-                provider__in=self.allowed_providers
-            )
-        resources_aggregated = resources_queryset.values(
-            provider_type=F("provider__provider")
-        ).annotate(total_resources=Count("id"))
+        resources_aggregated = (
+            Resource.all_objects.filter(tenant_id=tenant_id)
+            .values("provider_id")
+            .annotate(total_resources=Count("id"))
+        )
        resource_map = {
-            row["provider_type"]: row["total_resources"] for row in resources_aggregated
+            row["provider_id"]: row["total_resources"] for row in resources_aggregated
        }

        overview = []
@@ -3838,7 +3729,7 @@ class OverviewViewSet(BaseRLSViewSet):
            overview.append(
                {
                    "provider": row["provider"],
-                    "total_resources": resource_map.get(row["provider"], 0),
+                    "total_resources": resource_map.get(row["scan__provider_id"], 0),
                    "total_findings": row["total_findings"],
                    "findings_passed": row["findings_passed"],
                    "findings_failed": row["findings_failed"],
@@ -3851,36 +3742,6 @@ class OverviewViewSet(BaseRLSViewSet):
            status=status.HTTP_200_OK,
        )

-    @action(
-        detail=False,
-        methods=["get"],
-        url_path="providers/count",
-        url_name="providers-count",
-    )
-    def providers_count(self, request):
-        tenant_id = self.request.tenant_id
-        providers_qs = Provider.objects.filter(tenant_id=tenant_id)
-
-        if hasattr(self, "allowed_providers"):
-            allowed_ids = list(self.allowed_providers.values_list("id", flat=True))
-            if not allowed_ids:
-                overview = []
-                return Response(
-                    self.get_serializer(overview, many=True).data,
-                    status=status.HTTP_200_OK,
-                )
-            providers_qs = providers_qs.filter(id__in=allowed_ids)
-
-        overview = (
-            providers_qs.values("provider")
-            .annotate(count=Count("id"))
-            .order_by("provider")
-        )
-        return Response(
-            self.get_serializer(overview, many=True).data,
-            status=status.HTTP_200_OK,
-        )
-
    @action(detail=False, methods=["get"], url_name="findings")
    def findings(self, request):
        tenant_id = self.request.tenant_id
@@ -4243,25 +4104,21 @@ class IntegrationJiraViewSet(BaseRLSViewSet):
        tags=["Lighthouse AI"],
        summary="List all Lighthouse AI configurations",
        description="Retrieve a list of all Lighthouse AI configurations.",
-        deprecated=True,
    ),
    create=extend_schema(
        tags=["Lighthouse AI"],
        summary="Create a new Lighthouse AI configuration",
        description="Create a new Lighthouse AI configuration with the specified details.",
-        deprecated=True,
    ),
    partial_update=extend_schema(
        tags=["Lighthouse AI"],
        summary="Partially update a Lighthouse AI configuration",
        description="Update certain fields of an existing Lighthouse AI configuration.",
-        deprecated=True,
    ),
    destroy=extend_schema(
        tags=["Lighthouse AI"],
        summary="Delete a Lighthouse AI configuration",
        description="Remove a Lighthouse AI configuration by its ID.",
-        deprecated=True,
    ),
    connection=extend_schema(
        tags=["Lighthouse AI"],
@@ -4269,7 +4126,6 @@ class IntegrationJiraViewSet(BaseRLSViewSet):
        description="Verify the connection to the OpenAI API for a specific Lighthouse AI configuration.",
        request=None,
        responses={202: OpenApiResponse(response=TaskSerializer)},
-        deprecated=True,
    ),
 )
 class LighthouseConfigViewSet(BaseRLSViewSet):
@@ -4320,255 +4176,6 @@ class LighthouseConfigViewSet(BaseRLSViewSet):
        )


-@extend_schema_view(
-    list=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="List all LLM provider configurations",
-        description="Retrieve all LLM provider configurations for the current tenant",
-    ),
-    retrieve=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Retrieve LLM provider configuration",
-        description="Get details for a specific provider configuration in the current tenant.",
-    ),
-    create=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Create LLM provider configuration",
-        description="Create a per-tenant configuration for an LLM provider. Only one configuration per provider type "
-        "is allowed per tenant.",
-    ),
-    partial_update=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Update LLM provider configuration",
-        description="Partially update a provider configuration (e.g., base_url, is_active).",
-    ),
-    destroy=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Delete LLM provider configuration",
-        description="Delete a provider configuration. Any tenant defaults that reference this provider are cleared "
-        "during deletion.",
-    ),
-)
-class LighthouseProviderConfigViewSet(BaseRLSViewSet):
-    queryset = LighthouseProviderConfiguration.objects.all()
-    serializer_class = LighthouseProviderConfigSerializer
-    http_method_names = ["get", "post", "patch", "delete"]
-    filterset_class = LighthouseProviderConfigFilter
-
-    def get_queryset(self):
-        if getattr(self, "swagger_fake_view", False):
-            return LighthouseProviderConfiguration.objects.none()
-        return LighthouseProviderConfiguration.objects.filter(
-            tenant_id=self.request.tenant_id
-        )
-
-    def get_serializer_class(self):
-        if self.action == "create":
-            return LighthouseProviderConfigCreateSerializer
-        elif self.action == "partial_update":
-            return LighthouseProviderConfigUpdateSerializer
-        elif self.action in ["connection", "refresh_models"]:
-            return TaskSerializer
-        return super().get_serializer_class()
-
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        instance = serializer.save()
-
-        read_serializer = LighthouseProviderConfigSerializer(
-            instance, context=self.get_serializer_context()
-        )
-        headers = self.get_success_headers(read_serializer.data)
-        return Response(
-            data=read_serializer.data,
-            status=status.HTTP_201_CREATED,
-            headers=headers,
-        )
-
-    def partial_update(self, request, *args, **kwargs):
-        instance = self.get_object()
-        serializer = self.get_serializer(
-            instance,
-            data=request.data,
-            partial=True,
-            context=self.get_serializer_context(),
-        )
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
-        read_serializer = LighthouseProviderConfigSerializer(
-            instance, context=self.get_serializer_context()
-        )
-        return Response(data=read_serializer.data, status=status.HTTP_200_OK)
-
-    @extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Check LLM provider connection",
-        description="Validate provider credentials asynchronously and toggle is_active.",
-        request=None,
-        responses={202: OpenApiResponse(response=TaskSerializer)},
-    )
-    @action(detail=True, methods=["post"], url_name="connection")
-    def connection(self, request, pk=None):
-        instance = self.get_object()
-
-        with transaction.atomic():
-            task = check_lighthouse_provider_connection_task.delay(
-                provider_config_id=str(instance.id), tenant_id=self.request.tenant_id
-            )
-
-        prowler_task = Task.objects.get(id=task.id)
-        serializer = TaskSerializer(prowler_task)
-        return Response(
-            data=serializer.data,
-            status=status.HTTP_202_ACCEPTED,
-            headers={
-                "Content-Location": reverse(
-                    "task-detail", kwargs={"pk": prowler_task.id}
-                )
-            },
-        )
-
-    @extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Refresh LLM models catalog",
-        description="Fetch available models for this provider configuration and upsert into catalog. Supports OpenAI, OpenAI-compatible, and AWS Bedrock providers.",
-        request=None,
-        responses={202: OpenApiResponse(response=TaskSerializer)},
-    )
-    @action(
-        detail=True,
-        methods=["post"],
-        url_path="refresh-models",
-        url_name="refresh-models",
-    )
-    def refresh_models(self, request, pk=None):
-        instance = self.get_object()
-
-        with transaction.atomic():
-            task = refresh_lighthouse_provider_models_task.delay(
-                provider_config_id=str(instance.id), tenant_id=self.request.tenant_id
-            )
-
-        prowler_task = Task.objects.get(id=task.id)
-        serializer = TaskSerializer(prowler_task)
-        return Response(
-            data=serializer.data,
-            status=status.HTTP_202_ACCEPTED,
-            headers={
-                "Content-Location": reverse(
-                    "task-detail", kwargs={"pk": prowler_task.id}
-                )
-            },
-        )
-
-
-@extend_schema_view(
-    list=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Get Lighthouse AI Tenant config",
-        description="Retrieve current tenant-level Lighthouse AI settings. Returns a single configuration object.",
-    ),
-    partial_update=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Update Lighthouse AI Tenant config",
-        description="Update tenant-level settings. Validates that the default provider is configured and active and that default model IDs exist for the chosen providers. Auto-creates configuration if it doesn't exist.",
-    ),
-)
-class LighthouseTenantConfigViewSet(BaseRLSViewSet):
-    """
-    Singleton endpoint for tenant-level Lighthouse AI configuration.
-
-    This viewset implements a true singleton pattern:
-    - GET returns the single configuration object (or 404 if not found)
-    - PATCH updates/creates the configuration (upsert semantics)
-    - No ID is required in the URL
-    """
-
-    queryset = LighthouseTenantConfiguration.objects.all()
-    serializer_class = LighthouseTenantConfigSerializer
-    http_method_names = ["get", "patch"]
-
-    def get_queryset(self):
-        if getattr(self, "swagger_fake_view", False):
-            return LighthouseTenantConfiguration.objects.none()
-        return LighthouseTenantConfiguration.objects.filter(
-            tenant_id=self.request.tenant_id
-        )
-
-    def get_serializer_class(self):
-        if self.action == "partial_update":
-            return LighthouseTenantConfigUpdateSerializer
-        return super().get_serializer_class()
-
-    def get_object(self):
-        """Retrieve the singleton instance for the current tenant."""
-        obj = LighthouseTenantConfiguration.objects.filter(
-            tenant_id=self.request.tenant_id
-        ).first()
-        if obj is None:
-            raise NotFound("Tenant Lighthouse configuration not found")
-        self.check_object_permissions(self.request, obj)
-        return obj
-
-    def list(self, request, *args, **kwargs):
-        """GET endpoint for singleton - returns single object, not an array."""
-        instance = self.get_object()
-        serializer = self.get_serializer(instance)
-        return Response(serializer.data)
-
-    def partial_update(self, request, *args, **kwargs):
-        """PATCH endpoint for singleton - no pk required. Auto-creates if not exists."""
-        # Auto-create tenant config if it doesn't exist (upsert semantics)
-        instance, created = LighthouseTenantConfiguration.objects.get_or_create(
-            tenant_id=self.request.tenant_id,
-            defaults={},
-        )
-
-        # Extract attributes from JSON:API payload
-        try:
-            payload = json.loads(request.body)
-            attributes = payload.get("data", {}).get("attributes", {})
-        except (json.JSONDecodeError, AttributeError):
-            raise ValidationError("Invalid JSON:API payload")
-
-        serializer = self.get_serializer(instance, data=attributes, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
-        read_serializer = LighthouseTenantConfigSerializer(
-            instance, context=self.get_serializer_context()
-        )
-        return Response(read_serializer.data, status=status.HTTP_200_OK)
-
-
-@extend_schema_view(
-    list=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="List all LLM models",
-        description="List available LLM models per configured provider for the current tenant.",
-    ),
-    retrieve=extend_schema(
-        tags=["Lighthouse AI"],
-        summary="Retrieve LLM model details",
-        description="Get details for a specific LLM model.",
-    ),
-)
-class LighthouseProviderModelsViewSet(BaseRLSViewSet):
-    queryset = LighthouseProviderModels.objects.all()
-    serializer_class = LighthouseProviderModelsSerializer
-    filterset_class = LighthouseProviderModelsFilter
-    # Expose as read-only catalog collection
-    http_method_names = ["get"]
-
-    def get_queryset(self):
-        if getattr(self, "swagger_fake_view", False):
-            return LighthouseProviderModels.objects.none()
-        return LighthouseProviderModels.objects.filter(tenant_id=self.request.tenant_id)
-
-    def get_serializer_class(self):
-        return super().get_serializer_class()
-
-
@extend_schema_view(
    list=extend_schema(
        tags=["Processor"],
@@ -4699,95 +4306,3 @@ class TenantApiKeyViewSet(BaseRLSViewSet):

        serializer = self.get_serializer(instance)
        return Response(data=serializer.data, status=status.HTTP_200_OK)
-
-
-# MuteRules
-@extend_schema_view(
-    list=extend_schema(
-        tags=["Mute Rules"],
-        summary="List all mute rules",
-        description="Retrieve a list of all mute rules with filtering options.",
-    ),
-    retrieve=extend_schema(
-        tags=["Mute Rules"],
-        summary="Retrieve a mute rule",
-        description="Fetch detailed information about a specific mute rule by ID.",
-    ),
-    create=extend_schema(
-        tags=["Mute Rules"],
-        summary="Create a new mute rule",
-        description="Create a new mute rule by providing finding IDs, name, and reason. "
-        "The rule will immediately mute the selected findings and launch a background task "
-        "to mute all historical findings with matching UIDs.",
-        request=MuteRuleCreateSerializer,
-    ),
-    partial_update=extend_schema(
-        tags=["Mute Rules"],
-        summary="Partially update a mute rule",
-        description="Update certain fields of an existing mute rule (e.g., name, reason, enabled).",
-        request=MuteRuleUpdateSerializer,
-        responses={200: MuteRuleSerializer},
-    ),
-    destroy=extend_schema(
-        tags=["Mute Rules"],
-        summary="Delete a mute rule",
-        description="Remove a mute rule from the system. Note: Previously muted findings remain muted.",
-    ),
-)
-class MuteRuleViewSet(BaseRLSViewSet):
-    queryset = MuteRule.objects.all()
-    serializer_class = MuteRuleSerializer
-    filterset_class = MuteRuleFilter
-    http_method_names = ["get", "post", "patch", "delete"]
-    search_fields = ["name", "reason"]
-    ordering = ["-inserted_at"]
-    ordering_fields = [
-        "name",
-        "enabled",
-        "inserted_at",
-        "updated_at",
-    ]
-    required_permissions = [Permissions.MANAGE_SCANS]
-
-    def get_queryset(self):
-        queryset = MuteRule.objects.filter(tenant_id=self.request.tenant_id)
-        return queryset.select_related("created_by")
-
-    def get_serializer_class(self):
-        if self.action == "create":
-            return MuteRuleCreateSerializer
-        elif self.action == "partial_update":
-            return MuteRuleUpdateSerializer
-        return super().get_serializer_class()
-
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-
-        # Create the mute rule
-        mute_rule = serializer.save()
-
-        tenant_id = str(request.tenant_id)
-        finding_ids = request.data.get("finding_ids", [])
-
-        # Immediately mute the selected findings
-        Finding.all_objects.filter(
-            id__in=finding_ids, tenant_id=tenant_id, muted=False
-        ).update(
-            muted=True,
-            muted_at=mute_rule.inserted_at,
-            muted_reason=mute_rule.reason,
-        )
-
-        # Launch background task for historical muting
-        with transaction.atomic():
-            mute_historical_findings_task.apply_async(
-                kwargs={"tenant_id": tenant_id, "mute_rule_id": str(mute_rule.id)}
-            )
-
-        # Return the created mute rule
-        serializer = self.get_serializer(mute_rule)
-        return Response(
-            data=serializer.data,
-            status=status.HTTP_201_CREATED,
-        )
@@ -1,5 +1,7 @@
+from django.contrib import admin
 from django.urls import include, path

 urlpatterns = [
+    path("admin/", admin.site.urls),
    path("api/v1/", include("api.v1.urls")),
 ]
@@ -23,7 +23,6 @@ from api.models import (
    Invitation,
    LighthouseConfiguration,
    Membership,
-    MuteRule,
    Processor,
    Provider,
    ProviderGroup,
@@ -500,29 +499,8 @@ def providers_fixture(tenants_fixture):
        alias="m365_testing",
        tenant_id=tenant.id,
    )
-    provider7 = Provider.objects.create(
-        provider="oraclecloud",
-        uid="ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
-        alias="oci_testing",
-        tenant_id=tenant.id,
-    )
-    provider8 = Provider.objects.create(
-        provider="mongodbatlas",
-        uid="64b1d3c0e4b03b1234567890",
-        alias="mongodbatlas_testing",
-        tenant_id=tenant.id,
-    )

-    return (
-        provider1,
-        provider2,
-        provider3,
-        provider4,
-        provider5,
-        provider6,
-        provider7,
-        provider8,
-    )
+    return provider1, provider2, provider3, provider4, provider5, provider6


@pytest.fixture
@@ -1441,34 +1419,6 @@ def api_keys_fixture(tenants_fixture, create_test_user):
    return [api_key1, api_key2, api_key3]


-@pytest.fixture
-def mute_rules_fixture(tenants_fixture, create_test_user, findings_fixture):
-    """Create test mute rules for testing."""
-    tenant = tenants_fixture[0]
-    user = create_test_user
-
-    # Create two mute rules: one enabled, one disabled
-    mute_rule1 = MuteRule.objects.create(
-        tenant_id=tenant.id,
-        name="Test Rule 1",
-        reason="Security exception for testing",
-        enabled=True,
-        created_by=user,
-        finding_uids=[findings_fixture[0].uid],
-    )
-
-    mute_rule2 = MuteRule.objects.create(
-        tenant_id=tenant.id,
-        name="Test Rule 2",
-        reason="Compliance exception approved",
-        enabled=False,
-        created_by=user,
-        finding_uids=[findings_fixture[1].uid],
-    )
-
-    return mute_rule1, mute_rule2
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

@@ -20,19 +20,16 @@ from prowler.lib.outputs.asff.asff import ASFF
 from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
    AWSWellArchitected,
 )
-from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
-from prowler.lib.outputs.compliance.c5.c5_azure import AzureC5
-from prowler.lib.outputs.compliance.c5.c5_gcp import GCPC5
 from prowler.lib.outputs.compliance.ccc.ccc_aws import CCC_AWS
 from prowler.lib.outputs.compliance.ccc.ccc_azure import CCC_Azure
 from prowler.lib.outputs.compliance.ccc.ccc_gcp import CCC_GCP
+from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
 from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
 from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
-from prowler.lib.outputs.compliance.cis.cis_oraclecloud import OracleCloudCIS
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
 from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
 from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
@@ -90,7 +87,6 @@ COMPLIANCE_CLASS_MAP = {
        (lambda name: name.startswith("iso27001_"), AzureISO27001),
        (lambda name: name == "ccc_azure", CCC_Azure),
        (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
-        (lambda name: name == "c5_azure", AzureC5),
    ],
    "gcp": [
        (lambda name: name.startswith("cis_"), GCPCIS),
@@ -99,7 +95,6 @@ COMPLIANCE_CLASS_MAP = {
        (lambda name: name.startswith("iso27001_"), GCPISO27001),
        (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
        (lambda name: name == "ccc_gcp", CCC_GCP),
-        (lambda name: name == "c5_gcp", GCPC5),
    ],
    "kubernetes": [
        (lambda name: name.startswith("cis_"), KubernetesCIS),
@@ -113,13 +108,6 @@ COMPLIANCE_CLASS_MAP = {
    "github": [
        (lambda name: name.startswith("cis_"), GithubCIS),
    ],
-    "iac": [
-        # IaC provider doesn't have specific compliance frameworks yet
-        # Trivy handles its own compliance checks
-    ],
-    "oraclecloud": [
-        (lambda name: name.startswith("cis_"), OracleCloudCIS),
-    ],
 }


@@ -195,21 +183,18 @@ def get_s3_client():
    return s3_client


-def _upload_to_s3(
-    tenant_id: str, scan_id: str, local_path: str, relative_key: str
-) -> str | None:
+def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
    """
-    Upload a local artifact to an S3 bucket under the tenant/scan prefix.
-
+    Upload the specified ZIP file to an S3 bucket.
+    If the S3 bucket environment variables are not configured,
+    the function returns None without performing an upload.
    Args:
-        tenant_id (str): The tenant identifier used as the first segment of the S3 key.
-        scan_id (str): The scan identifier used as the second segment of the S3 key.
-        local_path (str): Filesystem path to the artifact to upload.
-        relative_key (str): Object key relative to `<tenant_id>/<scan_id>/`.
-
+        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
+        zip_path (str): The local file system path to the ZIP file to be uploaded.
+        scan_id (str): The scan identifier, used as part of the S3 key prefix.
    Returns:
-        str | None: S3 URI of the uploaded artifact, or None if the upload is skipped.
-
+        str: The S3 URI of the uploaded file (e.g., "s3://<bucket>/<key>") if successful.
+        None: If the required environment variables for the S3 bucket are not set.
    Raises:
        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
    """
@@ -217,26 +202,34 @@ def _upload_to_s3(
    if not bucket:
        return

-    if not relative_key:
-        return
-
-    if not os.path.isfile(local_path):
-        return
-
    try:
        s3 = get_s3_client()

-        s3_key = f"{tenant_id}/{scan_id}/{relative_key}"
-        s3.upload_file(Filename=local_path, Bucket=bucket, Key=s3_key)
+        # Upload the ZIP file (outputs) to the S3 bucket
+        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
+        s3.upload_file(
+            Filename=zip_path,
+            Bucket=bucket,
+            Key=zip_key,
+        )

-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{s3_key}"
+        # Upload the compliance directory to the S3 bucket
+        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
+        for filename in os.listdir(compliance_dir):
+            local_path = os.path.join(compliance_dir, filename)
+            if not os.path.isfile(local_path):
+                continue
+            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
+            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
+
+        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
    except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
        logger.error(f"S3 upload failed: {str(e)}")


 def _generate_output_directory(
    output_directory, prowler_provider: object, tenant_id: str, scan_id: str
-) -> tuple[str, str, str]:
+) -> tuple[str, str]:
    """
    Generate a file system path for the output directory of a prowler scan.

@@ -263,7 +256,6 @@ def _generate_output_directory(
        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
-        '/tmp/tenant-1234/aws/scan-5678/threatscore/prowler-output-2023-02-15T12:34:56'
    """
    # Sanitize the prowler provider name to ensure it is a valid directory name
    prowler_provider_sanitized = re.sub(r"[^\w\-]", "-", prowler_provider)
@@ -284,10 +276,4 @@ def _generate_output_directory(
    )
    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)

-    threatscore_path = (
-        f"{output_directory}/{tenant_id}/{scan_id}/threatscore/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
-    )
-    os.makedirs("/".join(threatscore_path.split("/")[:-1]), exist_ok=True)
-
-    return path, compliance_path, threatscore_path
+    return path, compliance_path
@@ -5,7 +5,7 @@ from celery.utils.log import get_task_logger
 from config.django.base import DJANGO_FINDINGS_BATCH_SIZE
 from tasks.utils import batched

-from api.db_router import READ_REPLICA_ALIAS, MainRouter
+from api.db_router import READ_REPLICA_ALIAS
 from api.db_utils import rls_transaction
 from api.models import Finding, Integration, Provider
 from api.utils import initialize_prowler_integration, initialize_prowler_provider
@@ -179,7 +179,7 @@ def get_security_hub_client_from_integration(
        if the connection was successful and the SecurityHub client or connection object.
    """
    # Get the provider associated with this integration
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
+    with rls_transaction(tenant_id):
        provider_relationship = integration.integrationproviderrelationship_set.first()
        if not provider_relationship:
            return Connection(
@@ -208,7 +208,7 @@ def get_security_hub_client_from_integration(
            regions_status[region] = region in connection.enabled_regions

        # Save regions information in the integration configuration
-        with rls_transaction(tenant_id, using=MainRouter.default_db):
+        with rls_transaction(tenant_id):
            integration.configuration["regions"] = regions_status
            integration.save()

@@ -223,7 +223,7 @@ def get_security_hub_client_from_integration(
        return True, security_hub
    else:
        # Reset regions information if connection fails
-        with rls_transaction(tenant_id, using=MainRouter.default_db):
+        with rls_transaction(tenant_id):
            integration.configuration["regions"] = {}
            integration.save()

@@ -334,11 +334,8 @@ def upload_security_hub_integration(
                                        f"Security Hub connection failed for integration {integration.id}: "
                                        f"{security_hub.error}"
                                    )
-                                    with rls_transaction(
-                                        tenant_id, using=MainRouter.default_db
-                                    ):
-                                        integration.connected = False
-                                        integration.save()
+                                    integration.connected = False
+                                    integration.save()
                                    break  # Skip this integration

                                security_hub_client = security_hub
@@ -1,452 +0,0 @@
-from typing import Dict
-
-import boto3
-import openai
-from botocore.exceptions import BotoCoreError, ClientError
-from celery.utils.log import get_task_logger
-
-from api.models import LighthouseProviderConfiguration, LighthouseProviderModels
-
-logger = get_task_logger(__name__)
-
-
-def _extract_openai_api_key(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> str | None:
-    """
-    Safely extract the OpenAI API key from a provider configuration.
-
-    Args:
-        provider_cfg (LighthouseProviderConfiguration): The provider configuration instance
-            containing the credentials.
-
-    Returns:
-        str | None: The API key string if present and valid, otherwise None.
-    """
-    creds = provider_cfg.credentials_decoded
-    if not isinstance(creds, dict):
-        return None
-    api_key = creds.get("api_key")
-    if not isinstance(api_key, str) or not api_key:
-        return None
-    return api_key
-
-
-def _extract_openai_compatible_params(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> Dict[str, str] | None:
-    """
-    Extract base_url and api_key for OpenAI-compatible providers.
-    """
-    creds = provider_cfg.credentials_decoded
-    base_url = provider_cfg.base_url
-    if not isinstance(creds, dict):
-        return None
-    api_key = creds.get("api_key")
-    if not isinstance(api_key, str) or not api_key:
-        return None
-    if not isinstance(base_url, str) or not base_url:
-        return None
-    return {"base_url": base_url, "api_key": api_key}
-
-
-def _extract_bedrock_credentials(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> Dict[str, str] | None:
-    """
-    Safely extract AWS Bedrock credentials from a provider configuration.
-
-    Args:
-        provider_cfg (LighthouseProviderConfiguration): The provider configuration instance
-            containing the credentials.
-
-    Returns:
-        Dict[str, str] | None: Dictionary with 'access_key_id', 'secret_access_key', and
-            'region' if present and valid, otherwise None.
-    """
-    creds = provider_cfg.credentials_decoded
-    if not isinstance(creds, dict):
-        return None
-
-    access_key_id = creds.get("access_key_id")
-    secret_access_key = creds.get("secret_access_key")
-    region = creds.get("region")
-
-    # Validate all required fields are present and are strings
-    if (
-        not isinstance(access_key_id, str)
-        or not access_key_id
-        or not isinstance(secret_access_key, str)
-        or not secret_access_key
-        or not isinstance(region, str)
-        or not region
-    ):
-        return None
-
-    return {
-        "access_key_id": access_key_id,
-        "secret_access_key": secret_access_key,
-        "region": region,
-    }
-
-
-def check_lighthouse_provider_connection(provider_config_id: str) -> Dict:
-    """
-    Validate a Lighthouse provider configuration by calling the provider API and
-    toggle its active state accordingly.
-
-    Args:
-        provider_config_id: The primary key of the `LighthouseProviderConfiguration`
-            to validate.
-
-    Returns:
-        dict: A result dictionary with the following keys:
-            - "connected" (bool): Whether the provider credentials are valid.
-            - "error" (str | None): The error message when not connected, otherwise None.
-
-    Side Effects:
-        - Updates and persists `is_active` on the `LighthouseProviderConfiguration`.
-
-    Raises:
-        LighthouseProviderConfiguration.DoesNotExist: If no configuration exists with the given ID.
-    """
-    provider_cfg = LighthouseProviderConfiguration.objects.get(pk=provider_config_id)
-
-    try:
-        if (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            api_key = _extract_openai_api_key(provider_cfg)
-            if not api_key:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {"connected": False, "error": "API key is invalid or missing"}
-
-            # Test connection by listing models
-            client = openai.OpenAI(api_key=api_key)
-            _ = client.models.list()
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            bedrock_creds = _extract_bedrock_credentials(provider_cfg)
-            if not bedrock_creds:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {
-                    "connected": False,
-                    "error": "AWS credentials are invalid or missing",
-                }
-
-            # Test connection by listing foundation models
-            bedrock_client = boto3.client(
-                "bedrock",
-                aws_access_key_id=bedrock_creds["access_key_id"],
-                aws_secret_access_key=bedrock_creds["secret_access_key"],
-                region_name=bedrock_creds["region"],
-            )
-            _ = bedrock_client.list_foundation_models()
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            params = _extract_openai_compatible_params(provider_cfg)
-            if not params:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {
-                    "connected": False,
-                    "error": "Base URL or API key is invalid or missing",
-                }
-
-            # Test connection using OpenAI SDK with custom base_url
-            # Note: base_url should include version (e.g., https://openrouter.ai/api/v1)
-            client = openai.OpenAI(
-                api_key=params["api_key"],
-                base_url=params["base_url"],
-            )
-            _ = client.models.list()
-
-        else:
-            return {"connected": False, "error": "Unsupported provider type"}
-
-        # Connection successful
-        provider_cfg.is_active = True
-        provider_cfg.save()
-        return {"connected": True, "error": None}
-
-    except Exception as e:
-        logger.warning(
-            "%s connection check failed: %s", provider_cfg.provider_type, str(e)
-        )
-        provider_cfg.is_active = False
-        provider_cfg.save()
-        return {"connected": False, "error": str(e)}
-
-
-def _fetch_openai_models(api_key: str) -> Dict[str, str]:
-    """
-    Fetch available models from OpenAI API.
-
-    Args:
-        api_key: OpenAI API key for authentication.
-
-    Returns:
-        Dict mapping model_id to model_name. For OpenAI, both are the same
-        as the API doesn't provide separate display names.
-
-    Raises:
-        Exception: If the API call fails.
-    """
-    client = openai.OpenAI(api_key=api_key)
-    models = client.models.list()
-    # OpenAI uses model.id for both ID and display name
-    return {m.id: m.id for m in getattr(models, "data", [])}
-
-
-def _fetch_openai_compatible_models(base_url: str, api_key: str) -> Dict[str, str]:
-    """
-    Fetch available models from an OpenAI-compatible API using the OpenAI SDK.
-
-    Returns a mapping of model_id -> model_name. Prefers the 'name' attribute
-    if available (e.g., from OpenRouter), otherwise falls back to 'id'.
-
-    Note: base_url should include version (e.g., https://openrouter.ai/api/v1)
-    """
-    client = openai.OpenAI(api_key=api_key, base_url=base_url)
-    models = client.models.list()
-
-    available_models: Dict[str, str] = {}
-    for model in models.data:
-        model_id = model.id
-        # Prefer provider-supplied human-friendly name when available
-        name = getattr(model, "name", None)
-        if name:
-            available_models[model_id] = name
-        else:
-            available_models[model_id] = model_id
-
-    return available_models
-
-
-def _fetch_bedrock_models(bedrock_creds: Dict[str, str]) -> Dict[str, str]:
-    """
-    Fetch available models from AWS Bedrock with entitlement verification.
-
-    This function:
-    1. Lists foundation models with TEXT modality support
-    2. Lists inference profiles with TEXT modality support
-    3. Verifies user has entitlement access to each model
-
-    Args:
-        bedrock_creds: Dictionary with 'access_key_id', 'secret_access_key', and 'region'.
-
-    Returns:
-        Dict mapping model_id to model_name for all accessible models.
-
-    Raises:
-        BotoCoreError, ClientError: If AWS API calls fail.
-    """
-    bedrock_client = boto3.client(
-        "bedrock",
-        aws_access_key_id=bedrock_creds["access_key_id"],
-        aws_secret_access_key=bedrock_creds["secret_access_key"],
-        region_name=bedrock_creds["region"],
-    )
-
-    models_to_check: Dict[str, str] = {}
-
-    # Step 1: Get foundation models with TEXT modality
-    foundation_response = bedrock_client.list_foundation_models()
-    model_summaries = foundation_response.get("modelSummaries", [])
-
-    for model in model_summaries:
-        # Check if model supports TEXT input and output modality
-        input_modalities = model.get("inputModalities", [])
-        output_modalities = model.get("outputModalities", [])
-
-        if "TEXT" not in input_modalities or "TEXT" not in output_modalities:
-            continue
-
-        model_id = model.get("modelId")
-        if not model_id:
-            continue
-
-        inference_types = model.get("inferenceTypesSupported", [])
-
-        # Only include models with ON_DEMAND inference support
-        if "ON_DEMAND" in inference_types:
-            models_to_check[model_id] = model["modelName"]
-
-    # Step 2: Get inference profiles
-    try:
-        inference_profiles_response = bedrock_client.list_inference_profiles()
-        inference_profiles = inference_profiles_response.get(
-            "inferenceProfileSummaries", []
-        )
-
-        for profile in inference_profiles:
-            # Check if profile supports TEXT modality
-            input_modalities = profile.get("inputModalities", [])
-            output_modalities = profile.get("outputModalities", [])
-
-            if "TEXT" not in input_modalities or "TEXT" not in output_modalities:
-                continue
-
-            profile_id = profile.get("inferenceProfileId")
-            if profile_id:
-                models_to_check[profile_id] = profile["inferenceProfileName"]
-
-    except (BotoCoreError, ClientError) as e:
-        logger.info(
-            "Could not fetch inference profiles in %s: %s",
-            bedrock_creds["region"],
-            str(e),
-        )
-
-    # Step 3: Verify entitlement availability for each model
-    available_models: Dict[str, str] = {}
-
-    for model_id, model_name in models_to_check.items():
-        try:
-            availability = bedrock_client.get_foundation_model_availability(
-                modelId=model_id
-            )
-
-            entitlement = availability.get("entitlementAvailability")
-
-            # Only include models user has access to
-            if entitlement == "AVAILABLE":
-                available_models[model_id] = model_name
-            else:
-                logger.debug(
-                    "Skipping model %s - entitlement status: %s", model_id, entitlement
-                )
-
-        except (BotoCoreError, ClientError) as e:
-            logger.debug(
-                "Could not check availability for model %s: %s", model_id, str(e)
-            )
-            continue
-
-    return available_models
-
-
-def refresh_lighthouse_provider_models(provider_config_id: str) -> Dict:
-    """
-    Refresh the catalog of models for a Lighthouse provider configuration.
-
-    Fetches the current list of models from the provider, upserts entries into
-    `LighthouseProviderModels`, and deletes stale entries no longer returned.
-
-    Args:
-        provider_config_id: The primary key of the `LighthouseProviderConfiguration`
-            whose models should be refreshed.
-
-    Returns:
-        dict: A result dictionary with the following keys on success:
-            - "created" (int): Number of new model rows created.
-            - "updated" (int): Number of existing model rows updated.
-            - "deleted" (int): Number of stale model rows removed.
-        If an error occurs, the dictionary will contain an "error" (str) field instead.
-
-    Raises:
-        LighthouseProviderConfiguration.DoesNotExist: If no configuration exists with the given ID.
-    """
-    provider_cfg = LighthouseProviderConfiguration.objects.get(pk=provider_config_id)
-    fetched_models: Dict[str, str] = {}
-
-    # Fetch models from the appropriate provider
-    try:
-        if (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            api_key = _extract_openai_api_key(provider_cfg)
-            if not api_key:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "API key is invalid or missing",
-                }
-            fetched_models = _fetch_openai_models(api_key)
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            bedrock_creds = _extract_bedrock_credentials(provider_cfg)
-            if not bedrock_creds:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "AWS credentials are invalid or missing",
-                }
-            fetched_models = _fetch_bedrock_models(bedrock_creds)
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            params = _extract_openai_compatible_params(provider_cfg)
-            if not params:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "Base URL or API key is invalid or missing",
-                }
-            fetched_models = _fetch_openai_compatible_models(
-                params["base_url"], params["api_key"]
-            )
-
-        else:
-            return {
-                "created": 0,
-                "updated": 0,
-                "deleted": 0,
-                "error": "Unsupported provider type",
-            }
-
-    except Exception as e:
-        logger.warning(
-            "Unexpected error refreshing %s models: %s",
-            provider_cfg.provider_type,
-            str(e),
-        )
-        return {"created": 0, "updated": 0, "deleted": 0, "error": str(e)}
-
-    # Upsert models into the catalog
-    created = 0
-    updated = 0
-
-    for model_id, model_name in fetched_models.items():
-        obj, was_created = LighthouseProviderModels.objects.update_or_create(
-            tenant_id=provider_cfg.tenant_id,
-            provider_configuration=provider_cfg,
-            model_id=model_id,
-            defaults={
-                "model_name": model_name,
-                "default_parameters": {},
-            },
-        )
-        if was_created:
-            created += 1
-        else:
-            updated += 1
-
-    # Delete stale models not present anymore
-    deleted, _ = (
-        LighthouseProviderModels.objects.filter(
-            tenant_id=provider_cfg.tenant_id, provider_configuration=provider_cfg
-        )
-        .exclude(model_id__in=fetched_models.keys())
-        .delete()
-    )
-
-    return {"created": created, "updated": updated, "deleted": deleted}
@@ -1,64 +0,0 @@
-from celery.utils.log import get_task_logger
-from config.django.base import DJANGO_FINDINGS_BATCH_SIZE
-from tasks.utils import batched
-
-from api.db_utils import rls_transaction
-from api.models import Finding, MuteRule
-
-logger = get_task_logger(__name__)
-
-
-def mute_historical_findings(tenant_id: str, mute_rule_id: str):
-    """
-    Mute historical findings that match the given mute rule.
-
-    This function processes findings in batches, updating their muted status
-    and adding the mute reason.
-
-    Args:
-        tenant_id (str): The tenant ID for RLS context
-        mute_rule_id (str): The ID of the mute rule to apply
-
-    Returns:
-        dict: Summary of the muting operation with findings_muted count
-    """
-    findings_muted_count = 0
-
-    # Get the list of UIDs to mute and the reason
-    with rls_transaction(tenant_id):
-        mute_rule = MuteRule.objects.get(id=mute_rule_id, tenant_id=tenant_id)
-        finding_uids = mute_rule.finding_uids
-        mute_reason = mute_rule.reason
-        muted_at = mute_rule.inserted_at
-
-    # Query findings that match the UIDs and are not already muted
-    with rls_transaction(tenant_id):
-        findings_to_mute = Finding.objects.filter(
-            tenant_id=tenant_id, uid__in=finding_uids, muted=False
-        )
-        total_findings = findings_to_mute.count()
-
-        logger.info(
-            f"Processing {total_findings} findings for mute rule {mute_rule_id}"
-        )
-
-        if total_findings > 0:
-            for batch, is_last in batched(
-                findings_to_mute.iterator(), DJANGO_FINDINGS_BATCH_SIZE
-            ):
-                batch_ids = [f.id for f in batch]
-                updated_count = Finding.all_objects.filter(
-                    id__in=batch_ids, tenant_id=tenant_id
-                ).update(
-                    muted=True,
-                    muted_at=muted_at,
-                    muted_reason=mute_reason,
-                )
-                findings_muted_count += updated_count
-
-    logger.info(f"Muted {findings_muted_count} findings for rule {mute_rule_id}")
-
-    return {
-        "findings_muted": findings_muted_count,
-        "rule_id": mute_rule_id,
-    }
@@ -30,7 +30,6 @@ from api.exceptions import ProviderConnectionError
 from api.models import (
    ComplianceRequirementOverview,
    Finding,
-    MuteRule,
    Processor,
    Provider,
    Resource,
@@ -302,20 +301,6 @@ def perform_prowler_scan(
            logger.error(f"Error processing mutelist rules: {e}")
            mutelist_processor = None

-    # Load enabled mute rules for this tenant
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        try:
-            active_mute_rules = MuteRule.objects.filter(
-                tenant_id=tenant_id, enabled=True
-            ).values_list("finding_uids", "reason")
-
-            mute_rules_cache = {}
-            for finding_uids, reason in active_mute_rules:
-                for uid in finding_uids:
-                    mute_rules_cache[uid] = reason
-        except Exception as e:
-            logger.error(f"Error loading mute rules: {e}")
-            mute_rules_cache = {}
    try:
        with rls_transaction(tenant_id):
            try:
@@ -464,22 +449,11 @@ def perform_prowler_scan(
                    if not last_first_seen_at:
                        last_first_seen_at = datetime.now(tz=timezone.utc)

-                    # Determine if finding should be muted and why
-                    # Priority: mutelist processor (highest) > manual mute rules
-                    is_muted = False
-                    muted_reason = None
-
-                    # Check mutelist processor first (highest priority)
-                    if finding.muted:
-                        is_muted = True
-                        muted_reason = "Muted by mutelist"
-                    # If not muted by mutelist, check manual mute rules
-                    elif finding_uid in mute_rules_cache:
-                        is_muted = True
-                        muted_reason = mute_rules_cache[finding_uid]
+                    # If the finding is muted at this time the reason must be the configured Mutelist
+                    muted_reason = "Muted by mutelist" if finding.muted else None

                    # Increment failed_findings_count cache if the finding status is FAIL and not muted
-                    if status == FindingStatus.FAIL and not is_muted:
+                    if status == FindingStatus.FAIL and not finding.muted:
                        resource_uid = finding.resource_uid
                        resource_failed_findings_cache[resource_uid] += 1

@@ -498,8 +472,7 @@ def perform_prowler_scan(
                        check_id=finding.check_id,
                        scan=scan_instance,
                        first_seen_at=last_first_seen_at,
-                        muted=is_muted,
-                        muted_at=datetime.now(tz=timezone.utc) if is_muted else None,
+                        muted=finding.muted,
                        muted_reason=muted_reason,
                        compliance=finding.compliance,
                    )
@@ -1,4 +1,3 @@
-import os
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from shutil import rmtree
@@ -27,12 +26,6 @@ from tasks.jobs.integrations import (
    upload_s3_integration,
    upload_security_hub_integration,
 )
-from tasks.jobs.lighthouse_providers import (
-    check_lighthouse_provider_connection,
-    refresh_lighthouse_provider_models,
-)
-from tasks.jobs.muting import mute_historical_findings
-from tasks.jobs.report import generate_threatscore_report_job
 from tasks.jobs.scan import (
    aggregate_findings,
    create_compliance_requirements,
@@ -71,15 +64,10 @@ def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str)
        generate_outputs_task.si(
            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
        ),
-        group(
-            generate_threatscore_report_task.si(
-                tenant_id=tenant_id, scan_id=scan_id, provider_id=provider_id
-            ),
-            check_integrations_task.si(
-                tenant_id=tenant_id,
-                provider_id=provider_id,
-                scan_id=scan_id,
-            ),
+        check_integrations_task.si(
+            tenant_id=tenant_id,
+            provider_id=provider_id,
+            scan_id=scan_id,
        ),
    ).apply_async()

@@ -316,7 +304,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):

    frameworks_bulk = Compliance.get_bulk(provider_type)
    frameworks_avail = get_compliance_frameworks(provider_type)
-    out_dir, comp_dir, _ = _generate_output_directory(
+    out_dir, comp_dir = _generate_output_directory(
        DJANGO_TMP_OUTPUT_DIRECTORY, provider_uid, tenant_id, scan_id
    )

@@ -419,24 +407,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
                writer._data.clear()

    compressed = _compress_output_files(out_dir)
-
-    upload_uri = _upload_to_s3(
-        tenant_id,
-        scan_id,
-        compressed,
-        os.path.basename(compressed),
-    )
-
-    compliance_dir_path = Path(comp_dir).parent
-    if compliance_dir_path.exists():
-        for artifact_path in sorted(compliance_dir_path.iterdir()):
-            if artifact_path.is_file():
-                _upload_to_s3(
-                    tenant_id,
-                    scan_id,
-                    str(artifact_path),
-                    f"compliance/{artifact_path.name}",
-                )
+    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)

    # S3 integrations (need output_directory)
    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
@@ -529,24 +500,6 @@ def check_lighthouse_connection_task(lighthouse_config_id: str, tenant_id: str =
    return check_lighthouse_connection(lighthouse_config_id=lighthouse_config_id)


-@shared_task(base=RLSTask, name="lighthouse-provider-connection-check")
-@set_tenant
-def check_lighthouse_provider_connection_task(
-    provider_config_id: str, tenant_id: str | None = None
-) -> dict:
-    """Task wrapper to validate provider credentials and set is_active."""
-    return check_lighthouse_provider_connection(provider_config_id=provider_config_id)
-
-
-@shared_task(base=RLSTask, name="lighthouse-provider-models-refresh")
-@set_tenant
-def refresh_lighthouse_provider_models_task(
-    provider_config_id: str, tenant_id: str | None = None
-) -> dict:
-    """Task wrapper to refresh provider models catalog for the given configuration."""
-    return refresh_lighthouse_provider_models(provider_config_id=provider_config_id)
-
-
@shared_task(name="integration-check")
 def check_integrations_task(tenant_id: str, provider_id: str, scan_id: str = None):
    """
@@ -664,43 +617,3 @@ def jira_integration_task(
    return send_findings_to_jira(
        tenant_id, integration_id, project_key, issue_type, finding_ids
    )
-
-
-@shared_task(
-    base=RLSTask,
-    name="scan-threatscore-report",
-    queue="scan-reports",
-)
-def generate_threatscore_report_task(tenant_id: str, scan_id: str, provider_id: str):
-    """
-    Task to generate a threatscore report for a given scan.
-    Args:
-        tenant_id (str): The tenant identifier.
-        scan_id (str): The scan identifier.
-        provider_id (str): The provider identifier.
-    """
-    return generate_threatscore_report_job(
-        tenant_id=tenant_id, scan_id=scan_id, provider_id=provider_id
-    )
-
-
-@shared_task(name="findings-mute-historical")
-def mute_historical_findings_task(tenant_id: str, mute_rule_id: str):
-    """
-    Background task to mute all historical findings matching a mute rule.
-
-    This task processes findings in batches to avoid memory issues with large datasets.
-    It updates the Finding.muted, Finding.muted_at, and Finding.muted_reason fields
-    for all findings whose UID is in the mute rule's finding_uids list.
-
-    Args:
-        tenant_id (str): The tenant ID for RLS context.
-        mute_rule_id (str): The primary key of the MuteRule to apply.
-
-    Returns:
-        dict: A dictionary containing:
-            - 'findings_muted' (int): Total number of findings muted.
-            - 'rule_id' (str): The mute rule ID.
-            - 'status' (str): Final status ('completed').
-    """
-    return mute_historical_findings(tenant_id, mute_rule_id)
@@ -72,26 +72,17 @@ class TestOutputs:
        client_mock = MagicMock()
        mock_get_client.return_value = client_mock

-        result = _upload_to_s3(
-            "tenant-id",
-            "scan-id",
-            str(zip_path),
-            "outputs.zip",
-        )
+        result = _upload_to_s3("tenant-id", str(zip_path), "scan-id")

        expected_uri = "s3://test-bucket/tenant-id/scan-id/outputs.zip"
        assert result == expected_uri
-        client_mock.upload_file.assert_called_once_with(
-            Filename=str(zip_path),
-            Bucket="test-bucket",
-            Key="tenant-id/scan-id/outputs.zip",
-        )
+        assert client_mock.upload_file.call_count == 2

    @patch("tasks.jobs.export.get_s3_client")
    @patch("tasks.jobs.export.base")
    def test_upload_to_s3_missing_bucket(self, mock_base, mock_get_client):
        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = ""
-        result = _upload_to_s3("tenant", "scan", "/tmp/fake.zip", "fake.zip")
+        result = _upload_to_s3("tenant", "/tmp/fake.zip", "scan")
        assert result is None

    @patch("tasks.jobs.export.get_s3_client")
@@ -110,15 +101,11 @@ class TestOutputs:
        client_mock = MagicMock()
        mock_get_client.return_value = client_mock

-        result = _upload_to_s3(
-            "tenant",
-            "scan",
-            str(compliance_dir / "subdir"),
-            "compliance/subdir",
-        )
+        result = _upload_to_s3("tenant", str(zip_path), "scan")

-        assert result is None
-        client_mock.upload_file.assert_not_called()
+        expected_uri = "s3://test-bucket/tenant/scan/results.zip"
+        assert result == expected_uri
+        client_mock.upload_file.assert_called_once()

    @patch(
        "tasks.jobs.export.get_s3_client",
@@ -139,12 +126,7 @@ class TestOutputs:
        compliance_dir.mkdir()
        (compliance_dir / "report.csv").write_text("csv")

-        _upload_to_s3(
-            "tenant",
-            "scan",
-            str(zip_path),
-            "zipfile.zip",
-        )
+        _upload_to_s3("tenant", str(zip_path), "scan")
        mock_logger.assert_called()

    @patch("tasks.jobs.export.rls_transaction")
@@ -168,17 +150,15 @@ class TestOutputs:
        provider = "aws"
        expected_timestamp = "20230615103045"

-        path, compliance, threatscore = _generate_output_directory(
+        path, compliance = _generate_output_directory(
            base_dir, provider, tenant_id, scan_id
        )

        assert os.path.isdir(os.path.dirname(path))
        assert os.path.isdir(os.path.dirname(compliance))
-        assert os.path.isdir(os.path.dirname(threatscore))

        assert path.endswith(f"{provider}-{expected_timestamp}")
        assert compliance.endswith(f"{provider}-{expected_timestamp}")
-        assert threatscore.endswith(f"{provider}-{expected_timestamp}")

    @patch("tasks.jobs.export.rls_transaction")
    @patch("tasks.jobs.export.Scan")
@@ -201,14 +181,12 @@ class TestOutputs:
        provider = "aws/test@check"
        expected_timestamp = "20230615103045"

-        path, compliance, threatscore = _generate_output_directory(
+        path, compliance = _generate_output_directory(
            base_dir, provider, tenant_id, scan_id
        )

        assert os.path.isdir(os.path.dirname(path))
        assert os.path.isdir(os.path.dirname(compliance))
-        assert os.path.isdir(os.path.dirname(threatscore))

        assert path.endswith(f"aws-test-check-{expected_timestamp}")
        assert compliance.endswith(f"aws-test-check-{expected_timestamp}")
-        assert threatscore.endswith(f"aws-test-check-{expected_timestamp}")
@@ -9,7 +9,6 @@ from tasks.jobs.integrations import (
    upload_security_hub_integration,
 )

-from api.db_router import READ_REPLICA_ALIAS, MainRouter
 from api.models import Integration
 from api.utils import prowler_integration_connection_test
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHubConnection
@@ -881,8 +880,7 @@ class TestSecurityHubIntegrationUploads:
        # Verify RLS transaction was used correctly
        # Should be called twice: once for getting provider info, once for resetting regions
        assert mock_rls.call_count == 2
-        mock_rls.assert_any_call(tenant_id, using=READ_REPLICA_ALIAS)
-        mock_rls.assert_any_call(tenant_id, using=MainRouter.default_db)
+        mock_rls.assert_any_call(tenant_id)

        # Verify test_connection was called with integration credentials (not provider's)
        mock_test_connection.assert_called_once_with(
@@ -1,532 +0,0 @@
-from datetime import datetime, timezone
-from uuid import uuid4
-
-import pytest
-from django.core.exceptions import ObjectDoesNotExist
-from tasks.jobs.muting import mute_historical_findings
-
-from api.models import Finding, MuteRule
-from prowler.lib.check.models import Severity
-from prowler.lib.outputs.finding import Status
-
-
-@pytest.mark.django_db
-class TestMuteHistoricalFindings:
-    """
-    Test suite for the mute_historical_findings function.
-
-    This class tests the batch processing of findings to update their muted status
-    based on MuteRule criteria.
-    """
-
-    @pytest.fixture(scope="function")
-    def test_user(self, create_test_user):
-        """Create a test user for mute rule creation."""
-        return create_test_user
-
-    @pytest.fixture(scope="function")
-    def mute_rule_with_findings(self, tenants_fixture, findings_fixture, test_user):
-        """
-        Create a mute rule that targets the first finding in the fixture.
-        """
-        tenant = tenants_fixture[0]
-        finding = findings_fixture[0]
-
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant.id,
-            name="Test Mute Rule",
-            reason="Testing mute functionality",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=[finding.uid],
-        )
-
-        return mute_rule
-
-    @pytest.fixture(scope="function")
-    def mute_rule_multiple_findings(self, scans_fixture, test_user):
-        """
-        Create multiple unmuted findings and a mute rule targeting all of them.
-        """
-        scan = scans_fixture[0]
-        tenant_id = scan.tenant_id
-
-        # Create 5 unmuted findings
-        finding_uids = []
-        for i in range(5):
-            finding = Finding.objects.create(
-                tenant_id=tenant_id,
-                uid=f"test_finding_uid_mute_{i}",
-                scan=scan,
-                status=Status.FAIL,
-                status_extended=f"Test status {i}",
-                impact=Severity.high,
-                severity=Severity.high,
-                raw_result={
-                    "status": Status.FAIL,
-                    "impact": Severity.high,
-                    "severity": Severity.high,
-                },
-                check_id=f"test_check_id_{i}",
-                check_metadata={
-                    "CheckId": f"test_check_id_{i}",
-                    "Description": f"Test description {i}",
-                },
-                muted=False,
-            )
-            finding_uids.append(finding.uid)
-
-        # Create mute rule targeting all findings
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Multiple Findings Mute Rule",
-            reason="Testing batch muting",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=finding_uids,
-        )
-
-        return mute_rule, finding_uids
-
-    @pytest.fixture(scope="function")
-    def mute_rule_already_muted(self, findings_fixture, test_user):
-        """
-        Create a mute rule that targets an already-muted finding.
-        """
-        tenant_id = findings_fixture[1].tenant_id
-        already_muted_finding = findings_fixture[1]
-
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Already Muted Rule",
-            reason="Testing already muted findings",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=[already_muted_finding.uid],
-        )
-
-        return mute_rule
-
-    @pytest.fixture(scope="function")
-    def mute_rule_mixed_findings(self, scans_fixture, test_user):
-        """
-        Create a mute rule with a mix of muted and unmuted findings.
-        """
-        scan = scans_fixture[0]
-        tenant_id = scan.tenant_id
-
-        # Create 3 unmuted findings
-        unmuted_uids = []
-        for i in range(3):
-            finding = Finding.objects.create(
-                tenant_id=tenant_id,
-                uid=f"unmuted_finding_{i}",
-                scan=scan,
-                status=Status.FAIL,
-                status_extended=f"Unmuted status {i}",
-                impact=Severity.medium,
-                severity=Severity.medium,
-                raw_result={
-                    "status": Status.FAIL,
-                    "impact": Severity.medium,
-                    "severity": Severity.medium,
-                },
-                check_id=f"unmuted_check_{i}",
-                check_metadata={
-                    "CheckId": f"unmuted_check_{i}",
-                    "Description": f"Unmuted description {i}",
-                },
-                muted=False,
-            )
-            unmuted_uids.append(finding.uid)
-
-        # Create 2 already muted findings
-        muted_uids = []
-        for i in range(2):
-            finding = Finding.objects.create(
-                tenant_id=tenant_id,
-                uid=f"muted_finding_{i}",
-                scan=scan,
-                status=Status.FAIL,
-                status_extended=f"Muted status {i}",
-                impact=Severity.low,
-                severity=Severity.low,
-                raw_result={
-                    "status": Status.FAIL,
-                    "impact": Severity.low,
-                    "severity": Severity.low,
-                },
-                check_id=f"muted_check_{i}",
-                check_metadata={
-                    "CheckId": f"muted_check_{i}",
-                    "Description": f"Muted description {i}",
-                },
-                muted=True,
-                muted_at=datetime.now(timezone.utc),
-                muted_reason="Already muted",
-            )
-            muted_uids.append(finding.uid)
-
-        # Create mute rule targeting all findings
-        all_uids = unmuted_uids + muted_uids
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Mixed Findings Rule",
-            reason="Testing mixed muted/unmuted findings",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=all_uids,
-        )
-
-        return mute_rule, unmuted_uids, muted_uids
-
-    @pytest.fixture(scope="function")
-    def mute_rule_batch_test(self, scans_fixture, test_user):
-        """
-        Create enough findings to test batch processing (>1000 for default batch size).
-        """
-        scan = scans_fixture[0]
-        tenant_id = scan.tenant_id
-
-        # Create 1500 findings to exceed default batch size of 1000
-        finding_uids = []
-        for i in range(1500):
-            finding = Finding.objects.create(
-                tenant_id=tenant_id,
-                uid=f"batch_test_finding_{i}",
-                scan=scan,
-                status=Status.FAIL,
-                status_extended=f"Batch test status {i}",
-                impact=Severity.critical,
-                severity=Severity.critical,
-                raw_result={
-                    "status": Status.FAIL,
-                    "impact": Severity.critical,
-                    "severity": Severity.critical,
-                },
-                check_id=f"batch_test_check_{i}",
-                check_metadata={
-                    "CheckId": f"batch_test_check_{i}",
-                    "Description": f"Batch test description {i}",
-                },
-                muted=False,
-            )
-            finding_uids.append(finding.uid)
-
-        # Create mute rule targeting all findings
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Batch Processing Rule",
-            reason="Testing batch processing functionality",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=finding_uids,
-        )
-
-        return mute_rule, finding_uids
-
-    def test_mute_historical_findings_single_finding(
-        self, mute_rule_with_findings, findings_fixture
-    ):
-        """
-        Test muting a single historical finding.
-        """
-        mute_rule = mute_rule_with_findings
-        tenant_id = str(mute_rule.tenant_id)
-        finding = findings_fixture[0]
-
-        # Ensure the finding is not muted before execution
-        finding.refresh_from_db()
-        assert finding.muted is False
-        assert finding.muted_at is None
-        assert finding.muted_reason is None
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify return value
-        assert result["findings_muted"] == 1
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify the finding was muted
-        finding.refresh_from_db()
-        assert finding.muted is True
-        assert finding.muted_at == mute_rule.inserted_at
-        assert finding.muted_reason == mute_rule.reason
-
-    def test_mute_historical_findings_multiple_findings(
-        self, mute_rule_multiple_findings
-    ):
-        """
-        Test muting multiple historical findings.
-        """
-        mute_rule, finding_uids = mute_rule_multiple_findings
-        tenant_id = str(mute_rule.tenant_id)
-
-        # Verify all findings are unmuted
-        findings = Finding.objects.filter(tenant_id=tenant_id, uid__in=finding_uids)
-        assert findings.count() == 5
-        for finding in findings:
-            assert finding.muted is False
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify return value
-        assert result["findings_muted"] == 5
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify all findings were muted
-        findings = Finding.objects.filter(tenant_id=tenant_id, uid__in=finding_uids)
-        for finding in findings:
-            assert finding.muted is True
-            assert finding.muted_at == mute_rule.inserted_at
-            assert finding.muted_reason == mute_rule.reason
-
-    def test_mute_historical_findings_already_muted(
-        self, mute_rule_already_muted, findings_fixture
-    ):
-        """
-        Test that already-muted findings are not counted or updated.
-        """
-        mute_rule = mute_rule_already_muted
-        tenant_id = str(mute_rule.tenant_id)
-        finding = findings_fixture[1]
-
-        # Verify the finding is already muted
-        finding.refresh_from_db()
-        assert finding.muted is True
-        original_muted_at = finding.muted_at
-        original_muted_reason = finding.muted_reason
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify no findings were muted
-        assert result["findings_muted"] == 0
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify the finding's mute status did not change
-        finding.refresh_from_db()
-        assert finding.muted is True
-        assert finding.muted_at == original_muted_at
-        assert finding.muted_reason == original_muted_reason
-
-    def test_mute_historical_findings_mixed_status(self, mute_rule_mixed_findings):
-        """
-        Test muting when some findings are already muted and others are not.
-        """
-        mute_rule, unmuted_uids, muted_uids = mute_rule_mixed_findings
-        tenant_id = str(mute_rule.tenant_id)
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify only unmuted findings were counted
-        assert result["findings_muted"] == 3
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify unmuted findings are now muted
-        unmuted_findings = Finding.objects.filter(
-            tenant_id=tenant_id, uid__in=unmuted_uids
-        )
-        for finding in unmuted_findings:
-            assert finding.muted is True
-            assert finding.muted_at == mute_rule.inserted_at
-            assert finding.muted_reason == mute_rule.reason
-
-        # Verify already-muted findings remained unchanged
-        already_muted_findings = Finding.objects.filter(
-            tenant_id=tenant_id, uid__in=muted_uids
-        )
-        for finding in already_muted_findings:
-            assert finding.muted is True
-            assert finding.muted_reason == "Already muted"
-
-    def test_mute_historical_findings_nonexistent_rule(self, tenants_fixture):
-        """
-        Test that a nonexistent mute rule raises ObjectDoesNotExist.
-        """
-        tenant_id = str(tenants_fixture[0].id)
-        nonexistent_rule_id = str(uuid4())
-
-        with pytest.raises(ObjectDoesNotExist):
-            mute_historical_findings(tenant_id, nonexistent_rule_id)
-
-    def test_mute_historical_findings_no_matching_findings(
-        self, tenants_fixture, test_user
-    ):
-        """
-        Test muting when no findings match the rule's UIDs.
-        """
-        tenant_id = str(tenants_fixture[0].id)
-
-        # Create a mute rule with non-existent finding UIDs
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test No Match Rule",
-            reason="Testing no matching findings",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=[
-                "nonexistent_uid_1",
-                "nonexistent_uid_2",
-                "nonexistent_uid_3",
-            ],
-        )
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify no findings were muted
-        assert result["findings_muted"] == 0
-        assert result["rule_id"] == str(mute_rule.id)
-
-    def test_mute_historical_findings_batch_processing(self, mute_rule_batch_test):
-        """
-        Test that large numbers of findings are processed in batches correctly.
-        """
-        mute_rule, finding_uids = mute_rule_batch_test
-        tenant_id = str(mute_rule.tenant_id)
-
-        # Verify all findings exist and are unmuted
-        findings = Finding.objects.filter(tenant_id=tenant_id, uid__in=finding_uids)
-        assert findings.count() == 1500
-        for finding in findings:
-            assert finding.muted is False
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify return value
-        assert result["findings_muted"] == 1500
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify all findings were muted
-        findings = Finding.objects.filter(tenant_id=tenant_id, uid__in=finding_uids)
-        for finding in findings:
-            assert finding.muted is True
-            assert finding.muted_at == mute_rule.inserted_at
-            assert finding.muted_reason == mute_rule.reason
-
-    def test_mute_historical_findings_preserves_muted_at_timestamp(
-        self, mute_rule_with_findings, findings_fixture
-    ):
-        """
-        Test that muted_at is set to the rule's inserted_at, not the current time.
-        """
-        mute_rule = mute_rule_with_findings
-        tenant_id = str(mute_rule.tenant_id)
-        finding = findings_fixture[0]
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify the finding was muted
-        assert result["findings_muted"] == 1
-
-        # Verify muted_at matches the rule's inserted_at timestamp
-        finding.refresh_from_db()
-        assert finding.muted_at == mute_rule.inserted_at
-        assert finding.muted_at is not None
-
-    def test_mute_historical_findings_partial_match(self, scans_fixture, test_user):
-        """
-        Test muting when only some of the rule's UIDs exist as findings.
-        """
-        scan = scans_fixture[0]
-        tenant_id = str(scan.tenant_id)
-
-        # Create 3 findings
-        existing_uids = []
-        for i in range(3):
-            finding = Finding.objects.create(
-                tenant_id=tenant_id,
-                uid=f"partial_match_finding_{i}",
-                scan=scan,
-                status=Status.FAIL,
-                status_extended=f"Partial match status {i}",
-                impact=Severity.high,
-                severity=Severity.high,
-                raw_result={
-                    "status": Status.FAIL,
-                    "impact": Severity.high,
-                    "severity": Severity.high,
-                },
-                check_id=f"partial_match_check_{i}",
-                check_metadata={
-                    "CheckId": f"partial_match_check_{i}",
-                    "Description": f"Partial match description {i}",
-                },
-                muted=False,
-            )
-            existing_uids.append(finding.uid)
-
-        # Create a mute rule with both existing and non-existing UIDs
-        all_uids = existing_uids + [
-            "nonexistent_uid_1",
-            "nonexistent_uid_2",
-        ]
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Partial Match Rule",
-            reason="Testing partial matching",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=all_uids,
-        )
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify only existing findings were muted
-        assert result["findings_muted"] == 3
-        assert result["rule_id"] == str(mute_rule.id)
-
-        # Verify the existing findings were muted
-        findings = Finding.objects.filter(tenant_id=tenant_id, uid__in=existing_uids)
-        assert findings.count() == 3
-        for finding in findings:
-            assert finding.muted is True
-            assert finding.muted_at == mute_rule.inserted_at
-            assert finding.muted_reason == mute_rule.reason
-
-    def test_mute_historical_findings_empty_uids(self, tenants_fixture, test_user):
-        """
-        Test muting when the rule has an empty finding_uids array.
-        """
-        tenant_id = str(tenants_fixture[0].id)
-
-        # Create a mute rule with empty finding_uids
-        mute_rule = MuteRule.objects.create(
-            tenant_id=tenant_id,
-            name="Test Empty UIDs Rule",
-            reason="Testing empty UIDs",
-            enabled=True,
-            created_by=test_user,
-            finding_uids=[],
-        )
-
-        # Execute the muting function
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify no findings were muted
-        assert result["findings_muted"] == 0
-        assert result["rule_id"] == str(mute_rule.id)
-
-    def test_mute_historical_findings_return_format(self, mute_rule_with_findings):
-        """
-        Test that the return value has the correct format and fields.
-        """
-        mute_rule = mute_rule_with_findings
-        tenant_id = str(mute_rule.tenant_id)
-
-        result = mute_historical_findings(tenant_id, str(mute_rule.id))
-
-        # Verify return value structure
-        assert isinstance(result, dict)
-        assert "findings_muted" in result
-        assert "rule_id" in result
-        assert isinstance(result["findings_muted"], int)
-        assert isinstance(result["rule_id"], str)
-        assert result["rule_id"] == str(mute_rule.id)
@@ -1,963 +0,0 @@
-import uuid
-from pathlib import Path
-from unittest.mock import MagicMock, patch
-
-import matplotlib
-import pytest
-from tasks.jobs.report import (
-    _aggregate_requirement_statistics_from_database,
-    _calculate_requirements_data_from_statistics,
-    _load_findings_for_requirement_checks,
-    generate_threatscore_report,
-    generate_threatscore_report_job,
-)
-from tasks.tasks import generate_threatscore_report_task
-
-from api.models import Finding, StatusChoices
-from prowler.lib.check.models import Severity
-
-matplotlib.use("Agg")  # Use non-interactive backend for tests
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReport:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-
-    def test_no_findings_returns_early(self):
-        with patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter:
-            mock_filter.return_value.exists.return_value = False
-
-            result = generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            assert result == {"upload": False}
-            mock_filter.assert_called_once_with(scan_id=self.scan_id)
-
-    @patch("tasks.jobs.report.rmtree")
-    @patch("tasks.jobs.report._upload_to_s3")
-    @patch("tasks.jobs.report.generate_threatscore_report")
-    @patch("tasks.jobs.report._generate_output_directory")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.ScanSummary.objects.filter")
-    def test_generate_threatscore_report_happy_path(
-        self,
-        mock_scan_summary_filter,
-        mock_provider_get,
-        mock_generate_output_directory,
-        mock_generate_report,
-        mock_upload,
-        mock_rmtree,
-    ):
-        mock_scan_summary_filter.return_value.exists.return_value = True
-
-        mock_provider = MagicMock()
-        mock_provider.uid = "provider-uid"
-        mock_provider.provider = "aws"
-        mock_provider_get.return_value = mock_provider
-
-        mock_generate_output_directory.return_value = (
-            "/tmp/output",
-            "/tmp/compressed",
-            "/tmp/threatscore_path",
-        )
-
-        mock_upload.return_value = "s3://bucket/threatscore_report.pdf"
-
-        result = generate_threatscore_report_job(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"upload": True}
-        mock_generate_report.assert_called_once_with(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            compliance_id="prowler_threatscore_aws",
-            output_path="/tmp/threatscore_path_threatscore_report.pdf",
-            provider_id=self.provider_id,
-            only_failed=True,
-            min_risk_level=4,
-        )
-        mock_upload.assert_called_once_with(
-            self.tenant_id,
-            self.scan_id,
-            "/tmp/threatscore_path_threatscore_report.pdf",
-            "threatscore/threatscore_path_threatscore_report.pdf",
-        )
-        mock_rmtree.assert_called_once_with(
-            Path("/tmp/threatscore_path_threatscore_report.pdf").parent,
-            ignore_errors=True,
-        )
-
-    def test_generate_threatscore_report_fails_upload(self):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report"),
-            patch("tasks.jobs.report._upload_to_s3", return_value=None),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            # Mock provider
-            mock_provider = MagicMock()
-            mock_provider.uid = "aws-provider-uid"
-            mock_provider.provider = "aws"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            result = generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            assert result == {"upload": False}
-
-    def test_generate_threatscore_report_logs_rmtree_exception(self, caplog):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report"),
-            patch(
-                "tasks.jobs.report._upload_to_s3", return_value="s3://bucket/report.pdf"
-            ),
-            patch(
-                "tasks.jobs.report.rmtree", side_effect=Exception("Test deletion error")
-            ),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            # Mock provider
-            mock_provider = MagicMock()
-            mock_provider.uid = "aws-provider-uid"
-            mock_provider.provider = "aws"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            with caplog.at_level("ERROR"):
-                generate_threatscore_report_job(
-                    tenant_id=self.tenant_id,
-                    scan_id=self.scan_id,
-                    provider_id=self.provider_id,
-                )
-                assert "Error deleting output files" in caplog.text
-
-    def test_generate_threatscore_report_azure_provider(self):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report") as mock_generate,
-            patch(
-                "tasks.jobs.report._upload_to_s3", return_value="s3://bucket/report.pdf"
-            ),
-            patch("tasks.jobs.report.rmtree"),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            mock_provider = MagicMock()
-            mock_provider.uid = "azure-provider-uid"
-            mock_provider.provider = "azure"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            mock_generate.assert_called_once_with(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                compliance_id="prowler_threatscore_azure",
-                output_path="/tmp/threatscore_path_threatscore_report.pdf",
-                provider_id=self.provider_id,
-                only_failed=True,
-                min_risk_level=4,
-            )
-
-
-@pytest.mark.django_db
-class TestAggregateRequirementStatistics:
-    """Test suite for _aggregate_requirement_statistics_from_database function."""
-
-    def test_aggregates_findings_correctly(self, tenants_fixture, scans_fixture):
-        """Verify correct pass/total counts per check are aggregated from database."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create findings with different check_ids and statuses
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-1",
-            check_id="check_1",
-            status=StatusChoices.PASS,
-            severity=Severity.high,
-            impact=Severity.high,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-2",
-            check_id="check_1",
-            status=StatusChoices.FAIL,
-            severity=Severity.high,
-            impact=Severity.high,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-3",
-            check_id="check_2",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {
-            "check_1": {"passed": 1, "total": 2},
-            "check_2": {"passed": 1, "total": 1},
-        }
-
-    def test_handles_empty_scan(self, tenants_fixture, scans_fixture):
-        """Return empty dict when no findings exist for the scan."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {}
-
-    def test_multiple_findings_same_check(self, tenants_fixture, scans_fixture):
-        """Aggregate multiple findings for same check_id correctly."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create 5 findings for same check, 3 passed
-        for i in range(3):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-pass-{i}",
-                check_id="check_same",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        for i in range(2):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-fail-{i}",
-                check_id="check_same",
-                status=StatusChoices.FAIL,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {"check_same": {"passed": 3, "total": 5}}
-
-    def test_only_failed_findings(self, tenants_fixture, scans_fixture):
-        """Correctly count when all findings are FAIL status."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail-1",
-            check_id="check_fail",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail-2",
-            check_id="check_fail",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {"check_fail": {"passed": 0, "total": 2}}
-
-    def test_mixed_statuses(self, tenants_fixture, scans_fixture):
-        """Test with PASS, FAIL, and MANUAL statuses mixed."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-pass",
-            check_id="check_mixed",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail",
-            check_id="check_mixed",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-manual",
-            check_id="check_mixed",
-            status=StatusChoices.MANUAL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        # Only PASS status is counted as passed
-        assert result == {"check_mixed": {"passed": 1, "total": 3}}
-
-
-@pytest.mark.django_db
-class TestLoadFindingsForChecks:
-    """Test suite for _load_findings_for_requirement_checks function."""
-
-    def test_loads_only_requested_checks(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Verify only findings for specified check_ids are loaded."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        providers_fixture[0]
-
-        # Create findings with different check_ids
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-1",
-            check_id="check_requested",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-2",
-            check_id="check_not_requested",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_requested"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_requested"], mock_provider
-            )
-
-            # Only one finding should be loaded
-            assert "check_requested" in result
-            assert "check_not_requested" not in result
-            assert len(result["check_requested"]) == 1
-            assert mock_transform.call_count == 1
-
-    def test_empty_check_ids_returns_empty(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Return empty dict when check_ids list is empty."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        mock_provider = MagicMock()
-
-        result = _load_findings_for_requirement_checks(
-            str(tenant.id), str(scan.id), [], mock_provider
-        )
-
-        assert result == {}
-
-    def test_groups_by_check_id(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Multiple findings for same check are grouped correctly."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create multiple findings for same check
-        for i in range(3):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-{i}",
-                check_id="check_group",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_group"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_group"], mock_provider
-            )
-
-            assert len(result["check_group"]) == 3
-
-    def test_transforms_to_finding_output(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Findings are transformed using FindingOutput.transform_api_finding."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-transform",
-            check_id="check_transform",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_transform"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_transform"], mock_provider
-            )
-
-            # Verify transform was called
-            mock_transform.assert_called_once()
-            # Verify the transformed output is in the result
-            assert result["check_transform"][0] == mock_finding_output
-
-    def test_batched_iteration(self, tenants_fixture, scans_fixture, providers_fixture):
-        """Works correctly with multiple batches of findings."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create enough findings to ensure batching (assuming batch size > 1)
-        for i in range(10):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-batch-{i}",
-                check_id="check_batch",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_batch"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_batch"], mock_provider
-            )
-
-            # All 10 findings should be loaded regardless of batching
-            assert len(result["check_batch"]) == 10
-            assert mock_transform.call_count == 10
-
-
-@pytest.mark.django_db
-class TestCalculateRequirementsData:
-    """Test suite for _calculate_requirements_data_from_statistics function."""
-
-    def test_requirement_status_all_pass(self):
-        """Status is PASS when all findings for requirement checks pass."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_1"
-        mock_requirement.Description = "Test requirement"
-        mock_requirement.Checks = ["check_1", "check_2"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_1": {"passed": 5, "total": 5},
-            "check_2": {"passed": 3, "total": 3},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.PASS
-        assert requirements_list[0]["attributes"]["passed_findings"] == 8
-        assert requirements_list[0]["attributes"]["total_findings"] == 8
-
-    def test_requirement_status_some_fail(self):
-        """Status is FAIL when some findings fail."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_2"
-        mock_requirement.Description = "Test requirement with failures"
-        mock_requirement.Checks = ["check_3"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_3": {"passed": 2, "total": 5},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.FAIL
-        assert requirements_list[0]["attributes"]["passed_findings"] == 2
-        assert requirements_list[0]["attributes"]["total_findings"] == 5
-
-    def test_requirement_status_no_findings(self):
-        """Status is MANUAL when no findings exist for requirement."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_3"
-        mock_requirement.Description = "Manual requirement"
-        mock_requirement.Checks = ["check_nonexistent"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {}
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.MANUAL
-        assert requirements_list[0]["attributes"]["passed_findings"] == 0
-        assert requirements_list[0]["attributes"]["total_findings"] == 0
-
-    def test_aggregates_multiple_checks(self):
-        """Correctly sum stats across multiple checks in requirement."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_4"
-        mock_requirement.Description = "Multi-check requirement"
-        mock_requirement.Checks = ["check_a", "check_b", "check_c"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_a": {"passed": 10, "total": 15},
-            "check_b": {"passed": 5, "total": 10},
-            "check_c": {"passed": 0, "total": 5},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        # 10 + 5 + 0 = 15 passed
-        assert requirements_list[0]["attributes"]["passed_findings"] == 15
-        # 15 + 10 + 5 = 30 total
-        assert requirements_list[0]["attributes"]["total_findings"] == 30
-        # Not all passed, so should be FAIL
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.FAIL
-
-    def test_returns_correct_structure(self):
-        """Verify tuple structure and dict keys are correct."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_attribute = MagicMock()
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_5"
-        mock_requirement.Description = "Structure test"
-        mock_requirement.Checks = ["check_struct"]
-        mock_requirement.Attributes = [mock_attribute]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {"check_struct": {"passed": 1, "total": 1}}
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        # Verify attributes_by_id structure
-        assert "req_5" in attributes_by_id
-        assert "attributes" in attributes_by_id["req_5"]
-        assert "description" in attributes_by_id["req_5"]
-        assert "req_attributes" in attributes_by_id["req_5"]["attributes"]
-        assert "checks" in attributes_by_id["req_5"]["attributes"]
-
-        # Verify requirements_list structure
-        assert len(requirements_list) == 1
-        req = requirements_list[0]
-        assert "id" in req
-        assert "attributes" in req
-        assert "framework" in req["attributes"]
-        assert "version" in req["attributes"]
-        assert "status" in req["attributes"]
-        assert "description" in req["attributes"]
-        assert "passed_findings" in req["attributes"]
-        assert "total_findings" in req["attributes"]
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReportFunction:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-        self.compliance_id = "prowler_threatscore_aws"
-        self.output_path = "/tmp/test_threatscore_report.pdf"
-
-    @patch("tasks.jobs.report.initialize_prowler_provider")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.Compliance.get_bulk")
-    @patch("tasks.jobs.report._aggregate_requirement_statistics_from_database")
-    @patch("tasks.jobs.report._calculate_requirements_data_from_statistics")
-    @patch("tasks.jobs.report._load_findings_for_requirement_checks")
-    @patch("tasks.jobs.report.SimpleDocTemplate")
-    @patch("tasks.jobs.report.Image")
-    @patch("tasks.jobs.report.Spacer")
-    @patch("tasks.jobs.report.Paragraph")
-    @patch("tasks.jobs.report.PageBreak")
-    @patch("tasks.jobs.report.Table")
-    @patch("tasks.jobs.report.TableStyle")
-    @patch("tasks.jobs.report.plt.subplots")
-    @patch("tasks.jobs.report.plt.savefig")
-    @patch("tasks.jobs.report.io.BytesIO")
-    def test_generate_threatscore_report_success(
-        self,
-        mock_bytesio,
-        mock_savefig,
-        mock_subplots,
-        mock_table_style,
-        mock_table,
-        mock_page_break,
-        mock_paragraph,
-        mock_spacer,
-        mock_image,
-        mock_doc_template,
-        mock_load_findings,
-        mock_calculate_requirements,
-        mock_aggregate_statistics,
-        mock_compliance_get_bulk,
-        mock_provider_get,
-        mock_initialize_provider,
-    ):
-        """Test the updated generate_threatscore_report using new memory-efficient architecture."""
-        mock_provider = MagicMock()
-        mock_provider.provider = "aws"
-        mock_provider_get.return_value = mock_provider
-
-        prowler_provider = MagicMock()
-        mock_initialize_provider.return_value = prowler_provider
-
-        # Mock compliance object with requirements
-        mock_compliance_obj = MagicMock()
-        mock_compliance_obj.Framework = "ProwlerThreatScore"
-        mock_compliance_obj.Version = "1.0"
-        mock_compliance_obj.Description = "Test Description"
-
-        # Configure requirement with properly set numeric attributes for chart generation
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_1"
-        mock_requirement.Description = "Test requirement"
-        mock_requirement.Checks = ["check_1"]
-
-        # Create a properly configured attribute mock with numeric values
-        mock_requirement_attr = MagicMock()
-        mock_requirement_attr.Section = "1. IAM"
-        mock_requirement_attr.SubSection = "1.1 Identity"
-        mock_requirement_attr.Title = "Test Requirement Title"
-        mock_requirement_attr.LevelOfRisk = 3
-        mock_requirement_attr.Weight = 100
-        mock_requirement_attr.AttributeDescription = "Test requirement description"
-        mock_requirement_attr.AdditionalInformation = "Additional test information"
-
-        mock_requirement.Attributes = [mock_requirement_attr]
-        mock_compliance_obj.Requirements = [mock_requirement]
-
-        mock_compliance_get_bulk.return_value = {
-            self.compliance_id: mock_compliance_obj
-        }
-
-        # Mock the aggregated statistics from database
-        mock_aggregate_statistics.return_value = {"check_1": {"passed": 5, "total": 10}}
-
-        # Mock the calculated requirements data with properly configured attributes
-        mock_attributes_by_id = {
-            "req_1": {
-                "attributes": {
-                    "req_attributes": [mock_requirement_attr],
-                    "checks": ["check_1"],
-                },
-                "description": "Test requirement",
-            }
-        }
-        mock_requirements_list = [
-            {
-                "id": "req_1",
-                "attributes": {
-                    "framework": "ProwlerThreatScore",
-                    "version": "1.0",
-                    "status": StatusChoices.FAIL,
-                    "description": "Test requirement",
-                    "passed_findings": 5,
-                    "total_findings": 10,
-                },
-            }
-        ]
-        mock_calculate_requirements.return_value = (
-            mock_attributes_by_id,
-            mock_requirements_list,
-        )
-
-        # Mock the on-demand loaded findings
-        mock_finding_output = MagicMock()
-        mock_finding_output.check_id = "check_1"
-        mock_finding_output.status = "FAIL"
-        mock_finding_output.metadata = MagicMock()
-        mock_finding_output.metadata.CheckTitle = "Test Check"
-        mock_finding_output.metadata.Severity = "HIGH"
-        mock_finding_output.resource_name = "test-resource"
-        mock_finding_output.region = "us-east-1"
-
-        mock_load_findings.return_value = {"check_1": [mock_finding_output]}
-
-        # Mock PDF generation components
-        mock_doc = MagicMock()
-        mock_doc_template.return_value = mock_doc
-
-        mock_fig, mock_ax = MagicMock(), MagicMock()
-        mock_subplots.return_value = (mock_fig, mock_ax)
-        mock_buffer = MagicMock()
-        mock_bytesio.return_value = mock_buffer
-
-        mock_image.return_value = MagicMock()
-        mock_spacer.return_value = MagicMock()
-        mock_paragraph.return_value = MagicMock()
-        mock_page_break.return_value = MagicMock()
-        mock_table.return_value = MagicMock()
-        mock_table_style.return_value = MagicMock()
-
-        # Execute the function
-        generate_threatscore_report(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            compliance_id=self.compliance_id,
-            output_path=self.output_path,
-            provider_id=self.provider_id,
-            only_failed=True,
-            min_risk_level=4,
-        )
-
-        # Verify the new workflow was followed
-        mock_provider_get.assert_called_once_with(id=self.provider_id)
-        mock_initialize_provider.assert_called_once_with(mock_provider)
-        mock_compliance_get_bulk.assert_called_once_with("aws")
-
-        # Verify the new functions were called in correct order with correct parameters
-        mock_aggregate_statistics.assert_called_once_with(self.tenant_id, self.scan_id)
-        mock_calculate_requirements.assert_called_once_with(
-            mock_compliance_obj, {"check_1": {"passed": 5, "total": 10}}
-        )
-        mock_load_findings.assert_called_once_with(
-            self.tenant_id, self.scan_id, ["check_1"], prowler_provider
-        )
-
-        # Verify PDF was built
-        mock_doc_template.assert_called_once()
-        mock_doc.build.assert_called_once()
-
-    @patch("tasks.jobs.report.initialize_prowler_provider")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.Compliance.get_bulk")
-    @patch("tasks.jobs.report.Finding.all_objects.filter")
-    def test_generate_threatscore_report_exception_handling(
-        self,
-        mock_finding_filter,
-        mock_compliance_get_bulk,
-        mock_provider_get,
-        mock_initialize_provider,
-    ):
-        mock_provider_get.side_effect = Exception("Provider not found")
-
-        with pytest.raises(Exception, match="Provider not found"):
-            generate_threatscore_report(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                compliance_id=self.compliance_id,
-                output_path=self.output_path,
-                provider_id=self.provider_id,
-                only_failed=True,
-                min_risk_level=4,
-            )
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReportTask:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-
-    @patch("tasks.tasks.generate_threatscore_report_job")
-    def test_generate_threatscore_report_task_calls_job(self, mock_generate_job):
-        mock_generate_job.return_value = {"upload": True}
-
-        result = generate_threatscore_report_task(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"upload": True}
-        mock_generate_job.assert_called_once_with(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-    @patch("tasks.tasks.generate_threatscore_report_job")
-    def test_generate_threatscore_report_task_handles_job_exception(
-        self, mock_generate_job
-    ):
-        mock_generate_job.side_effect = Exception("Job failed")
-
-        with pytest.raises(Exception, match="Job failed"):
-            generate_threatscore_report_task(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andoni A.	481a2defc9	poc: examples API token notebooks in DEV	2025-10-22 15:21:53 +02:00
Andoni A.	6716c4ae73	Merge branch 'master' into demo-api-key	2025-10-22 11:13:41 +02:00
Andoni A.	0585247890	poc: examples API token notebooks	2025-10-21 18:07:33 +02:00