chore(ci): remove legacy E2E workflow superseded by optimized v2

- Replace router.refresh() with client-side polling via onRefresh callback
- Add prefetch={false} to TableLink to prevent Next.js prefetching findings/compliance routes
- Create ScansTableWithPolling component that only fetches scan data during polling
- Remove separate getScansByState call, derive executing state from getScans response

.github/workflows/api-security.yml

@@ -1,14 +1,14 @@
-name: "API: Security"
+name: 'API: Security'
 
 on:
   push:
     branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
   pull_request:
     branches:
-      - "master"
-      - "v5.*"
+      - 'master'
+      - 'v5.*'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -26,7 +26,7 @@ jobs:
     strategy:
       matrix:
         python-version:
-          - "3.12"
+          - '3.12'
     defaults:
       run:
         working-directory: ./api

.github/workflows/labeler.yml

@@ -51,16 +51,18 @@ jobs:
             "amitsharm"
             "andoniaf"
             "cesararroba"
+            "Chan9390"
             "danibarranqueroo"
             "HugoPBrito"
             "jfagoagas"
-            "josema-xyz"
+            "josemazo"
             "lydiavilchez"
             "mmuller88"
-            # "MrCloudSec"
+            "MrCloudSec"
             "pedrooot"
             "prowler-bot"
             "puchy22"
+            "rakan-pro"
             "RosaRivasProwler"
             "StylusFrost"
             "toniblyx"

.github/workflows/sdk-refresh-oci-regions.yml

@@ -1,93 +0,0 @@
-name: 'SDK: Refresh OCI Regions'
-
-on:
-  schedule:
-    - cron: '0 9 * * 1' # Every Monday at 09:00 UTC
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
-
-env:
-  PYTHON_VERSION: '3.12'
-
-jobs:
-  refresh-oci-regions:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      pull-requests: write
-      contents: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          ref: 'master'
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'pip'
-
-      - name: Install dependencies
-        run: pip install oci
-
-      - name: Update OCI regions
-        env:
-          OCI_CLI_USER: ${{ secrets.E2E_OCI_USER_ID }}
-          OCI_CLI_FINGERPRINT: ${{ secrets.E2E_OCI_FINGERPRINT }}
-          OCI_CLI_TENANCY: ${{ secrets.E2E_OCI_TENANCY_ID }}
-          OCI_CLI_KEY_CONTENT: ${{ secrets.E2E_OCI_KEY_CONTENT }}
-          OCI_CLI_REGION: ${{ secrets.E2E_OCI_REGION }}
-        run: python util/update_oci_regions.py
-
-      - name: Create pull request
-        id: create-pr
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
-          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
-          commit-message: 'feat(oraclecloud): update commercial regions'
-          branch: 'oci-regions-update-${{ github.run_number }}'
-          title: 'feat(oraclecloud): Update commercial regions'
-          labels: |
-            status/waiting-for-revision
-            no-changelog
-          body: |
-            ### Description
-
-            Automated update of OCI commercial regions from the official Oracle Cloud Infrastructure Identity service.
-
-            **Trigger:** ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || github.event_name == 'workflow_dispatch' && 'Manual' || 'Workflow update' }}
-            **Run:** [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
-
-            ### Changes
-
-            This PR updates the `OCI_COMMERCIAL_REGIONS` dictionary in `prowler/providers/oraclecloud/config.py` with the latest regions fetched from the OCI Identity API (`list_regions()`).
-
-            - Government regions (`OCI_GOVERNMENT_REGIONS`) are preserved unchanged
-            - Region display names are mapped from Oracle's official documentation
-
-            ### Checklist
-
-            - [x] This is an automated update from OCI official sources
-            - [x] Government regions (us-langley-1, us-luke-1) preserved
-            - [x] No manual review of region data required
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: PR creation result
-        run: |
-          if [[ "${{ steps.create-pr.outputs.pull-request-number }}" ]]; then
-            echo "✓ Pull request #${{ steps.create-pr.outputs.pull-request-number }} created successfully"
-            echo "URL: ${{ steps.create-pr.outputs.pull-request-url }}"
-          else
-            echo "✓ No changes detected - OCI regions are up to date"
-          fi

.github/workflows/ui-e2e-tests-v2.yml

@@ -65,10 +65,6 @@ jobs:
       E2E_OCI_KEY_CONTENT: ${{ secrets.E2E_OCI_KEY_CONTENT }}
       E2E_OCI_REGION: ${{ secrets.E2E_OCI_REGION }}
       E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }}
-      E2E_ALIBABACLOUD_ACCOUNT_ID: ${{ secrets.E2E_ALIBABACLOUD_ACCOUNT_ID }}
-      E2E_ALIBABACLOUD_ACCESS_KEY_ID: ${{ secrets.E2E_ALIBABACLOUD_ACCESS_KEY_ID }}
-      E2E_ALIBABACLOUD_ACCESS_KEY_SECRET: ${{ secrets.E2E_ALIBABACLOUD_ACCESS_KEY_SECRET }}
-      E2E_ALIBABACLOUD_ROLE_ARN: ${{ secrets.E2E_ALIBABACLOUD_ROLE_ARN }}
       # Pass E2E paths from impact analysis
       E2E_TEST_PATHS: ${{ needs.impact-analysis.outputs.ui-e2e }}
       RUN_ALL_TESTS: ${{ needs.impact-analysis.outputs.run-all }}

.github/workflows/ui-tests.yml

@@ -44,35 +44,6 @@ jobs:
             ui/README.md
             ui/AGENTS.md
 
-      - name: Get changed source files for targeted tests
-        id: changed-source
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
-        with:
-          files: |
-            ui/**/*.ts
-            ui/**/*.tsx
-          files_ignore: |
-            ui/**/*.test.ts
-            ui/**/*.test.tsx
-            ui/**/*.spec.ts
-            ui/**/*.spec.tsx
-            ui/vitest.config.ts
-            ui/vitest.setup.ts
-
-      - name: Check for critical path changes (run all tests)
-        id: critical-changes
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
-        with:
-          files: |
-            ui/lib/**
-            ui/types/**
-            ui/config/**
-            ui/middleware.ts
-            ui/vitest.config.ts
-            ui/vitest.setup.ts
-
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         if: steps.check-changes.outputs.any_changed == 'true'
         uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
@@ -112,27 +83,6 @@ jobs:
         if: steps.check-changes.outputs.any_changed == 'true'
         run: pnpm run healthcheck
 
-      - name: Run unit tests (all - critical paths changed)
-        if: steps.check-changes.outputs.any_changed == 'true' && steps.critical-changes.outputs.any_changed == 'true'
-        run: |
-          echo "Critical paths changed - running ALL unit tests"
-          pnpm run test:run
-
-      - name: Run unit tests (related to changes only)
-        if: steps.check-changes.outputs.any_changed == 'true' && steps.critical-changes.outputs.any_changed != 'true' && steps.changed-source.outputs.all_changed_files != ''
-        run: |
-          echo "Running tests related to changed files:"
-          echo "${{ steps.changed-source.outputs.all_changed_files }}"
-          # Convert space-separated to vitest related format (remove ui/ prefix for relative paths)
-          CHANGED_FILES=$(echo "${{ steps.changed-source.outputs.all_changed_files }}" | tr ' ' '\n' | sed 's|^ui/||' | tr '\n' ' ')
-          pnpm exec vitest related $CHANGED_FILES --run
-
-      - name: Run unit tests (test files only changed)
-        if: steps.check-changes.outputs.any_changed == 'true' && steps.critical-changes.outputs.any_changed != 'true' && steps.changed-source.outputs.all_changed_files == ''
-        run: |
-          echo "Only test files changed - running ALL unit tests"
-          pnpm run test:run
-
       - name: Build application
         if: steps.check-changes.outputs.any_changed == 'true'
         run: pnpm run build

.pre-commit-config.yaml

@@ -85,6 +85,7 @@ repos:
         args: ["--directory=./"]
         pass_filenames: false
 
+
   - repo: https://github.com/hadolint/hadolint
     rev: v2.13.0-beta
     hooks:

AGENTS.md

@@ -24,8 +24,6 @@ Use these skills for detailed patterns on-demand:
 | `zod-4` | New API (z.email(), z.uuid()) | [SKILL.md](skills/zod-4/SKILL.md) |
 | `zustand-5` | Persist, selectors, slices | [SKILL.md](skills/zustand-5/SKILL.md) |
 | `ai-sdk-5` | UIMessage, streaming, LangChain | [SKILL.md](skills/ai-sdk-5/SKILL.md) |
-| `vitest` | Unit testing, React Testing Library | [SKILL.md](skills/vitest/SKILL.md) |
-| `tdd` | Test-Driven Development workflow | [SKILL.md](skills/tdd/SKILL.md) |
 
 ### Prowler-Specific Skills
 | Skill | Description | URL |
@@ -46,7 +44,6 @@ Use these skills for detailed patterns on-demand:
 | `prowler-commit` | Professional commits (conventional-commits) | [SKILL.md](skills/prowler-commit/SKILL.md) |
 | `prowler-pr` | Pull request conventions | [SKILL.md](skills/prowler-pr/SKILL.md) |
 | `prowler-docs` | Documentation style guide | [SKILL.md](skills/prowler-docs/SKILL.md) |
-| `prowler-attack-paths-query` | Create Attack Paths openCypher queries | [SKILL.md](skills/prowler-attack-paths-query/SKILL.md) |
 | `skill-creator` | Create new AI agent skills | [SKILL.md](skills/skill-creator/SKILL.md) |
 
 ### Auto-invoke Skills
@@ -58,7 +55,6 @@ When performing these actions, ALWAYS invoke the corresponding skill FIRST:
 | Add changelog entry for a PR or feature | `prowler-changelog` |
 | Adding DRF pagination or permissions | `django-drf` |
 | Adding new providers | `prowler-provider` |
-| Adding privilege escalation detection queries | `prowler-attack-paths-query` |
 | Adding services to existing providers | `prowler-provider` |
 | After creating/modifying a skill | `skill-sync` |
 | App Router / Server Actions | `nextjs-15` |
@@ -67,7 +63,6 @@ When performing these actions, ALWAYS invoke the corresponding skill FIRST:
 | Create PR that requires changelog entry | `prowler-changelog` |
 | Create a PR with gh pr create | `prowler-pr` |
 | Creating API endpoints | `jsonapi` |
-| Creating Attack Paths queries | `prowler-attack-paths-query` |
 | Creating ViewSets, serializers, or filters in api/ | `django-drf` |
 | Creating Zod schemas | `zod-4` |
 | Creating a git commit | `prowler-commit` |
@@ -78,38 +73,29 @@ When performing these actions, ALWAYS invoke the corresponding skill FIRST:
 | Creating/updating compliance frameworks | `prowler-compliance` |
 | Debug why a GitHub Actions job is failing | `prowler-ci` |
 | Fill .github/pull_request_template.md (Context/Description/Steps to review/Checklist) | `prowler-pr` |
-| Fixing bug | `tdd` |
 | General Prowler development questions | `prowler` |
 | Implementing JSON:API endpoints | `django-drf` |
-| Implementing feature | `tdd` |
 | Inspect PR CI checks and gates (.github/workflows/*) | `prowler-ci` |
 | Inspect PR CI workflows (.github/workflows/*): conventional-commit, pr-check-changelog, pr-conflict-checker, labeler | `prowler-pr` |
 | Mapping checks to compliance controls | `prowler-compliance` |
 | Mocking AWS with moto in tests | `prowler-test-sdk` |
 | Modifying API responses | `jsonapi` |
-| Modifying component | `tdd` |
-| Refactoring code | `tdd` |
 | Regenerate AGENTS.md Auto-invoke tables (sync.sh) | `skill-sync` |
 | Review PR requirements: template, title conventions, changelog gate | `prowler-pr` |
 | Review changelog format and conventions | `prowler-changelog` |
 | Reviewing JSON:API compliance | `jsonapi` |
 | Reviewing compliance framework PRs | `prowler-compliance-review` |
 | Testing RLS tenant isolation | `prowler-test-api` |
-| Testing hooks or utilities | `vitest` |
 | Troubleshoot why a skill is missing from AGENTS.md auto-invoke | `skill-sync` |
 | Understand CODEOWNERS/labeler-based automation | `prowler-ci` |
 | Understand PR title conventional-commit validation | `prowler-ci` |
 | Understand changelog gate and no-changelog label behavior | `prowler-ci` |
 | Understand review ownership with CODEOWNERS | `prowler-pr` |
 | Update CHANGELOG.md in any component | `prowler-changelog` |
-| Updating README.md provider statistics table | `prowler-readme-table` |
-| Updating checks, services, compliance, or categories count in README.md | `prowler-readme-table` |
-| Updating existing Attack Paths queries | `prowler-attack-paths-query` |
 | Updating existing checks and metadata | `prowler-sdk-check` |
 | Using Zustand stores | `zustand-5` |
 | Working on MCP server tools | `prowler-mcp` |
 | Working on Prowler UI structure (actions/adapters/types/hooks) | `prowler-ui` |
-| Working on task | `tdd` |
 | Working with Prowler UI test helpers/pages | `prowler-test-ui` |
 | Working with Tailwind classes | `tailwind-4` |
 | Writing Playwright E2E tests | `playwright` |
@@ -117,12 +103,9 @@ When performing these actions, ALWAYS invoke the corresponding skill FIRST:
 | Writing Prowler SDK tests | `prowler-test-sdk` |
 | Writing Prowler UI E2E tests | `prowler-test-ui` |
 | Writing Python tests with pytest | `pytest` |
-| Writing React component tests | `vitest` |
 | Writing React components | `react-19` |
 | Writing TypeScript types/interfaces | `typescript` |
-| Writing Vitest tests | `vitest` |
 | Writing documentation | `prowler-docs` |
-| Writing unit tests for UI | `vitest` |
 
 ---
 

README.md

@@ -104,19 +104,18 @@ Every AWS provider scan will enqueue an Attack Paths ingestion job automatically
 
 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface |
 |---|---|---|---|---|---|---|
-| AWS | 572 | 83 | 41 | 17 | Official | UI, API, CLI |
-| Azure | 165 | 20 | 18 | 13 | Official | UI, API, CLI |
-| GCP | 100 | 13 | 15 | 11 | Official | UI, API, CLI |
-| Kubernetes | 83 | 7 | 7 | 9 | Official | UI, API, CLI |
-| GitHub | 21 | 2 | 1 | 2 | Official | UI, API, CLI |
-| M365 | 75 | 7 | 4 | 4 | Official | UI, API, CLI |
-| OCI | 51 | 13 | 3 | 12 | Official | UI, API, CLI |
-| Alibaba Cloud | 61 | 9 | 3 | 9 | Official | UI, API, CLI |
-| Cloudflare | 29 | 2 | 0 | 5 | Official | CLI, API |
+| AWS | 584 | 84 | 40 | 17 | Official | UI, API, CLI |
+| Azure | 169 | 22 | 16 | 12 | Official | UI, API, CLI |
+| GCP | 100 | 17 | 14 | 7 | Official | UI, API, CLI |
+| Kubernetes | 84 | 7 | 7 | 9 | Official | UI, API, CLI |
+| GitHub | 20 | 2 | 1 | 2 | Official | UI, API, CLI |
+| M365 | 71 | 7 | 4 | 3 | Official | UI, API, CLI |
+| OCI | 52 | 14 | 1 | 12 | Official | UI, API, CLI |
+| Alibaba Cloud | 64 | 9 | 2 | 9 | Official | UI, API, CLI |
+| Cloudflare | 23 | 2 | 0 | 5 | Official | CLI |
 | IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI |
 | MongoDB Atlas | 10 | 3 | 0 | 3 | Official | UI, API, CLI |
 | LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI |
-| OpenStack | 1 | 1 | 0 | 2 | Official | CLI |
 | NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |
 
 > [!Note]

api/AGENTS.md

@@ -3,7 +3,6 @@
 > **Skills Reference**: For detailed patterns, use these skills:
 > - [`prowler-api`](../skills/prowler-api/SKILL.md) - Models, Serializers, Views, RLS patterns
 > - [`prowler-test-api`](../skills/prowler-test-api/SKILL.md) - Testing patterns (pytest-django)
-> - [`prowler-attack-paths-query`](../skills/prowler-attack-paths-query/SKILL.md) - Attack Paths openCypher queries
 > - [`django-drf`](../skills/django-drf/SKILL.md) - Generic DRF patterns
 > - [`jsonapi`](../skills/jsonapi/SKILL.md) - Strict JSON:API v1.1 spec compliance
 > - [`pytest`](../skills/pytest/SKILL.md) - Generic pytest patterns
@@ -16,26 +15,18 @@ When performing these actions, ALWAYS invoke the corresponding skill FIRST:
 |--------|-------|
 | Add changelog entry for a PR or feature | `prowler-changelog` |
 | Adding DRF pagination or permissions | `django-drf` |
-| Adding privilege escalation detection queries | `prowler-attack-paths-query` |
 | Committing changes | `prowler-commit` |
 | Create PR that requires changelog entry | `prowler-changelog` |
 | Creating API endpoints | `jsonapi` |
-| Creating Attack Paths queries | `prowler-attack-paths-query` |
 | Creating ViewSets, serializers, or filters in api/ | `django-drf` |
 | Creating a git commit | `prowler-commit` |
 | Creating/modifying models, views, serializers | `prowler-api` |
-| Fixing bug | `tdd` |
 | Implementing JSON:API endpoints | `django-drf` |
-| Implementing feature | `tdd` |
 | Modifying API responses | `jsonapi` |
-| Modifying component | `tdd` |
-| Refactoring code | `tdd` |
 | Review changelog format and conventions | `prowler-changelog` |
 | Reviewing JSON:API compliance | `jsonapi` |
 | Testing RLS tenant isolation | `prowler-test-api` |
 | Update CHANGELOG.md in any component | `prowler-changelog` |
-| Updating existing Attack Paths queries | `prowler-attack-paths-query` |
-| Working on task | `tdd` |
 | Writing Prowler API tests | `prowler-test-api` |
 | Writing Python tests with pytest | `pytest` |
 

api/CHANGELOG.md

@@ -2,56 +2,6 @@
 
 All notable changes to the **Prowler API** are documented in this file.
 
-## [1.20.0] (Prowler UNRELEASED)
-
-### 🚀 Added
-
-- OpenStack provider support [(#10003)](https://github.com/prowler-cloud/prowler/pull/10003)
-- PDF report for the CSA CCM compliance framework [(#10088)](https://github.com/prowler-cloud/prowler/pull/10088)
-
-### 🔄 Changed
-
-- Attack Paths: Queries definition now has short description and attribution [(#9983)](https://github.com/prowler-cloud/prowler/pull/9983)
-- Attack Paths: Internet node is created while scan [(#9992)](https://github.com/prowler-cloud/prowler/pull/9992)
-- Attack Paths: Add full paths set from [pathfinding.cloud](https://pathfinding.cloud/) [(#10008)](https://github.com/prowler-cloud/prowler/pull/10008)
-- Support CSA CCM 4.0 for the AWS provider [(#10018)](https://github.com/prowler-cloud/prowler/pull/10018)
-- Support CSA CCM 4.0 for the GCP provider [(#10042)](https://github.com/prowler-cloud/prowler/pull/10042)
-- Support CSA CCM 4.0 for the Azure provider [(#10039)](https://github.com/prowler-cloud/prowler/pull/10039)
-- Support CSA CCM 4.0 for the Oracle Cloud provider [(#10057)](https://github.com/prowler-cloud/prowler/pull/10057)
-- Support CSA CCM 4.0 for the Alibaba Cloud provider [(#10061)](https://github.com/prowler-cloud/prowler/pull/10061)
-- Attack Paths: Mark attack Paths scan as failed when Celery task fails outside job error handling [(#10065)](https://github.com/prowler-cloud/prowler/pull/10065)
-- Attack Paths: Remove legacy per-scan `graph_database` and `is_graph_database_deleted` fields from AttackPathsScan model [(#10077)](https://github.com/prowler-cloud/prowler/pull/10077)
-- Attack Paths: Add `graph_data_ready` field to decouple query availability from scan state [(#10089)](https://github.com/prowler-cloud/prowler/pull/10089)
-- AI agent guidelines with TDD and testing skills references [(#9925)](https://github.com/prowler-cloud/prowler/pull/9925)
-- Attack Paths: Upgrade Cartography from fork 0.126.1 to upstream 0.129.0 and Neo4j driver from 5.x to 6.x [(#10110)](https://github.com/prowler-cloud/prowler/pull/10110)
-
-### 🐞 Fixed
-
-- Attack Paths: Orphaned temporary Neo4j databases are now cleaned up on scan failure and provider deletion [(#10101)](https://github.com/prowler-cloud/prowler/pull/10101)
-
-### 🔐 Security
-
-- Bump `Pillow` to 12.1.1 (CVE-2021-25289) [(#10027)](https://github.com/prowler-cloud/prowler/pull/10027)
-- Remove safety ignore for CVE-2026-21226 (84420), fixed via `azure-core` 1.38.x [(#10110)](https://github.com/prowler-cloud/prowler/pull/10110)
-
----
-
-## [1.19.3] (Prowler UNRELEASED)
-
-### 🐞 Fixed
-
-- GCP provider UID validation regex to allow domain prefixes [(#10078)](https://github.com/prowler-cloud/prowler/pull/10078)
-
----
-
-## [1.19.2] (Prowler v5.18.2)
-
-### 🐞 Fixed
-
-- SAML role mapping now prevents removing the last MANAGE_ACCOUNT user [(#10007)](https://github.com/prowler-cloud/prowler/pull/10007)
-
----
-
 ## [1.19.0] (Prowler v5.18.0)
 
 ### 🚀 Added

api/Dockerfile

@@ -24,13 +24,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     python3-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# Cartography depends on `dockerfile` which has no pre-built arm64 wheel and requires Go to compile
-# hadolint ignore=DL3008
-RUN if [ "$(uname -m)" = "aarch64" ]; then \
-        apt-get update && apt-get install -y --no-install-recommends golang-go \
-        && rm -rf /var/lib/apt/lists/* ; \
-    fi
-
 # Install PowerShell
 RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "x86_64" ]; then \

api/poetry.lock

@@ -985,20 +985,20 @@ files = [
 
 [[package]]
 name = "azure-cli-core"
-version = "2.83.0"
+version = "2.82.0"
 description = "Microsoft Azure Command-Line Tools Core Module"
 optional = false
 python-versions = ">=3.10.0"
 groups = ["main"]
 files = [
-    {file = "azure_cli_core-2.83.0-py3-none-any.whl", hash = "sha256:3136f1434cb6fbd2f5b1d7f82b15cff3d4ba4a638808a86584376a829fd26b8a"},
-    {file = "azure_cli_core-2.83.0.tar.gz", hash = "sha256:ac59ae4307a961891587d746984a3349b7afe9759ed8267e1cdd614aeeeabbf9"},
+    {file = "azure_cli_core-2.82.0-py3-none-any.whl", hash = "sha256:998792de4e4d44f7f048ef46c5a07c8b30cff291e9b141682fd8a2c01421c826"},
+    {file = "azure_cli_core-2.82.0.tar.gz", hash = "sha256:d2de9423d19373665a4cdaae8db3139bcdcbb6cf10bfd417ef4610cb7733f1cd"},
 ]
 
 [package.dependencies]
 argcomplete = ">=3.5.2,<3.6.0"
 azure-cli-telemetry = "==1.1.0.*"
-azure-core = ">=1.38.0,<1.39.0"
+azure-core = ">=1.37.0,<1.38.0"
 azure-mgmt-core = ">=1.2.0,<2"
 cryptography = "*"
 distro = {version = "*", markers = "sys_platform == \"linux\""}
@@ -1007,8 +1007,8 @@ jmespath = "*"
 knack = ">=0.11.0,<0.12.0"
 microsoft-security-utilities-secret-masker = ">=1.0.0b4,<1.1.0"
 msal = [
-    {version = "1.35.0b1", extras = ["broker"], markers = "sys_platform == \"win32\""},
-    {version = "1.35.0b1", markers = "sys_platform != \"win32\""},
+    {version = "1.34.0b1", extras = ["broker"], markers = "sys_platform == \"win32\""},
+    {version = "1.34.0b1", markers = "sys_platform != \"win32\""},
 ]
 msal-extensions = "1.2.0"
 packaging = ">=20.9"
@@ -1049,14 +1049,14 @@ files = [
 
 [[package]]
 name = "azure-core"
-version = "1.38.1"
+version = "1.37.0"
 description = "Microsoft Azure Core Library for Python"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "azure_core-1.38.1-py3-none-any.whl", hash = "sha256:69f08ee3d55136071b7100de5b198994fc1c5f89d2b91f2f43156d20fcf200a4"},
-    {file = "azure_core-1.38.1.tar.gz", hash = "sha256:9317db1d838e39877eb94a2240ce92fa607db68adf821817b723f0d679facbf6"},
+    {file = "azure_core-1.37.0-py3-none-any.whl", hash = "sha256:b3abe2c59e7d6bb18b38c275a5029ff80f98990e7c90a5e646249a56630fcc19"},
+    {file = "azure_core-1.37.0.tar.gz", hash = "sha256:7064f2c11e4b97f340e8e8c6d923b822978be3016e46b7bc4aa4b337cfb48aee"},
 ]
 
 [package.dependencies]
@@ -1822,15 +1822,13 @@ crt = ["awscrt (==0.27.6)"]
 
 [[package]]
 name = "cartography"
-version = "0.129.0"
+version = "0.126.1"
 description = "Explore assets and their relationships across your technical infrastructure."
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
-files = [
-    {file = "cartography-0.129.0-py3-none-any.whl", hash = "sha256:d42c840369be9e4d0ac4d024074e3732416e40bab3d9a3023b6a247918daed4c"},
-    {file = "cartography-0.129.0.tar.gz", hash = "sha256:cb47d603e652554a4cbcc1a868c96014eb02b3d5cc1affea0428b2ed7fa61699"},
-]
+files = []
+develop = false
 
 [package.dependencies]
 adal = ">=1.2.4"
@@ -1852,7 +1850,7 @@ azure-mgmt-keyvault = ">=10.0.0"
 azure-mgmt-logic = ">=10.0.0"
 azure-mgmt-monitor = ">=3.0.0"
 azure-mgmt-network = ">=25.0.0"
-azure-mgmt-resource = ">=10.2.0,<25.0.0"
+azure-mgmt-resource = ">=10.2.0"
 azure-mgmt-security = ">=5.0.0"
 azure-mgmt-sql = ">=3.0.1,<4"
 azure-mgmt-storage = ">=16.0.0"
@@ -1865,7 +1863,6 @@ botocore = ">=1.18.1"
 cloudflare = ">=4.1.0,<5.0.0"
 crowdstrike-falconpy = ">=0.5.1"
 dnspython = ">=1.15.0"
-dockerfile = ">=3.0.0"
 duo-client = "*"
 google-api-python-client = ">=1.7.8"
 google-auth = ">=2.37.0"
@@ -1876,14 +1873,12 @@ kubernetes = ">=22.6.0"
 marshmallow = ">=3.0.0rc7"
 msgraph-sdk = "*"
 msrestazure = ">=0.6.4"
-neo4j = ">=6.0.0"
+neo4j = ">=5.28.2,<6.0.0"
 oci = ">=2.71.0"
 okta = "<1.0.0"
-packageurl-python = "*"
 packaging = "*"
-pagerduty = ">=4.0.1"
+pdpyras = ">=4.3.0"
 policyuniverse = ">=1.1.0.0"
-PyJWT = {version = ">=2.0.0", extras = ["crypto"]}
 python-dateutil = "*"
 python-digitalocean = ">=1.16.0"
 pyyaml = ">=5.3.1"
@@ -1895,6 +1890,12 @@ typer = ">=0.9.0"
 types-aiobotocore-ecr = "*"
 xmltodict = "*"
 
+[package.source]
+type = "git"
+url = "https://github.com/prowler-cloud/cartography"
+reference = "0.126.1"
+resolved_reference = "9e3dd6459bec027461e1fe998c034a0f3fb83e3d"
+
 [[package]]
 name = "celery"
 version = "5.6.2"
@@ -2507,49 +2508,43 @@ dev = ["bandit", "coverage", "flake8", "pydocstyle", "pylint", "pytest", "pytest
 
 [[package]]
 name = "cryptography"
-version = "44.0.3"
+version = "44.0.1"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = "!=3.9.0,!=3.9.1,>=3.7"
 groups = ["main", "dev"]
 files = [
-    {file = "cryptography-44.0.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:962bc30480a08d133e631e8dfd4783ab71cc9e33d5d7c1e192f0b7c06397bb88"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4ffc61e8f3bf5b60346d89cd3d37231019c17a081208dfbbd6e1605ba03fa137"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58968d331425a6f9eedcee087f77fd3c927c88f55368f43ff7e0a19891f2642c"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:e28d62e59a4dbd1d22e747f57d4f00c459af22181f0b2f787ea83f5a876d7c76"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:af653022a0c25ef2e3ffb2c673a50e5a0d02fecc41608f4954176f1933b12359"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:157f1f3b8d941c2bd8f3ffee0af9b049c9665c39d3da9db2dc338feca5e98a43"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:c6cd67722619e4d55fdb42ead64ed8843d64638e9c07f4011163e46bc512cf01"},
-    {file = "cryptography-44.0.3-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:b424563394c369a804ecbee9b06dfb34997f19d00b3518e39f83a5642618397d"},
-    {file = "cryptography-44.0.3-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:c91fc8e8fd78af553f98bc7f2a1d8db977334e4eea302a4bfd75b9461c2d8904"},
-    {file = "cryptography-44.0.3-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:25cd194c39fa5a0aa4169125ee27d1172097857b27109a45fadc59653ec06f44"},
-    {file = "cryptography-44.0.3-cp37-abi3-win32.whl", hash = "sha256:3be3f649d91cb182c3a6bd336de8b61a0a71965bd13d1a04a0e15b39c3d5809d"},
-    {file = "cryptography-44.0.3-cp37-abi3-win_amd64.whl", hash = "sha256:3883076d5c4cc56dbef0b898a74eb6992fdac29a7b9013870b34efe4ddb39a0d"},
-    {file = "cryptography-44.0.3-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:5639c2b16764c6f76eedf722dbad9a0914960d3489c0cc38694ddf9464f1bb2f"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f3ffef566ac88f75967d7abd852ed5f182da252d23fac11b4766da3957766759"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:192ed30fac1728f7587c6f4613c29c584abdc565d7417c13904708db10206645"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:7d5fe7195c27c32a64955740b949070f21cba664604291c298518d2e255931d2"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:3f07943aa4d7dad689e3bb1638ddc4944cc5e0921e3c227486daae0e31a05e54"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:cb90f60e03d563ca2445099edf605c16ed1d5b15182d21831f58460c48bffb93"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:ab0b005721cc0039e885ac3503825661bd9810b15d4f374e473f8c89b7d5460c"},
-    {file = "cryptography-44.0.3-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:3bb0847e6363c037df8f6ede57d88eaf3410ca2267fb12275370a76f85786a6f"},
-    {file = "cryptography-44.0.3-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:b0cc66c74c797e1db750aaa842ad5b8b78e14805a9b5d1348dc603612d3e3ff5"},
-    {file = "cryptography-44.0.3-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6866df152b581f9429020320e5eb9794c8780e90f7ccb021940d7f50ee00ae0b"},
-    {file = "cryptography-44.0.3-cp39-abi3-win32.whl", hash = "sha256:c138abae3a12a94c75c10499f1cbae81294a6f983b3af066390adee73f433028"},
-    {file = "cryptography-44.0.3-cp39-abi3-win_amd64.whl", hash = "sha256:5d186f32e52e66994dce4f766884bcb9c68b8da62d61d9d215bfe5fb56d21334"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:cad399780053fb383dc067475135e41c9fe7d901a97dd5d9c5dfb5611afc0d7d"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:21a83f6f35b9cc656d71b5de8d519f566df01e660ac2578805ab245ffd8523f8"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fc3c9babc1e1faefd62704bb46a69f359a9819eb0292e40df3fb6e3574715cd4"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:e909df4053064a97f1e6565153ff8bb389af12c5c8d29c343308760890560aff"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:dad80b45c22e05b259e33ddd458e9e2ba099c86ccf4e88db7bbab4b747b18d06"},
-    {file = "cryptography-44.0.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:479d92908277bed6e1a1c69b277734a7771c2b78633c224445b5c60a9f4bc1d9"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-macosx_10_9_x86_64.whl", hash = "sha256:896530bc9107b226f265effa7ef3f21270f18a2026bc09fed1ebd7b66ddf6375"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:9b4d4a5dbee05a2c390bf212e78b99434efec37b17a4bff42f50285c5c8c9647"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:02f55fb4f8b79c1221b0961488eaae21015b69b210e18c386b69de182ebb1259"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:dd3db61b8fe5be220eee484a17233287d0be6932d056cf5738225b9c05ef4fff"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:978631ec51a6bbc0b7e58f23b68a8ce9e5f09721940933e9c217068388789fe5"},
-    {file = "cryptography-44.0.3-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:5d20cc348cca3a8aa7312f42ab953a56e15323800ca3ab0706b8cd452a3a056c"},
-    {file = "cryptography-44.0.3.tar.gz", hash = "sha256:fe19d8bc5536a91a24a8133328880a41831b6c5df54599a8417b62fe015d3053"},
+    {file = "cryptography-44.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:bf688f615c29bfe9dfc44312ca470989279f0e94bb9f631f85e3459af8efc009"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dd7c7e2d71d908dc0f8d2027e1604102140d84b155e658c20e8ad1304317691f"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:887143b9ff6bad2b7570da75a7fe8bbf5f65276365ac259a5d2d5147a73775f2"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:322eb03ecc62784536bc173f1483e76747aafeb69c8728df48537eb431cd1911"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:21377472ca4ada2906bc313168c9dc7b1d7ca417b63c1c3011d0c74b7de9ae69"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:df978682c1504fc93b3209de21aeabf2375cb1571d4e61907b3e7a2540e83026"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:eb3889330f2a4a148abead555399ec9a32b13b7c8ba969b72d8e500eb7ef84cd"},
+    {file = "cryptography-44.0.1-cp37-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:8e6a85a93d0642bd774460a86513c5d9d80b5c002ca9693e63f6e540f1815ed0"},
+    {file = "cryptography-44.0.1-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6f76fdd6fd048576a04c5210d53aa04ca34d2ed63336d4abd306d0cbe298fddf"},
+    {file = "cryptography-44.0.1-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6c8acf6f3d1f47acb2248ec3ea261171a671f3d9428e34ad0357148d492c7864"},
+    {file = "cryptography-44.0.1-cp37-abi3-win32.whl", hash = "sha256:24979e9f2040c953a94bf3c6782e67795a4c260734e5264dceea65c8f4bae64a"},
+    {file = "cryptography-44.0.1-cp37-abi3-win_amd64.whl", hash = "sha256:fd0ee90072861e276b0ff08bd627abec29e32a53b2be44e41dbcdf87cbee2b00"},
+    {file = "cryptography-44.0.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:a2d8a7045e1ab9b9f803f0d9531ead85f90c5f2859e653b61497228b18452008"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b8272f257cf1cbd3f2e120f14c68bff2b6bdfcc157fafdee84a1b795efd72862"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1e8d181e90a777b63f3f0caa836844a1182f1f265687fac2115fcf245f5fbec3"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:436df4f203482f41aad60ed1813811ac4ab102765ecae7a2bbb1dbb66dcff5a7"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:4f422e8c6a28cf8b7f883eb790695d6d45b0c385a2583073f3cec434cc705e1a"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:72198e2b5925155497a5a3e8c216c7fb3e64c16ccee11f0e7da272fa93b35c4c"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:2a46a89ad3e6176223b632056f321bc7de36b9f9b93b2cc1cccf935a3849dc62"},
+    {file = "cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:53f23339864b617a3dfc2b0ac8d5c432625c80014c25caac9082314e9de56f41"},
+    {file = "cryptography-44.0.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:888fcc3fce0c888785a4876ca55f9f43787f4c5c1cc1e2e0da71ad481ff82c5b"},
+    {file = "cryptography-44.0.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:00918d859aa4e57db8299607086f793fa7813ae2ff5a4637e318a25ef82730f7"},
+    {file = "cryptography-44.0.1-cp39-abi3-win32.whl", hash = "sha256:9b336599e2cb77b1008cb2ac264b290803ec5e8e89d618a5e978ff5eb6f715d9"},
+    {file = "cryptography-44.0.1-cp39-abi3-win_amd64.whl", hash = "sha256:e403f7f766ded778ecdb790da786b418a9f2394f36e8cc8b796cc056ab05f44f"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:1f9a92144fa0c877117e9748c74501bea842f93d21ee00b0cf922846d9d0b183"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:610a83540765a8d8ce0f351ce42e26e53e1f774a6efb71eb1b41eb01d01c3d12"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:5fed5cd6102bb4eb843e3315d2bf25fede494509bddadb81e03a859c1bc17b83"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:f4daefc971c2d1f82f03097dc6f216744a6cd2ac0f04c68fb935ea2ba2a0d420"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:94f99f2b943b354a5b6307d7e8d19f5c423a794462bde2bf310c770ba052b1c4"},
+    {file = "cryptography-44.0.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d9c5b9f698a83c8bd71e0f4d3f9f839ef244798e5ffe96febfa9714717db7af7"},
+    {file = "cryptography-44.0.1.tar.gz", hash = "sha256:f51f5705ab27898afda1aaa430f34ad90dc117421057782022edf0600bec5f14"},
 ]
 
 [package.dependencies]
@@ -2562,7 +2557,7 @@ nox = ["nox (>=2024.4.15)", "nox[uv] (>=2024.3.2) ; python_version >= \"3.8\""]
 pep8test = ["check-sdist ; python_version >= \"3.8\"", "click (>=8.0.1)", "mypy (>=1.4)", "ruff (>=0.3.6)"]
 sdist = ["build (>=1.0.0)"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==44.0.3)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
@@ -3095,21 +3090,6 @@ docs = ["myst-parser (==0.18.0)", "sphinx (==5.1.1)"]
 ssh = ["paramiko (>=2.4.3)"]
 websockets = ["websocket-client (>=1.3.0)"]
 
-[[package]]
-name = "dockerfile"
-version = "3.4.0"
-description = "Parse a dockerfile into a high-level representation using the official go parser."
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "dockerfile-3.4.0-cp39-abi3-macosx_13_0_x86_64.whl", hash = "sha256:ed33446a76007cbb3f28c247f189cc06db34667d4f59a398a5c44912d7c13f36"},
-    {file = "dockerfile-3.4.0-cp39-abi3-macosx_14_0_arm64.whl", hash = "sha256:a4549d4f038483c25906d4fec56bb6ffe82ae26e0f80a15f2c0fedbb50712053"},
-    {file = "dockerfile-3.4.0-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b95102bd82e6f67c836186b51c13114aa586a20e8cb6441bde24d4070542009d"},
-    {file = "dockerfile-3.4.0-cp39-abi3-win_amd64.whl", hash = "sha256:30202187f1885f99ac839fd41ca8150b2fd0a66fac12db0166361d0c4622e71a"},
-    {file = "dockerfile-3.4.0.tar.gz", hash = "sha256:238bb950985c55a525daef8bbfe994a0230aa0978c419f4caa4d9ce0a37343f1"},
-]
-
 [[package]]
 name = "dogpile-cache"
 version = "1.5.0"
@@ -5455,28 +5435,28 @@ files = [
 
 [[package]]
 name = "msal"
-version = "1.35.0b1"
+version = "1.34.0b1"
 description = "The Microsoft Authentication Library (MSAL) for Python library enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts (MSA) using industry standard OAuth2 and OpenID Connect."
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.7"
 groups = ["main"]
 files = [
-    {file = "msal-1.35.0b1-py3-none-any.whl", hash = "sha256:bf656775c64bbc2103d8255980f5c3c966c7432106795e1fe70ca338a7e43150"},
-    {file = "msal-1.35.0b1.tar.gz", hash = "sha256:fe8143079183a5c952cd9f3ba66a148fe7bae9fb9952bd0e834272bfbeb34508"},
+    {file = "msal-1.34.0b1-py3-none-any.whl", hash = "sha256:3b6373325e3509d97873e36965a75e9cc9393f1b579d12cc03c0ca0ef6d37eb4"},
+    {file = "msal-1.34.0b1.tar.gz", hash = "sha256:86cdbfec14955e803379499d017056c6df4ed40f717fd6addde94bdeb4babd78"},
 ]
 
 [package.dependencies]
-cryptography = ">=2.5,<49"
+cryptography = ">=2.5,<48"
 PyJWT = {version = ">=1.0.0,<3", extras = ["crypto"]}
 pymsalruntime = [
-    {version = ">=0.14,<0.21", optional = true, markers = "python_version >= \"3.8\" and platform_system == \"Windows\" and extra == \"broker\""},
-    {version = ">=0.17,<0.21", optional = true, markers = "python_version >= \"3.8\" and platform_system == \"Darwin\" and extra == \"broker\""},
-    {version = ">=0.18,<0.21", optional = true, markers = "python_version >= \"3.8\" and platform_system == \"Linux\" and extra == \"broker\""},
+    {version = ">=0.14,<0.19", optional = true, markers = "python_version >= \"3.6\" and platform_system == \"Windows\" and extra == \"broker\""},
+    {version = ">=0.17,<0.19", optional = true, markers = "python_version >= \"3.8\" and platform_system == \"Darwin\" and extra == \"broker\""},
+    {version = ">=0.18,<0.19", optional = true, markers = "python_version >= \"3.8\" and platform_system == \"Linux\" and extra == \"broker\""},
 ]
 requests = ">=2.0.0,<3"
 
 [package.extras]
-broker = ["pymsalruntime (>=0.14,<0.21) ; python_version >= \"3.8\" and platform_system == \"Windows\"", "pymsalruntime (>=0.17,<0.21) ; python_version >= \"3.8\" and platform_system == \"Darwin\"", "pymsalruntime (>=0.18,<0.21) ; python_version >= \"3.8\" and platform_system == \"Linux\""]
+broker = ["pymsalruntime (>=0.14,<0.19) ; python_version >= \"3.6\" and platform_system == \"Windows\"", "pymsalruntime (>=0.17,<0.19) ; python_version >= \"3.8\" and platform_system == \"Darwin\"", "pymsalruntime (>=0.18,<0.19) ; python_version >= \"3.8\" and platform_system == \"Linux\""]
 
 [[package]]
 name = "msal-extensions"
@@ -5820,23 +5800,23 @@ sqlframe = ["sqlframe (>=3.22.0,!=3.39.3)"]
 
 [[package]]
 name = "neo4j"
-version = "6.1.0"
+version = "5.28.3"
 description = "Neo4j Bolt driver for Python"
 optional = false
-python-versions = ">=3.10"
+python-versions = ">=3.7"
 groups = ["main"]
 files = [
-    {file = "neo4j-6.1.0-py3-none-any.whl", hash = "sha256:3bd93941f3a3559af197031157220af9fd71f4f93a311db687bd69ffa417b67d"},
-    {file = "neo4j-6.1.0.tar.gz", hash = "sha256:b5dde8c0d8481e7b6ae3733569d990dd3e5befdc5d452f531ad1884ed3500b84"},
+    {file = "neo4j-5.28.3-py3-none-any.whl", hash = "sha256:dbf6d9211b861bc3dd62dccbf8a74d1e33e0c602084dd123b753edf46e1fdfad"},
+    {file = "neo4j-5.28.3.tar.gz", hash = "sha256:0625aaaf0963bc99a7231e946952f579792c3be22687192b20e0b74aa1233a2b"},
 ]
 
 [package.dependencies]
 pytz = "*"
 
 [package.extras]
-numpy = ["numpy (>=1.21.2,<3.0.0)"]
-pandas = ["numpy (>=1.21.2,<3.0.0)", "pandas (>=1.1.0,<3.0.0)"]
-pyarrow = ["pyarrow (>=6.0.0,<23.0.0)"]
+numpy = ["numpy (>=1.7.0,<3.0.0)"]
+pandas = ["numpy (>=1.7.0,<3.0.0)", "pandas (>=1.1.0,<3.0.0)"]
+pyarrow = ["pyarrow (>=1.0.0)"]
 
 [[package]]
 name = "nest-asyncio"
@@ -5850,6 +5830,46 @@ files = [
     {file = "nest_asyncio-1.6.0.tar.gz", hash = "sha256:6f172d5449aca15afd6c646851f4e31e02c598d553a667e38cafa997cfec55fe"},
 ]
 
+[[package]]
+name = "netifaces"
+version = "0.11.0"
+description = "Portable network interface information."
+optional = false
+python-versions = "*"
+groups = ["main"]
+files = [
+    {file = "netifaces-0.11.0-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:eb4813b77d5df99903af4757ce980a98c4d702bbcb81f32a0b305a1537bdf0b1"},
+    {file = "netifaces-0.11.0-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:5f9ca13babe4d845e400921973f6165a4c2f9f3379c7abfc7478160e25d196a4"},
+    {file = "netifaces-0.11.0-cp27-cp27m-win32.whl", hash = "sha256:7dbb71ea26d304e78ccccf6faccef71bb27ea35e259fb883cfd7fd7b4f17ecb1"},
+    {file = "netifaces-0.11.0-cp27-cp27m-win_amd64.whl", hash = "sha256:0f6133ac02521270d9f7c490f0c8c60638ff4aec8338efeff10a1b51506abe85"},
+    {file = "netifaces-0.11.0-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:08e3f102a59f9eaef70948340aeb6c89bd09734e0dca0f3b82720305729f63ea"},
+    {file = "netifaces-0.11.0-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c03fb2d4ef4e393f2e6ffc6376410a22a3544f164b336b3a355226653e5efd89"},
+    {file = "netifaces-0.11.0-cp34-cp34m-win32.whl", hash = "sha256:73ff21559675150d31deea8f1f8d7e9a9a7e4688732a94d71327082f517fc6b4"},
+    {file = "netifaces-0.11.0-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:815eafdf8b8f2e61370afc6add6194bd5a7252ae44c667e96c4c1ecf418811e4"},
+    {file = "netifaces-0.11.0-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:50721858c935a76b83dd0dd1ab472cad0a3ef540a1408057624604002fcfb45b"},
+    {file = "netifaces-0.11.0-cp35-cp35m-win32.whl", hash = "sha256:c9a3a47cd3aaeb71e93e681d9816c56406ed755b9442e981b07e3618fb71d2ac"},
+    {file = "netifaces-0.11.0-cp36-cp36m-macosx_10_15_x86_64.whl", hash = "sha256:aab1dbfdc55086c789f0eb37affccf47b895b98d490738b81f3b2360100426be"},
+    {file = "netifaces-0.11.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c37a1ca83825bc6f54dddf5277e9c65dec2f1b4d0ba44b8fd42bc30c91aa6ea1"},
+    {file = "netifaces-0.11.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:28f4bf3a1361ab3ed93c5ef360c8b7d4a4ae060176a3529e72e5e4ffc4afd8b0"},
+    {file = "netifaces-0.11.0-cp36-cp36m-win32.whl", hash = "sha256:2650beee182fed66617e18474b943e72e52f10a24dc8cac1db36c41ee9c041b7"},
+    {file = "netifaces-0.11.0-cp36-cp36m-win_amd64.whl", hash = "sha256:cb925e1ca024d6f9b4f9b01d83215fd00fe69d095d0255ff3f64bffda74025c8"},
+    {file = "netifaces-0.11.0-cp37-cp37m-macosx_10_15_x86_64.whl", hash = "sha256:84e4d2e6973eccc52778735befc01638498781ce0e39aa2044ccfd2385c03246"},
+    {file = "netifaces-0.11.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:18917fbbdcb2d4f897153c5ddbb56b31fa6dd7c3fa9608b7e3c3a663df8206b5"},
+    {file = "netifaces-0.11.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:48324183af7f1bc44f5f197f3dad54a809ad1ef0c78baee2c88f16a5de02c4c9"},
+    {file = "netifaces-0.11.0-cp37-cp37m-win32.whl", hash = "sha256:8f7da24eab0d4184715d96208b38d373fd15c37b0dafb74756c638bd619ba150"},
+    {file = "netifaces-0.11.0-cp37-cp37m-win_amd64.whl", hash = "sha256:2479bb4bb50968089a7c045f24d120f37026d7e802ec134c4490eae994c729b5"},
+    {file = "netifaces-0.11.0-cp38-cp38-macosx_10_15_x86_64.whl", hash = "sha256:3ecb3f37c31d5d51d2a4d935cfa81c9bc956687c6f5237021b36d6fdc2815b2c"},
+    {file = "netifaces-0.11.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:96c0fe9696398253f93482c84814f0e7290eee0bfec11563bd07d80d701280c3"},
+    {file = "netifaces-0.11.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c92ff9ac7c2282009fe0dcb67ee3cd17978cffbe0c8f4b471c00fe4325c9b4d4"},
+    {file = "netifaces-0.11.0-cp38-cp38-win32.whl", hash = "sha256:d07b01c51b0b6ceb0f09fc48ec58debd99d2c8430b09e56651addeaf5de48048"},
+    {file = "netifaces-0.11.0-cp38-cp38-win_amd64.whl", hash = "sha256:469fc61034f3daf095e02f9f1bbac07927b826c76b745207287bc594884cfd05"},
+    {file = "netifaces-0.11.0-cp39-cp39-macosx_10_15_x86_64.whl", hash = "sha256:5be83986100ed1fdfa78f11ccff9e4757297735ac17391b95e17e74335c2047d"},
+    {file = "netifaces-0.11.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:54ff6624eb95b8a07e79aa8817288659af174e954cca24cdb0daeeddfc03c4ff"},
+    {file = "netifaces-0.11.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:841aa21110a20dc1621e3dd9f922c64ca64dd1eb213c47267a2c324d823f6c8f"},
+    {file = "netifaces-0.11.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e76c7f351e0444721e85f975ae92718e21c1f361bda946d60a214061de1f00a1"},
+    {file = "netifaces-0.11.0.tar.gz", hash = "sha256:043a79146eb2907edf439899f262b3dfe41717d34124298ed281139a8b93ca32"},
+]
+
 [[package]]
 name = "nltk"
 version = "3.9.2"
@@ -6017,14 +6037,14 @@ voice-helpers = ["numpy (>=2.0.2)", "sounddevice (>=0.5.1)"]
 
 [[package]]
 name = "openstacksdk"
-version = "4.2.0"
+version = "4.0.1"
 description = "An SDK for building applications to work with OpenStack"
 optional = false
-python-versions = ">=3.9"
+python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "openstacksdk-4.2.0-py3-none-any.whl", hash = "sha256:238be0fa5d9899872b00787ab38e84f92fd6dc87525fde0965dadcdc12196dc6"},
-    {file = "openstacksdk-4.2.0.tar.gz", hash = "sha256:5cb9450dcce8054a2caf89d8be9e55057ddfa219a954e781032241eb29280445"},
+    {file = "openstacksdk-4.0.1-py3-none-any.whl", hash = "sha256:d63187a006fff7c1de1486c9e2e1073a787af402620c3c0ed0cf5291225998ac"},
+    {file = "openstacksdk-4.0.1.tar.gz", hash = "sha256:19faa1d5e6a78a2c1dc06a171e65e776ba82e9df23e1d08586225dc5ade9fc63"},
 ]
 
 [package.dependencies]
@@ -6035,10 +6055,10 @@ iso8601 = ">=0.1.11"
 jmespath = ">=0.9.0"
 jsonpatch = ">=1.16,<1.20 || >1.20"
 keystoneauth1 = ">=3.18.0"
+netifaces = ">=0.10.4"
 os-service-types = ">=1.7.0"
 pbr = ">=2.0.0,<2.1.0 || >2.1.0"
 platformdirs = ">=3"
-psutil = ">=3.2.2"
 PyYAML = ">=3.13"
 requestsexceptions = ">=1.2.0"
 
@@ -6107,24 +6127,6 @@ files = [
 pbr = ">=2.0.0,<2.1.0 || >2.1.0"
 typing-extensions = ">=4.1.0"
 
-[[package]]
-name = "packageurl-python"
-version = "0.17.6"
-description = "A purl aka. Package URL parser and builder"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "packageurl_python-0.17.6-py3-none-any.whl", hash = "sha256:31a85c2717bc41dd818f3c62908685ff9eebcb68588213745b14a6ee9e7df7c9"},
-    {file = "packageurl_python-0.17.6.tar.gz", hash = "sha256:1252ce3a102372ca6f86eb968e16f9014c4ba511c5c37d95a7f023e2ca6e5c25"},
-]
-
-[package.extras]
-build = ["setuptools", "wheel"]
-lint = ["black", "isort", "mypy"]
-sqlalchemy = ["sqlalchemy (>=2.0.0)"]
-test = ["pytest"]
-
 [[package]]
 name = "packaging"
 version = "26.0"
@@ -6137,21 +6139,6 @@ files = [
     {file = "packaging-26.0.tar.gz", hash = "sha256:00243ae351a257117b6a241061796684b084ed1c516a08c48a3f7e147a9d80b4"},
 ]
 
-[[package]]
-name = "pagerduty"
-version = "6.1.0"
-description = "Clients for PagerDuty's Public APIs"
-optional = false
-python-versions = ">=3.6"
-groups = ["main"]
-files = [
-    {file = "pagerduty-6.1.0-py3-none-any.whl", hash = "sha256:ca4954b917cb8e92f83e6b4e18d0f81fdaa73768edb7ad6e859edcc8f950f4eb"},
-    {file = "pagerduty-6.1.0.tar.gz", hash = "sha256:84dfba74f68142c4a71c88af4858f1eb8671e7bc564bc133ac41c59daa7b54f8"},
-]
-
-[package.dependencies]
-httpx = "*"
-
 [[package]]
 name = "pandas"
 version = "2.2.3"
@@ -6253,105 +6240,121 @@ files = [
 [package.dependencies]
 setuptools = "*"
 
+[[package]]
+name = "pdpyras"
+version = "5.4.1"
+description = "PagerDuty Python REST API Sessions."
+optional = false
+python-versions = ">=3.6"
+groups = ["main"]
+files = [
+    {file = "pdpyras-5.4.1-py2.py3-none-any.whl", hash = "sha256:e16020cf57e4c916ab3dace7c7dffe21a2e7059ab7411ce3ddf1e620c54e9c89"},
+    {file = "pdpyras-5.4.1.tar.gz", hash = "sha256:36021aff5979a79f1d87edc95e0c46e98ce8549292bc0cab3d9f33501795703b"},
+]
+
+[package.dependencies]
+requests = "*"
+urllib3 = "*"
+
 [[package]]
 name = "pillow"
-version = "12.1.1"
+version = "12.1.0"
 description = "Python Imaging Library (fork)"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
 files = [
-    {file = "pillow-12.1.1-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:1f1625b72740fdda5d77b4def688eb8fd6490975d06b909fd19f13f391e077e0"},
-    {file = "pillow-12.1.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:178aa072084bd88ec759052feca8e56cbb14a60b39322b99a049e58090479713"},
-    {file = "pillow-12.1.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:b66e95d05ba806247aaa1561f080abc7975daf715c30780ff92a20e4ec546e1b"},
-    {file = "pillow-12.1.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:89c7e895002bbe49cdc5426150377cbbc04767d7547ed145473f496dfa40408b"},
-    {file = "pillow-12.1.1-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:3a5cbdcddad0af3da87cb16b60d23648bc3b51967eb07223e9fed77a82b457c4"},
-    {file = "pillow-12.1.1-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9f51079765661884a486727f0729d29054242f74b46186026582b4e4769918e4"},
-    {file = "pillow-12.1.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:99c1506ea77c11531d75e3a412832a13a71c7ebc8192ab9e4b2e355555920e3e"},
-    {file = "pillow-12.1.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:36341d06738a9f66c8287cf8b876d24b18db9bd8740fa0672c74e259ad408cff"},
-    {file = "pillow-12.1.1-cp310-cp310-win32.whl", hash = "sha256:6c52f062424c523d6c4db85518774cc3d50f5539dd6eed32b8f6229b26f24d40"},
-    {file = "pillow-12.1.1-cp310-cp310-win_amd64.whl", hash = "sha256:c6008de247150668a705a6338156efb92334113421ceecf7438a12c9a12dab23"},
-    {file = "pillow-12.1.1-cp310-cp310-win_arm64.whl", hash = "sha256:1a9b0ee305220b392e1124a764ee4265bd063e54a751a6b62eff69992f457fa9"},
-    {file = "pillow-12.1.1-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:e879bb6cd5c73848ef3b2b48b8af9ff08c5b71ecda8048b7dd22d8a33f60be32"},
-    {file = "pillow-12.1.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:365b10bb9417dd4498c0e3b128018c4a624dc11c7b97d8cc54effe3b096f4c38"},
-    {file = "pillow-12.1.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:d4ce8e329c93845720cd2014659ca67eac35f6433fd3050393d85f3ecef0dad5"},
-    {file = "pillow-12.1.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:fc354a04072b765eccf2204f588a7a532c9511e8b9c7f900e1b64e3e33487090"},
-    {file = "pillow-12.1.1-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:7e7976bf1910a8116b523b9f9f58bf410f3e8aa330cd9a2bb2953f9266ab49af"},
-    {file = "pillow-12.1.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:597bd9c8419bc7c6af5604e55847789b69123bbe25d65cc6ad3012b4f3c98d8b"},
-    {file = "pillow-12.1.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:2c1fc0f2ca5f96a3c8407e41cca26a16e46b21060fe6d5b099d2cb01412222f5"},
-    {file = "pillow-12.1.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:578510d88c6229d735855e1f278aa305270438d36a05031dfaae5067cc8eb04d"},
-    {file = "pillow-12.1.1-cp311-cp311-win32.whl", hash = "sha256:7311c0a0dcadb89b36b7025dfd8326ecfa36964e29913074d47382706e516a7c"},
-    {file = "pillow-12.1.1-cp311-cp311-win_amd64.whl", hash = "sha256:fbfa2a7c10cc2623f412753cddf391c7f971c52ca40a3f65dc5039b2939e8563"},
-    {file = "pillow-12.1.1-cp311-cp311-win_arm64.whl", hash = "sha256:b81b5e3511211631b3f672a595e3221252c90af017e399056d0faabb9538aa80"},
-    {file = "pillow-12.1.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:ab323b787d6e18b3d91a72fc99b1a2c28651e4358749842b8f8dfacd28ef2052"},
-    {file = "pillow-12.1.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:adebb5bee0f0af4909c30db0d890c773d1a92ffe83da908e2e9e720f8edf3984"},
-    {file = "pillow-12.1.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:bb66b7cc26f50977108790e2456b7921e773f23db5630261102233eb355a3b79"},
-    {file = "pillow-12.1.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:aee2810642b2898bb187ced9b349e95d2a7272930796e022efaf12e99dccd293"},
-    {file = "pillow-12.1.1-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a0b1cd6232e2b618adcc54d9882e4e662a089d5768cd188f7c245b4c8c44a397"},
-    {file = "pillow-12.1.1-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7aac39bcf8d4770d089588a2e1dd111cbaa42df5a94be3114222057d68336bd0"},
-    {file = "pillow-12.1.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:ab174cd7d29a62dd139c44bf74b698039328f45cb03b4596c43473a46656b2f3"},
-    {file = "pillow-12.1.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:339ffdcb7cbeaa08221cd401d517d4b1fe7a9ed5d400e4a8039719238620ca35"},
-    {file = "pillow-12.1.1-cp312-cp312-win32.whl", hash = "sha256:5d1f9575a12bed9e9eedd9a4972834b08c97a352bd17955ccdebfeca5913fa0a"},
-    {file = "pillow-12.1.1-cp312-cp312-win_amd64.whl", hash = "sha256:21329ec8c96c6e979cd0dfd29406c40c1d52521a90544463057d2aaa937d66a6"},
-    {file = "pillow-12.1.1-cp312-cp312-win_arm64.whl", hash = "sha256:af9a332e572978f0218686636610555ae3defd1633597be015ed50289a03c523"},
-    {file = "pillow-12.1.1-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:d242e8ac078781f1de88bf823d70c1a9b3c7950a44cdf4b7c012e22ccbcd8e4e"},
-    {file = "pillow-12.1.1-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:02f84dfad02693676692746df05b89cf25597560db2857363a208e393429f5e9"},
-    {file = "pillow-12.1.1-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:e65498daf4b583091ccbb2556c7000abf0f3349fcd57ef7adc9a84a394ed29f6"},
-    {file = "pillow-12.1.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:6c6db3b84c87d48d0088943bf33440e0c42370b99b1c2a7989216f7b42eede60"},
-    {file = "pillow-12.1.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:8b7e5304e34942bf62e15184219a7b5ad4ff7f3bb5cca4d984f37df1a0e1aee2"},
-    {file = "pillow-12.1.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:18e5bddd742a44b7e6b1e773ab5db102bd7a94c32555ba656e76d319d19c3850"},
-    {file = "pillow-12.1.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:fc44ef1f3de4f45b50ccf9136999d71abb99dca7706bc75d222ed350b9fd2289"},
-    {file = "pillow-12.1.1-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5a8eb7ed8d4198bccbd07058416eeec51686b498e784eda166395a23eb99138e"},
-    {file = "pillow-12.1.1-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:47b94983da0c642de92ced1702c5b6c292a84bd3a8e1d1702ff923f183594717"},
-    {file = "pillow-12.1.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:518a48c2aab7ce596d3bf79d0e275661b846e86e4d0e7dec34712c30fe07f02a"},
-    {file = "pillow-12.1.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a550ae29b95c6dc13cf69e2c9dc5747f814c54eeb2e32d683e5e93af56caa029"},
-    {file = "pillow-12.1.1-cp313-cp313-win32.whl", hash = "sha256:a003d7422449f6d1e3a34e3dd4110c22148336918ddbfc6a32581cd54b2e0b2b"},
-    {file = "pillow-12.1.1-cp313-cp313-win_amd64.whl", hash = "sha256:344cf1e3dab3be4b1fa08e449323d98a2a3f819ad20f4b22e77a0ede31f0faa1"},
-    {file = "pillow-12.1.1-cp313-cp313-win_arm64.whl", hash = "sha256:5c0dd1636633e7e6a0afe7bf6a51a14992b7f8e60de5789018ebbdfae55b040a"},
-    {file = "pillow-12.1.1-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:0330d233c1a0ead844fc097a7d16c0abff4c12e856c0b325f231820fee1f39da"},
-    {file = "pillow-12.1.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5dae5f21afb91322f2ff791895ddd8889e5e947ff59f71b46041c8ce6db790bc"},
-    {file = "pillow-12.1.1-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2e0c664be47252947d870ac0d327fea7e63985a08794758aa8af5b6cb6ec0c9c"},
-    {file = "pillow-12.1.1-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:691ab2ac363b8217f7d31b3497108fb1f50faab2f75dfb03284ec2f217e87bf8"},
-    {file = "pillow-12.1.1-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e9e8064fb1cc019296958595f6db671fba95209e3ceb0c4734c9baf97de04b20"},
-    {file = "pillow-12.1.1-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:472a8d7ded663e6162dafdf20015c486a7009483ca671cece7a9279b512fcb13"},
-    {file = "pillow-12.1.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:89b54027a766529136a06cfebeecb3a04900397a3590fd252160b888479517bf"},
-    {file = "pillow-12.1.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:86172b0831b82ce4f7877f280055892b31179e1576aa00d0df3bb1bbf8c3e524"},
-    {file = "pillow-12.1.1-cp313-cp313t-win32.whl", hash = "sha256:44ce27545b6efcf0fdbdceb31c9a5bdea9333e664cda58a7e674bb74608b3986"},
-    {file = "pillow-12.1.1-cp313-cp313t-win_amd64.whl", hash = "sha256:a285e3eb7a5a45a2ff504e31f4a8d1b12ef62e84e5411c6804a42197c1cf586c"},
-    {file = "pillow-12.1.1-cp313-cp313t-win_arm64.whl", hash = "sha256:cc7d296b5ea4d29e6570dabeaed58d31c3fea35a633a69679fb03d7664f43fb3"},
-    {file = "pillow-12.1.1-cp314-cp314-ios_13_0_arm64_iphoneos.whl", hash = "sha256:417423db963cb4be8bac3fc1204fe61610f6abeed1580a7a2cbb2fbda20f12af"},
-    {file = "pillow-12.1.1-cp314-cp314-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:b957b71c6b2387610f556a7eb0828afbe40b4a98036fc0d2acfa5a44a0c2036f"},
-    {file = "pillow-12.1.1-cp314-cp314-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:097690ba1f2efdeb165a20469d59d8bb03c55fb6621eb2041a060ae8ea3e9642"},
-    {file = "pillow-12.1.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:2815a87ab27848db0321fb78c7f0b2c8649dee134b7f2b80c6a45c6831d75ccd"},
-    {file = "pillow-12.1.1-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:f7ed2c6543bad5a7d5530eb9e78c53132f93dfa44a28492db88b41cdab885202"},
-    {file = "pillow-12.1.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:652a2c9ccfb556235b2b501a3a7cf3742148cd22e04b5625c5fe057ea3e3191f"},
-    {file = "pillow-12.1.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d6e4571eedf43af33d0fc233a382a76e849badbccdf1ac438841308652a08e1f"},
-    {file = "pillow-12.1.1-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b574c51cf7d5d62e9be37ba446224b59a2da26dc4c1bb2ecbe936a4fb1a7cb7f"},
-    {file = "pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a37691702ed687799de29a518d63d4682d9016932db66d4e90c345831b02fb4e"},
-    {file = "pillow-12.1.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:f95c00d5d6700b2b890479664a06e754974848afaae5e21beb4d83c106923fd0"},
-    {file = "pillow-12.1.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:559b38da23606e68681337ad74622c4dbba02254fc9cb4488a305dd5975c7eeb"},
-    {file = "pillow-12.1.1-cp314-cp314-win32.whl", hash = "sha256:03edcc34d688572014ff223c125a3f77fb08091e4607e7745002fc214070b35f"},
-    {file = "pillow-12.1.1-cp314-cp314-win_amd64.whl", hash = "sha256:50480dcd74fa63b8e78235957d302d98d98d82ccbfac4c7e12108ba9ecbdba15"},
-    {file = "pillow-12.1.1-cp314-cp314-win_arm64.whl", hash = "sha256:5cb1785d97b0c3d1d1a16bc1d710c4a0049daefc4935f3a8f31f827f4d3d2e7f"},
-    {file = "pillow-12.1.1-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:1f90cff8aa76835cba5769f0b3121a22bd4eb9e6884cfe338216e557a9a548b8"},
-    {file = "pillow-12.1.1-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:1f1be78ce9466a7ee64bfda57bdba0f7cc499d9794d518b854816c41bf0aa4e9"},
-    {file = "pillow-12.1.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:42fc1f4677106188ad9a55562bbade416f8b55456f522430fadab3cef7cd4e60"},
-    {file = "pillow-12.1.1-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:98edb152429ab62a1818039744d8fbb3ccab98a7c29fc3d5fcef158f3f1f68b7"},
-    {file = "pillow-12.1.1-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d470ab1178551dd17fdba0fef463359c41aaa613cdcd7ff8373f54be629f9f8f"},
-    {file = "pillow-12.1.1-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:6408a7b064595afcab0a49393a413732a35788f2a5092fdc6266952ed67de586"},
-    {file = "pillow-12.1.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:5d8c41325b382c07799a3682c1c258469ea2ff97103c53717b7893862d0c98ce"},
-    {file = "pillow-12.1.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:c7697918b5be27424e9ce568193efd13d925c4481dd364e43f5dff72d33e10f8"},
-    {file = "pillow-12.1.1-cp314-cp314t-win32.whl", hash = "sha256:d2912fd8114fc5545aa3a4b5576512f64c55a03f3ebcca4c10194d593d43ea36"},
-    {file = "pillow-12.1.1-cp314-cp314t-win_amd64.whl", hash = "sha256:4ceb838d4bd9dab43e06c363cab2eebf63846d6a4aeaea283bbdfd8f1a8ed58b"},
-    {file = "pillow-12.1.1-cp314-cp314t-win_arm64.whl", hash = "sha256:7b03048319bfc6170e93bd60728a1af51d3dd7704935feb228c4d4faab35d334"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:600fd103672b925fe62ed08e0d874ea34d692474df6f4bf7ebe148b30f89f39f"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:665e1b916b043cef294bc54d47bf02d87e13f769bc4bc5fa225a24b3a6c5aca9"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:495c302af3aad1ca67420ddd5c7bd480c8867ad173528767d906428057a11f0e"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8fd420ef0c52c88b5a035a0886f367748c72147b2b8f384c9d12656678dfdfa9"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f975aa7ef9684ce7e2c18a3aa8f8e2106ce1e46b94ab713d156b2898811651d3"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8089c852a56c2966cf18835db62d9b34fef7ba74c726ad943928d494fa7f4735"},
-    {file = "pillow-12.1.1-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:cb9bb857b2d057c6dfc72ac5f3b44836924ba15721882ef103cecb40d002d80e"},
-    {file = "pillow-12.1.1.tar.gz", hash = "sha256:9ad8fa5937ab05218e2b6a4cff30295ad35afd2f83ac592e68c0d871bb0fdbc4"},
+    {file = "pillow-12.1.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:fb125d860738a09d363a88daa0f59c4533529a90e564785e20fe875b200b6dbd"},
+    {file = "pillow-12.1.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:cad302dc10fac357d3467a74a9561c90609768a6f73a1923b0fd851b6486f8b0"},
+    {file = "pillow-12.1.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:a40905599d8079e09f25027423aed94f2823adaf2868940de991e53a449e14a8"},
+    {file = "pillow-12.1.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:92a7fe4225365c5e3a8e598982269c6d6698d3e783b3b1ae979e7819f9cd55c1"},
+    {file = "pillow-12.1.0-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f10c98f49227ed8383d28174ee95155a675c4ed7f85e2e573b04414f7e371bda"},
+    {file = "pillow-12.1.0-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8637e29d13f478bc4f153d8daa9ffb16455f0a6cb287da1b432fdad2bfbd66c7"},
+    {file = "pillow-12.1.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:21e686a21078b0f9cb8c8a961d99e6a4ddb88e0fc5ea6e130172ddddc2e5221a"},
+    {file = "pillow-12.1.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:2415373395a831f53933c23ce051021e79c8cd7979822d8cc478547a3f4da8ef"},
+    {file = "pillow-12.1.0-cp310-cp310-win32.whl", hash = "sha256:e75d3dba8fc1ddfec0cd752108f93b83b4f8d6ab40e524a95d35f016b9683b09"},
+    {file = "pillow-12.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:64efdf00c09e31efd754448a383ea241f55a994fd079866b92d2bbff598aad91"},
+    {file = "pillow-12.1.0-cp310-cp310-win_arm64.whl", hash = "sha256:f188028b5af6b8fb2e9a76ac0f841a575bd1bd396e46ef0840d9b88a48fdbcea"},
+    {file = "pillow-12.1.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:a83e0850cb8f5ac975291ebfc4170ba481f41a28065277f7f735c202cd8e0af3"},
+    {file = "pillow-12.1.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b6e53e82ec2db0717eabb276aa56cf4e500c9a7cec2c2e189b55c24f65a3e8c0"},
+    {file = "pillow-12.1.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:40a8e3b9e8773876d6e30daed22f016509e3987bab61b3b7fe309d7019a87451"},
+    {file = "pillow-12.1.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:800429ac32c9b72909c671aaf17ecd13110f823ddb7db4dfef412a5587c2c24e"},
+    {file = "pillow-12.1.0-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0b022eaaf709541b391ee069f0022ee5b36c709df71986e3f7be312e46f42c84"},
+    {file = "pillow-12.1.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1f345e7bc9d7f368887c712aa5054558bad44d2a301ddf9248599f4161abc7c0"},
+    {file = "pillow-12.1.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d70347c8a5b7ccd803ec0c85c8709f036e6348f1e6a5bf048ecd9c64d3550b8b"},
+    {file = "pillow-12.1.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:1fcc52d86ce7a34fd17cb04e87cfdb164648a3662a6f20565910a99653d66c18"},
+    {file = "pillow-12.1.0-cp311-cp311-win32.whl", hash = "sha256:3ffaa2f0659e2f740473bcf03c702c39a8d4b2b7ffc629052028764324842c64"},
+    {file = "pillow-12.1.0-cp311-cp311-win_amd64.whl", hash = "sha256:806f3987ffe10e867bab0ddad45df1148a2b98221798457fa097ad85d6e8bc75"},
+    {file = "pillow-12.1.0-cp311-cp311-win_arm64.whl", hash = "sha256:9f5fefaca968e700ad1a4a9de98bf0869a94e397fe3524c4c9450c1445252304"},
+    {file = "pillow-12.1.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:a332ac4ccb84b6dde65dbace8431f3af08874bf9770719d32a635c4ef411b18b"},
+    {file = "pillow-12.1.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:907bfa8a9cb790748a9aa4513e37c88c59660da3bcfffbd24a7d9e6abf224551"},
+    {file = "pillow-12.1.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:efdc140e7b63b8f739d09a99033aa430accce485ff78e6d311973a67b6bf3208"},
+    {file = "pillow-12.1.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:bef9768cab184e7ae6e559c032e95ba8d07b3023c289f79a2bd36e8bf85605a5"},
+    {file = "pillow-12.1.0-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:742aea052cf5ab5034a53c3846165bc3ce88d7c38e954120db0ab867ca242661"},
+    {file = "pillow-12.1.0-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a6dfc2af5b082b635af6e08e0d1f9f1c4e04d17d4e2ca0ef96131e85eda6eb17"},
+    {file = "pillow-12.1.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:609e89d9f90b581c8d16358c9087df76024cf058fa693dd3e1e1620823f39670"},
+    {file = "pillow-12.1.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:43b4899cfd091a9693a1278c4982f3e50f7fb7cff5153b05174b4afc9593b616"},
+    {file = "pillow-12.1.0-cp312-cp312-win32.whl", hash = "sha256:aa0c9cc0b82b14766a99fbe6084409972266e82f459821cd26997a488a7261a7"},
+    {file = "pillow-12.1.0-cp312-cp312-win_amd64.whl", hash = "sha256:d70534cea9e7966169ad29a903b99fc507e932069a881d0965a1a84bb57f6c6d"},
+    {file = "pillow-12.1.0-cp312-cp312-win_arm64.whl", hash = "sha256:65b80c1ee7e14a87d6a068dd3b0aea268ffcabfe0498d38661b00c5b4b22e74c"},
+    {file = "pillow-12.1.0-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:7b5dd7cbae20285cdb597b10eb5a2c13aa9de6cde9bb64a3c1317427b1db1ae1"},
+    {file = "pillow-12.1.0-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:29a4cef9cb672363926f0470afc516dbf7305a14d8c54f7abbb5c199cd8f8179"},
+    {file = "pillow-12.1.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:681088909d7e8fa9e31b9799aaa59ba5234c58e5e4f1951b4c4d1082a2e980e0"},
+    {file = "pillow-12.1.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:983976c2ab753166dc66d36af6e8ec15bb511e4a25856e2227e5f7e00a160587"},
+    {file = "pillow-12.1.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:db44d5c160a90df2d24a24760bbd37607d53da0b34fb546c4c232af7192298ac"},
+    {file = "pillow-12.1.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:6b7a9d1db5dad90e2991645874f708e87d9a3c370c243c2d7684d28f7e133e6b"},
+    {file = "pillow-12.1.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6258f3260986990ba2fa8a874f8b6e808cf5abb51a94015ca3dc3c68aa4f30ea"},
+    {file = "pillow-12.1.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e115c15e3bc727b1ca3e641a909f77f8ca72a64fff150f666fcc85e57701c26c"},
+    {file = "pillow-12.1.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:6741e6f3074a35e47c77b23a4e4f2d90db3ed905cb1c5e6e0d49bff2045632bc"},
+    {file = "pillow-12.1.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:935b9d1aed48fcfb3f838caac506f38e29621b44ccc4f8a64d575cb1b2a88644"},
+    {file = "pillow-12.1.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:5fee4c04aad8932da9f8f710af2c1a15a83582cfb884152a9caa79d4efcdbf9c"},
+    {file = "pillow-12.1.0-cp313-cp313-win32.whl", hash = "sha256:a786bf667724d84aa29b5db1c61b7bfdde380202aaca12c3461afd6b71743171"},
+    {file = "pillow-12.1.0-cp313-cp313-win_amd64.whl", hash = "sha256:461f9dfdafa394c59cd6d818bdfdbab4028b83b02caadaff0ffd433faf4c9a7a"},
+    {file = "pillow-12.1.0-cp313-cp313-win_arm64.whl", hash = "sha256:9212d6b86917a2300669511ed094a9406888362e085f2431a7da985a6b124f45"},
+    {file = "pillow-12.1.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:00162e9ca6d22b7c3ee8e61faa3c3253cd19b6a37f126cad04f2f88b306f557d"},
+    {file = "pillow-12.1.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:7d6daa89a00b58c37cb1747ec9fb7ac3bc5ffd5949f5888657dfddde6d1312e0"},
+    {file = "pillow-12.1.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e2479c7f02f9d505682dc47df8c0ea1fc5e264c4d1629a5d63fe3e2334b89554"},
+    {file = "pillow-12.1.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f188d580bd870cda1e15183790d1cc2fa78f666e76077d103edf048eed9c356e"},
+    {file = "pillow-12.1.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0fde7ec5538ab5095cc02df38ee99b0443ff0e1c847a045554cf5f9af1f4aa82"},
+    {file = "pillow-12.1.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0ed07dca4a8464bada6139ab38f5382f83e5f111698caf3191cb8dbf27d908b4"},
+    {file = "pillow-12.1.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:f45bd71d1fa5e5749587613037b172e0b3b23159d1c00ef2fc920da6f470e6f0"},
+    {file = "pillow-12.1.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:277518bf4fe74aa91489e1b20577473b19ee70fb97c374aa50830b279f25841b"},
+    {file = "pillow-12.1.0-cp313-cp313t-win32.whl", hash = "sha256:7315f9137087c4e0ee73a761b163fc9aa3b19f5f606a7fc08d83fd3e4379af65"},
+    {file = "pillow-12.1.0-cp313-cp313t-win_amd64.whl", hash = "sha256:0ddedfaa8b5f0b4ffbc2fa87b556dc59f6bb4ecb14a53b33f9189713ae8053c0"},
+    {file = "pillow-12.1.0-cp313-cp313t-win_arm64.whl", hash = "sha256:80941e6d573197a0c28f394753de529bb436b1ca990ed6e765cf42426abc39f8"},
+    {file = "pillow-12.1.0-cp314-cp314-ios_13_0_arm64_iphoneos.whl", hash = "sha256:5cb7bc1966d031aec37ddb9dcf15c2da5b2e9f7cc3ca7c54473a20a927e1eb91"},
+    {file = "pillow-12.1.0-cp314-cp314-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:97e9993d5ed946aba26baf9c1e8cf18adbab584b99f452ee72f7ee8acb882796"},
+    {file = "pillow-12.1.0-cp314-cp314-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:414b9a78e14ffeb98128863314e62c3f24b8a86081066625700b7985b3f529bd"},
+    {file = "pillow-12.1.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:e6bdb408f7c9dd2a5ff2b14a3b0bb6d4deb29fb9961e6eb3ae2031ae9a5cec13"},
+    {file = "pillow-12.1.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:3413c2ae377550f5487991d444428f1a8ae92784aac79caa8b1e3b89b175f77e"},
+    {file = "pillow-12.1.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e5dcbe95016e88437ecf33544ba5db21ef1b8dd6e1b434a2cb2a3d605299e643"},
+    {file = "pillow-12.1.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d0a7735df32ccbcc98b98a1ac785cc4b19b580be1bdf0aeb5c03223220ea09d5"},
+    {file = "pillow-12.1.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0c27407a2d1b96774cbc4a7594129cc027339fd800cd081e44497722ea1179de"},
+    {file = "pillow-12.1.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:15c794d74303828eaa957ff8070846d0efe8c630901a1c753fdc63850e19ecd9"},
+    {file = "pillow-12.1.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:c990547452ee2800d8506c4150280757f88532f3de2a58e3022e9b179107862a"},
+    {file = "pillow-12.1.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:b63e13dd27da389ed9475b3d28510f0f954bca0041e8e551b2a4eb1eab56a39a"},
+    {file = "pillow-12.1.0-cp314-cp314-win32.whl", hash = "sha256:1a949604f73eb07a8adab38c4fe50791f9919344398bdc8ac6b307f755fc7030"},
+    {file = "pillow-12.1.0-cp314-cp314-win_amd64.whl", hash = "sha256:4f9f6a650743f0ddee5593ac9e954ba1bdbc5e150bc066586d4f26127853ab94"},
+    {file = "pillow-12.1.0-cp314-cp314-win_arm64.whl", hash = "sha256:808b99604f7873c800c4840f55ff389936ef1948e4e87645eaf3fccbc8477ac4"},
+    {file = "pillow-12.1.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:bc11908616c8a283cf7d664f77411a5ed2a02009b0097ff8abbba5e79128ccf2"},
+    {file = "pillow-12.1.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:896866d2d436563fa2a43a9d72f417874f16b5545955c54a64941e87c1376c61"},
+    {file = "pillow-12.1.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:8e178e3e99d3c0ea8fc64b88447f7cac8ccf058af422a6cedc690d0eadd98c51"},
+    {file = "pillow-12.1.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:079af2fb0c599c2ec144ba2c02766d1b55498e373b3ac64687e43849fbbef5bc"},
+    {file = "pillow-12.1.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:bdec5e43377761c5dbca620efb69a77f6855c5a379e32ac5b158f54c84212b14"},
+    {file = "pillow-12.1.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:565c986f4b45c020f5421a4cea13ef294dde9509a8577f29b2fc5edc7587fff8"},
+    {file = "pillow-12.1.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:43aca0a55ce1eefc0aefa6253661cb54571857b1a7b2964bd8a1e3ef4b729924"},
+    {file = "pillow-12.1.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:0deedf2ea233722476b3a81e8cdfbad786f7adbed5d848469fa59fe52396e4ef"},
+    {file = "pillow-12.1.0-cp314-cp314t-win32.whl", hash = "sha256:b17fbdbe01c196e7e159aacb889e091f28e61020a8abeac07b68079b6e626988"},
+    {file = "pillow-12.1.0-cp314-cp314t-win_amd64.whl", hash = "sha256:27b9baecb428899db6c0de572d6d305cfaf38ca1596b5c0542a5182e3e74e8c6"},
+    {file = "pillow-12.1.0-cp314-cp314t-win_arm64.whl", hash = "sha256:f61333d817698bdcdd0f9d7793e365ac3d2a21c1f1eb02b32ad6aefb8d8ea831"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:ca94b6aac0d7af2a10ba08c0f888b3d5114439b6b3ef39968378723622fed377"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:351889afef0f485b84078ea40fe33727a0492b9af3904661b0abbafee0355b72"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:bb0984b30e973f7e2884362b7d23d0a348c7143ee559f38ef3eaab640144204c"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:84cabc7095dd535ca934d57e9ce2a72ffd216e435a84acb06b2277b1de2689bd"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:53d8b764726d3af1a138dd353116f774e3862ec7e3794e0c8781e30db0f35dfc"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5da841d81b1a05ef940a8567da92decaa15bc4d7dedb540a8c219ad83d91808a"},
+    {file = "pillow-12.1.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:75af0b4c229ac519b155028fa1be632d812a519abba9b46b20e50c6caa184f19"},
+    {file = "pillow-12.1.0.tar.gz", hash = "sha256:5c5ae0a06e9ea030ab786b0251b32c7e4ce10e58d983c0d5c56029455180b5b9"},
 ]
 
 [package.extras]
@@ -6657,7 +6660,7 @@ files = [
 
 [[package]]
 name = "prowler"
-version = "5.19.0"
+version = "5.18.0"
 description = "Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks."
 optional = false
 python-versions = ">3.9.1,<3.13"
@@ -6712,7 +6715,7 @@ boto3 = "1.40.61"
 botocore = "1.40.61"
 cloudflare = "4.3.1"
 colorama = "0.4.6"
-cryptography = "44.0.3"
+cryptography = "44.0.1"
 dash = "3.1.1"
 dash-bootstrap-components = "2.0.3"
 detect-secrets = "1.5.0"
@@ -6727,10 +6730,10 @@ microsoft-kiota-abstractions = "1.9.2"
 msgraph-sdk = "1.23.0"
 numpy = "2.0.2"
 oci = "2.160.3"
-openstacksdk = "4.2.0"
+openstacksdk = "4.0.1"
 pandas = "2.2.3"
 py-iam-expand = "0.1.0"
-py-ocsf-models = "0.8.1"
+py-ocsf-models = "0.5.0"
 pydantic = ">=2.0,<3.0"
 pygithub = "2.5.0"
 python-dateutil = ">=2.9.0.post0,<3.0.0"
@@ -6745,7 +6748,7 @@ tzlocal = "5.3.1"
 type = "git"
 url = "https://github.com/prowler-cloud/prowler.git"
 reference = "master"
-resolved_reference = "ceb4691c3657e7db3d178896bfc241d14f194295"
+resolved_reference = "b1f99716171856bf787a7695a588ffad6bf8d596"
 
 [[package]]
 name = "psutil"
@@ -6893,20 +6896,20 @@ iamdata = ">=0.1.202504091"
 
 [[package]]
 name = "py-ocsf-models"
-version = "0.8.1"
+version = "0.5.0"
 description = "This is a Python implementation of the OCSF models. The models are used to represent the data of the OCSF Schema defined in https://schema.ocsf.io/."
 optional = false
-python-versions = "<3.15,>3.9.1"
+python-versions = "<3.14,>3.9.1"
 groups = ["main"]
 files = [
-    {file = "py_ocsf_models-0.8.1-py3-none-any.whl", hash = "sha256:061eb446c4171534c09a8b37f5a9d2a2fe9f87c5db32edbd1182446bc5fd097e"},
-    {file = "py_ocsf_models-0.8.1.tar.gz", hash = "sha256:c9045237857f951e073c9f9d1f57954c90d86875b469260725292d47f7a7d73c"},
+    {file = "py_ocsf_models-0.5.0-py3-none-any.whl", hash = "sha256:7933253f56782c04c412d976796db429577810b951fe4195351794500b5962d8"},
+    {file = "py_ocsf_models-0.5.0.tar.gz", hash = "sha256:bf05e955809d1ec3ab1007e4a4b2a8a0afa74b6e744ea8ffbf386e46b3af0a76"},
 ]
 
 [package.dependencies]
-cryptography = ">=44.0.3,<47"
+cryptography = "44.0.1"
 email-validator = "2.2.0"
-pydantic = ">=2.12.0,<3.0.0"
+pydantic = ">=2.9.2,<3.0.0"
 
 [[package]]
 name = "pyasn1"
@@ -9397,4 +9400,4 @@ files = [
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "42759b370c9e38da727e73f9d8ec0fa61bc6137eab18f11ccd7deff79a0dee69"
+content-hash = "bada7223d576ddd48ff74aa101d18e7465492cf014006e17354dbe2190a02b29"

api/pyproject.toml

@@ -36,8 +36,8 @@ dependencies = [
   "drf-simple-apikey (==2.2.1)",
   "matplotlib (>=3.10.6,<4.0.0)",
   "reportlab (>=4.4.4,<5.0.0)",
-  "neo4j (>=6.0.0,<7.0.0)",
-  "cartography (==0.129.0)",
+  "neo4j (<6.0.0)",
+  "cartography @ git+https://github.com/prowler-cloud/cartography@0.126.1",
   "gevent (>=25.9.1,<26.0.0)",
   "werkzeug (>=3.1.4)",
   "sqlparse (>=0.5.4)",

api/src/backend/api/attack_paths/queries/types.py

@@ -1,14 +1,6 @@
 from dataclasses import dataclass, field
 
 
-@dataclass
-class AttackPathsQueryAttribution:
-    """Source attribution for an Attack Path query."""
-
-    text: str
-    link: str
-
-
 @dataclass
 class AttackPathsQueryParameterDefinition:
     """
@@ -31,9 +23,7 @@ class AttackPathsQueryDefinition:
 
     id: str
     name: str
-    short_description: str
     description: str
     provider: str
     cypher: str
-    attribution: AttackPathsQueryAttribution | None = None
     parameters: list[AttackPathsQueryParameterDefinition] = field(default_factory=list)

api/src/backend/api/attack_paths/retryable_session.py

@@ -39,6 +39,12 @@ class RetryableSession:
     def run(self, *args: Any, **kwargs: Any) -> Any:
         return self._call_with_retry("run", *args, **kwargs)
 
+    def write_transaction(self, *args: Any, **kwargs: Any) -> Any:
+        return self._call_with_retry("write_transaction", *args, **kwargs)
+
+    def read_transaction(self, *args: Any, **kwargs: Any) -> Any:
+        return self._call_with_retry("read_transaction", *args, **kwargs)
+
     def execute_write(self, *args: Any, **kwargs: Any) -> Any:
         return self._call_with_retry("execute_write", *args, **kwargs)
 

api/src/backend/api/attack_paths/views_helpers.py

@@ -5,6 +5,7 @@ from typing import Any, Iterable
 from rest_framework.exceptions import APIException, ValidationError
 
 from api.attack_paths import database as graph_database, AttackPathsQueryDefinition
+from api.models import AttackPathsScan
 from config.custom_logging import BackendLogger
 from tasks.jobs.attack_paths.config import INTERNAL_LABELS
 
@@ -79,12 +80,12 @@ def prepare_query_parameters(
 
 
 def execute_attack_paths_query(
-    database_name: str,
+    attack_paths_scan: AttackPathsScan,
     definition: AttackPathsQueryDefinition,
     parameters: dict[str, Any],
 ) -> dict[str, Any]:
     try:
-        with graph_database.get_session(database_name) as session:
+        with graph_database.get_session(attack_paths_scan.graph_database) as session:
             result = session.run(definition.cypher, parameters)
             return _serialize_graph(result.graph())
 

api/src/backend/api/fixtures/dev/8_dev_attack_paths_scans.json

@@ -7,9 +7,10 @@
       "provider": "b85601a8-4b45-4194-8135-03fb980ef428",
       "scan": "01920573-aa9c-73c9-bcda-f2e35c9b19d2",
       "state": "completed",
-      "graph_data_ready": true,
       "progress": 100,
       "update_tag": 1693586667,
+      "graph_database": "db-a7f0f6de-6f8e-4b3a-8cbe-3f6dd9012345",
+      "is_graph_database_deleted": false,
       "task": null,
       "inserted_at": "2024-09-01T17:24:37Z",
       "updated_at": "2024-09-01T17:44:37Z",
@@ -29,6 +30,8 @@
       "state": "executing",
       "progress": 48,
       "update_tag": 1697625000,
+      "graph_database": "db-4a2fb2af-8a60-4d7d-9cae-4ca65e098765",
+      "is_graph_database_deleted": false,
       "task": null,
       "inserted_at": "2024-10-18T10:55:57Z",
       "updated_at": "2024-10-18T10:56:15Z",

api/src/backend/api/migrations/0076_openstack_provider.py

@@ -1,39 +0,0 @@
-# Generated by Django migration for OpenStack provider support
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0075_cloudflare_provider"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("mongodbatlas", "MongoDB Atlas"),
-                    ("iac", "IaC"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                    ("alibabacloud", "Alibaba Cloud"),
-                    ("cloudflare", "Cloudflare"),
-                    ("openstack", "OpenStack"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'openstack';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]

api/src/backend/api/migrations/0077_remove_attackpathsscan_graph_database_indexes.py

@@ -1,23 +0,0 @@
-# Generated by Django 5.1.15 on 2026-02-16 09:24
-
-from django.contrib.postgres.operations import RemoveIndexConcurrently
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0076_openstack_provider"),
-    ]
-
-    operations = [
-        RemoveIndexConcurrently(
-            model_name="attackpathsscan",
-            name="aps_active_graph_idx",
-        ),
-        RemoveIndexConcurrently(
-            model_name="attackpathsscan",
-            name="aps_completed_graph_idx",
-        ),
-    ]

api/src/backend/api/migrations/0078_remove_attackpathsscan_graph_database_fields.py

@@ -1,20 +0,0 @@
-# Generated by Django 5.1.15 on 2026-02-16 09:24
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0077_remove_attackpathsscan_graph_database_indexes"),
-    ]
-
-    operations = [
-        migrations.RemoveField(
-            model_name="attackpathsscan",
-            name="graph_database",
-        ),
-        migrations.RemoveField(
-            model_name="attackpathsscan",
-            name="is_graph_database_deleted",
-        ),
-    ]

api/src/backend/api/migrations/0079_attackpathsscan_graph_data_ready.py

@@ -1,17 +0,0 @@
-# Generated by Django 5.1.15 on 2026-02-16 13:55
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0078_remove_attackpathsscan_graph_database_fields"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="attackpathsscan",
-            name="graph_data_ready",
-            field=models.BooleanField(default=False),
-        ),
-    ]

api/src/backend/api/migrations/0080_backfill_attack_paths_graph_data_ready.py

@@ -1,26 +0,0 @@
-# Separate from 0079 because psqlextra's schema editor runs AddField DDL and DML
-# on different database connections, causing a deadlock when combined with RunPython
-# in the same migration.
-
-from django.db import migrations
-
-from api.db_router import MainRouter
-
-
-def backfill_graph_data_ready(apps, schema_editor):
-    """Set graph_data_ready=True for all completed AttackPathsScan rows."""
-    AttackPathsScan = apps.get_model("api", "AttackPathsScan")
-    AttackPathsScan.objects.using(MainRouter.admin_db).filter(
-        state="completed",
-        graph_data_ready=False,
-    ).update(graph_data_ready=True)
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0079_attackpathsscan_graph_data_ready"),
-    ]
-
-    operations = [
-        migrations.RunPython(backfill_graph_data_ready, migrations.RunPython.noop),
-    ]

api/src/backend/api/models.py

@@ -288,7 +288,6 @@ class Provider(RowLevelSecurityProtectedModel):
         ORACLECLOUD = "oraclecloud", _("Oracle Cloud Infrastructure")
         ALIBABACLOUD = "alibabacloud", _("Alibaba Cloud")
         CLOUDFLARE = "cloudflare", _("Cloudflare")
-        OPENSTACK = "openstack", _("OpenStack")
 
     @staticmethod
     def validate_aws_uid(value):
@@ -327,13 +326,10 @@ class Provider(RowLevelSecurityProtectedModel):
 
     @staticmethod
     def validate_gcp_uid(value):
-        # Standard format: 6-30 chars, starts with letter, lowercase + digits + hyphens
-        # Legacy App Engine format: domain.com:project-id
-        if not re.match(r"^([a-z][a-z0-9.-]*:)?[a-z][a-z0-9-]{5,29}$", value):
+        if not re.match(r"^[a-z][a-z0-9-]{5,29}$", value):
             raise ModelValidationError(
-                detail="GCP provider ID must be a valid project ID: 6 to 30 characters, start with a letter, "
-                "and contain only lowercase letters, numbers, and hyphens. "
-                "Legacy App Engine project IDs with a domain prefix (e.g., example.com:my-project) are also accepted.",
+                detail="GCP provider ID must be 6 to 30 characters, start with a letter, and contain only lowercase "
+                "letters, numbers, and hyphens.",
                 code="gcp-uid",
                 pointer="/data/attributes/uid",
             )
@@ -414,15 +410,6 @@ class Provider(RowLevelSecurityProtectedModel):
                 pointer="/data/attributes/uid",
             )
 
-    @staticmethod
-    def validate_openstack_uid(value):
-        if not re.match(r"^[a-zA-Z0-9][a-zA-Z0-9._-]{0,254}$", value):
-            raise ModelValidationError(
-                detail="OpenStack provider ID must be a valid project ID (UUID or project name).",
-                code="openstack-uid",
-                pointer="/data/attributes/uid",
-            )
-
     id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
     inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
     updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -658,7 +645,6 @@ class AttackPathsScan(RowLevelSecurityProtectedModel):
 
     state = StateEnumField(choices=StateChoices.choices, default=StateChoices.AVAILABLE)
     progress = models.IntegerField(default=0)
-    graph_data_ready = models.BooleanField(default=False)
 
     # Timing
     started_at = models.DateTimeField(null=True, blank=True)
@@ -695,6 +681,8 @@ class AttackPathsScan(RowLevelSecurityProtectedModel):
     update_tag = models.BigIntegerField(
         null=True, blank=True, help_text="Cartography update tag (epoch)"
     )
+    graph_database = models.CharField(max_length=63, null=True, blank=True)
+    is_graph_database_deleted = models.BooleanField(default=False)
     ingestion_exceptions = models.JSONField(default=dict, null=True, blank=True)
 
     class Meta(RowLevelSecurityProtectedModel.Meta):
@@ -721,6 +709,21 @@ class AttackPathsScan(RowLevelSecurityProtectedModel):
                 fields=["tenant_id", "scan_id"],
                 name="aps_scan_lookup_idx",
             ),
+            models.Index(
+                fields=["tenant_id", "provider_id"],
+                name="aps_active_graph_idx",
+                include=["graph_database", "id"],
+                condition=Q(is_graph_database_deleted=False),
+            ),
+            models.Index(
+                fields=["tenant_id", "provider_id", "-completed_at"],
+                name="aps_completed_graph_idx",
+                include=["graph_database", "id"],
+                condition=Q(
+                    state=StateChoices.COMPLETED,
+                    is_graph_database_deleted=False,
+                ),
+            ),
         ]
 
     class JSONAPIMeta:

api/src/backend/api/tests/test_attack_paths.py

@@ -83,12 +83,12 @@ def test_execute_attack_paths_query_serializes_graph(
     definition = attack_paths_query_definition_factory(
         id="aws-rds",
         name="RDS",
-        short_description="Short desc",
         description="",
         cypher="MATCH (n) RETURN n",
         parameters=[],
     )
     parameters = {"provider_uid": "123"}
+    attack_paths_scan = SimpleNamespace(graph_database="tenant-db")
 
     node = attack_paths_graph_stub_classes.Node(
         element_id="node-1",
@@ -122,17 +122,15 @@ def test_execute_attack_paths_query_serializes_graph(
     session_ctx.__enter__.return_value = session
     session_ctx.__exit__.return_value = False
 
-    database_name = "db-tenant-test-tenant-id"
-
     with patch(
         "api.attack_paths.views_helpers.graph_database.get_session",
         return_value=session_ctx,
     ) as mock_get_session:
         result = views_helpers.execute_attack_paths_query(
-            database_name, definition, parameters
+            attack_paths_scan, definition, parameters
         )
 
-    mock_get_session.assert_called_once_with(database_name)
+    mock_get_session.assert_called_once_with("tenant-db")
     session.run.assert_called_once_with(definition.cypher, parameters)
     assert result["nodes"][0]["id"] == "node-1"
     assert result["nodes"][0]["properties"]["complex"]["items"][0] == "value"
@@ -145,12 +143,11 @@ def test_execute_attack_paths_query_wraps_graph_errors(
     definition = attack_paths_query_definition_factory(
         id="aws-rds",
         name="RDS",
-        short_description="Short desc",
         description="",
         cypher="MATCH (n) RETURN n",
         parameters=[],
     )
-    database_name = "db-tenant-test-tenant-id"
+    attack_paths_scan = SimpleNamespace(graph_database="tenant-db")
     parameters = {"provider_uid": "123"}
 
     class ExplodingContext:
@@ -169,7 +166,7 @@ def test_execute_attack_paths_query_wraps_graph_errors(
     ):
         with pytest.raises(APIException):
             views_helpers.execute_attack_paths_query(
-                database_name, definition, parameters
+                attack_paths_scan, definition, parameters
             )
 
     mock_logger.error.assert_called_once()

api/src/backend/api/tests/test_utils.py

@@ -27,7 +27,6 @@ from prowler.providers.iac.iac_provider import IacProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider
 from prowler.providers.mongodbatlas.mongodbatlas_provider import MongodbatlasProvider
-from prowler.providers.openstack.openstack_provider import OpenstackProvider
 from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider
 
 
@@ -121,7 +120,6 @@ class TestReturnProwlerProvider:
             (Provider.ProviderChoices.IAC.value, IacProvider),
             (Provider.ProviderChoices.ALIBABACLOUD.value, AlibabacloudProvider),
             (Provider.ProviderChoices.CLOUDFLARE.value, CloudflareProvider),
-            (Provider.ProviderChoices.OPENSTACK.value, OpenstackProvider),
         ],
     )
     def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -229,10 +227,6 @@ class TestGetProwlerProviderKwargs:
                 Provider.ProviderChoices.CLOUDFLARE.value,
                 {"filter_accounts": ["provider_uid"]},
             ),
-            (
-                Provider.ProviderChoices.OPENSTACK.value,
-                {},
-            ),
         ],
     )
     def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):

api/src/backend/api/tests/test_views.py

@@ -1079,11 +1079,6 @@ class TestProviderViewSet:
             [
                 {"provider": "aws", "uid": "111111111111", "alias": "test"},
                 {"provider": "gcp", "uid": "a12322-test54321", "alias": "test"},
-                {
-                    "provider": "gcp",
-                    "uid": "example.com:my-project-123456",
-                    "alias": "legacy-gcp",
-                },
                 {
                     "provider": "kubernetes",
                     "uid": "kubernetes-test-123456789",
@@ -1184,11 +1179,6 @@ class TestProviderViewSet:
                     "uid": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
                     "alias": "Cloudflare Account",
                 },
-                {
-                    "provider": "openstack",
-                    "uid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
-                    "alias": "OpenStack Project",
-                },
             ]
         ),
     )
@@ -1208,11 +1198,6 @@ class TestProviderViewSet:
             [
                 {"provider": "aws", "uid": "111111111111", "alias": "test"},
                 {"provider": "gcp", "uid": "a12322-test54321", "alias": "test"},
-                {
-                    "provider": "gcp",
-                    "uid": "example.com:my-project-123456",
-                    "alias": "legacy-gcp",
-                },
                 {
                     "provider": "kubernetes",
                     "uid": "kubernetes-test-123456789",
@@ -1613,26 +1598,6 @@ class TestProviderViewSet:
                     "cloudflare-uid",
                     "uid",
                 ),
-                # OpenStack UID validation - starts with special character
-                (
-                    {
-                        "provider": "openstack",
-                        "uid": "-invalid-project",
-                        "alias": "test",
-                    },
-                    "openstack-uid",
-                    "uid",
-                ),
-                # OpenStack UID validation - too short (below min_length)
-                (
-                    {
-                        "provider": "openstack",
-                        "uid": "ab",
-                        "alias": "test",
-                    },
-                    "min_length",
-                    "uid",
-                ),
             ]
         ),
     )
@@ -1806,21 +1771,21 @@ class TestProviderViewSet:
                 (
                     "uid.icontains",
                     "1",
-                    10,
+                    9,
                 ),
                 ("alias", "aws_testing_1", 1),
                 ("alias.icontains", "aws", 2),
-                ("inserted_at", TODAY, 11),
+                ("inserted_at", TODAY, 10),
                 (
                     "inserted_at.gte",
                     "2024-01-01",
-                    11,
+                    10,
                 ),
                 ("inserted_at.lte", "2024-01-01", 0),
                 (
                     "updated_at.gte",
                     "2024-01-01",
-                    11,
+                    10,
                 ),
                 ("updated_at.lte", "2024-01-01", 0),
             ]
@@ -2427,15 +2392,6 @@ class TestProviderSecretViewSet:
                     "api_email": "user@example.com",
                 },
             ),
-            # OpenStack with clouds.yaml content
-            (
-                Provider.ProviderChoices.OPENSTACK.value,
-                ProviderSecret.TypeChoices.STATIC,
-                {
-                    "clouds_yaml_content": "clouds:\n  mycloud:\n    auth:\n      auth_url: https://openstack.example.com:5000/v3\n",
-                    "clouds_yaml_cloud": "mycloud",
-                },
-            ),
         ],
     )
     def test_provider_secrets_create_valid(
@@ -3874,7 +3830,6 @@ class TestAttackPathsScanViewSet:
             AttackPathsQueryDefinition(
                 id="aws-rds",
                 name="RDS inventory",
-                short_description="List account RDS assets.",
                 description="List account RDS assets",
                 provider=provider.provider,
                 cypher="MATCH (n) RETURN n",
@@ -3932,12 +3887,11 @@ class TestAttackPathsScanViewSet:
         attack_paths_scan = create_attack_paths_scan(
             provider,
             scan=scans_fixture[0],
-            graph_data_ready=True,
+            graph_database="tenant-db",
         )
         query_definition = AttackPathsQueryDefinition(
             id="aws-rds",
             name="RDS inventory",
-            short_description="List account RDS assets.",
             description="List account RDS assets",
             provider=provider.provider,
             cypher="MATCH (n) RETURN n",
@@ -3963,16 +3917,10 @@ class TestAttackPathsScanViewSet:
             ],
         }
 
-        expected_db_name = f"db-tenant-{attack_paths_scan.provider.tenant_id}"
-
         with (
             patch(
                 "api.v1.views.get_query_by_id", return_value=query_definition
             ) as mock_get_query,
-            patch(
-                "api.v1.views.graph_database.get_database_name",
-                return_value=expected_db_name,
-            ) as mock_get_db_name,
             patch(
                 "api.v1.views.attack_paths_views_helpers.prepare_query_parameters",
                 return_value=prepared_parameters,
@@ -3994,24 +3942,23 @@ class TestAttackPathsScanViewSet:
 
         assert response.status_code == status.HTTP_200_OK
         mock_get_query.assert_called_once_with("aws-rds")
-        mock_get_db_name.assert_called_once_with(attack_paths_scan.provider.tenant_id)
         mock_prepare.assert_called_once_with(
             query_definition,
             {},
             attack_paths_scan.provider.uid,
         )
         mock_execute.assert_called_once_with(
-            expected_db_name,
+            attack_paths_scan,
             query_definition,
             prepared_parameters,
         )
-        mock_clear_cache.assert_called_once_with(expected_db_name)
+        mock_clear_cache.assert_called_once_with(attack_paths_scan.graph_database)
         result = response.json()["data"]
         attributes = result["attributes"]
         assert attributes["nodes"] == graph_payload["nodes"]
         assert attributes["relationships"] == graph_payload["relationships"]
 
-    def test_run_attack_paths_query_blocks_when_graph_data_not_ready(
+    def test_run_attack_paths_query_requires_completed_scan(
         self,
         authenticated_client,
         providers_fixture,
@@ -4023,7 +3970,6 @@ class TestAttackPathsScanViewSet:
             provider,
             scan=scans_fixture[0],
             state=StateChoices.EXECUTING,
-            graph_data_ready=False,
         )
 
         response = authenticated_client.post(
@@ -4035,9 +3981,9 @@ class TestAttackPathsScanViewSet:
         )
 
         assert response.status_code == status.HTTP_400_BAD_REQUEST
-        assert "not available" in response.json()["errors"][0]["detail"]
+        assert "must be completed" in response.json()["errors"][0]["detail"]
 
-    def test_run_attack_paths_query_allows_executing_scan_when_graph_data_ready(
+    def test_run_attack_paths_query_requires_graph_database(
         self,
         authenticated_client,
         providers_fixture,
@@ -4048,100 +3994,19 @@ class TestAttackPathsScanViewSet:
         attack_paths_scan = create_attack_paths_scan(
             provider,
             scan=scans_fixture[0],
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-        query_definition = AttackPathsQueryDefinition(
-            id="aws-test",
-            name="Test",
-            short_description="Test query.",
-            description="Test query",
-            provider=provider.provider,
-            cypher="MATCH (n) RETURN n",
-            parameters=[],
+            graph_database=None,
         )
 
-        with (
-            patch("api.v1.views.get_query_by_id", return_value=query_definition),
-            patch(
-                "api.v1.views.attack_paths_views_helpers.prepare_query_parameters",
-                return_value={"provider_uid": provider.uid},
+        response = authenticated_client.post(
+            reverse(
+                "attack-paths-scans-queries-run", kwargs={"pk": attack_paths_scan.id}
             ),
-            patch(
-                "api.v1.views.attack_paths_views_helpers.execute_attack_paths_query",
-                return_value={
-                    "nodes": [{"id": "n1", "labels": ["AWSAccount"], "properties": {}}],
-                    "relationships": [],
-                },
-            ),
-            patch("api.v1.views.graph_database.clear_cache"),
-            patch(
-                "api.v1.views.graph_database.get_database_name", return_value="db-test"
-            ),
-        ):
-            response = authenticated_client.post(
-                reverse(
-                    "attack-paths-scans-queries-run",
-                    kwargs={"pk": attack_paths_scan.id},
-                ),
-                data=self._run_payload("aws-test"),
-                content_type=API_JSON_CONTENT_TYPE,
-            )
-
-        assert response.status_code == status.HTTP_200_OK
-
-    def test_run_attack_paths_query_allows_failed_scan_when_graph_data_ready(
-        self,
-        authenticated_client,
-        providers_fixture,
-        scans_fixture,
-        create_attack_paths_scan,
-    ):
-        provider = providers_fixture[0]
-        attack_paths_scan = create_attack_paths_scan(
-            provider,
-            scan=scans_fixture[0],
-            state=StateChoices.FAILED,
-            graph_data_ready=True,
-        )
-        query_definition = AttackPathsQueryDefinition(
-            id="aws-test",
-            name="Test",
-            short_description="Test query.",
-            description="Test query",
-            provider=provider.provider,
-            cypher="MATCH (n) RETURN n",
-            parameters=[],
+            data=self._run_payload(),
+            content_type=API_JSON_CONTENT_TYPE,
         )
 
-        with (
-            patch("api.v1.views.get_query_by_id", return_value=query_definition),
-            patch(
-                "api.v1.views.attack_paths_views_helpers.prepare_query_parameters",
-                return_value={"provider_uid": provider.uid},
-            ),
-            patch(
-                "api.v1.views.attack_paths_views_helpers.execute_attack_paths_query",
-                return_value={
-                    "nodes": [{"id": "n1", "labels": ["AWSAccount"], "properties": {}}],
-                    "relationships": [],
-                },
-            ),
-            patch("api.v1.views.graph_database.clear_cache"),
-            patch(
-                "api.v1.views.graph_database.get_database_name", return_value="db-test"
-            ),
-        ):
-            response = authenticated_client.post(
-                reverse(
-                    "attack-paths-scans-queries-run",
-                    kwargs={"pk": attack_paths_scan.id},
-                ),
-                data=self._run_payload("aws-test"),
-                content_type=API_JSON_CONTENT_TYPE,
-            )
-
-        assert response.status_code == status.HTTP_200_OK
+        assert response.status_code == status.HTTP_500_INTERNAL_SERVER_ERROR
+        assert "does not reference a graph database" in str(response.json())
 
     def test_run_attack_paths_query_unknown_query(
         self,
@@ -4154,7 +4019,6 @@ class TestAttackPathsScanViewSet:
         attack_paths_scan = create_attack_paths_scan(
             provider,
             scan=scans_fixture[0],
-            graph_data_ready=True,
         )
 
         with patch("api.v1.views.get_query_by_id", return_value=None):
@@ -4181,12 +4045,10 @@ class TestAttackPathsScanViewSet:
         attack_paths_scan = create_attack_paths_scan(
             provider,
             scan=scans_fixture[0],
-            graph_data_ready=True,
         )
         query_definition = AttackPathsQueryDefinition(
             id="aws-empty",
             name="empty",
-            short_description="",
             description="",
             provider=provider.provider,
             cypher="MATCH (n) RETURN n",
@@ -10979,20 +10841,25 @@ class TestTenantFinishACSView:
             assert "sso_saml_failed=true" in response.url
 
     def test_dispatch_skips_role_mapping_when_single_manage_account_user(
-        self,
-        create_test_user,
-        tenants_fixture,
-        admin_role_fixture,
-        saml_setup,
-        settings,
-        monkeypatch,
+        self, create_test_user, tenants_fixture, saml_setup, settings, monkeypatch
     ):
         """Test that role mapping is skipped when tenant has only one user with MANAGE_ACCOUNT role"""
         monkeypatch.setenv("SAML_SSO_CALLBACK_URL", "http://localhost/sso-complete")
         user = create_test_user
         tenant = tenants_fixture[0]
 
-        admin_role = admin_role_fixture
+        # Create a single role with manage_account=True for the user
+        admin_role = Role.objects.using(MainRouter.admin_db).create(
+            name="admin",
+            tenant=tenant,
+            manage_account=True,
+            manage_users=True,
+            manage_billing=True,
+            manage_providers=True,
+            manage_integrations=True,
+            manage_scans=True,
+            unlimited_visibility=True,
+        )
         UserRoleRelationship.objects.using(MainRouter.admin_db).create(
             user=user, role=admin_role, tenant_id=tenant.id
         )
@@ -11063,92 +10930,8 @@ class TestTenantFinishACSView:
             .exists()
         )
 
-    def test_dispatch_skips_role_mapping_when_last_manage_account_user_maps_to_existing_role(
-        self,
-        create_test_user,
-        tenants_fixture,
-        admin_role_fixture,
-        roles_fixture,
-        saml_setup,
-        settings,
-        monkeypatch,
-    ):
-        """Test that role mapping is skipped when it would remove the last MANAGE_ACCOUNT user"""
-        monkeypatch.setenv("SAML_SSO_CALLBACK_URL", "http://localhost/sso-complete")
-        user = create_test_user
-        tenant = tenants_fixture[0]
-
-        admin_role = admin_role_fixture
-        viewer_role = roles_fixture[3]
-        UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-            user=user, role=admin_role, tenant_id=tenant.id
-        )
-
-        social_account = SocialAccount(
-            user=user,
-            provider="saml",
-            extra_data={
-                "firstName": ["John"],
-                "lastName": ["Doe"],
-                "organization": ["testing_company"],
-                "userType": [viewer_role.name],
-            },
-        )
-
-        request = RequestFactory().get(
-            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
-        )
-        request.user = user
-        request.session = {}
-
-        with (
-            patch(
-                "allauth.socialaccount.providers.saml.views.get_app_or_404"
-            ) as mock_get_app_or_404,
-            patch(
-                "allauth.socialaccount.models.SocialApp.objects.get"
-            ) as mock_socialapp_get,
-            patch(
-                "allauth.socialaccount.models.SocialAccount.objects.get"
-            ) as mock_sa_get,
-            patch("api.models.SAMLDomainIndex.objects.get") as mock_saml_domain_get,
-            patch("api.models.SAMLConfiguration.objects.get") as mock_saml_config_get,
-            patch("api.models.User.objects.get") as mock_user_get,
-        ):
-            mock_get_app_or_404.return_value = MagicMock(
-                provider="saml", client_id="testtenant", name="Test App", settings={}
-            )
-            mock_sa_get.return_value = social_account
-            mock_socialapp_get.return_value = MagicMock(provider_id="saml")
-            mock_saml_domain_get.return_value = SimpleNamespace(tenant_id=tenant.id)
-            mock_saml_config_get.return_value = MagicMock()
-            mock_user_get.return_value = user
-
-            view = TenantFinishACSView.as_view()
-            response = view(request, organization_slug="testtenant")
-
-        assert response.status_code == 302
-
-        assert (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(user=user, role=admin_role, tenant_id=tenant.id)
-            .exists()
-        )
-        assert not (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(user=user, role=viewer_role, tenant_id=tenant.id)
-            .exists()
-        )
-
     def test_dispatch_applies_role_mapping_when_multiple_manage_account_users(
-        self,
-        create_test_user,
-        tenants_fixture,
-        admin_role_fixture,
-        roles_fixture,
-        saml_setup,
-        settings,
-        monkeypatch,
+        self, create_test_user, tenants_fixture, saml_setup, settings, monkeypatch
     ):
         """Test that role mapping is applied when tenant has multiple users with MANAGE_ACCOUNT role"""
         monkeypatch.setenv("SAML_SSO_CALLBACK_URL", "http://localhost/sso-complete")
@@ -11159,8 +10942,17 @@ class TestTenantFinishACSView:
         second_admin = User.objects.using(MainRouter.admin_db).create(
             email="admin2@prowler.com", name="Second Admin"
         )
-        admin_role = admin_role_fixture
-        viewer_role = roles_fixture[3]
+        admin_role = Role.objects.using(MainRouter.admin_db).create(
+            name="admin",
+            tenant=tenant,
+            manage_account=True,
+            manage_users=True,
+            manage_billing=True,
+            manage_providers=True,
+            manage_integrations=True,
+            manage_scans=True,
+            unlimited_visibility=True,
+        )
         UserRoleRelationship.objects.using(MainRouter.admin_db).create(
             user=user, role=admin_role, tenant_id=tenant.id
         )
@@ -11175,7 +10967,7 @@ class TestTenantFinishACSView:
                 "firstName": ["John"],
                 "lastName": ["Doe"],
                 "organization": ["testing_company"],
-                "userType": [viewer_role.name],  # This SHOULD be applied
+                "userType": ["viewer"],  # This SHOULD be applied
             },
         )
 
@@ -11213,7 +11005,10 @@ class TestTenantFinishACSView:
 
         assert response.status_code == 302
 
-        # Verify the viewer role was assigned (role mapping was applied)
+        # Verify the viewer role was created and assigned (role mapping was applied)
+        viewer_role = Role.objects.using(MainRouter.admin_db).get(
+            name="viewer", tenant=tenant
+        )
         assert (
             UserRoleRelationship.objects.using(MainRouter.admin_db)
             .filter(user=user, role=viewer_role, tenant_id=tenant.id)
@@ -11227,86 +11022,6 @@ class TestTenantFinishACSView:
             .exists()
         )
 
-    def test_dispatch_applies_role_mapping_for_non_admin_user_with_single_admin(
-        self,
-        create_test_user,
-        tenants_fixture,
-        admin_role_fixture,
-        roles_fixture,
-        saml_setup,
-        settings,
-        monkeypatch,
-    ):
-        """Test that role mapping is applied for a non-admin user when a single admin exists"""
-        monkeypatch.setenv("SAML_SSO_CALLBACK_URL", "http://localhost/sso-complete")
-        admin_user = create_test_user
-        tenant = tenants_fixture[0]
-        non_admin_user = User.objects.using(MainRouter.admin_db).create(
-            email="viewer@prowler.com", name="Viewer"
-        )
-
-        admin_role = admin_role_fixture
-        viewer_role = roles_fixture[3]
-        UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-            user=admin_user, role=admin_role, tenant_id=tenant.id
-        )
-
-        social_account = SocialAccount(
-            user=non_admin_user,
-            provider="saml",
-            extra_data={
-                "firstName": ["Jane"],
-                "lastName": ["Doe"],
-                "organization": ["testing_company"],
-                "userType": [viewer_role.name],
-            },
-        )
-
-        request = RequestFactory().get(
-            reverse("saml_finish_acs", kwargs={"organization_slug": "testtenant"})
-        )
-        request.user = non_admin_user
-        request.session = {}
-
-        with (
-            patch(
-                "allauth.socialaccount.providers.saml.views.get_app_or_404"
-            ) as mock_get_app_or_404,
-            patch(
-                "allauth.socialaccount.models.SocialApp.objects.get"
-            ) as mock_socialapp_get,
-            patch(
-                "allauth.socialaccount.models.SocialAccount.objects.get"
-            ) as mock_sa_get,
-            patch("api.models.SAMLDomainIndex.objects.get") as mock_saml_domain_get,
-            patch("api.models.SAMLConfiguration.objects.get") as mock_saml_config_get,
-            patch("api.models.User.objects.get") as mock_user_get,
-        ):
-            mock_get_app_or_404.return_value = MagicMock(
-                provider="saml", client_id="testtenant", name="Test App", settings={}
-            )
-            mock_sa_get.return_value = social_account
-            mock_socialapp_get.return_value = MagicMock(provider_id="saml")
-            mock_saml_domain_get.return_value = SimpleNamespace(tenant_id=tenant.id)
-            mock_saml_config_get.return_value = MagicMock()
-            mock_user_get.return_value = non_admin_user
-
-            view = TenantFinishACSView.as_view()
-            response = view(request, organization_slug="testtenant")
-
-        assert response.status_code == 302
-
-        assert (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(user=non_admin_user, role=viewer_role, tenant_id=tenant.id)
-            .exists()
-        )
-        assert (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(user=admin_user, role=admin_role, tenant_id=tenant.id)
-            .exists()
-        )
-
 
 @pytest.mark.django_db
 class TestLighthouseConfigViewSet:

api/src/backend/api/utils.py

@@ -33,7 +33,6 @@ if TYPE_CHECKING:
     from prowler.providers.mongodbatlas.mongodbatlas_provider import (
         MongodbatlasProvider,
     )
-    from prowler.providers.openstack.openstack_provider import OpenstackProvider
     from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider
 
 
@@ -79,14 +78,12 @@ def return_prowler_provider(
     AlibabacloudProvider
     | AwsProvider
     | AzureProvider
-    | CloudflareProvider
     | GcpProvider
     | GithubProvider
     | IacProvider
     | KubernetesProvider
     | M365Provider
     | MongodbatlasProvider
-    | OpenstackProvider
     | OraclecloudProvider
 ):
     """Return the Prowler provider class based on the given provider type.
@@ -95,7 +92,7 @@ def return_prowler_provider(
         provider (Provider): The provider object containing the provider type and associated secrets.
 
     Returns:
-        AlibabacloudProvider | AwsProvider | AzureProvider | CloudflareProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OpenstackProvider | OraclecloudProvider: The corresponding provider class.
+        AlibabacloudProvider | AwsProvider | AzureProvider | CloudflareProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OraclecloudProvider: The corresponding provider class.
 
     Raises:
         ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -155,10 +152,6 @@ def return_prowler_provider(
             )
 
             prowler_provider = CloudflareProvider
-        case Provider.ProviderChoices.OPENSTACK.value:
-            from prowler.providers.openstack.openstack_provider import OpenstackProvider
-
-            prowler_provider = OpenstackProvider
         case _:
             raise ValueError(f"Provider type {provider.provider} not supported")
     return prowler_provider
@@ -215,12 +208,6 @@ def get_prowler_provider_kwargs(
             **prowler_provider_kwargs,
             "filter_accounts": [provider.uid],
         }
-    elif provider.provider == Provider.ProviderChoices.OPENSTACK.value:
-        # No extra kwargs needed: clouds_yaml_content and clouds_yaml_cloud from the
-        # secret are sufficient. Validating project_id (provider.uid) against the
-        # clouds.yaml is not feasible because not all auth methods include it and the
-        # Keystone API is unavailable on public clouds.
-        pass
 
     if mutelist_processor:
         mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
@@ -245,7 +232,6 @@ def initialize_prowler_provider(
     | KubernetesProvider
     | M365Provider
     | MongodbatlasProvider
-    | OpenstackProvider
     | OraclecloudProvider
 ):
     """Initialize a Prowler provider instance based on the given provider type.
@@ -255,7 +241,7 @@ def initialize_prowler_provider(
         mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.
 
     Returns:
-        AlibabacloudProvider | AwsProvider | AzureProvider | CloudflareProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OpenstackProvider | OraclecloudProvider: An instance of the corresponding provider class
+        AlibabacloudProvider | AwsProvider | AzureProvider | CloudflareProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OraclecloudProvider: An instance of the corresponding provider class
             initialized with the provider's secrets.
     """
     prowler_provider = return_prowler_provider(provider)
@@ -290,13 +276,6 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
         if "access_token" in prowler_provider_kwargs:
             iac_test_kwargs["access_token"] = prowler_provider_kwargs["access_token"]
         return prowler_provider.test_connection(**iac_test_kwargs)
-    elif provider.provider == Provider.ProviderChoices.OPENSTACK.value:
-        openstack_kwargs = {
-            "clouds_yaml_content": prowler_provider_kwargs["clouds_yaml_content"],
-            "clouds_yaml_cloud": prowler_provider_kwargs["clouds_yaml_cloud"],
-            "raise_on_exception": False,
-        }
-        return prowler_provider.test_connection(**openstack_kwargs)
     else:
         return prowler_provider.test_connection(
             **prowler_provider_kwargs,

api/src/backend/api/v1/serializer_utils/providers.py

@@ -373,21 +373,6 @@ from rest_framework_json_api import serializers
                 },
                 "required": ["api_key", "api_email"],
             },
-            {
-                "type": "object",
-                "title": "OpenStack clouds.yaml Credentials",
-                "properties": {
-                    "clouds_yaml_content": {
-                        "type": "string",
-                        "description": "The full content of a clouds.yaml configuration file.",
-                    },
-                    "clouds_yaml_cloud": {
-                        "type": "string",
-                        "description": "The name of the cloud to use from the clouds.yaml file.",
-                    },
-                },
-                "required": ["clouds_yaml_content", "clouds_yaml_cloud"],
-            },
         ]
     }
 )

api/src/backend/api/v1/serializers.py

@@ -1145,7 +1145,6 @@ class AttackPathsScanSerializer(RLSSerializer):
             "id",
             "state",
             "progress",
-            "graph_data_ready",
             "provider",
             "provider_alias",
             "provider_type",
@@ -1177,14 +1176,6 @@ class AttackPathsScanSerializer(RLSSerializer):
         return provider.uid if provider else None
 
 
-class AttackPathsQueryAttributionSerializer(BaseSerializerV1):
-    text = serializers.CharField()
-    link = serializers.CharField()
-
-    class JSONAPIMeta:
-        resource_name = "attack-paths-query-attributions"
-
-
 class AttackPathsQueryParameterSerializer(BaseSerializerV1):
     name = serializers.CharField()
     label = serializers.CharField()
@@ -1199,9 +1190,7 @@ class AttackPathsQueryParameterSerializer(BaseSerializerV1):
 class AttackPathsQuerySerializer(BaseSerializerV1):
     id = serializers.CharField()
     name = serializers.CharField()
-    short_description = serializers.CharField()
     description = serializers.CharField()
-    attribution = AttackPathsQueryAttributionSerializer(allow_null=True, required=False)
     provider = serializers.CharField()
     parameters = AttackPathsQueryParameterSerializer(many=True)
 
@@ -1526,8 +1515,6 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                             "or both 'api_key' and 'api_email'."
                         }
                     )
-            elif provider_type == Provider.ProviderChoices.OPENSTACK.value:
-                serializer = OpenStackCloudsYamlProviderSecret(data=secret)
             else:
                 raise serializers.ValidationError(
                     {"provider": f"Provider type not supported {provider_type}"}
@@ -1694,14 +1681,6 @@ class CloudflareApiKeyProviderSecret(serializers.Serializer):
         resource_name = "provider-secrets"
 
 
-class OpenStackCloudsYamlProviderSecret(serializers.Serializer):
-    clouds_yaml_content = serializers.CharField()
-    clouds_yaml_cloud = serializers.CharField()
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AlibabaCloudProviderSecret(serializers.Serializer):
     access_key_id = serializers.CharField()
     access_key_secret = serializers.CharField()

api/src/backend/api/v1/views.py

@@ -763,40 +763,27 @@ class TenantFinishACSView(FinishACSView):
             .tenant
         )
 
-        role_name = (
-            extra.get("userType", ["no_permissions"])[0].strip()
-            if extra.get("userType")
-            else "no_permissions"
-        )
-        role = (
-            Role.objects.using(MainRouter.admin_db)
-            .filter(name=role_name, tenant=tenant)
-            .first()
-        )
-
-        # Only skip mapping if it would remove the last MANAGE_ACCOUNT user
-        remaining_manage_account_users = (
+        # Check if tenant has only one user with MANAGE_ACCOUNT role
+        users_with_manage_account = (
             UserRoleRelationship.objects.using(MainRouter.admin_db)
             .filter(role__manage_account=True, tenant_id=tenant.id)
-            .exclude(user_id=user_id)
             .values("user")
             .distinct()
             .count()
         )
-        user_has_manage_account = (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(role__manage_account=True, tenant_id=tenant.id, user_id=user_id)
-            .exists()
-        )
-        role_manage_account = role.manage_account if role else False
-        would_remove_last_manage_account = (
-            user_has_manage_account
-            and remaining_manage_account_users == 0
-            and not role_manage_account
-        )
 
-        if not would_remove_last_manage_account:
-            if role is None:
+        # Only apply role mapping from userType if tenant does NOT have exactly one user with MANAGE_ACCOUNT
+        if users_with_manage_account != 1:
+            role_name = (
+                extra.get("userType", ["no_permissions"])[0].strip()
+                if extra.get("userType")
+                else "no_permissions"
+            )
+            try:
+                role = Role.objects.using(MainRouter.admin_db).get(
+                    name=role_name, tenant=tenant
+                )
+            except Role.DoesNotExist:
                 role = Role.objects.using(MainRouter.admin_db).create(
                     name=role_name,
                     tenant=tenant,
@@ -1759,25 +1746,6 @@ class ProviderViewSet(DisablePaginationMixin, BaseRLSViewSet):
             ),
         },
     ),
-    csa=extend_schema(
-        tags=["Scan"],
-        summary="Retrieve CSA CCM compliance report",
-        description="Download CSA Cloud Controls Matrix (CCM) v4.0 compliance report as a PDF file.",
-        request=None,
-        responses={
-            200: OpenApiResponse(
-                description="PDF file containing the CSA CCM compliance report"
-            ),
-            202: OpenApiResponse(description="The task is in progress"),
-            401: OpenApiResponse(
-                description="API key missing or user not Authenticated"
-            ),
-            403: OpenApiResponse(description="There is a problem with credentials"),
-            404: OpenApiResponse(
-                description="The scan has no CSA CCM reports, or the CSA CCM report generation task has not started yet"
-            ),
-        },
-    ),
 )
 @method_decorator(CACHE_DECORATOR, name="list")
 @method_decorator(CACHE_DECORATOR, name="retrieve")
@@ -1843,9 +1811,6 @@ class ScanViewSet(BaseRLSViewSet):
         elif self.action == "nis2":
             if hasattr(self, "response_serializer_class"):
                 return self.response_serializer_class
-        elif self.action == "csa":
-            if hasattr(self, "response_serializer_class"):
-                return self.response_serializer_class
         return super().get_serializer_class()
 
     def partial_update(self, request, *args, **kwargs):
@@ -2207,45 +2172,6 @@ class ScanViewSet(BaseRLSViewSet):
         content, filename = loader
         return self._serve_file(content, filename, "application/pdf")
 
-    @action(
-        detail=True,
-        methods=["get"],
-        url_name="csa",
-    )
-    def csa(self, request, pk=None):
-        scan = self.get_object()
-        running_resp = self._get_task_status(scan)
-        if running_resp:
-            return running_resp
-
-        if not scan.output_location:
-            return Response(
-                {
-                    "detail": "The scan has no reports, or the CSA CCM report generation task has not started yet."
-                },
-                status=status.HTTP_404_NOT_FOUND,
-            )
-
-        if scan.output_location.startswith("s3://"):
-            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
-            prefix = os.path.join(
-                os.path.dirname(key_prefix),
-                "csa",
-                "*_csa_report.pdf",
-            )
-            loader = self._load_file(prefix, s3=True, bucket=bucket, list_objects=True)
-        else:
-            base = os.path.dirname(scan.output_location)
-            pattern = os.path.join(base, "csa", "*_csa_report.pdf")
-            loader = self._load_file(pattern, s3=False)
-
-        if isinstance(loader, Response):
-            return loader
-
-        content, filename = loader
-        return self._serve_file(content, filename, "application/pdf")
-
     def create(self, request, *args, **kwargs):
         input_serializer = self.get_serializer(data=request.data)
         input_serializer.is_valid(raise_exception=True)
@@ -2482,13 +2408,22 @@ class AttackPathsScanViewSet(BaseRLSViewSet):
     def run_attack_paths_query(self, request, pk=None):
         attack_paths_scan = self.get_object()
 
-        if not attack_paths_scan.graph_data_ready:
+        if attack_paths_scan.state != StateChoices.COMPLETED:
             raise ValidationError(
                 {
-                    "detail": "Attack Paths data is not available for querying - a scan must complete at least once before queries can be run"
+                    "detail": "The Attack Paths scan must be completed before running Attack Paths queries"
                 }
             )
 
+        if not attack_paths_scan.graph_database:
+            logger.error(
+                f"The Attack Paths Scan {attack_paths_scan.id} does not reference a graph database"
+            )
+            return Response(
+                {"detail": "The Attack Paths scan does not reference a graph database"},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+
         payload = attack_paths_views_helpers.normalize_run_payload(request.data)
         serializer = AttackPathsQueryRunRequestSerializer(data=payload)
         serializer.is_valid(raise_exception=True)
@@ -2502,9 +2437,6 @@ class AttackPathsScanViewSet(BaseRLSViewSet):
                 {"id": "Unknown Attack Paths query for the selected provider"}
             )
 
-        database_name = graph_database.get_database_name(
-            attack_paths_scan.provider.tenant_id
-        )
         parameters = attack_paths_views_helpers.prepare_query_parameters(
             query_definition,
             serializer.validated_data.get("parameters", {}),
@@ -2512,9 +2444,9 @@ class AttackPathsScanViewSet(BaseRLSViewSet):
         )
 
         graph = attack_paths_views_helpers.execute_attack_paths_query(
-            database_name, query_definition, parameters
+            attack_paths_scan, query_definition, parameters
         )
-        graph_database.clear_cache(database_name)
+        graph_database.clear_cache(attack_paths_scan.graph_database)
 
         status_code = status.HTTP_200_OK
         if not graph.get("nodes"):

api/src/backend/config/django/testing.py

@@ -18,10 +18,6 @@ DATABASES = {
 
 DATABASE_ROUTERS = []
 TESTING = True
-# Override page size for testing to a value only slightly above the current fixture count.
-# We explicitly set PAGE_SIZE to 15 (round number just above fixture) to avoid masking pagination bugs, while not setting it excessively high.
-# If you add more providers to the fixture, please review that the total value is below the current one and update this value if needed.
-REST_FRAMEWORK["PAGE_SIZE"] = 15  # noqa: F405
 SECRETS_ENCRYPTION_KEY = "ZMiYVo7m4Fbe2eXXPyrwxdJss2WSalXSv3xHBcJkPl0="
 
 # DRF Simple API Key settings

api/src/backend/conftest.py

@@ -537,12 +537,6 @@ def providers_fixture(tenants_fixture):
         alias="cloudflare_testing",
         tenant_id=tenant.id,
     )
-    provider11 = Provider.objects.create(
-        provider="openstack",
-        uid="a1b2c3d4-e5f6-7890-abcd-ef1234567890",
-        alias="openstack_testing",
-        tenant_id=tenant.id,
-    )
 
     return (
         provider1,
@@ -555,7 +549,6 @@ def providers_fixture(tenants_fixture):
         provider8,
         provider9,
         provider10,
-        provider11,
     )
 
 
@@ -1625,6 +1618,7 @@ def create_attack_paths_scan():
         scan=None,
         state=StateChoices.COMPLETED,
         progress=0,
+        graph_database="tenant-db",
         **extra_fields,
     ):
         scan_instance = scan or Scan.objects.create(
@@ -1641,6 +1635,7 @@ def create_attack_paths_scan():
             "scan": scan_instance,
             "state": state,
             "progress": progress,
+            "graph_database": graph_database,
         }
         payload.update(extra_fields)
 
@@ -1668,7 +1663,6 @@ def attack_paths_query_definition_factory():
         definition_payload = {
             "id": "aws-test",
             "name": "Attack Paths Test Query",
-            "short_description": "Synthetic short description for tests.",
             "description": "Synthetic Attack Paths definition for tests.",
             "provider": "aws",
             "cypher": "RETURN 1",

api/src/backend/tasks/jobs/attack_paths/config.py

@@ -12,10 +12,8 @@ BATCH_SIZE = env.int("ATTACK_PATHS_BATCH_SIZE", 1000)
 # Neo4j internal labels (Prowler-specific, not provider-specific)
 # - `ProwlerFinding`: Label for finding nodes created by Prowler and linked to cloud resources.
 # - `ProviderResource`: Added to ALL synced nodes for provider isolation and drop/query ops.
-# - `Internet`: Singleton node representing external internet access for exposed-resource queries.
 PROWLER_FINDING_LABEL = "ProwlerFinding"
 PROVIDER_RESOURCE_LABEL = "ProviderResource"
-INTERNET_NODE_LABEL = "Internet"
 
 
 @dataclass(frozen=True)

api/src/backend/tasks/jobs/attack_paths/db_utils.py

@@ -2,9 +2,7 @@ from datetime import datetime, timezone
 from typing import Any
 
 from cartography.config import Config as CartographyConfig
-from celery.utils.log import get_task_logger
 
-from api.attack_paths import database as graph_database
 from api.db_utils import rls_transaction
 from api.models import (
     AttackPathsScan as ProwlerAPIAttackPathsScan,
@@ -13,8 +11,6 @@ from api.models import (
 )
 from tasks.jobs.attack_paths.config import is_provider_available
 
-logger = get_task_logger(__name__)
-
 
 def can_provider_run_attack_paths_scan(tenant_id: str, provider_id: int) -> bool:
     with rls_transaction(tenant_id):
@@ -32,21 +28,12 @@ def create_attack_paths_scan(
         return None
 
     with rls_transaction(tenant_id):
-        # Inherit graph_data_ready from the previous scan for this provider,
-        # so queries remain available while the new scan runs.
-        previous_data_ready = ProwlerAPIAttackPathsScan.objects.filter(
-            tenant_id=tenant_id,
-            provider_id=provider_id,
-            graph_data_ready=True,
-        ).exists()
-
         attack_paths_scan = ProwlerAPIAttackPathsScan.objects.create(
             tenant_id=tenant_id,
             provider_id=provider_id,
             scan_id=scan_id,
             state=StateChoices.SCHEDULED,
             started_at=datetime.now(tz=timezone.utc),
-            graph_data_ready=previous_data_ready,
         )
         attack_paths_scan.save()
 
@@ -79,6 +66,7 @@ def starting_attack_paths_scan(
         attack_paths_scan.state = StateChoices.EXECUTING
         attack_paths_scan.started_at = datetime.now(tz=timezone.utc)
         attack_paths_scan.update_tag = cartography_config.update_tag
+        attack_paths_scan.graph_database = cartography_config.neo4j_database
 
         attack_paths_scan.save(
             update_fields=[
@@ -86,6 +74,7 @@ def starting_attack_paths_scan(
                 "state",
                 "started_at",
                 "update_tag",
+                "graph_database",
             ]
         )
 
@@ -97,11 +86,7 @@ def finish_attack_paths_scan(
 ) -> None:
     with rls_transaction(attack_paths_scan.tenant_id):
         now = datetime.now(tz=timezone.utc)
-        duration = (
-            int((now - attack_paths_scan.started_at).total_seconds())
-            if attack_paths_scan.started_at
-            else 0
-        )
+        duration = int((now - attack_paths_scan.started_at).total_seconds())
 
         attack_paths_scan.state = state
         attack_paths_scan.progress = 100
@@ -129,59 +114,33 @@ def update_attack_paths_scan_progress(
         attack_paths_scan.save(update_fields=["progress"])
 
 
-def set_graph_data_ready(
-    attack_paths_scan: ProwlerAPIAttackPathsScan,
-    ready: bool,
-) -> None:
-    with rls_transaction(attack_paths_scan.tenant_id):
-        attack_paths_scan.graph_data_ready = ready
-        attack_paths_scan.save(update_fields=["graph_data_ready"])
-
-
-def set_provider_graph_data_ready(
-    attack_paths_scan: ProwlerAPIAttackPathsScan,
-    ready: bool,
-) -> None:
-    """
-    Set `graph_data_ready` for ALL scans of the same provider.
-
-    Used before drop/sync so that older scan IDs cannot bypass the query gate while the graph is being replaced.
-    """
-    with rls_transaction(attack_paths_scan.tenant_id):
-        ProwlerAPIAttackPathsScan.objects.filter(
-            tenant_id=attack_paths_scan.tenant_id,
-            provider_id=attack_paths_scan.provider_id,
-        ).update(graph_data_ready=ready)
-        attack_paths_scan.refresh_from_db(fields=["graph_data_ready"])
-
-
-def fail_attack_paths_scan(
+def get_old_attack_paths_scans(
     tenant_id: str,
-    scan_id: str,
-    error: str,
-) -> None:
+    provider_id: str,
+    attack_paths_scan_id: str,
+) -> list[ProwlerAPIAttackPathsScan]:
     """
-    Mark the `AttackPathsScan` row as `FAILED` unless it's already `COMPLETED` or `FAILED`.
-    Used as a safety net when the Celery task fails outside the job's own error handling.
+    An `old_attack_paths_scan` is any `completed` Attack Paths scan for the same provider,
+    with its graph database not deleted, excluding the current Attack Paths scan.
     """
-    attack_paths_scan = retrieve_attack_paths_scan(tenant_id, scan_id)
-    if attack_paths_scan and attack_paths_scan.state not in (
-        StateChoices.COMPLETED,
-        StateChoices.FAILED,
-    ):
-        tmp_db_name = graph_database.get_database_name(
-            attack_paths_scan.id, temporary=True
-        )
-        try:
-            graph_database.drop_database(tmp_db_name)
 
-        except Exception:
-            logger.exception(
-                f"Failed to drop temp database {tmp_db_name} during failure handling"
+    with rls_transaction(tenant_id):
+        completed_scans_qs = (
+            ProwlerAPIAttackPathsScan.objects.filter(
+                provider_id=provider_id,
+                state=StateChoices.COMPLETED,
+                is_graph_database_deleted=False,
             )
-
-        finish_attack_paths_scan(
-            attack_paths_scan,
-            StateChoices.FAILED,
-            {"global_error": error},
+            .exclude(id=attack_paths_scan_id)
+            .all()
         )
+
+        return list(completed_scans_qs)
+
+
+def update_old_attack_paths_scan(
+    old_attack_paths_scan: ProwlerAPIAttackPathsScan,
+) -> None:
+    with rls_transaction(old_attack_paths_scan.tenant_id):
+        old_attack_paths_scan.is_graph_database_deleted = True
+        old_attack_paths_scan.save(update_fields=["is_graph_database_deleted"])

api/src/backend/tasks/jobs/attack_paths/indexes.py

@@ -6,7 +6,6 @@ from cartography.client.core.tx import run_write_query
 from celery.utils.log import get_task_logger
 
 from tasks.jobs.attack_paths.config import (
-    INTERNET_NODE_LABEL,
     PROWLER_FINDING_LABEL,
     PROVIDER_RESOURCE_LABEL,
 )
@@ -31,8 +30,6 @@ FINDINGS_INDEX_STATEMENTS = [
     f"CREATE INDEX prowler_finding_provider_uid IF NOT EXISTS FOR (n:{PROWLER_FINDING_LABEL}) ON (n.provider_uid);",
     f"CREATE INDEX prowler_finding_lastupdated IF NOT EXISTS FOR (n:{PROWLER_FINDING_LABEL}) ON (n.lastupdated);",
     f"CREATE INDEX prowler_finding_status IF NOT EXISTS FOR (n:{PROWLER_FINDING_LABEL}) ON (n.status);",
-    # Internet node index for MERGE lookups
-    f"CREATE INDEX internet_id IF NOT EXISTS FOR (n:{INTERNET_NODE_LABEL}) ON (n.id);",
 ]
 
 # Indexes for provider resource sync operations

api/src/backend/tasks/jobs/attack_paths/internet.py

@@ -1,67 +0,0 @@
-"""
-Internet node enrichment for Attack Paths graph.
-
-Creates a real Internet node and CAN_ACCESS relationships to
-internet-exposed resources (EC2Instance, LoadBalancer, LoadBalancerV2)
-in the temporary scan database before sync.
-"""
-
-import neo4j
-
-from cartography.config import Config as CartographyConfig
-from celery.utils.log import get_task_logger
-
-from api.models import Provider
-from prowler.config import config as ProwlerConfig
-from tasks.jobs.attack_paths.config import get_root_node_label
-from tasks.jobs.attack_paths.queries import (
-    CREATE_CAN_ACCESS_RELATIONSHIPS_TEMPLATE,
-    CREATE_INTERNET_NODE,
-    render_cypher_template,
-)
-
-logger = get_task_logger(__name__)
-
-
-def analysis(
-    neo4j_session: neo4j.Session,
-    prowler_api_provider: Provider,
-    config: CartographyConfig,
-) -> int:
-    """
-    Create Internet node and CAN_ACCESS relationships to exposed resources.
-
-    Args:
-        neo4j_session: Active Neo4j session (temp database).
-        prowler_api_provider: The Prowler API provider instance.
-        config: Cartography configuration with update_tag.
-
-    Returns:
-        Number of CAN_ACCESS relationships created.
-    """
-    provider_uid = str(prowler_api_provider.uid)
-
-    parameters = {
-        "provider_uid": provider_uid,
-        "last_updated": config.update_tag,
-        "prowler_version": ProwlerConfig.prowler_version,
-    }
-
-    logger.info(f"Creating Internet node for provider {provider_uid}")
-    neo4j_session.run(CREATE_INTERNET_NODE, parameters)
-
-    query = render_cypher_template(
-        CREATE_CAN_ACCESS_RELATIONSHIPS_TEMPLATE,
-        {"__ROOT_LABEL__": get_root_node_label(prowler_api_provider.provider)},
-    )
-
-    logger.info(
-        f"Creating CAN_ACCESS relationships from Internet to exposed resources for {provider_uid}"
-    )
-    result = neo4j_session.run(query, parameters)
-    relationships_merged = result.single().get("relationships_merged", 0)
-
-    logger.info(
-        f"Created {relationships_merged} CAN_ACCESS relationships for provider {provider_uid}"
-    )
-    return relationships_merged

api/src/backend/tasks/jobs/attack_paths/queries.py

@@ -1,6 +1,5 @@
 # Cypher query templates for Attack Paths operations
 from tasks.jobs.attack_paths.config import (
-    INTERNET_NODE_LABEL,
     PROWLER_FINDING_LABEL,
     PROVIDER_RESOURCE_LABEL,
 )
@@ -92,37 +91,6 @@ CLEANUP_FINDINGS_TEMPLATE = f"""
     RETURN COUNT(finding) AS deleted_findings_count
 """
 
-# Internet queries (used by internet.py)
-# ---------------------------------------
-
-CREATE_INTERNET_NODE = f"""
-    MERGE (internet:{INTERNET_NODE_LABEL} {{id: 'Internet'}})
-    ON CREATE SET
-        internet.name = 'Internet',
-        internet.firstseen = timestamp(),
-        internet.lastupdated = $last_updated,
-        internet._module_name = 'cartography:prowler',
-        internet._module_version = $prowler_version
-    ON MATCH SET
-        internet.lastupdated = $last_updated
-"""
-
-CREATE_CAN_ACCESS_RELATIONSHIPS_TEMPLATE = f"""
-    MATCH (account:__ROOT_LABEL__ {{id: $provider_uid}})-->(resource)
-    WHERE resource.exposed_internet = true
-    WITH resource
-    MATCH (internet:{INTERNET_NODE_LABEL} {{id: 'Internet'}})
-    MERGE (internet)-[r:CAN_ACCESS]->(resource)
-    ON CREATE SET
-        r.firstseen = timestamp(),
-        r.lastupdated = $last_updated,
-        r._module_name = 'cartography:prowler',
-        r._module_version = $prowler_version
-    ON MATCH SET
-        r.lastupdated = $last_updated
-    RETURN COUNT(r) AS relationships_merged
-"""
-
 # Sync queries (used by sync.py)
 # -------------------------------
 

api/src/backend/tasks/jobs/attack_paths/scan.py

@@ -16,7 +16,7 @@ from api.models import (
     StateChoices,
 )
 from api.utils import initialize_prowler_provider
-from tasks.jobs.attack_paths import db_utils, findings, internet, sync, utils
+from tasks.jobs.attack_paths import db_utils, findings, sync, utils
 from tasks.jobs.attack_paths.config import get_cartography_ingestion_function
 
 # Without this Celery goes crazy with Cartography logging
@@ -135,15 +135,7 @@ def run(tenant_id: str, scan_id: str, task_id: str) -> dict[str, Any]:
             cartography_analysis.run(tmp_neo4j_session, tmp_cartography_config)
             db_utils.update_attack_paths_scan_progress(attack_paths_scan, 96)
 
-            # Creating Internet node and CAN_ACCESS relationships
-            logger.info(
-                f"Creating Internet graph for AWS account {prowler_api_provider.uid}"
-            )
-            internet.analysis(
-                tmp_neo4j_session, prowler_api_provider, tmp_cartography_config
-            )
-
-            # Adding Prowler Finding nodes and relationships
+            # Adding Prowler nodes and relationships
             logger.info(
                 f"Syncing Prowler analysis for AWS account {prowler_api_provider.uid}"
             )
@@ -169,7 +161,6 @@ def run(tenant_id: str, scan_id: str, task_id: str) -> dict[str, Any]:
             sync.create_sync_indexes(tenant_neo4j_session)
 
         logger.info(f"Deleting existing provider graph in {tenant_database_name}")
-        db_utils.set_provider_graph_data_ready(attack_paths_scan, False)
         graph_database.drop_subgraph(
             database=tenant_database_name,
             provider_id=str(prowler_api_provider.id),
@@ -184,7 +175,6 @@ def run(tenant_id: str, scan_id: str, task_id: str) -> dict[str, Any]:
             target_database=tenant_database_name,
             provider_id=str(prowler_api_provider.id),
         )
-        db_utils.set_graph_data_ready(attack_paths_scan, True)
         db_utils.update_attack_paths_scan_progress(attack_paths_scan, 99)
 
         logger.info(f"Clearing Neo4j cache for database {tenant_database_name}")
@@ -195,6 +185,30 @@ def run(tenant_id: str, scan_id: str, task_id: str) -> dict[str, Any]:
             f"{prowler_api_provider.provider.upper()} provider {prowler_api_provider.id}"
         )
 
+        # TODO
+        # This piece of code delete old Neo4j databases for this tenant's provider
+        # When we clean all of these databases we need to:
+        #   - Delete this block
+        #   - Delete function from `db_utils` the functions get_old_attack_paths_scans` & `update_old_attack_paths_scan`
+        #   - Remove `graph_database` & `is_graph_database_deleted` from the AttackPathsScan model:
+        #     - Check indexes
+        #     - Create migration
+        #     - The use of `attack_paths_scan.graph_database` on `views` and `views_helpers`
+        #     - Tests
+        old_attack_paths_scans = db_utils.get_old_attack_paths_scans(
+            prowler_api_provider.tenant_id,
+            prowler_api_provider.id,
+            attack_paths_scan.id,
+        )
+        for old_attack_paths_scan in old_attack_paths_scans:
+            old_graph_database = old_attack_paths_scan.graph_database
+            if old_graph_database and old_graph_database != tenant_database_name:
+                logger.info(
+                    f"Dropping old Neo4j database {old_graph_database} for provider {prowler_api_provider.id}"
+                )
+                graph_database.drop_database(old_graph_database)
+            db_utils.update_old_attack_paths_scan(old_attack_paths_scan)
+
         logger.info(f"Dropping temporary Neo4j database {tmp_database_name}")
         graph_database.drop_database(tmp_database_name)
 
@@ -206,17 +220,10 @@ def run(tenant_id: str, scan_id: str, task_id: str) -> dict[str, Any]:
     except Exception as e:
         exception_message = utils.stringify_exception(e, "Cartography failed")
         logger.error(exception_message)
-        ingestion_exceptions["global_error"] = exception_message
+        ingestion_exceptions["global_cartography_error"] = exception_message
 
         # Handling databases changes
-        try:
-            graph_database.drop_database(tmp_cartography_config.neo4j_database)
-
-        except Exception:
-            logger.exception(
-                f"Failed to drop temporary Neo4j database {tmp_cartography_config.neo4j_database} during cleanup"
-            )
-
+        graph_database.drop_database(tmp_cartography_config.neo4j_database)
         db_utils.finish_attack_paths_scan(
             attack_paths_scan, StateChoices.FAILED, ingestion_exceptions
         )

api/src/backend/tasks/jobs/deletion.py

@@ -27,42 +27,12 @@ def delete_provider(tenant_id: str, pk: str):
 
     Returns:
         dict: A dictionary with the count of deleted objects per model,
-              including related models. Returns an empty dict if the provider
-              was already deleted.
+              including related models.
+
+    Raises:
+        Provider.DoesNotExist: If no instance with the provided primary key exists.
     """
-
-    # Get all provider related data to delete them in batches
-    with rls_transaction(tenant_id):
-        try:
-            instance = Provider.all_objects.get(pk=pk)
-        except Provider.DoesNotExist:
-            logger.info(f"Provider `{pk}` already deleted, skipping")
-            return {}
-
-        attack_paths_scan_ids = list(
-            AttackPathsScan.all_objects.filter(provider=instance).values_list(
-                "id", flat=True
-            )
-        )
-
-        deletion_steps = [
-            ("Scan Summaries", ScanSummary.all_objects.filter(scan__provider=instance)),
-            ("Findings", Finding.all_objects.filter(scan__provider=instance)),
-            ("Resources", Resource.all_objects.filter(provider=instance)),
-            ("Scans", Scan.all_objects.filter(provider=instance)),
-            ("AttackPathsScans", AttackPathsScan.all_objects.filter(provider=instance)),
-        ]
-
-    # Drop orphaned temporary Neo4j databases
-    for aps_id in attack_paths_scan_ids:
-        tmp_db_name = graph_database.get_database_name(aps_id, temporary=True)
-        try:
-            graph_database.drop_database(tmp_db_name)
-
-        except graph_database.GraphDatabaseQueryException:
-            logger.warning(f"Failed to drop temp database {tmp_db_name}, continuing")
-
-    # Delete the Attack Paths' graph data related to the provider from the tenant database
+    # Delete the Attack Paths' graph data related to the provider
     tenant_database_name = graph_database.get_database_name(tenant_id)
     try:
         graph_database.drop_subgraph(tenant_database_name, str(pk))
@@ -71,7 +41,17 @@ def delete_provider(tenant_id: str, pk: str):
         logger.error(f"Error deleting Provider graph data: {gdb_error}")
         raise
 
-    # Delete related data in batches
+    # Get all provider related data and delete them in batches
+    with rls_transaction(tenant_id):
+        instance = Provider.all_objects.get(pk=pk)
+        deletion_steps = [
+            ("Scan Summaries", ScanSummary.all_objects.filter(scan__provider=instance)),
+            ("Findings", Finding.all_objects.filter(scan__provider=instance)),
+            ("Resources", Resource.all_objects.filter(provider=instance)),
+            ("Scans", Scan.all_objects.filter(provider=instance)),
+            ("AttackPathsScans", AttackPathsScan.all_objects.filter(provider=instance)),
+        ]
+
     deletion_summary = {}
     for step_name, queryset in deletion_steps:
         try:
@@ -81,7 +61,6 @@ def delete_provider(tenant_id: str, pk: str):
             logger.error(f"Error deleting {step_name}: {db_error}")
             raise
 
-    # Delete the provider instance itself
     try:
         with rls_transaction(tenant_id):
             _, provider_summary = instance.delete()
@@ -106,9 +85,7 @@ def delete_tenant(pk: str):
     """
     deletion_summary = {}
 
-    for provider in Provider.all_objects.using(MainRouter.admin_db).filter(
-        tenant_id=pk
-    ):
+    for provider in Provider.objects.using(MainRouter.admin_db).filter(tenant_id=pk):
         summary = delete_provider(pk, provider.id)
         deletion_summary.update(summary)
 

api/src/backend/tasks/jobs/export.py

@@ -35,11 +35,6 @@ from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
 from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
 from prowler.lib.outputs.compliance.cis.cis_oraclecloud import OracleCloudCIS
-from prowler.lib.outputs.compliance.csa.csa_alibabacloud import AlibabaCloudCSA
-from prowler.lib.outputs.compliance.csa.csa_aws import AWSCSA
-from prowler.lib.outputs.compliance.csa.csa_azure import AzureCSA
-from prowler.lib.outputs.compliance.csa.csa_gcp import GCPCSA
-from prowler.lib.outputs.compliance.csa.csa_oraclecloud import OracleCloudCSA
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
 from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
 from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
@@ -95,7 +90,6 @@ COMPLIANCE_CLASS_MAP = {
         (lambda name: name == "prowler_threatscore_aws", ProwlerThreatScoreAWS),
         (lambda name: name == "ccc_aws", CCC_AWS),
         (lambda name: name.startswith("c5_"), AWSC5),
-        (lambda name: name.startswith("csa_"), AWSCSA),
     ],
     "azure": [
         (lambda name: name.startswith("cis_"), AzureCIS),
@@ -105,7 +99,6 @@ COMPLIANCE_CLASS_MAP = {
         (lambda name: name == "ccc_azure", CCC_Azure),
         (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
         (lambda name: name == "c5_azure", AzureC5),
-        (lambda name: name.startswith("csa_"), AzureCSA),
     ],
     "gcp": [
         (lambda name: name.startswith("cis_"), GCPCIS),
@@ -115,7 +108,6 @@ COMPLIANCE_CLASS_MAP = {
         (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
         (lambda name: name == "ccc_gcp", CCC_GCP),
         (lambda name: name == "c5_gcp", GCPC5),
-        (lambda name: name.startswith("csa_"), GCPCSA),
     ],
     "kubernetes": [
         (lambda name: name.startswith("cis_"), KubernetesCIS),
@@ -139,11 +131,9 @@ COMPLIANCE_CLASS_MAP = {
     ],
     "oraclecloud": [
         (lambda name: name.startswith("cis_"), OracleCloudCIS),
-        (lambda name: name.startswith("csa_"), OracleCloudCSA),
     ],
     "alibabacloud": [
         (lambda name: name.startswith("cis_"), AlibabaCloudCIS),
-        (lambda name: name.startswith("csa_"), AlibabaCloudCSA),
         (
             lambda name: name == "prowler_threatscore_alibabacloud",
             ProwlerThreatScoreAlibaba,

api/src/backend/tasks/jobs/report.py

@@ -6,7 +6,6 @@ from config.django.base import DJANGO_TMP_OUTPUT_DIRECTORY
 from tasks.jobs.export import _generate_compliance_output_directory, _upload_to_s3
 from tasks.jobs.reports import (
     FRAMEWORK_REGISTRY,
-    CSAReportGenerator,
     ENSReportGenerator,
     NIS2ReportGenerator,
     ThreatScoreReportGenerator,
@@ -148,49 +147,6 @@ def generate_nis2_report(
     )
 
 
-def generate_csa_report(
-    tenant_id: str,
-    scan_id: str,
-    compliance_id: str,
-    output_path: str,
-    provider_id: str,
-    only_failed: bool = True,
-    include_manual: bool = False,
-    provider_obj: Provider | None = None,
-    requirement_statistics: dict[str, dict[str, int]] | None = None,
-    findings_cache: dict[str, list[FindingOutput]] | None = None,
-) -> None:
-    """
-    Generate a PDF compliance report for CSA Cloud Controls Matrix (CCM) v4.0.
-
-    Args:
-        tenant_id: The tenant ID for Row-Level Security context.
-        scan_id: ID of the scan executed by Prowler.
-        compliance_id: ID of the compliance framework (e.g., "csa_ccm_4.0_aws").
-        output_path: Output PDF file path.
-        provider_id: Provider ID for the scan.
-        only_failed: If True, only include failed requirements in detailed section.
-        include_manual: If True, include manual requirements in detailed section.
-        provider_obj: Pre-fetched Provider object to avoid duplicate queries.
-        requirement_statistics: Pre-aggregated requirement statistics.
-        findings_cache: Cache of already loaded findings to avoid duplicate queries.
-    """
-    generator = CSAReportGenerator(FRAMEWORK_REGISTRY["csa_ccm"])
-
-    generator.generate(
-        tenant_id=tenant_id,
-        scan_id=scan_id,
-        compliance_id=compliance_id,
-        output_path=output_path,
-        provider_id=provider_id,
-        provider_obj=provider_obj,
-        requirement_statistics=requirement_statistics,
-        findings_cache=findings_cache,
-        only_failed=only_failed,
-        include_manual=include_manual,
-    )
-
-
 def generate_compliance_reports(
     tenant_id: str,
     scan_id: str,
@@ -198,14 +154,11 @@ def generate_compliance_reports(
     generate_threatscore: bool = True,
     generate_ens: bool = True,
     generate_nis2: bool = True,
-    generate_csa: bool = True,
     only_failed_threatscore: bool = True,
     min_risk_level_threatscore: int = 4,
     include_manual_ens: bool = True,
     include_manual_nis2: bool = False,
     only_failed_nis2: bool = True,
-    only_failed_csa: bool = True,
-    include_manual_csa: bool = False,
 ) -> dict[str, dict[str, bool | str]]:
     """
     Generate multiple compliance reports with shared database queries.
@@ -222,27 +175,23 @@ def generate_compliance_reports(
         generate_threatscore: Whether to generate ThreatScore report.
         generate_ens: Whether to generate ENS report.
         generate_nis2: Whether to generate NIS2 report.
-        generate_csa: Whether to generate CSA CCM report.
         only_failed_threatscore: For ThreatScore, only include failed requirements.
         min_risk_level_threatscore: Minimum risk level for ThreatScore critical requirements.
         include_manual_ens: For ENS, include manual requirements.
         include_manual_nis2: For NIS2, include manual requirements.
         only_failed_nis2: For NIS2, only include failed requirements.
-        only_failed_csa: For CSA CCM, only include failed requirements.
-        include_manual_csa: For CSA CCM, include manual requirements.
 
     Returns:
         Dictionary with results for each report type.
     """
     logger.info(
         "Generating compliance reports for scan %s with provider %s"
-        " (ThreatScore: %s, ENS: %s, NIS2: %s, CSA: %s)",
+        " (ThreatScore: %s, ENS: %s, NIS2: %s)",
         scan_id,
         provider_id,
         generate_threatscore,
         generate_ens,
         generate_nis2,
-        generate_csa,
     )
 
     results = {}
@@ -257,8 +206,6 @@ def generate_compliance_reports(
                 results["ens"] = {"upload": False, "path": ""}
             if generate_nis2:
                 results["nis2"] = {"upload": False, "path": ""}
-            if generate_csa:
-                results["csa"] = {"upload": False, "path": ""}
             return results
 
         provider_obj = Provider.objects.get(id=provider_id)
@@ -288,23 +235,7 @@ def generate_compliance_reports(
         results["nis2"] = {"upload": False, "path": ""}
         generate_nis2 = False
 
-    if generate_csa and provider_type not in [
-        "aws",
-        "azure",
-        "gcp",
-        "oraclecloud",
-        "alibabacloud",
-    ]:
-        logger.info("Provider %s not supported for CSA CCM report", provider_type)
-        results["csa"] = {"upload": False, "path": ""}
-        generate_csa = False
-
-    if (
-        not generate_threatscore
-        and not generate_ens
-        and not generate_nis2
-        and not generate_csa
-    ):
+    if not generate_threatscore and not generate_ens and not generate_nis2:
         return results
 
     # Aggregate requirement statistics once
@@ -343,13 +274,6 @@ def generate_compliance_reports(
             scan_id,
             compliance_framework="nis2",
         )
-        csa_path = _generate_compliance_output_directory(
-            DJANGO_TMP_OUTPUT_DIRECTORY,
-            provider_uid,
-            tenant_id,
-            scan_id,
-            compliance_framework="csa",
-        )
         out_dir = str(Path(threatscore_path).parent.parent)
     except Exception as e:
         logger.error("Error generating output directory: %s", e)
@@ -360,8 +284,6 @@ def generate_compliance_reports(
             results["ens"] = error_dict.copy()
         if generate_nis2:
             results["nis2"] = error_dict.copy()
-        if generate_csa:
-            results["csa"] = error_dict.copy()
         return results
 
     # Generate ThreatScore report
@@ -534,41 +456,6 @@ def generate_compliance_reports(
             logger.error("Error generating NIS2 report: %s", e)
             results["nis2"] = {"upload": False, "path": "", "error": str(e)}
 
-    # Generate CSA CCM report
-    if generate_csa:
-        compliance_id_csa = f"csa_ccm_4.0_{provider_type}"
-        pdf_path_csa = f"{csa_path}_csa_report.pdf"
-        logger.info("Generating CSA CCM report with compliance %s", compliance_id_csa)
-
-        try:
-            generate_csa_report(
-                tenant_id=tenant_id,
-                scan_id=scan_id,
-                compliance_id=compliance_id_csa,
-                output_path=pdf_path_csa,
-                provider_id=provider_id,
-                only_failed=only_failed_csa,
-                include_manual=include_manual_csa,
-                provider_obj=provider_obj,
-                requirement_statistics=requirement_statistics,
-                findings_cache=findings_cache,
-            )
-
-            upload_uri_csa = _upload_to_s3(
-                tenant_id, scan_id, pdf_path_csa, f"csa/{Path(pdf_path_csa).name}"
-            )
-
-            if upload_uri_csa:
-                results["csa"] = {"upload": True, "path": upload_uri_csa}
-                logger.info("CSA CCM report uploaded to %s", upload_uri_csa)
-            else:
-                results["csa"] = {"upload": False, "path": out_dir}
-                logger.warning("CSA CCM report saved locally at %s", out_dir)
-
-        except Exception as e:
-            logger.error("Error generating CSA CCM report: %s", e)
-            results["csa"] = {"upload": False, "path": "", "error": str(e)}
-
     # Clean up temporary files if all reports were uploaded successfully
     all_uploaded = all(
         result.get("upload", False)
@@ -594,7 +481,6 @@ def generate_compliance_reports_job(
     generate_threatscore: bool = True,
     generate_ens: bool = True,
     generate_nis2: bool = True,
-    generate_csa: bool = True,
 ) -> dict[str, dict[str, bool | str]]:
     """
     Celery task wrapper for generate_compliance_reports.
@@ -606,7 +492,6 @@ def generate_compliance_reports_job(
         generate_threatscore: Whether to generate ThreatScore report.
         generate_ens: Whether to generate ENS report.
         generate_nis2: Whether to generate NIS2 report.
-        generate_csa: Whether to generate CSA CCM report.
 
     Returns:
         Dictionary with results for each report type.
@@ -618,5 +503,4 @@ def generate_compliance_reports_job(
         generate_threatscore=generate_threatscore,
         generate_ens=generate_ens,
         generate_nis2=generate_nis2,
-        generate_csa=generate_csa,
     )

api/src/backend/tasks/jobs/reports/__init__.py

@@ -71,8 +71,6 @@ from .config import (
     COLOR_PROWLER_DARK_GREEN,
     COLOR_SAFE,
     COLOR_WHITE,
-    CSA_CCM_SECTION_SHORT_NAMES,
-    CSA_CCM_SECTIONS,
     DIMENSION_KEYS,
     DIMENSION_MAPPING,
     DIMENSION_NAMES,
@@ -92,7 +90,6 @@ from .config import (
 )
 
 # Framework-specific generators
-from .csa import CSAReportGenerator
 from .ens import ENSReportGenerator
 from .nis2 import NIS2ReportGenerator
 from .threatscore import ThreatScoreReportGenerator
@@ -108,7 +105,6 @@ __all__ = [
     "ThreatScoreReportGenerator",
     "ENSReportGenerator",
     "NIS2ReportGenerator",
-    "CSAReportGenerator",
     # Configuration
     "FrameworkConfig",
     "FRAMEWORK_REGISTRY",
@@ -151,8 +147,6 @@ __all__ = [
     "THREATSCORE_SECTIONS",
     "NIS2_SECTIONS",
     "NIS2_SECTION_TITLES",
-    "CSA_CCM_SECTIONS",
-    "CSA_CCM_SECTION_SHORT_NAMES",
     # Layout constants
     "COL_WIDTH_SMALL",
     "COL_WIDTH_MEDIUM",

api/src/backend/tasks/jobs/reports/base.py

@@ -662,9 +662,6 @@ class BaseComplianceReportGenerator(ABC):
             elements.append(create_status_badge(req.status))
             elements.append(Spacer(1, 0.1 * inch))
 
-            # Hook for subclasses to add extra detail (e.g., CSA attributes)
-            elements.extend(self._render_requirement_detail_extras(req, data))
-
             # Findings for this requirement
             for check_id in req.checks:
                 elements.append(Paragraph(f"Check: {check_id}", self.styles["h2"]))
@@ -704,24 +701,6 @@ class BaseComplianceReportGenerator(ABC):
 
         return page_text, "Powered by Prowler"
 
-    def _render_requirement_detail_extras(
-        self, req: RequirementData, data: ComplianceData
-    ) -> list:
-        """Hook for subclasses to render extra content in detailed findings.
-
-        Called after the status badge for each requirement in the detailed
-        findings section. Override in subclasses to add framework-specific
-        metadata (e.g., CSA CCM attributes).
-
-        Args:
-            req: The requirement being rendered.
-            data: Aggregated compliance data.
-
-        Returns:
-            List of ReportLab elements (empty by default).
-        """
-        return []
-
     # =========================================================================
     # Private Helper Methods
     # =========================================================================

api/src/backend/tasks/jobs/reports/config.py

@@ -143,36 +143,6 @@ NIS2_SECTION_TITLES = {
     "12": "12. Asset Management",
 }
 
-# CSA CCM sections (Cloud Controls Matrix v4.0 domains)
-CSA_CCM_SECTIONS = [
-    "Application & Interface Security",
-    "Audit & Assurance",
-    "Business Continuity Management and Operational Resilience",
-    "Change Control and Configuration Management",
-    "Cryptography, Encryption & Key Management",
-    "Data Security and Privacy Lifecycle Management",
-    "Datacenter Security",
-    "Governance, Risk and Compliance",
-    "Identity & Access Management",
-    "Infrastructure & Virtualization Security",
-    "Interoperability & Portability",
-    "Logging and Monitoring",
-    "Security Incident Management, E-Discovery, & Cloud Forensics",
-    "Threat & Vulnerability Management",
-    "Universal Endpoint Management",
-]
-
-# Short names for CSA CCM sections (used in chart labels)
-CSA_CCM_SECTION_SHORT_NAMES = {
-    "Application & Interface Security": "App & Interface Security",
-    "Business Continuity Management and Operational Resilience": "Business Continuity",
-    "Change Control and Configuration Management": "Change Control & Config",
-    "Cryptography, Encryption & Key Management": "Cryptography & Encryption",
-    "Data Security and Privacy Lifecycle Management": "Data Security & Privacy",
-    "Security Incident Management, E-Discovery, & Cloud Forensics": "Incident Mgmt & Forensics",
-    "Infrastructure & Virtualization Security": "Infrastructure & Virtualization",
-}
-
 # Table column widths
 COL_WIDTH_SMALL = 0.4 * inch
 COL_WIDTH_MEDIUM = 0.9 * inch
@@ -291,28 +261,6 @@ FRAMEWORK_REGISTRY: dict[str, FrameworkConfig] = {
         has_niveles=False,
         has_weight=False,
     ),
-    "csa_ccm": FrameworkConfig(
-        name="csa_ccm",
-        display_name="CSA Cloud Controls Matrix (CCM)",
-        logo_filename=None,
-        primary_color=COLOR_BLUE,
-        secondary_color=COLOR_LIGHT_BLUE,
-        bg_color=COLOR_BG_BLUE,
-        attribute_fields=[
-            "Section",
-            "CCMLite",
-            "IaaS",
-            "PaaS",
-            "SaaS",
-            "ScopeApplicability",
-        ],
-        sections=CSA_CCM_SECTIONS,
-        language="en",
-        has_risk_levels=False,
-        has_dimensions=False,
-        has_niveles=False,
-        has_weight=False,
-    ),
 }
 
 
@@ -334,7 +282,5 @@ def get_framework_config(compliance_id: str) -> FrameworkConfig | None:
         return FRAMEWORK_REGISTRY["ens"]
     if "nis2" in compliance_lower:
         return FRAMEWORK_REGISTRY["nis2"]
-    if "csa" in compliance_lower or "ccm" in compliance_lower:
-        return FRAMEWORK_REGISTRY["csa_ccm"]
 
     return None

api/src/backend/tasks/jobs/reports/csa.py

@@ -1,474 +0,0 @@
-from collections import defaultdict
-
-from celery.utils.log import get_task_logger
-from reportlab.lib.units import inch
-from reportlab.platypus import Image, PageBreak, Paragraph, Spacer, Table, TableStyle
-
-from api.models import StatusChoices
-
-from .base import (
-    BaseComplianceReportGenerator,
-    ComplianceData,
-    get_requirement_metadata,
-)
-from .charts import create_horizontal_bar_chart, get_chart_color_for_percentage
-from .config import (
-    COLOR_BG_BLUE,
-    COLOR_BLUE,
-    COLOR_BORDER_GRAY,
-    COLOR_DARK_GRAY,
-    COLOR_GRID_GRAY,
-    COLOR_HIGH_RISK,
-    COLOR_SAFE,
-    COLOR_WHITE,
-    CSA_CCM_SECTION_SHORT_NAMES,
-    CSA_CCM_SECTIONS,
-)
-
-logger = get_task_logger(__name__)
-
-
-class CSAReportGenerator(BaseComplianceReportGenerator):
-    """
-    PDF report generator for CSA Cloud Controls Matrix (CCM) v4.0.
-
-    This generator creates comprehensive PDF reports containing:
-    - Cover page with Prowler logo
-    - Executive summary with overall compliance score
-    - Section analysis with horizontal bar chart
-    - Section breakdown table
-    - Requirements index organized by section
-    - Detailed findings for failed requirements
-    """
-
-    def create_executive_summary(self, data: ComplianceData) -> list:
-        """
-        Create the executive summary with compliance metrics.
-
-        Args:
-            data: Aggregated compliance data.
-
-        Returns:
-            List of ReportLab elements.
-        """
-        elements = []
-
-        elements.append(Paragraph("Executive Summary", self.styles["h1"]))
-        elements.append(Spacer(1, 0.1 * inch))
-
-        # Calculate statistics
-        total = len(data.requirements)
-        passed = sum(1 for r in data.requirements if r.status == StatusChoices.PASS)
-        failed = sum(1 for r in data.requirements if r.status == StatusChoices.FAIL)
-        manual = sum(1 for r in data.requirements if r.status == StatusChoices.MANUAL)
-
-        logger.info(
-            "CSA CCM Executive Summary: total=%d, passed=%d, failed=%d, manual=%d",
-            total,
-            passed,
-            failed,
-            manual,
-        )
-
-        # Log sample of requirements for debugging
-        for req in data.requirements[:5]:
-            logger.info(
-                "  Requirement %s: status=%s, passed_findings=%d, total_findings=%d",
-                req.id,
-                req.status,
-                req.passed_findings,
-                req.total_findings,
-            )
-
-        # Calculate compliance excluding manual
-        evaluated = passed + failed
-        overall_compliance = (passed / evaluated * 100) if evaluated > 0 else 100
-
-        # Summary statistics table
-        summary_data = [
-            ["Metric", "Value"],
-            ["Total Requirements", str(total)],
-            ["Passed \u2713", str(passed)],
-            ["Failed \u2717", str(failed)],
-            ["Manual \u2299", str(manual)],
-            ["Overall Compliance", f"{overall_compliance:.1f}%"],
-        ]
-
-        summary_table = Table(summary_data, colWidths=[3 * inch, 2 * inch])
-        summary_table.setStyle(
-            TableStyle(
-                [
-                    ("BACKGROUND", (0, 0), (-1, 0), COLOR_BLUE),
-                    ("TEXTCOLOR", (0, 0), (-1, 0), COLOR_WHITE),
-                    ("BACKGROUND", (0, 2), (0, 2), COLOR_SAFE),
-                    ("TEXTCOLOR", (0, 2), (0, 2), COLOR_WHITE),
-                    ("BACKGROUND", (0, 3), (0, 3), COLOR_HIGH_RISK),
-                    ("TEXTCOLOR", (0, 3), (0, 3), COLOR_WHITE),
-                    ("BACKGROUND", (0, 4), (0, 4), COLOR_DARK_GRAY),
-                    ("TEXTCOLOR", (0, 4), (0, 4), COLOR_WHITE),
-                    ("ALIGN", (0, 0), (-1, -1), "CENTER"),
-                    ("FONTNAME", (0, 0), (-1, 0), "PlusJakartaSans"),
-                    ("FONTSIZE", (0, 0), (-1, 0), 12),
-                    ("FONTSIZE", (0, 1), (-1, -1), 10),
-                    ("BOTTOMPADDING", (0, 0), (-1, 0), 10),
-                    ("GRID", (0, 0), (-1, -1), 0.5, COLOR_BORDER_GRAY),
-                    (
-                        "ROWBACKGROUNDS",
-                        (1, 1),
-                        (1, -1),
-                        [COLOR_WHITE, COLOR_BG_BLUE],
-                    ),
-                ]
-            )
-        )
-        elements.append(summary_table)
-
-        return elements
-
-    def create_charts_section(self, data: ComplianceData) -> list:
-        """
-        Create the charts section with section analysis.
-
-        Args:
-            data: Aggregated compliance data.
-
-        Returns:
-            List of ReportLab elements.
-        """
-        elements = []
-
-        # Section chart
-        elements.append(Paragraph("Compliance by Section", self.styles["h1"]))
-        elements.append(Spacer(1, 0.1 * inch))
-        elements.append(
-            Paragraph(
-                "The following chart shows compliance percentage for each domain "
-                "of the CSA Cloud Controls Matrix:",
-                self.styles["normal_center"],
-            )
-        )
-        elements.append(Spacer(1, 0.1 * inch))
-
-        chart_buffer = self._create_section_chart(data)
-        chart_buffer.seek(0)
-        chart_image = Image(chart_buffer, width=6.5 * inch, height=5 * inch)
-        elements.append(chart_image)
-        elements.append(PageBreak())
-
-        # Section breakdown table
-        elements.append(Paragraph("Section Breakdown", self.styles["h1"]))
-        elements.append(Spacer(1, 0.1 * inch))
-
-        section_table = self._create_section_table(data)
-        elements.append(section_table)
-
-        return elements
-
-    def create_requirements_index(self, data: ComplianceData) -> list:
-        """
-        Create the requirements index organized by section.
-
-        Args:
-            data: Aggregated compliance data.
-
-        Returns:
-            List of ReportLab elements.
-        """
-        elements = []
-
-        elements.append(Paragraph("Requirements Index", self.styles["h1"]))
-        elements.append(Spacer(1, 0.1 * inch))
-
-        # Organize by section
-        sections = {}
-        for req in data.requirements:
-            m = get_requirement_metadata(req.id, data.attributes_by_requirement_id)
-            if m:
-                section = getattr(m, "Section", "Other")
-
-                if section not in sections:
-                    sections[section] = []
-
-                sections[section].append(
-                    {
-                        "id": req.id,
-                        "description": req.description,
-                        "status": req.status,
-                    }
-                )
-
-        # Sort by CSA CCM section order
-        for section in CSA_CCM_SECTIONS:
-            if section not in sections:
-                continue
-
-            elements.append(Paragraph(section, self.styles["h2"]))
-
-            for req in sections[section]:
-                status_indicator = (
-                    "\u2713" if req["status"] == StatusChoices.PASS else "\u2717"
-                )
-                if req["status"] == StatusChoices.MANUAL:
-                    status_indicator = "\u2299"
-
-                desc = (
-                    req["description"][:80] + "..."
-                    if len(req["description"]) > 80
-                    else req["description"]
-                )
-                elements.append(
-                    Paragraph(
-                        f"{status_indicator} <b>{req['id']}</b>: {desc}",
-                        self.styles["normal"],
-                    )
-                )
-
-            elements.append(Spacer(1, 0.1 * inch))
-
-        return elements
-
-    def _render_requirement_detail_extras(self, req, data: ComplianceData) -> list:
-        """
-        Render CSA CCM attributes in the detailed findings view.
-
-        Shows CCMLite flag, IaaS/PaaS/SaaS applicability, and
-        cross-framework references after the status badge for each requirement.
-
-        Args:
-            req: The requirement being rendered.
-            data: Aggregated compliance data.
-
-        Returns:
-            List of ReportLab elements.
-        """
-        m = get_requirement_metadata(req.id, data.attributes_by_requirement_id)
-        if not m:
-            return []
-        return self._format_requirement_attributes(m)
-
-    def _format_requirement_attributes(self, m) -> list:
-        """
-        Format CSA CCM requirement attributes as compact PDF elements.
-
-        Displays CCMLite flag, IaaS/PaaS/SaaS applicability, and
-        cross-framework references from ScopeApplicability.
-
-        Args:
-            m: Requirement metadata (CSA_CCM_Requirement_Attribute).
-
-        Returns:
-            List of ReportLab elements.
-        """
-        elements = []
-
-        # Applicability line: CCMLite | IaaS | PaaS | SaaS
-        ccm_lite = getattr(m, "CCMLite", "")
-        iaas = getattr(m, "IaaS", "")
-        paas = getattr(m, "PaaS", "")
-        saas = getattr(m, "SaaS", "")
-
-        applicability_parts = []
-        if ccm_lite:
-            applicability_parts.append(f"CCMLite: {ccm_lite}")
-        if iaas:
-            applicability_parts.append(f"IaaS: {iaas}")
-        if paas:
-            applicability_parts.append(f"PaaS: {paas}")
-        if saas:
-            applicability_parts.append(f"SaaS: {saas}")
-
-        if applicability_parts:
-            elements.append(
-                Paragraph(
-                    f"<font color='#4A5568' size='10'>"
-                    f"{'&nbsp;&nbsp;|&nbsp;&nbsp;'.join(applicability_parts)}"
-                    f"</font>",
-                    self._attr_style(),
-                )
-            )
-
-        # ScopeApplicability references (compact)
-        scope_list = getattr(m, "ScopeApplicability", [])
-        if scope_list:
-            refs = []
-            for scope in scope_list:
-                ref_id = scope.get("ReferenceId", "") if isinstance(scope, dict) else ""
-                identifiers = (
-                    scope.get("Identifiers", []) if isinstance(scope, dict) else []
-                )
-                if ref_id and identifiers:
-                    ids_str = ", ".join(str(i) for i in identifiers[:4])
-                    if len(identifiers) > 4:
-                        ids_str += "..."
-                    refs.append(f"{ref_id}: {ids_str}")
-
-            if refs:
-                refs_text = "&nbsp;&nbsp;|&nbsp;&nbsp;".join(refs)
-                elements.append(
-                    Paragraph(
-                        f"<font color='#718096' size='9'>{refs_text}</font>",
-                        self._attr_style(),
-                    )
-                )
-
-        return elements
-
-    def _attr_style(self):
-        """
-        Return a compact style for attribute text lines.
-
-        Returns:
-            ParagraphStyle for attribute display.
-        """
-        from reportlab.lib.styles import ParagraphStyle
-
-        return ParagraphStyle(
-            "AttrLine",
-            parent=self.styles["normal"],
-            fontSize=10,
-            spaceBefore=2,
-            spaceAfter=2,
-            leftIndent=30,
-            leading=13,
-        )
-
-    def _create_section_chart(self, data: ComplianceData):
-        """
-        Create the section compliance chart.
-
-        Args:
-            data: Aggregated compliance data.
-
-        Returns:
-            BytesIO buffer containing the chart image.
-        """
-        section_scores = defaultdict(lambda: {"passed": 0, "total": 0})
-
-        no_metadata_count = 0
-        for req in data.requirements:
-            if req.status == StatusChoices.MANUAL:
-                continue
-
-            m = get_requirement_metadata(req.id, data.attributes_by_requirement_id)
-            if m:
-                section = getattr(m, "Section", "Other")
-                section_scores[section]["total"] += 1
-                if req.status == StatusChoices.PASS:
-                    section_scores[section]["passed"] += 1
-            else:
-                no_metadata_count += 1
-
-        if no_metadata_count > 0:
-            logger.warning(
-                "CSA CCM chart: %d requirements had no metadata", no_metadata_count
-            )
-
-        logger.info("CSA CCM section scores:")
-        for section in CSA_CCM_SECTIONS:
-            if section in section_scores:
-                scores = section_scores[section]
-                pct = (
-                    (scores["passed"] / scores["total"] * 100)
-                    if scores["total"] > 0
-                    else 0
-                )
-                logger.info(
-                    "  %s: %d/%d (%.1f%%)",
-                    section,
-                    scores["passed"],
-                    scores["total"],
-                    pct,
-                )
-
-        # Build labels and values in CSA CCM section order
-        labels = []
-        values = []
-        for section in CSA_CCM_SECTIONS:
-            if section in section_scores and section_scores[section]["total"] > 0:
-                scores = section_scores[section]
-                pct = (scores["passed"] / scores["total"]) * 100
-                # Use short name if available
-                label = CSA_CCM_SECTION_SHORT_NAMES.get(section, section)
-                labels.append(label)
-                values.append(pct)
-
-        return create_horizontal_bar_chart(
-            labels=labels,
-            values=values,
-            xlabel="Compliance (%)",
-            color_func=get_chart_color_for_percentage,
-        )
-
-    def _create_section_table(self, data: ComplianceData) -> Table:
-        """
-        Create the section breakdown table.
-
-        Args:
-            data: Aggregated compliance data.
-
-        Returns:
-            ReportLab Table element.
-        """
-        section_scores = defaultdict(lambda: {"passed": 0, "failed": 0, "manual": 0})
-
-        for req in data.requirements:
-            m = get_requirement_metadata(req.id, data.attributes_by_requirement_id)
-            if m:
-                section = getattr(m, "Section", "Other")
-
-                if req.status == StatusChoices.PASS:
-                    section_scores[section]["passed"] += 1
-                elif req.status == StatusChoices.FAIL:
-                    section_scores[section]["failed"] += 1
-                else:
-                    section_scores[section]["manual"] += 1
-
-        table_data = [["Section", "Passed", "Failed", "Manual", "Compliance"]]
-        for section in CSA_CCM_SECTIONS:
-            if section not in section_scores:
-                continue
-            scores = section_scores[section]
-            total = scores["passed"] + scores["failed"]
-            pct = (scores["passed"] / total * 100) if total > 0 else 100
-            # Use short name if available
-            label = CSA_CCM_SECTION_SHORT_NAMES.get(section, section)
-            table_data.append(
-                [
-                    label,
-                    str(scores["passed"]),
-                    str(scores["failed"]),
-                    str(scores["manual"]),
-                    f"{pct:.1f}%",
-                ]
-            )
-
-        table = Table(
-            table_data,
-            colWidths=[2.4 * inch, 0.9 * inch, 0.9 * inch, 0.9 * inch, 1.2 * inch],
-        )
-        table.setStyle(
-            TableStyle(
-                [
-                    ("BACKGROUND", (0, 0), (-1, 0), COLOR_BLUE),
-                    ("TEXTCOLOR", (0, 0), (-1, 0), COLOR_WHITE),
-                    ("FONTNAME", (0, 0), (-1, 0), "FiraCode"),
-                    ("FONTSIZE", (0, 0), (-1, 0), 10),
-                    ("ALIGN", (0, 0), (-1, -1), "CENTER"),
-                    ("VALIGN", (0, 0), (-1, -1), "MIDDLE"),
-                    ("FONTSIZE", (0, 1), (-1, -1), 9),
-                    ("GRID", (0, 0), (-1, -1), 0.5, COLOR_GRID_GRAY),
-                    ("LEFTPADDING", (0, 0), (-1, -1), 6),
-                    ("RIGHTPADDING", (0, 0), (-1, -1), 6),
-                    ("TOPPADDING", (0, 0), (-1, -1), 4),
-                    ("BOTTOMPADDING", (0, 0), (-1, -1), 4),
-                    (
-                        "ROWBACKGROUNDS",
-                        (0, 1),
-                        (-1, -1),
-                        [COLOR_WHITE, COLOR_BG_BLUE],
-                    ),
-                ]
-            )
-        )
-
-        return table

api/src/backend/tasks/jobs/threatscore_utils.py

@@ -114,11 +114,6 @@ def _calculate_requirements_data_from_statistics(
                 requirement_status = StatusChoices.PASS
             else:
                 requirement_status = StatusChoices.FAIL
-        elif requirement_checks:
-            # Requirement has checks but none produced findings — consistent
-            # with the dashboard's scan processing which treats this as PASS
-            # (no failed checks means the requirement is considered compliant).
-            requirement_status = StatusChoices.PASS
         else:
             requirement_status = StatusChoices.MANUAL
 

api/src/backend/tasks/tasks.py

@@ -11,7 +11,6 @@ from django_celery_beat.models import PeriodicTask
 from tasks.jobs.attack_paths import (
     attack_paths_scan,
     can_provider_run_attack_paths_scan,
-    db_utils as attack_paths_db_utils,
 )
 from tasks.jobs.backfill import (
     backfill_compliance_summaries,
@@ -360,25 +359,8 @@ def perform_scan_summary_task(tenant_id: str, scan_id: str):
     return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)
 
 
-class AttackPathsScanRLSTask(RLSTask):
-    """
-    RLS task that marks the `AttackPathsScan` DB row as `FAILED` when the Celery task fails.
-
-    Covers failures that happen outside the job's own try/except (e.g. provider lookup,
-    SDK initialization, or Neo4j configuration errors during setup).
-    """
-
-    def on_failure(self, exc, task_id, args, kwargs, _einfo):
-        tenant_id = kwargs.get("tenant_id")
-        scan_id = kwargs.get("scan_id")
-
-        if tenant_id and scan_id:
-            logger.error(f"Attack paths scan task {task_id} failed: {exc}")
-            attack_paths_db_utils.fail_attack_paths_scan(tenant_id, scan_id, str(exc))
-
-
 @shared_task(
-    base=AttackPathsScanRLSTask,
+    base=RLSTask,
     bind=True,
     name="attack-paths-scan-perform",
     queue="attack-paths-scans",
@@ -906,11 +888,11 @@ def jira_integration_task(
 @handle_provider_deletion
 def generate_compliance_reports_task(tenant_id: str, scan_id: str, provider_id: str):
     """
-    Optimized task to generate ThreatScore, ENS, NIS2, and CSA CCM reports with shared queries.
+    Optimized task to generate ThreatScore, ENS, and NIS2 reports with shared queries.
 
     This task is more efficient than running separate report tasks because it reuses database queries:
-    - Provider object fetched once (instead of multiple times)
-    - Requirement statistics aggregated once (instead of multiple times)
+    - Provider object fetched once (instead of three times)
+    - Requirement statistics aggregated once (instead of three times)
     - Can reduce database load by up to 50-70%
 
     Args:
@@ -928,7 +910,6 @@ def generate_compliance_reports_task(tenant_id: str, scan_id: str, provider_id:
         generate_threatscore=True,
         generate_ens=True,
         generate_nis2=True,
-        generate_csa=True,
     )
 
 

api/src/backend/tasks/tests/test_attack_paths_scan.py

@@ -4,7 +4,6 @@ from unittest.mock import MagicMock, call, patch
 
 import pytest
 from tasks.jobs.attack_paths import findings as findings_module
-from tasks.jobs.attack_paths import internet as internet_module
 from tasks.jobs.attack_paths.scan import run as attack_paths_run
 
 from api.models import (
@@ -28,15 +27,16 @@ class TestAttackPathsRun:
         "tasks.jobs.attack_paths.scan.utils.call_within_event_loop",
         side_effect=lambda fn, *a, **kw: fn(*a, **kw),
     )
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_graph_data_ready")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_provider_graph_data_ready")
+    @patch(
+        "tasks.jobs.attack_paths.scan.db_utils.get_old_attack_paths_scans",
+        return_value=[],
+    )
     @patch("tasks.jobs.attack_paths.scan.db_utils.finish_attack_paths_scan")
     @patch("tasks.jobs.attack_paths.scan.db_utils.update_attack_paths_scan_progress")
     @patch("tasks.jobs.attack_paths.scan.db_utils.starting_attack_paths_scan")
     @patch("tasks.jobs.attack_paths.scan.sync.sync_graph")
     @patch("tasks.jobs.attack_paths.scan.graph_database.drop_subgraph")
     @patch("tasks.jobs.attack_paths.scan.sync.create_sync_indexes")
-    @patch("tasks.jobs.attack_paths.scan.internet.analysis")
     @patch("tasks.jobs.attack_paths.scan.findings.analysis")
     @patch("tasks.jobs.attack_paths.scan.findings.create_findings_indexes")
     @patch("tasks.jobs.attack_paths.scan.cartography_ontology.run")
@@ -67,15 +67,13 @@ class TestAttackPathsRun:
         mock_cartography_ontology,
         mock_findings_indexes,
         mock_findings_analysis,
-        mock_internet_analysis,
         mock_sync_indexes,
         mock_drop_subgraph,
         mock_sync,
         mock_starting,
         mock_update_progress,
         mock_finish,
-        mock_set_provider_graph_data_ready,
-        mock_set_graph_data_ready,
+        mock_get_old_scans,
         mock_event_loop,
         mock_drop_db,
         tenants_fixture,
@@ -141,7 +139,6 @@ class TestAttackPathsRun:
         # These use tmp_cartography_config (neo4j_database="db-scan-id")
         mock_cartography_analysis.assert_called_once()
         mock_cartography_ontology.assert_called_once()
-        mock_internet_analysis.assert_called_once()
         mock_findings_analysis.assert_called_once()
         mock_drop_subgraph.assert_called_once_with(
             database="tenant-db",
@@ -163,66 +160,9 @@ class TestAttackPathsRun:
         mock_finish.assert_called_once_with(
             attack_paths_scan, StateChoices.COMPLETED, ingestion_result
         )
-        mock_set_provider_graph_data_ready.assert_called_once_with(
-            attack_paths_scan, False
-        )
-        mock_set_graph_data_ready.assert_called_once_with(attack_paths_scan, True)
 
-    @patch(
-        "tasks.jobs.attack_paths.scan.utils.stringify_exception",
-        return_value="Cartography failed: ingestion boom",
-    )
-    @patch(
-        "tasks.jobs.attack_paths.scan.utils.call_within_event_loop",
-        side_effect=lambda fn, *a, **kw: fn(*a, **kw),
-    )
-    @patch("tasks.jobs.attack_paths.scan.graph_database.drop_database")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.finish_attack_paths_scan")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_graph_data_ready")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_provider_graph_data_ready")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.update_attack_paths_scan_progress")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.starting_attack_paths_scan")
-    @patch("tasks.jobs.attack_paths.scan.findings.analysis")
-    @patch("tasks.jobs.attack_paths.scan.internet.analysis")
-    @patch("tasks.jobs.attack_paths.scan.findings.create_findings_indexes")
-    @patch("tasks.jobs.attack_paths.scan.cartography_analysis.run")
-    @patch("tasks.jobs.attack_paths.scan.cartography_create_indexes.run")
-    @patch("tasks.jobs.attack_paths.scan.graph_database.create_database")
-    @patch(
-        "tasks.jobs.attack_paths.scan.graph_database.get_database_name",
-        return_value="db-scan-id",
-    )
-    @patch("tasks.jobs.attack_paths.scan.graph_database.get_uri")
-    @patch(
-        "tasks.jobs.attack_paths.scan.initialize_prowler_provider",
-        return_value=MagicMock(_enabled_regions=["us-east-1"]),
-    )
-    @patch(
-        "tasks.jobs.attack_paths.scan.rls_transaction",
-        new=lambda *args, **kwargs: nullcontext(),
-    )
     def test_run_failure_marks_scan_failed(
-        self,
-        mock_init_provider,
-        mock_get_uri,
-        mock_get_db_name,
-        mock_create_db,
-        mock_cartography_indexes,
-        mock_cartography_analysis,
-        mock_findings_indexes,
-        mock_internet_analysis,
-        mock_findings_analysis,
-        mock_starting,
-        mock_update_progress,
-        mock_set_provider_graph_data_ready,
-        mock_set_graph_data_ready,
-        mock_finish,
-        mock_drop_db,
-        mock_event_loop,
-        mock_stringify,
-        tenants_fixture,
-        providers_fixture,
-        scans_fixture,
+        self, tenants_fixture, providers_fixture, scans_fixture
     ):
         tenant = tenants_fixture[0]
         provider = providers_fixture[0]
@@ -246,18 +186,52 @@ class TestAttackPathsRun:
         ingestion_fn = MagicMock(side_effect=RuntimeError("ingestion boom"))
 
         with (
+            patch(
+                "tasks.jobs.attack_paths.scan.rls_transaction",
+                new=lambda *args, **kwargs: nullcontext(),
+            ),
+            patch(
+                "tasks.jobs.attack_paths.scan.initialize_prowler_provider",
+                return_value=MagicMock(_enabled_regions=["us-east-1"]),
+            ),
+            patch("tasks.jobs.attack_paths.scan.graph_database.get_uri"),
+            patch(
+                "tasks.jobs.attack_paths.scan.graph_database.get_database_name",
+                return_value="db-scan-id",
+            ),
+            patch("tasks.jobs.attack_paths.scan.graph_database.create_database"),
             patch(
                 "tasks.jobs.attack_paths.scan.graph_database.get_session",
                 return_value=session_ctx,
             ),
+            patch("tasks.jobs.attack_paths.scan.cartography_create_indexes.run"),
+            patch("tasks.jobs.attack_paths.scan.cartography_analysis.run"),
+            patch("tasks.jobs.attack_paths.scan.findings.create_findings_indexes"),
+            patch("tasks.jobs.attack_paths.scan.findings.analysis"),
             patch(
                 "tasks.jobs.attack_paths.scan.db_utils.retrieve_attack_paths_scan",
                 return_value=attack_paths_scan,
             ),
+            patch("tasks.jobs.attack_paths.scan.db_utils.starting_attack_paths_scan"),
+            patch(
+                "tasks.jobs.attack_paths.scan.db_utils.update_attack_paths_scan_progress"
+            ),
+            patch(
+                "tasks.jobs.attack_paths.scan.db_utils.finish_attack_paths_scan"
+            ) as mock_finish,
+            patch("tasks.jobs.attack_paths.scan.graph_database.drop_database"),
             patch(
                 "tasks.jobs.attack_paths.scan.get_cartography_ingestion_function",
                 return_value=ingestion_fn,
             ),
+            patch(
+                "tasks.jobs.attack_paths.scan.utils.call_within_event_loop",
+                side_effect=lambda fn, *a, **kw: fn(*a, **kw),
+            ),
+            patch(
+                "tasks.jobs.attack_paths.scan.utils.stringify_exception",
+                return_value="Cartography failed: ingestion boom",
+            ),
         ):
             with pytest.raises(RuntimeError, match="ingestion boom"):
                 attack_paths_run(str(tenant.id), str(scan.id), "task-456")
@@ -265,109 +239,9 @@ class TestAttackPathsRun:
         failure_args = mock_finish.call_args[0]
         assert failure_args[0] is attack_paths_scan
         assert failure_args[1] == StateChoices.FAILED
-        assert failure_args[2] == {"global_error": "Cartography failed: ingestion boom"}
-
-    @patch(
-        "tasks.jobs.attack_paths.scan.utils.stringify_exception",
-        return_value="Cartography failed: ingestion boom",
-    )
-    @patch(
-        "tasks.jobs.attack_paths.scan.utils.call_within_event_loop",
-        side_effect=lambda fn, *a, **kw: fn(*a, **kw),
-    )
-    @patch(
-        "tasks.jobs.attack_paths.scan.graph_database.drop_database",
-        side_effect=ConnectionError("neo4j down"),
-    )
-    @patch("tasks.jobs.attack_paths.scan.db_utils.finish_attack_paths_scan")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_graph_data_ready")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.set_provider_graph_data_ready")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.update_attack_paths_scan_progress")
-    @patch("tasks.jobs.attack_paths.scan.db_utils.starting_attack_paths_scan")
-    @patch("tasks.jobs.attack_paths.scan.findings.analysis")
-    @patch("tasks.jobs.attack_paths.scan.internet.analysis")
-    @patch("tasks.jobs.attack_paths.scan.findings.create_findings_indexes")
-    @patch("tasks.jobs.attack_paths.scan.cartography_analysis.run")
-    @patch("tasks.jobs.attack_paths.scan.cartography_create_indexes.run")
-    @patch("tasks.jobs.attack_paths.scan.graph_database.create_database")
-    @patch(
-        "tasks.jobs.attack_paths.scan.graph_database.get_database_name",
-        return_value="db-scan-id",
-    )
-    @patch("tasks.jobs.attack_paths.scan.graph_database.get_uri")
-    @patch(
-        "tasks.jobs.attack_paths.scan.initialize_prowler_provider",
-        return_value=MagicMock(_enabled_regions=["us-east-1"]),
-    )
-    @patch(
-        "tasks.jobs.attack_paths.scan.rls_transaction",
-        new=lambda *args, **kwargs: nullcontext(),
-    )
-    def test_run_failure_marks_scan_failed_even_when_drop_database_fails(
-        self,
-        mock_init_provider,
-        mock_get_uri,
-        mock_get_db_name,
-        mock_create_db,
-        mock_cartography_indexes,
-        mock_cartography_analysis,
-        mock_findings_indexes,
-        mock_internet_analysis,
-        mock_findings_analysis,
-        mock_starting,
-        mock_update_progress,
-        mock_set_provider_graph_data_ready,
-        mock_set_graph_data_ready,
-        mock_finish,
-        mock_drop_db,
-        mock_event_loop,
-        mock_stringify,
-        tenants_fixture,
-        providers_fixture,
-        scans_fixture,
-    ):
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.SCHEDULED,
-        )
-
-        mock_session = MagicMock()
-        session_ctx = MagicMock()
-        session_ctx.__enter__.return_value = mock_session
-        session_ctx.__exit__.return_value = False
-        ingestion_fn = MagicMock(side_effect=RuntimeError("ingestion boom"))
-
-        with (
-            patch(
-                "tasks.jobs.attack_paths.scan.graph_database.get_session",
-                return_value=session_ctx,
-            ),
-            patch(
-                "tasks.jobs.attack_paths.scan.db_utils.retrieve_attack_paths_scan",
-                return_value=attack_paths_scan,
-            ),
-            patch(
-                "tasks.jobs.attack_paths.scan.get_cartography_ingestion_function",
-                return_value=ingestion_fn,
-            ),
-        ):
-            with pytest.raises(RuntimeError, match="ingestion boom"):
-                attack_paths_run(str(tenant.id), str(scan.id), "task-789")
-
-        failure_args = mock_finish.call_args[0]
-        assert failure_args[0] is attack_paths_scan
-        assert failure_args[1] == StateChoices.FAILED
-        assert failure_args[2] == {"global_error": "Cartography failed: ingestion boom"}
+        assert failure_args[2] == {
+            "global_cartography_error": "Cartography failed: ingestion boom"
+        }
 
     def test_run_returns_early_for_unsupported_provider(self, tenants_fixture):
         tenant = tenants_fixture[0]
@@ -412,194 +286,6 @@ class TestAttackPathsRun:
         mock_retrieve.assert_called_once_with(str(tenant.id), str(scan.id))
 
 
-@pytest.mark.django_db
-class TestFailAttackPathsScan:
-    def test_marks_executing_scan_as_failed(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import (
-            fail_attack_paths_scan,
-        )
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.EXECUTING,
-        )
-
-        with (
-            patch(
-                "tasks.jobs.attack_paths.db_utils.retrieve_attack_paths_scan",
-                return_value=attack_paths_scan,
-            ) as mock_retrieve,
-            patch(
-                "tasks.jobs.attack_paths.db_utils.graph_database.drop_database"
-            ) as mock_drop_db,
-            patch(
-                "tasks.jobs.attack_paths.db_utils.finish_attack_paths_scan"
-            ) as mock_finish,
-        ):
-            fail_attack_paths_scan(str(tenant.id), str(scan.id), "setup exploded")
-
-        mock_retrieve.assert_called_once_with(str(tenant.id), str(scan.id))
-        expected_tmp_db = f"db-tmp-scan-{str(attack_paths_scan.id).lower()}"
-        mock_drop_db.assert_called_once_with(expected_tmp_db)
-        mock_finish.assert_called_once_with(
-            attack_paths_scan,
-            StateChoices.FAILED,
-            {"global_error": "setup exploded"},
-        )
-
-    def test_drops_temp_database_even_when_drop_fails(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import (
-            fail_attack_paths_scan,
-        )
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.EXECUTING,
-        )
-
-        with (
-            patch(
-                "tasks.jobs.attack_paths.db_utils.retrieve_attack_paths_scan",
-                return_value=attack_paths_scan,
-            ),
-            patch(
-                "tasks.jobs.attack_paths.db_utils.graph_database.drop_database",
-                side_effect=Exception("Neo4j unreachable"),
-            ),
-            patch(
-                "tasks.jobs.attack_paths.db_utils.finish_attack_paths_scan"
-            ) as mock_finish,
-        ):
-            fail_attack_paths_scan(str(tenant.id), str(scan.id), "setup exploded")
-
-        mock_finish.assert_called_once_with(
-            attack_paths_scan,
-            StateChoices.FAILED,
-            {"global_error": "setup exploded"},
-        )
-
-    def test_skips_already_failed_scan(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import (
-            fail_attack_paths_scan,
-        )
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.FAILED,
-        )
-
-        with (
-            patch(
-                "tasks.jobs.attack_paths.db_utils.retrieve_attack_paths_scan",
-                return_value=attack_paths_scan,
-            ),
-            patch(
-                "tasks.jobs.attack_paths.db_utils.graph_database.drop_database"
-            ) as mock_drop_db,
-            patch(
-                "tasks.jobs.attack_paths.db_utils.finish_attack_paths_scan"
-            ) as mock_finish,
-        ):
-            fail_attack_paths_scan(str(tenant.id), str(scan.id), "setup exploded")
-
-        mock_drop_db.assert_not_called()
-        mock_finish.assert_not_called()
-
-    def test_skips_when_no_scan_found(self, tenants_fixture):
-        from tasks.jobs.attack_paths.db_utils import (
-            fail_attack_paths_scan,
-        )
-
-        tenant = tenants_fixture[0]
-
-        with (
-            patch(
-                "tasks.jobs.attack_paths.db_utils.retrieve_attack_paths_scan",
-                return_value=None,
-            ),
-            patch(
-                "tasks.jobs.attack_paths.db_utils.finish_attack_paths_scan"
-            ) as mock_finish,
-        ):
-            fail_attack_paths_scan(str(tenant.id), "nonexistent", "setup exploded")
-
-        mock_finish.assert_not_called()
-
-
-class TestAttackPathsScanRLSTaskOnFailure:
-    def test_on_failure_delegates_to_fail_attack_paths_scan(self):
-        from tasks.tasks import AttackPathsScanRLSTask
-
-        task = AttackPathsScanRLSTask()
-
-        with patch(
-            "tasks.tasks.attack_paths_db_utils.fail_attack_paths_scan"
-        ) as mock_fail:
-            task.on_failure(
-                exc=RuntimeError("boom"),
-                task_id="task-abc",
-                args=(),
-                kwargs={"tenant_id": "t-1", "scan_id": "s-1"},
-                _einfo=None,
-            )
-
-        mock_fail.assert_called_once_with("t-1", "s-1", "boom")
-
-    def test_on_failure_skips_when_missing_kwargs(self):
-        from tasks.tasks import AttackPathsScanRLSTask
-
-        task = AttackPathsScanRLSTask()
-
-        with patch(
-            "tasks.tasks.attack_paths_db_utils.fail_attack_paths_scan"
-        ) as mock_fail:
-            task.on_failure(
-                exc=RuntimeError("boom"),
-                task_id="task-abc",
-                args=(),
-                kwargs={},
-                _einfo=None,
-            )
-
-        mock_fail.assert_not_called()
-
-
 @pytest.mark.django_db
 class TestAttackPathsFindingsHelpers:
     def test_create_findings_indexes_executes_all_statements(self):
@@ -1071,359 +757,3 @@ class TestAttackPathsFindingsHelpers:
             findings_module.load_findings(mock_session, empty_gen(), provider, config)
 
         mock_session.run.assert_not_called()
-
-
-class TestInternetAnalysis:
-    def _make_provider_and_config(self):
-        provider = MagicMock()
-        provider.provider = "aws"
-        provider.uid = "123456789012"
-        config = SimpleNamespace(update_tag=1234567890)
-        return provider, config
-
-    def test_analysis_creates_node_and_relationships(self):
-        """Verify both Cypher statements are executed and relationship count returned."""
-        mock_session = MagicMock()
-        mock_result = MagicMock()
-        mock_result.single.return_value = {"relationships_merged": 3}
-        mock_session.run.side_effect = [None, mock_result]
-        provider, config = self._make_provider_and_config()
-
-        with patch(
-            "tasks.jobs.attack_paths.internet.get_root_node_label",
-            return_value="AWSAccount",
-        ):
-            result = internet_module.analysis(mock_session, provider, config)
-
-        assert mock_session.run.call_count == 2
-        assert result == 3
-
-    def test_analysis_zero_exposed_resources(self):
-        """When no resources are exposed, zero relationships are created."""
-        mock_session = MagicMock()
-        mock_result = MagicMock()
-        mock_result.single.return_value = {"relationships_merged": 0}
-        mock_session.run.side_effect = [None, mock_result]
-        provider, config = self._make_provider_and_config()
-
-        with patch(
-            "tasks.jobs.attack_paths.internet.get_root_node_label",
-            return_value="AWSAccount",
-        ):
-            result = internet_module.analysis(mock_session, provider, config)
-
-        assert result == 0
-
-
-@pytest.mark.django_db
-class TestAttackPathsDbUtilsGraphDataReady:
-    """Tests for db_utils functions related to graph_data_ready lifecycle."""
-
-    def test_create_attack_paths_scan_first_scan_defaults_to_false(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import create_attack_paths_scan
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            attack_paths_scan = create_attack_paths_scan(
-                str(tenant.id), str(scan.id), provider.id
-            )
-
-        assert attack_paths_scan is not None
-        assert attack_paths_scan.graph_data_ready is False
-
-    def test_create_attack_paths_scan_inherits_true_from_previous(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import create_attack_paths_scan
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.COMPLETED,
-            graph_data_ready=True,
-        )
-
-        new_scan = Scan.objects.create(
-            name="New Scan",
-            provider=provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.AVAILABLE,
-            tenant_id=tenant.id,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            attack_paths_scan = create_attack_paths_scan(
-                str(tenant.id), str(new_scan.id), provider.id
-            )
-
-        assert attack_paths_scan is not None
-        assert attack_paths_scan.graph_data_ready is True
-
-    def test_create_attack_paths_scan_inherits_false_when_no_previous_ready(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import create_attack_paths_scan
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.FAILED,
-            graph_data_ready=False,
-        )
-
-        new_scan = Scan.objects.create(
-            name="New Scan",
-            provider=provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.AVAILABLE,
-            tenant_id=tenant.id,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            attack_paths_scan = create_attack_paths_scan(
-                str(tenant.id), str(new_scan.id), provider.id
-            )
-
-        assert attack_paths_scan is not None
-        assert attack_paths_scan.graph_data_ready is False
-
-    def test_set_graph_data_ready_updates_field(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import set_graph_data_ready
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            set_graph_data_ready(attack_paths_scan, False)
-
-        attack_paths_scan.refresh_from_db()
-        assert attack_paths_scan.graph_data_ready is False
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            set_graph_data_ready(attack_paths_scan, True)
-
-        attack_paths_scan.refresh_from_db()
-        assert attack_paths_scan.graph_data_ready is True
-
-    def test_finish_attack_paths_scan_does_not_modify_graph_data_ready(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import finish_attack_paths_scan
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            finish_attack_paths_scan(attack_paths_scan, StateChoices.COMPLETED, {})
-
-        attack_paths_scan.refresh_from_db()
-        assert attack_paths_scan.state == StateChoices.COMPLETED
-        assert attack_paths_scan.graph_data_ready is True
-
-    def test_finish_attack_paths_scan_preserves_graph_data_ready_on_failure(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import finish_attack_paths_scan
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-        scan = scans_fixture[0]
-        scan.provider = provider
-        scan.save()
-
-        attack_paths_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan,
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            finish_attack_paths_scan(
-                attack_paths_scan,
-                StateChoices.FAILED,
-                {"global_error": "boom"},
-            )
-
-        attack_paths_scan.refresh_from_db()
-        assert attack_paths_scan.state == StateChoices.FAILED
-        assert attack_paths_scan.graph_data_ready is True
-
-    def test_set_provider_graph_data_ready_updates_all_scans_for_provider(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import set_provider_graph_data_ready
-
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        provider.provider = Provider.ProviderChoices.AWS
-        provider.save()
-
-        scan_a = scans_fixture[0]
-        scan_a.provider = provider
-        scan_a.save()
-
-        scan_b = Scan.objects.create(
-            name="Second Scan",
-            provider=provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.AVAILABLE,
-            tenant_id=tenant.id,
-        )
-
-        old_ap_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan_a,
-            state=StateChoices.COMPLETED,
-            graph_data_ready=True,
-        )
-        new_ap_scan = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            scan=scan_b,
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            set_provider_graph_data_ready(new_ap_scan, False)
-
-        old_ap_scan.refresh_from_db()
-        new_ap_scan.refresh_from_db()
-        assert old_ap_scan.graph_data_ready is False
-        assert new_ap_scan.graph_data_ready is False
-
-    def test_set_provider_graph_data_ready_does_not_affect_other_providers(
-        self, tenants_fixture, providers_fixture, scans_fixture
-    ):
-        from tasks.jobs.attack_paths.db_utils import set_provider_graph_data_ready
-
-        tenant = tenants_fixture[0]
-        provider_a = providers_fixture[0]
-        provider_a.provider = Provider.ProviderChoices.AWS
-        provider_a.save()
-
-        provider_b = providers_fixture[1]
-        provider_b.provider = Provider.ProviderChoices.AWS
-        provider_b.save()
-
-        scan_a = scans_fixture[0]
-        scan_a.provider = provider_a
-        scan_a.save()
-
-        scan_b = Scan.objects.create(
-            name="Scan for provider B",
-            provider=provider_b,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant_id=tenant.id,
-        )
-
-        ap_scan_a = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider_a,
-            scan=scan_a,
-            state=StateChoices.EXECUTING,
-            graph_data_ready=True,
-        )
-        ap_scan_b = AttackPathsScan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider_b,
-            scan=scan_b,
-            state=StateChoices.COMPLETED,
-            graph_data_ready=True,
-        )
-
-        with patch(
-            "tasks.jobs.attack_paths.db_utils.rls_transaction",
-            new=lambda *args, **kwargs: nullcontext(),
-        ):
-            set_provider_graph_data_ready(ap_scan_a, False)
-
-        ap_scan_a.refresh_from_db()
-        ap_scan_b.refresh_from_db()
-        assert ap_scan_a.graph_data_ready is False
-        assert ap_scan_b.graph_data_ready is True

api/src/backend/tasks/tests/test_deletion.py

@@ -4,7 +4,6 @@ import pytest
 
 from django.core.exceptions import ObjectDoesNotExist
 
-from api.attack_paths import database as graph_database
 from api.models import Provider, Tenant
 from tasks.jobs.deletion import delete_provider, delete_tenant
 
@@ -48,61 +47,14 @@ class TestDeleteProvider:
             tenant_id = str(tenants_fixture[0].id)
             non_existent_pk = "babf6796-cfcc-4fd3-9dcf-88d012247645"
 
-            result = delete_provider(tenant_id, non_existent_pk)
+            with pytest.raises(ObjectDoesNotExist):
+                delete_provider(tenant_id, non_existent_pk)
 
-            assert result == {}
-            mock_get_database_name.assert_not_called()
-            mock_drop_subgraph.assert_not_called()
-
-    def test_delete_provider_drops_temp_attack_paths_databases(
-        self, providers_fixture, create_attack_paths_scan
-    ):
-        instance = providers_fixture[0]
-        tenant_id = str(instance.tenant_id)
-
-        aps1 = create_attack_paths_scan(instance)
-        aps2 = create_attack_paths_scan(instance)
-
-        with (
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_subgraph",
-            ),
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_database",
-            ) as mock_drop_database,
-        ):
-            result = delete_provider(tenant_id, instance.id)
-
-        assert result
-        expected_tmp_calls = [
-            call(f"db-tmp-scan-{str(aps1.id).lower()}"),
-            call(f"db-tmp-scan-{str(aps2.id).lower()}"),
-        ]
-        mock_drop_database.assert_has_calls(expected_tmp_calls, any_order=True)
-
-    def test_delete_provider_continues_when_temp_db_drop_fails(
-        self, providers_fixture, create_attack_paths_scan
-    ):
-        instance = providers_fixture[0]
-        tenant_id = str(instance.tenant_id)
-
-        create_attack_paths_scan(instance)
-
-        with (
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_subgraph",
-            ),
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_database",
-                side_effect=graph_database.GraphDatabaseQueryException(
-                    "Neo4j unreachable"
-                ),
-            ),
-        ):
-            result = delete_provider(tenant_id, instance.id)
-
-        assert result
-        assert not Provider.all_objects.filter(pk=instance.id).exists()
+            mock_get_database_name.assert_called_once_with(tenant_id)
+            mock_drop_subgraph.assert_called_once_with(
+                "tenant-db",
+                non_existent_pk,
+            )
 
 
 @pytest.mark.django_db
@@ -190,56 +142,3 @@ class TestDeleteTenant:
             mock_get_database_name.assert_called_once_with(tenant.id)
             mock_drop_subgraph.assert_not_called()
             mock_drop_database.assert_called_once_with("tenant-db")
-
-    def test_delete_tenant_includes_soft_deleted_providers(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        provider = Provider.objects.create(
-            provider="aws",
-            uid="999999999999",
-            alias="soft_deleted_provider",
-            tenant_id=tenant.id,
-        )
-        # Soft-delete the provider so ActiveProviderManager would skip it
-        Provider.all_objects.filter(pk=provider.id).update(is_deleted=True)
-
-        with (
-            patch(
-                "tasks.jobs.deletion.graph_database.get_database_name",
-                return_value="tenant-db",
-            ),
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_subgraph"
-            ) as mock_drop_subgraph,
-            patch("tasks.jobs.deletion.graph_database.drop_database"),
-        ):
-            delete_tenant(tenant.id)
-
-            mock_drop_subgraph.assert_any_call("tenant-db", str(provider.id))
-
-    def test_delete_tenant_handles_concurrently_deleted_provider(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        Provider.objects.create(
-            provider="aws",
-            uid="111111111111",
-            alias="vanishing_provider",
-            tenant_id=tenant.id,
-        )
-
-        def drop_subgraph_side_effect(_db_name, provider_id):
-            # Simulate concurrent deletion by another process
-            Provider.all_objects.filter(pk=provider_id).delete()
-
-        with (
-            patch(
-                "tasks.jobs.deletion.graph_database.get_database_name",
-                return_value="tenant-db",
-            ),
-            patch(
-                "tasks.jobs.deletion.graph_database.drop_subgraph",
-                side_effect=drop_subgraph_side_effect,
-            ),
-            patch("tasks.jobs.deletion.graph_database.drop_database"),
-        ):
-            deletion_summary = delete_tenant(tenant.id)
-
-            assert deletion_summary is not None

contrib/k8s/helm/prowler-app/.helmignore

@@ -1,24 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-examples
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

contrib/k8s/helm/prowler-app/Chart.lock

@@ -1,12 +0,0 @@
-dependencies:
-- name: postgresql
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.2.0
-- name: valkey
-  repository: https://valkey.io/valkey-helm/
-  version: 0.9.3
-- name: neo4j
-  repository: https://helm.neo4j.com/neo4j
-  version: 2025.12.1
-digest: sha256:da19233c6832727345fcdb314d683d30aa347d349f270023f3a67149bffb009b
-generated: "2026-01-26T12:00:06.798702+02:00"

contrib/k8s/helm/prowler-app/Chart.yaml

@@ -1,33 +0,0 @@
-apiVersion: v2
-name: prowler
-description: Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuous monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness.
-type: application
-version: 0.0.1
-appVersion: "5.17.0"
-home: https://prowler.com
-icon: https://cdn.prod.website-files.com/68c4ec3f9fb7b154fbcb6e36/68c5e0fea5d0059b9e05834b_Link.png
-keywords:
-  - security
-  - aws
-  - azure
-  - gcp
-  - kubernetes
-maintainers:
-  - name: Mihai
-    email: mihai.legat@gmail.com
-dependencies:
-  # https://artifacthub.io/packages/helm/bitnami/postgresql
-  - name: postgresql
-    version: 18.2.0
-    repository: oci://registry-1.docker.io/bitnamicharts
-    condition: postgresql.enabled
-  # https://valkey.io/valkey-helm/
-  - name: valkey
-    version: 0.9.3
-    repository: https://valkey.io/valkey-helm/
-    condition: valkey.enabled
-  # https://helm.neo4j.com/neo4j
-  - name: neo4j
-    version: 2025.12.1
-    repository: https://helm.neo4j.com/neo4j
-    condition: neo4j.enabled

contrib/k8s/helm/prowler-app/README.md

@@ -1,143 +0,0 @@
-<!--
-This README is the one shown on Artifact Hub.
-Images should use absolute URLs.
--->
-
-# Prowler App Helm Chart
-
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square)
-![AppVersion: 5.17.0](https://img.shields.io/badge/AppVersion-5.17.0-informational?style=flat-square)
-
-Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuous monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
-
-## Architecture
-
-The Prowler App consists of three main components:
-
-- **Prowler UI**: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
-- **Prowler API**: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
-- **Prowler SDK**: A Python SDK that integrates with the Prowler CLI for advanced functionality.
-
-The app leverages the following supporting infrastructure:
-
-- **PostgreSQL**: Used for persistent storage of scan results.
-- **Celery Workers**: Facilitate asynchronous execution of Prowler scans.
-- **Valkey**: An in-memory database serving as a message broker for the Celery workers.
-- **Neo4j**: Graph Database
-- **Keda**: Kubernetes Event-driven Autoscaling (Keda) automatically scales the number of Celery worker pods based on the workload, ensuring efficient resource utilization and responsiveness.
-
-## Setup
-
-This guide walks you through installing Prowler App using Helm. For a minimal installation example, see the [minimal installation example](./examples/minimal-installation/).
-
-### Prerequisites
-
-- Kubernetes cluster (1.24+)
-- Helm 3.x installed
-- `kubectl` configured to access your cluster
-- Access to the Prowler Helm chart repository (or local chart)
-
-### Step 1: Create Required Secrets
-
-Before installing the Helm chart, you must create a Kubernetes Secret containing the required authentication keys and secrets.
-
-1. **Generate the required keys and secrets:**
-
-   ```bash
-   # Generate Django token signing key (private key)
-   openssl genrsa -out private.pem 2048
-
-   # Generate Django token verifying key (public key)
-   openssl rsa -in private.pem -pubout -out public.pem
-
-   # Generate Django secrets encryption key
-   openssl rand -base64 32
-
-   # Generate Auth secret
-   openssl rand -base64 32
-   ```
-
-2. **Create the secret file:**
-
-   Create a file named `secrets.yaml` with the following structure:
-
-   ```yaml
-   apiVersion: v1
-   kind: Secret
-   type: Opaque
-   metadata:
-     name: prowler-secret
-   stringData:
-     DJANGO_TOKEN_SIGNING_KEY: |
-       -----BEGIN PRIVATE KEY-----
-       [paste your private key here]
-       -----END PRIVATE KEY-----
-
-     DJANGO_TOKEN_VERIFYING_KEY: |
-       -----BEGIN PUBLIC KEY-----
-       [paste your public key here]
-       -----END PUBLIC KEY-----
-
-     DJANGO_SECRETS_ENCRYPTION_KEY: "[paste your encryption key here]"
-
-     AUTH_SECRET: "[paste your auth secret here]"
-
-     NEO4J_PASSWORD: "[prowler-password]"
-     NEO4J_AUTH: "neo4j/[prowler-password]"
-   ```
-
-   > **Note:** You can use the [example secrets file](./examples/minimal-installation/secrets.yaml) as a template, but **always replace the placeholder values with your own secure keys** before applying.
-
-3. **Apply the secret to your cluster:**
-
-   ```bash
-   kubectl apply -f secrets.yaml
-   ```
-
-### Step 2: Configure Values
-
-Create a `values.yaml` file to customize your installation. At minimum, you need to configure the UI access method.
-
-**Option A: Using Ingress (Recommended for production)**
-
-```yaml
-ui:
-  ingress:
-    enabled: true
-    hosts:
-      - host: prowler.example.com
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-```
-
-**Option B: Using authUrl (For proxy setups)**
-
-```yaml
-ui:
-  authUrl: prowler.example.com
-```
-
-> **Note:** See the [minimal installation example](./examples/minimal-installation/values.yaml) for a complete reference.
-
-### Step 3: Install the Chart
-
-Install Prowler App using Helm:
-
-```bash
-helm dependency update
-helm install prowler prowler/prowler-app -f values.yaml
-```
-
-### Using Existing PostgreSQL and Valkey Instances
-
-By default, this Chart uses Bitnami's Charts to deploy [PostgreSQL](https://artifacthub.io/packages/helm/bitnami/postgresql), [Neo4j](https://helm.neo4j.com/neo4j) and [Valkey official helm chart](https://valkey.io/valkey-helm/). **Note:** This default setup is not production-ready.
-
-To connect to existing PostgreSQL, Neo4j and Valkey instances:
-
-1. Create a `Secret` containing the correct database and message broker credentials
-2. Reference the secret in the [values.yaml](values.yaml) file api->secrets list
-
-## Contributing
-
-Feel free to contact the maintainer of this repository for any questions or concerns. Contributions are encouraged and appreciated.

contrib/k8s/helm/prowler-app/examples/minimal-installation/README.md

@@ -1,46 +0,0 @@
-# Minimal Installation Example
-
-This example demonstrates a minimal installation of Prowler in a Kubernetes cluster.
-
-## Installation
-
-To install Prowler using this example:
-
-1. First, create the required secret:
-```bash
-# Edit secret.yaml and set secure values before applying
-kubectl apply -f secret.yaml
-```
-
-1. Install the chart using the base values file:
-```bash
-# Basic installation
-helm install prowler prowler/prowler-app -f values.yaml
-```
-
-## Configuration
-
-The example contains the following configuration files:
-
-### `secret.yaml`
-Contains all required secrets for the Prowler installation. **Must be applied before installing the Helm chart**. Make sure to replace all placeholder values with secure values before applying.
-
-### `values.yaml`
-```yaml
-ui:
-  # Note: You should set either `authUrl` if you use prowler behind a proxy or enable `ingress`.
-
-  # Example with authUrl:
-  # authUrl: example.prowler.com
-
-  # Example with ingress:
-  ingress:
-    enabled: true
-    hosts:
-      - host: example.prowler.com
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-```
-
-Make sure to adjust the hostname in the values file to match your environment before installing.

contrib/k8s/helm/prowler-app/examples/minimal-installation/secrets.yaml

@@ -1,58 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: prowler-secret
-stringData:
-  # openssl genrsa -out private.pem 2048
-  DJANGO_TOKEN_SIGNING_KEY: |
-    -----BEGIN PRIVATE KEY-----
-    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCIro0QiLAxw7rF
-    GO0NgAWJfkpYE5ysMGDCbId07HUrv+/SCoRjqKVzGJVIvmNP5oByzSehPgswW9v3
-    3dqe2r9sCS1JyMa+XO3qfZCR0uRDcPCwZjIyr0QQLpWAymdBa8baeHsU1/3Orjcb
-    Vrr+lNx4HQJOiSn094iXPReW/25hYeq/SXs79V2CR87PGdoZAhb8IllAxJgdfkeB
-    /iWohY/1vfRTmIuMweWGXk0aKzPsBdvE/DqG4HjiNVEPh18G3vid0YTZNmm7u8vO
-    Cue3x9NQWGHA4QtxNtLtxlHcOEryqZ9ChO2nC+ew0Xl/v706XFNyLFicjisIKNQo
-    qdkaMS33AgMBAAECggEAGdJIChCYoL4mYafk2MEPyrrWFq+V0J3PGcvhB0DInfxD
-    tT2RZzZsE0NYqIZ3Qpf8OjPxwa9z863W74u1Cn+u3B0bti29BieONteD4VijEO6c
-    OecEorijth7m1Y7nVN+kkI9kSTrI0yvsczi+WOwMfpCUZ/vXtlSxNEkxVLBqzPCo
-    9VxAFIjgWOj2rpw8nxPedves36PUrC5ghLqrOTe1jmw/Di0++47AXG+DsTXc00sc
-    5+oybopm3Kimsxrqbf9s8SZf2A8NiwqcbLj8OtP2j2g4TCEgZYLD5Zmt+JN/wN4B
-    WsQG/Hwp4KPPm9QTHEpuuoPFP1CZWZeq8gPcV4apYQKBgQC+TuXjJCYhZqNIttTZ
-    z/i3hkKUEKQLkzTZnXaDzL5wHyEMVqM2E/WkilO0C9ZZwh0ENPzkp+JsHf7LEhHy
-    wSHOti81VzUCjN/YpCBKlOlClqSiDlOonImrobLei8xgvmA0VmGtirCXZyyzZUoV
-    OyPr17WpK6G/M5piX59MvKQg0QKBgQC33NBoQFD8A6FjrTopYmWfK099k9uQh9NE
-    bvUYsNAPunSDslmc/0PPHQC7fRX5Ime2BinXAN1PYtB/Fsu3jv/+FCUM5hVil0Dd
-    KBvt13+RYSCJKlhcGP1EkWoIg1F2XXBOZKJrC8VQ+Vyl2t06UcWQqy5M9J4VZaqI
-    fruOLU/URwKBgE55GjJfZZnASPRi78IhD94dbra/ZeWf/dr+IzCV7LEvJOGBmCtk
-    b5Y5s+o6N1krwetKLj3bPHJ4q+fwu5XuLZKfbTgBjcpPbL5YbzhRzx22IIzye2y7
-    n8k2FBvQaaY62lC6jeyRk9/am4Qd8D5w9I77k9z+MOQ20yJda8KoxsUBAoGBAIQ9
-    5QPmppjsf4ry0C9t30uhWhYnX7fPiYviBpVQrwVxBVan076Q9xOjd6BicohzT4bj
-    XfqPW546o12VZsbKqqLzmEZzwpPb2EJ5E8V4xv8ojb86Xr03GArWUB55XQE2aY1o
-    4kz99VitUg7UoWPN5ryL8sxU8NLRAdwU0w+K1a0HAoGAZaU7O94u9IIPZ6Ohobs2
-    Vjf/eV0brCKgX61b4z/YhuJdZsyTujhBZUihZwqR696kiFKuzmHx1ghE2ITvnPVN
-    q0iHxRZzBCnRQ+mQlS0trzphaCP0NVy3osFeAD9mJfnOnSmkU0ua4F81mkvke1eN
-    6nnaoAdy2lmMr96/Tye2ty4=
-    -----END PRIVATE KEY-----
-
-  # openssl rsa -in private.pem -pubout -out public.pem
-  DJANGO_TOKEN_VERIFYING_KEY: |
-    -----BEGIN PUBLIC KEY-----
-    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK6NEIiwMcO6xRjtDYAF
-    iX5KWBOcrDBgwmyHdOx1K7/v0gqEY6ilcxiVSL5jT+aAcs0noT4LMFvb993antq/
-    bAktScjGvlzt6n2QkdLkQ3DwsGYyMq9EEC6VgMpnQWvG2nh7FNf9zq43G1a6/pTc
-    eB0CTokp9PeIlz0Xlv9uYWHqv0l7O/VdgkfOzxnaGQIW/CJZQMSYHX5Hgf4lqIWP
-    9b30U5iLjMHlhl5NGisz7AXbxPw6huB44jVRD4dfBt74ndGE2TZpu7vLzgrnt8fT
-    UFhhwOELcTbS7cZR3DhK8qmfQoTtpwvnsNF5f7+9OlxTcixYnI4rCCjUKKnZGjEt
-    9wIDAQAB
-    -----END PUBLIC KEY-----
-
-  # openssl rand -base64 32
-  DJANGO_SECRETS_ENCRYPTION_KEY: "qYAIWnRK52aBT5YQkBoMEw08j7j3+QIPZXS6+A8Su44="
-
-  # openssl rand -base64 32
-  AUTH_SECRET: "CM9w3Nco2P1RdHaYmD+fmy2nJmSofusdHd4g7Z4KDG4="
-
-  # Unfortunatelly, we need to duplicate the password in two different keys because the Neo4j Helm Chart expects the password in the NEO4J_AUTH key and the application expects it in the NEO4J_PASSWORD key.
-  NEO4J_PASSWORD: "prowler-password-fake"
-  NEO4J_AUTH: "neo4j/prowler-password-fake"

contrib/k8s/helm/prowler-app/examples/minimal-installation/values.yaml

@@ -1,11 +0,0 @@
-ui:
-  ingress:
-    enabled: true
-    hosts:
-      - host: 127.0.0.1.nip.io
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-
-# or use authUrl if you use prowler behind a proxy
-# authUrl: 127.0.0.1.nip.io

contrib/k8s/helm/prowler-app/templates/_helpers.tpl

@@ -1,134 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "prowler.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "prowler.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "prowler.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "prowler.labels" -}}
-helm.sh/chart: {{ include "prowler.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Django environment variables for api, worker, and worker_beat.
-*/}}
-{{- define "prowler.django.env" -}}
-- name: DJANGO_TOKEN_SIGNING_KEY
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.djangoTokenSigningKey.secretKeyRef.name }}
-      key: {{ .Values.djangoTokenSigningKey.secretKeyRef.key }}
-- name: DJANGO_TOKEN_VERIFYING_KEY
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.djangoTokenVerifyingKey.secretKeyRef.name }}
-      key: {{ .Values.djangoTokenVerifyingKey.secretKeyRef.key }}
-- name: DJANGO_SECRETS_ENCRYPTION_KEY
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.djangoSecretsEncryptionKey.secretKeyRef.name }}
-      key: {{ .Values.djangoSecretsEncryptionKey.secretKeyRef.key }}
-{{- end }}
-
-
-{{/*
-PostgreSQL environment variables for api, worker, and worker_beat.
-Outputs nothing when postgresql.enabled is false.
-*/}}
-{{- define "prowler.postgresql.env" -}}
-{{- if .Values.postgresql.enabled }}
-{{- if .Values.postgresql.auth.username }}
-- name: POSTGRES_USER
-  value: {{ .Values.postgresql.auth.username | quote }}
-{{- end }}
-- name: POSTGRES_PASSWORD
-{{- if .Values.postgresql.auth.existingSecret }}
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.postgresql.auth.existingSecret }}
-      key: {{ required "postgresql.auth.secretKeys.userPasswordKey is required when using an existing secret" .Values.postgresql.auth.secretKeys.userPasswordKey }}
-{{- else if .Values.postgresql.auth.password }}
-  value: {{ .Values.postgresql.auth.password | quote }}
-{{- else }}
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Release.Name }}-postgresql
-      key: password
-{{- end }}
-- name: POSTGRES_DB
-  value: {{ .Values.postgresql.auth.database | quote }}
-- name: POSTGRES_HOST
-  value: {{ .Release.Name }}-postgresql
-- name: POSTGRES_PORT
-  value: "5432"
-- name: POSTGRES_ADMIN_USER
-  value: postgres
-- name: POSTGRES_ADMIN_PASSWORD
-{{- if .Values.postgresql.auth.existingSecret }}
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Values.postgresql.auth.existingSecret }}
-      key: {{ required "postgresql.auth.secretKeys.adminPasswordKey is required when using an existing secret" .Values.postgresql.auth.secretKeys.adminPasswordKey }}
-{{- else if .Values.postgresql.auth.postgresPassword }}
-  value: {{ .Values.postgresql.auth.postgresPassword | quote }}
-{{- else }}
-  valueFrom:
-    secretKeyRef:
-      name: {{ .Release.Name }}-postgresql
-      key: postgres-password
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Neo4j environment variables for api, worker, and worker_beat.
-Outputs nothing when neo4j.enabled is false.
-*/}}
-{{- define "prowler.neo4j.env" -}}
-{{- if .Values.neo4j.enabled }}
-- name: NEO4J_HOST
-  value: {{ .Release.Name }}
-- name: NEO4J_PORT
-  value: "7687"
-- name: NEO4J_USER
-  value: "neo4j"
-- name: NEO4J_PASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ required "neo4j.neo4j.passwordFromSecret is required" .Values.neo4j.neo4j.passwordFromSecret }}
-      key: NEO4J_PASSWORD
-{{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/api/_helpers.tpl

@@ -1,10 +0,0 @@
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler.api.serviceAccountName" -}}
-{{- if .Values.api.serviceAccount.create }}
-{{- default (printf "%s-%s" (include "prowler.fullname" .) "api") .Values.api.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.api.serviceAccount.name }}
-{{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/api/configmap.yaml

@@ -1,10 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-data:
-  {{- range $key, $value := .Values.api.djangoConfig }}
-  {{ $key }}: {{ $value | quote }}
-  {{- end }}

contrib/k8s/helm/prowler-app/templates/api/deployment.yaml

@@ -1,105 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.api.autoscaling.enabled }}
-  replicas: {{ .Values.api.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "prowler.fullname" . }}-api
-  template:
-    metadata:
-      annotations:
-        secret-hash: "{{ printf "%s%s%s" (.Files.Get "templates/api/configmap.yaml" | sha256sum) (.Files.Get "templates/api/secret-valkey.yaml" | sha256sum) | sha256sum }}"
-      {{- with .Values.api.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler.labels" . | nindent 8 }}
-        app.kubernetes.io/name: {{ include "prowler.fullname" . }}-api
-        {{- with .Values.api.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.api.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler.api.serviceAccountName" . }}
-      {{- with .Values.api.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: api
-          {{- with .Values.api.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.api.image.pullPolicy }}
-          {{- with .Values.api.command }}
-          command:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.api.args }}
-          args:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.api.service.port }}
-              protocol: TCP
-          envFrom:
-            - configMapRef:
-                name: {{ include "prowler.fullname" . }}-api
-            {{- if .Values.valkey.enabled }}
-            - secretRef:
-                name: {{ include "prowler.fullname" . }}-api-valkey
-            {{- end }}
-            {{- with .Values.api.secrets }}
-            {{- range $index, $secret := . }}
-            - secretRef:
-                name: {{ $secret }}
-            {{- end }}
-            {{- end }}
-          env:
-            {{- include "prowler.django.env" . | nindent 12 }}
-            {{- include "prowler.postgresql.env" . | nindent 12 }}
-            {{- include "prowler.neo4j.env" . | nindent 12 }}
-          {{- with .Values.api.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.api.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.api.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.api.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.api.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.api.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.api.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.api.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

contrib/k8s/helm/prowler-app/templates/api/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.api.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "prowler.fullname" . }}-api
-  minReplicas: {{ .Values.api.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.api.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.api.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.api.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/api/ingress.yaml

@@ -1,43 +0,0 @@
-{{- if .Values.api.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.api.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.api.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.api.ingress.tls }}
-  tls:
-    {{- range .Values.api.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.api.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler.fullname" $ }}-api
-                port:
-                  number: {{ $.Values.api.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/api/role.yaml

@@ -1,29 +0,0 @@
-# https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/#step-44-kubernetes-credentials
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-rules:
-- apiGroups: [""]
-  resources: ["pods", "configmaps", "nodes", "namespaces"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: ["rbac.authorization.k8s.io"]
-  resources: ["clusterrolebindings", "rolebindings", "clusterroles", "roles"]
-  verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "prowler.fullname" . }}-api
-subjects:
-- kind: ServiceAccount
-  name: {{ include "prowler.api.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}

contrib/k8s/helm/prowler-app/templates/api/secret-valkey.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.valkey.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "prowler.fullname" . }}-api-valkey
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-type: Opaque
-stringData:
-  VALKEY_HOST: "{{ include "prowler.fullname" . }}-valkey"
-  VALKEY_PORT: "6379"
-  VALKEY_DB: "0"
-{{- end -}}

contrib/k8s/helm/prowler-app/templates/api/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler.fullname" . }}-api
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.api.service.type }}
-  ports:
-    - port: {{ .Values.api.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ include "prowler.fullname" . }}-api

contrib/k8s/helm/prowler-app/templates/api/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.api.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler.api.serviceAccountName" . }}
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.api.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.api.serviceAccount.automount }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/ui/_helpers.tpl

@@ -1,10 +0,0 @@
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler.ui.serviceAccountName" -}}
-{{- if .Values.ui.serviceAccount.create }}
-{{- default (printf "%s-%s" (include "prowler.fullname" .) "ui") .Values.ui.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.ui.serviceAccount.name }}
-{{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/ui/configmap.yaml

@@ -1,18 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: {{ include "prowler.fullname" . }}-ui
-data:
-  PROWLER_UI_VERSION: "stable"
-  {{- if .Values.ui.ingress.enabled }}
-  {{- with (first .Values.ui.ingress.hosts) }}
-  AUTH_URL: "https://{{ .host }}"
-  {{- end }}
-  {{- else }}
-  AUTH_URL: {{ .Values.ui.authUrl | quote }}
-  {{- end }}
-  API_BASE_URL: "http://{{ include "prowler.fullname" . }}-api:{{ .Values.api.service.port }}/api/v1"
-  NEXT_PUBLIC_API_BASE_URL: "http://{{ include "prowler.fullname" . }}-api:{{ .Values.api.service.port }}/api/v1"
-  NEXT_PUBLIC_API_DOCS_URL: "http://{{ include "prowler.fullname" . }}-api:{{ .Values.api.service.port }}/api/v1/docs"
-  AUTH_TRUST_HOST: "true"
-  UI_PORT: {{ .Values.ui.service.port | quote }}

contrib/k8s/helm/prowler-app/templates/ui/deployment.yaml

@@ -1,95 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler.fullname" . }}-ui
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.ui.autoscaling.enabled }}
-  replicas: {{ .Values.ui.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "prowler.fullname" . }}-ui
-  template:
-    metadata:
-      annotations:
-        secret-hash: {{ .Files.Get "templates/ui/configmap.yaml" | sha256sum }}
-      {{- with .Values.ui.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler.labels" . | nindent 8 }}
-        app.kubernetes.io/name: {{ include "prowler.fullname" . }}-ui
-        {{- with .Values.ui.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.ui.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler.ui.serviceAccountName" . }}
-      {{- with .Values.ui.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: ui
-          {{- with .Values.ui.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.ui.service.port }}
-              protocol: TCP
-          env:
-            - name: AUTH_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.ui.authSecret.secretKeyRef.name }}
-                  key: {{ .Values.ui.authSecret.secretKeyRef.key }}
-          envFrom:
-            - configMapRef:
-                name: {{ include "prowler.fullname" . }}-ui
-            {{- with .Values.ui.secrets }}
-            {{- range $index, $secret := . }}
-            - secretRef:
-                name: {{ $secret }}
-            {{- end }}
-            {{- end }}
-          {{- with .Values.ui.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.ui.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.ui.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.ui.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.ui.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.ui.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.ui.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.ui.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

contrib/k8s/helm/prowler-app/templates/ui/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ui.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "prowler.fullname" . }}-ui
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "prowler.fullname" . }}-ui
-  minReplicas: {{ .Values.ui.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.ui.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.ui.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.ui.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.ui.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.ui.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/ui/ingress.yaml

@@ -1,43 +0,0 @@
-{{- if .Values.ui.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "prowler.fullname" . }}-ui
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.ui.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ui.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ui.ingress.tls }}
-  tls:
-    {{- range .Values.ui.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ui.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "prowler.fullname" $ }}-ui
-                port:
-                  number: {{ $.Values.ui.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/ui/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "prowler.fullname" . }}-ui
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.ui.service.type }}
-  ports:
-    - port: {{ .Values.ui.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ include "prowler.fullname" . }}-ui

contrib/k8s/helm/prowler-app/templates/ui/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.ui.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler.ui.serviceAccountName" . }}
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.ui.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.ui.serviceAccount.automount }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker/_helpers.tpl

@@ -1,10 +0,0 @@
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler.worker.serviceAccountName" -}}
-{{- if .Values.worker.serviceAccount.create }}
-{{- default (printf "%s-%s" (include "prowler.fullname" .) "worker") .Values.worker.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.worker.serviceAccount.name }}
-{{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker/deployment.yaml

@@ -1,101 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler.fullname" . }}-worker
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.worker.autoscaling.enabled }}
-  replicas: {{ .Values.worker.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "prowler.fullname" . }}-worker
-  template:
-    metadata:
-      annotations:
-        secret-hash: "{{ printf "%s%s%s" (.Files.Get "templates/api/configmap.yaml" | sha256sum) (.Files.Get "templates/api/secret-valkey.yaml" | sha256sum) | sha256sum }}"
-      {{- with .Values.worker.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler.labels" . | nindent 8 }}
-        app.kubernetes.io/name: {{ include "prowler.fullname" . }}-worker
-        {{- with .Values.worker.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.worker.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler.worker.serviceAccountName" . }}
-      {{- with .Values.worker.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: worker
-          {{- with .Values.worker.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.worker.image.pullPolicy }}
-          {{- with .Values.worker.command }}
-          command:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker.args }}
-          args:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          envFrom:
-            - configMapRef:
-                name: {{ include "prowler.fullname" . }}-api
-            {{- if .Values.valkey.enabled }}
-            - secretRef:
-                name: {{ include "prowler.fullname" . }}-api-valkey
-            {{- end }}
-            {{- with .Values.api.secrets }}
-            {{- range $index, $secret := . }}
-            - secretRef:
-                name: {{ $secret }}
-            {{- end }}
-            {{- end }}
-          env:
-            {{- include "prowler.django.env" . | nindent 12 }}
-            {{- include "prowler.postgresql.env" . | nindent 12 }}
-            {{- include "prowler.neo4j.env" . | nindent 12 }}
-          {{- with .Values.worker.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.worker.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

contrib/k8s/helm/prowler-app/templates/worker/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.worker.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "prowler.fullname" . }}-worker
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "prowler.fullname" . }}-worker
-  minReplicas: {{ .Values.worker.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker/scaled-object.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.worker.keda.enabled }}
-apiVersion: keda.sh/v1alpha1
-kind: ScaledObject
-metadata:
-  name: {{ include "prowler.fullname" . }}-worker
-  namespace: {{ $.Release.Namespace }}
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    name: {{ include "prowler.fullname" . }}-worker
-    envSourceContainerName: worker
-    kind: Deployment
-  minReplicaCount: {{ .Values.worker.keda.minReplicas }}
-  maxReplicaCount: {{ .Values.worker.keda.maxReplicas }}
-  pollingInterval: {{ .Values.worker.keda.pollingInterval }}
-  cooldownPeriod: {{ .Values.worker.keda.cooldownPeriod }}
-  triggers:
-    - type: {{ .Values.worker.keda.triggerType }}
-      metadata:
-        userName: "postgres"
-        passwordFromEnv: POSTGRES_ADMIN_PASSWORD
-        host: {{ .Release.Name }}-postgresql
-        port: {{ .Values.postgresql.port | quote }}
-        dbName: {{ .Values.postgresql.auth.database | quote }}
-        sslmode: disable
-        # Query for KEDA to count the number of scans that are in executing, available, or scheduled states,
-        # where the scheduled time is within the last 2 hours and is before NOW(). Used for scaling workers.
-        query: >-
-          SELECT COUNT(*) FROM scans WHERE ((state='executing' OR state='available' OR state='scheduled') and scheduled_at < NOW() and scheduled_at > NOW() - INTERVAL '2 hours')
-        targetQueryValue: "1"
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.worker.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler.worker.serviceAccountName" . }}
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.worker.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.worker.serviceAccount.automount }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker_beat/_helpers.tpl

@@ -1,10 +0,0 @@
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "prowler.worker_beat.serviceAccountName" -}}
-{{- if .Values.worker_beat.serviceAccount.create }}
-{{- default (printf "%s-%s" (include "prowler.fullname" .) "worker-beat") .Values.worker_beat.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.worker_beat.serviceAccount.name }}
-{{- end }}
-{{- end }}

contrib/k8s/helm/prowler-app/templates/worker_beat/deployment.yaml

@@ -1,99 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "prowler.fullname" . }}-worker-beat
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.worker_beat.replicaCount }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "prowler.fullname" . }}-worker-beat
-  template:
-    metadata:
-      annotations:
-        secret-hash: "{{ printf "%s%s%s" (.Files.Get "templates/api/configmap.yaml" | sha256sum) (.Files.Get "templates/api/secret-valkey.yaml" | sha256sum) | sha256sum }}"
-      {{- with .Values.worker.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "prowler.labels" . | nindent 8 }}
-        app.kubernetes.io/name: {{ include "prowler.fullname" . }}-worker-beat
-        {{- with .Values.worker_beat.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.worker_beat.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "prowler.worker_beat.serviceAccountName" . }}
-      {{- with .Values.worker_beat.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: worker-beat
-          {{- with .Values.worker_beat.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.worker_beat.image.repository }}:{{ .Values.worker_beat.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.worker_beat.image.pullPolicy }}
-          {{- with .Values.worker_beat.command }}
-          command:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker_beat.args }}
-          args:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          envFrom:
-            - configMapRef:
-                name: {{ include "prowler.fullname" . }}-api
-            {{- if .Values.valkey.enabled }}
-            - secretRef:
-                name: {{ include "prowler.fullname" . }}-api-valkey
-            {{- end }}
-            {{- with .Values.api.secrets }}
-            {{- range $index, $secret := . }}
-            - secretRef:
-                name: {{ $secret }}
-            {{- end }}
-            {{- end }}
-          env:
-            {{- include "prowler.django.env" . | nindent 12 }}
-            {{- include "prowler.postgresql.env" . | nindent 12 }}
-            {{- include "prowler.neo4j.env" . | nindent 12 }}
-          {{- with .Values.worker_beat.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker_beat.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker_beat.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.worker_beat.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.worker_beat.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker_beat.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker_beat.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.worker_beat.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

contrib/k8s/helm/prowler-app/templates/worker_beat/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.worker_beat.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "prowler.worker_beat.serviceAccountName" . }}
-  labels:
-    {{- include "prowler.labels" . | nindent 4 }}
-  {{- with .Values.worker_beat.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.worker_beat.serviceAccount.automount }}
-{{- end }}

contrib/k8s/helm/prowler-app/values.yaml

@@ -1,566 +0,0 @@
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-# Reference to the secret containing the API authentication secret.
-# Used to inject the environment variable for the API container.
-djangoTokenSigningKey:
-  secretKeyRef:
-    name: prowler-secret
-    key: DJANGO_TOKEN_SIGNING_KEY
-djangoTokenVerifyingKey:
-  secretKeyRef:
-    name: prowler-secret
-    key: DJANGO_TOKEN_VERIFYING_KEY
-djangoSecretsEncryptionKey:
-  secretKeyRef:
-    name: prowler-secret
-    key: DJANGO_SECRETS_ENCRYPTION_KEY
-
-ui:
-  # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-  replicaCount: 1
-
-  # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-  image:
-    repository: prowlercloud/prowler-ui
-    # This sets the pull policy for images.
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
-
-  # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  imagePullSecrets: []
-
-  # Reference to the secret containing the UI authentication secret.
-  # Used to inject the environment variable for the UI container.
-  # By default, expects a Secret named 'prowler-secret' with a key 'AUTH_SECRET'.
-  authSecret:
-    secretKeyRef:
-      name: prowler-secret
-      key: AUTH_SECRET
-
-  # Secret names to be used as env vars.
-  secrets: []
-    # - "prowler-ui-secret"
-
-  # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # Automatically mount a ServiceAccount's API credentials?
-    automount: true
-    # Annotations to add to the service account
-    annotations: {}
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: ""
-
-  # This is for setting Kubernetes Annotations to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-  podAnnotations: {}
-  # This is for setting Kubernetes Labels to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-  podLabels: {}
-
-  podSecurityContext: {}
-    # fsGroup: 2000
-
-  securityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
-
-  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-  service:
-    # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-    type: ClusterIP
-    # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-    port: 3000
-
-  # The URL of the UI. This is only set if ingress is disabled.
-  authUrl: ""
-
-  # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-  ingress:
-    enabled: false
-    className: ""
-    annotations: {}
-      # kubernetes.io/ingress.class: nginx
-      # kubernetes.io/tls-acme: "true"
-    hosts:
-      - host: chart-example.local
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-    tls: []
-    #  - secretName: chart-example-tls
-    #    hosts:
-    #      - chart-example.local
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-  livenessProbe:
-    httpGet:
-      path: /
-      port: http
-  readinessProbe:
-    httpGet:
-      path: /
-      port: http
-
-  # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-  autoscaling:
-    enabled: false
-    minReplicas: 1
-    maxReplicas: 100
-    targetCPUUtilizationPercentage: 80
-    targetMemoryUtilizationPercentage: 80
-
-  # Additional volumes on the output Deployment definition.
-  volumes: []
-  # - name: foo
-  #   secret:
-  #     secretName: mysecret
-  #     optional: false
-
-  # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
-  # - name: foo
-  #   mountPath: "/etc/foo"
-  #   readOnly: true
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-api:
-  # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-  replicaCount: 1
-
-  # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-  image:
-    repository: prowlercloud/prowler-api
-    # This sets the pull policy for images.
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
-
-  # Shared with celery-worker and celery-beat
-  djangoConfig:
-    # API scan settings
-    # The path to the directory where scan output should be stored
-    DJANGO_TMP_OUTPUT_DIRECTORY: "/tmp/prowler_api_output"
-    # The maximum number of findings to process in a single batch
-    DJANGO_FINDINGS_BATCH_SIZE: "1000"
-    # Django settings
-    DJANGO_ALLOWED_HOSTS: "*"
-    DJANGO_BIND_ADDRESS: "0.0.0.0"
-    DJANGO_PORT: "8080"
-    DJANGO_DEBUG: "False"
-    DJANGO_SETTINGS_MODULE: "config.django.production"
-    # Select one of [ndjson|human_readable]
-    DJANGO_LOGGING_FORMATTER: "ndjson"
-    # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
-    # Applies to both Django and Celery Workers
-    DJANGO_LOGGING_LEVEL: "INFO"
-    # Defaults to the maximum available based on CPU cores if not set.
-    DJANGO_WORKERS: "4"
-    # Token lifetime is in minutes
-    DJANGO_ACCESS_TOKEN_LIFETIME: "30"
-    # Token lifetime is in minutes
-    DJANGO_REFRESH_TOKEN_LIFETIME: "1440"
-    DJANGO_CACHE_MAX_AGE: "3600"
-    DJANGO_STALE_WHILE_REVALIDATE: "60"
-    DJANGO_MANAGE_DB_PARTITIONS: "True"
-    DJANGO_BROKER_VISIBILITY_TIMEOUT: "86400"
-
-  # Secret names to be used as env vars for api, worker, and worker_beat.
-  secrets: []
-    # - "prowler-api-keys"
-
-  command:
-    - /home/prowler/docker-entrypoint.sh
-  args:
-    - prod
-
-  # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  imagePullSecrets: []
-
-  # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # Automatically mount a ServiceAccount's API credentials?
-    automount: true
-    # Annotations to add to the service account
-    annotations: {}
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: ""
-
-  # This is for setting Kubernetes Annotations to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-  podAnnotations: {}
-  # This is for setting Kubernetes Labels to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-  podLabels: {}
-
-  podSecurityContext: {}
-    # fsGroup: 2000
-
-  securityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
-
-  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-  service:
-    # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-    type: ClusterIP
-    # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-    port: 8080
-
-  # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-  ingress:
-    enabled: false
-    className: ""
-    annotations: {}
-      # kubernetes.io/ingress.class: nginx
-      # kubernetes.io/tls-acme: "true"
-    hosts:
-      - host: chart-example.local
-        paths:
-          - path: /
-            pathType: ImplementationSpecific
-    tls: []
-    #  - secretName: chart-example-tls
-    #    hosts:
-    #      - chart-example.local
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  # 3m30s to setup DB
-  # startupProbe:
-  #   httpGet:
-  #     path: /api/v1/docs
-  #     port: http
-
-  # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-  livenessProbe:
-    failureThreshold: 10
-    httpGet:
-      path: /api/v1/docs
-      port: http
-    periodSeconds: 20
-  readinessProbe:
-    failureThreshold: 10
-    httpGet:
-      path: /api/v1/docs
-      port: http
-    periodSeconds: 20
-
-  # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-  autoscaling:
-    enabled: false
-    minReplicas: 1
-    maxReplicas: 100
-    targetCPUUtilizationPercentage: 80
-    targetMemoryUtilizationPercentage: 80
-
-  # Additional volumes on the output Deployment definition.
-  volumes: []
-  # - name: foo
-  #   secret:
-  #     secretName: mysecret
-  #     optional: false
-
-  # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
-  # - name: foo
-  #   mountPath: "/etc/foo"
-  #   readOnly: true
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-worker:
-  # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-  replicaCount: 1
-
-  # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-  image:
-    repository: prowlercloud/prowler-api
-    # This sets the pull policy for images.
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
-
-  command:
-    - /home/prowler/docker-entrypoint.sh
-  args:
-    - worker
-
-  # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  imagePullSecrets: []
-
-  # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # Automatically mount a ServiceAccount's API credentials?
-    automount: true
-    # Annotations to add to the service account
-    annotations: {}
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: ""
-
-  # This is for setting Kubernetes Annotations to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-  podAnnotations: {}
-  # This is for setting Kubernetes Labels to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-  podLabels: {}
-
-  podSecurityContext: {}
-    # fsGroup: 2000
-
-  securityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-  livenessProbe: {}
-  readinessProbe: {}
-
-  # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-  autoscaling:
-    enabled: false
-    minReplicas: 1
-    maxReplicas: 10
-    targetCPUUtilizationPercentage: 80
-    targetMemoryUtilizationPercentage: 80
-
-  # Additional volumes on the output Deployment definition.
-  volumes: []
-  # - name: foo
-  #   secret:
-  #     secretName: mysecret
-  #     optional: false
-
-  # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
-  # - name: foo
-  #   mountPath: "/etc/foo"
-  #   readOnly: true
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-  # KEDA ScaledObject configuration
-  keda:
-    # -- Set to `true` to enable KEDA for the worker pods
-    # Note: When both KEDA and HPA are enabled, the deployment will fail.
-    enabled: false
-    # -- The minimum number of replicas to use for the worker pods
-    minReplicas: 1
-    # -- The maximum number of replicas to use for the worker pods
-    maxReplicas: 2
-    # -- The polling interval in seconds for checking metrics
-    pollingInterval: 30
-    # -- The cooldown period in seconds for scaling
-    cooldownPeriod: 120
-    # -- The trigger type for scaling (cpu or memory)
-    triggerType: "postgresql"
-    # -- The target utilization percentage for the worker pods
-    value: "50"
-
-worker_beat:
-  # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-  replicaCount: 1
-
-  # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-  image:
-    repository: prowlercloud/prowler-api
-    # This sets the pull policy for images.
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
-
-  command:
-    - ../docker-entrypoint.sh
-  args:
-    - beat
-
-  # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  imagePullSecrets: []
-
-  # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # Automatically mount a ServiceAccount's API credentials?
-    automount: true
-    # Annotations to add to the service account
-    annotations: {}
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: ""
-
-  # This is for setting Kubernetes Annotations to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-  podAnnotations: {}
-  # This is for setting Kubernetes Labels to a Pod.
-  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-  podLabels: {}
-
-  podSecurityContext: {}
-    # fsGroup: 2000
-
-  securityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
-
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
-
-  # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-  livenessProbe: {}
-  readinessProbe: {}
-
-  # Additional volumes on the output Deployment definition.
-  volumes: []
-  # - name: foo
-  #   secret:
-  #     secretName: mysecret
-  #     optional: false
-
-  # Additional volumeMounts on the output Deployment definition.
-  volumeMounts: []
-  # - name: foo
-  #   mountPath: "/etc/foo"
-  #   readOnly: true
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  affinity: {}
-
-postgresql:
-  # -- Enable PostgreSQL deployment (via Bitnami Helm Chart). If you want to use an external Postgres server (or a managed one), set this to false
-  # If enabled, it will create a Secret with the credentials.
-  # Otherwise, create a secret with the following and add it to the api deployment:
-  # - POSTGRES_HOST
-  # - POSTGRES_PORT
-  # - POSTGRES_ADMIN_USER     - Existing user in charge of migrations, tables, permissions, RLS
-  # - POSTGRES_ADMIN_PASSWORD
-  # - POSTGRES_USER           - Will be created by ADMIN_USER
-  # - POSTGRES_PASSWORD
-  # - POSTGRES_DB             - Existing DB
-  enabled: true
-  image:
-    repository: "bitnami/postgresql"
-  auth:
-    database: prowler_db
-    username: prowler
-
-valkey:
-  # If enabled, it will create a Secret with the following.
-  # Otherwise, create a secret with
-  # - VALKEY_HOST
-  # - VALKEY_PORT
-  # - VALKEY_DB
-  enabled: true
-
-neo4j:
-  enabled: true
-
-  neo4j:
-    name: prowler-neo4j
-    edition: community
-
-    # The name of the secret containing the Neo4j password with the key NEO4J_PASSWORD
-    passwordFromSecret: prowler-secret
-
-  # Disable lookups during helm template rendering (required for ArgoCD)
-  disableLookups: true
-
-  volumes:
-    data:
-      mode: defaultStorageClass
-
-  services:
-    neo4j:
-      enabled: false
-
-  # Neo4j Configuration (yaml format)
-  config:
-    dbms_security_procedures_allowlist: "apoc.*"
-    dbms_security_procedures_unrestricted: "apoc.*"
-
-  apoc_config:
-    apoc.export.file.enabled: "true"
-    apoc.import.file.enabled: "true"
-    apoc.import.file.use_neo4j_config: "true"

dashboard/compliance/cis_3_1_oraclecloud.py

@@ -1,41 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    """
-    Generate CIS OCI Foundations Benchmark v3.1 compliance table.
-
-    Args:
-        data: DataFrame containing compliance check results with columns:
-            - REQUIREMENTS_ID: CIS requirement ID (e.g., "1.1", "2.1")
-            - REQUIREMENTS_DESCRIPTION: Description of the requirement
-            - REQUIREMENTS_ATTRIBUTES_SECTION: CIS section name
-            - CHECKID: Prowler check identifier
-            - STATUS: Check status (PASS/FAIL)
-            - REGION: OCI region
-            - ACCOUNTID: OCI tenancy OCID (renamed from TENANCYID)
-            - RESOURCEID: Resource OCID or identifier
-
-    Returns:
-        Section containers organized by CIS sections for dashboard display
-    """
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/cis_6_0_aws.py

@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )

dashboard/compliance/csa_ccm_4_0_alibabacloud.py

@@ -1,31 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    data["REQUIREMENTS_ID"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_ID"] = data["REQUIREMENTS_ID"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/csa_ccm_4_0_aws.py

@@ -1,31 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    data["REQUIREMENTS_ID"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_ID"] = data["REQUIREMENTS_ID"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/csa_ccm_4_0_azure.py

@@ -1,31 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    data["REQUIREMENTS_ID"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_ID"] = data["REQUIREMENTS_ID"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/csa_ccm_4_0_gcp.py

@@ -1,31 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    data["REQUIREMENTS_ID"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_ID"] = data["REQUIREMENTS_ID"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/compliance/csa_ccm_4_0_oraclecloud.py

@@ -1,31 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_kisa_ismsp
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    data["REQUIREMENTS_ID"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_ID"] = data["REQUIREMENTS_ID"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_kisa_ismsp(
-        aux, "REQUIREMENTS_ATTRIBUTES_SECTION", "REQUIREMENTS_ID"
-    )

dashboard/pages/compliance.py

@@ -284,11 +284,6 @@ def display_data(
     # Rename the column LOCATION to REGION for Alibaba Cloud
     if "alibabacloud" in analytics_input:
         data = data.rename(columns={"LOCATION": "REGION"})
-
-    # Rename the column TENANCYID to ACCOUNTID for Oracle Cloud
-    if "oraclecloud" in analytics_input:
-        data.rename(columns={"TENANCYID": "ACCOUNTID"}, inplace=True)
-
     # Filter the chosen level of the CIS
     if is_level_1:
         data = data[data["REQUIREMENTS_ATTRIBUTES_PROFILE"].str.contains("Level 1")]

dashboard/pages/overview.py

@@ -259,8 +259,6 @@ else:
                 accounts.append(account + " - K8S")
             if "alibabacloud" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
                 accounts.append(account + " - ALIBABACLOUD")
-            if "oraclecloud" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
-                accounts.append(account + " - OCI")
 
     account_dropdown = create_account_dropdown(accounts)
 
@@ -308,8 +306,6 @@ else:
             services.append(service + " - M365")
         if "alibabacloud" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
             services.append(service + " - ALIBABACLOUD")
-        if "oraclecloud" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
-            services.append(service + " - OCI")
 
     services = ["All"] + services
     services = [
@@ -771,8 +767,6 @@ def filter_data(
                 all_account_ids.append(account)
             if "alibabacloud" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
                 all_account_ids.append(account)
-            if "oraclecloud" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
-                all_account_ids.append(account)
 
     all_account_names = []
     if "ACCOUNT_NAME" in filtered_data.columns:
@@ -799,8 +793,6 @@ def filter_data(
                     data[data["ACCOUNT_UID"] == item]["PROVIDER"]
                 ):
                     cloud_accounts_options.append(item + " - ALIBABACLOUD")
-                if "oraclecloud" in list(data[data["ACCOUNT_UID"] == item]["PROVIDER"]):
-                    cloud_accounts_options.append(item + " - OCI")
             if "ACCOUNT_NAME" in filtered_data.columns:
                 if "azure" in list(data[data["ACCOUNT_NAME"] == item]["PROVIDER"]):
                     cloud_accounts_options.append(item + " - AZURE")
@@ -933,10 +925,6 @@ def filter_data(
                 filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
             ):
                 service_filter_options.append(item + " - ALIBABACLOUD")
-            if "oraclecloud" in list(
-                filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
-            ):
-                service_filter_options.append(item + " - OCI")
 
     # Filter Service
     if service_values == ["All"]:
@@ -1136,7 +1124,6 @@ def filter_data(
             config={"displayModeBar": False},
         )
         table = dcc.Graph(figure=fig, config={"displayModeBar": False})
-        table_row_options = []
 
     else:
         # Status Pie Chart

docker-compose-dev.yml

@@ -144,10 +144,6 @@ services:
         condition: service_healthy
       neo4j:
         condition: service_healthy
-    ulimits:
-      nofile:
-        soft: 65536
-        hard: 65536
     entrypoint:
       - "/home/prowler/docker-entrypoint.sh"
       - "worker"
@@ -170,10 +166,6 @@ services:
         condition: service_healthy
       neo4j:
         condition: service_healthy
-    ulimits:
-      nofile:
-        soft: 65536
-        hard: 65536
     entrypoint:
       - "../docker-entrypoint.sh"
       - "beat"

docker-compose.yml

@@ -117,10 +117,6 @@ services:
         condition: service_healthy
       postgres:
         condition: service_healthy
-    ulimits:
-      nofile:
-        soft: 65536
-        hard: 65536
     entrypoint:
       - "/home/prowler/docker-entrypoint.sh"
       - "worker"
@@ -135,10 +131,6 @@ services:
         condition: service_healthy
       postgres:
         condition: service_healthy
-    ulimits:
-      nofile:
-        soft: 65536
-        hard: 65536
     entrypoint:
       - "../docker-entrypoint.sh"
       - "beat"

docs/developer-guide/checks.mdx

@@ -314,8 +314,7 @@ The type of resource being audited. This field helps categorize and organize fin
 - **Google Cloud**: Use [Cloud Asset Inventory asset types](https://cloud.google.com/asset-inventory/docs/asset-types), for example: `compute.googleapis.com/Instance`.
 - **Kubernetes**: Use types shown under `KIND` from `kubectl api-resources`.
 - **Oracle Cloud Infrastructure**: Use types from [Oracle Cloud Infrastructure documentation](https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Search/Tasks/queryingresources_topic-Listing_Supported_Resource_Types.htm).
-- **OpenStack**: Use types from [OpenStack Heat resource types](https://docs.openstack.org/heat/latest/template_guide/openstack.html).
-- **Any other provider**: Use `NotDefined` due to lack of standardized resource types in their SDK or documentation.
+- **M365 / GitHub / MongoDB Atlas**: Leave empty due to lack of standardized types.
 
 #### ResourceGroup
 

docs/docs.json

@@ -255,12 +255,6 @@
                   "user-guide/providers/cloudflare/authentication"
                 ]
               },
-              {
-                "group": "Image",
-                "pages": [
-                  "user-guide/providers/image/getting-started-image"
-                ]
-              },
               {
                 "group": "LLM",
                 "pages": [