fix: conditionally pass href prop only when asLink is truthy

Merge branch 'master' into refactor/graph-components-kebab-case
fix: adjust map region filter layout to fit content width
2026-06-10 21:42:29 +00:00 · 2025-10-22 18:16:10 +02:00 · 2025-10-22 18:15:11 +02:00 · 2025-10-22 15:28:08 +02:00 · 2025-10-22 15:11:25 +02:00 · 2025-10-22 14:38:23 +02:00
1067 changed files with 17225 additions and 91334 deletions
@@ -10,16 +10,13 @@ NEXT_PUBLIC_API_BASE_URL=${API_BASE_URL}
 NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
+# Temp URL for feeds need to use actual
+RSS_FEED_URL=https://prowler.com/blog/rss
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
 # Google Tag Manager ID
 NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=""

-#### Code Review Configuration ####
-# Enable Claude Code standards validation on pre-push hook
-# Set to 'true' to validate changes against AGENTS.md standards via Claude Code
-# Set to 'false' to skip validation
-CODE_REVIEW_ENABLED=true

 #### Prowler API Configuration ####
 PROWLER_API_VERSION="stable"
@@ -38,8 +35,6 @@ POSTGRES_DB=prowler_db
 # POSTGRES_REPLICA_USER=prowler
 # POSTGRES_REPLICA_PASSWORD=postgres
 # POSTGRES_REPLICA_DB=prowler_db
-# POSTGRES_REPLICA_MAX_ATTEMPTS=3
-# POSTGRES_REPLICA_RETRY_BASE_DELAY=0.5

 # Celery-Prowler task settings
 TASK_RETRY_DELAY_SECONDS=0.1
@@ -108,8 +103,6 @@ DJANGO_THROTTLE_TOKEN_OBTAIN=50/minute
 # Sentry settings
 SENTRY_ENVIRONMENT=local
 SENTRY_RELEASE=local
-NEXT_PUBLIC_SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT}
-

 #### Prowler release version ####
 NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.12.2
@@ -131,12 +124,3 @@ LANGSMITH_TRACING=false
 LANGSMITH_ENDPOINT="https://api.smith.langchain.com"
 LANGSMITH_API_KEY=""
 LANGCHAIN_PROJECT=""
-
-# RSS Feed Configuration
-# Multiple feed sources can be configured as a JSON array (must be valid JSON, no trailing commas)
-# Each source requires: id, name, type (github_releases|blog|custom), url, and enabled flag
-# IMPORTANT: Must be a single line with valid JSON (no newlines, no trailing commas)
-# Example with one source:
-RSS_FEED_SOURCES='[{"id":"prowler-releases","name":"Prowler Releases","type":"github_releases","url":"https://github.com/prowler-cloud/prowler/releases.atom","enabled":true}]'
-# Example with multiple sources (no trailing comma after last item):
-# RSS_FEED_SOURCES='[{"id":"prowler-releases","name":"Prowler Releases","type":"github_releases","url":"https://github.com/prowler-cloud/prowler/releases.atom","enabled":true},{"id":"prowler-blog","name":"Prowler Blog","type":"blog","url":"https://prowler.com/blog/rss","enabled":false}]'
@@ -8,7 +8,7 @@ body:
    attributes:
      label: Feature search
      options:
-        - label: I have searched the existing issues and this feature has not been requested yet or is already in our [Public Roadmap](https://roadmap.prowler.com/roadmap)
+        - label: I have searched the existing issues and this feature has not been requested yet
          required: true
  - type: dropdown
    id: component
@@ -22,8 +22,8 @@ inputs:
 runs:
  using: 'composite'
  steps:
-    - name: Replace @master with current branch in pyproject.toml (prowler repo only)
-      if: github.event_name == 'pull_request' && github.base_ref == 'master' && github.repository == 'prowler-cloud/prowler'
+    - name: Replace @master with current branch in pyproject.toml
+      if: github.event_name == 'pull_request' && github.base_ref == 'master'
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: |
@@ -37,8 +37,8 @@ runs:
        python -m pip install --upgrade pip
        pipx install poetry==${{ inputs.poetry-version }}

-    - name: Update poetry.lock with latest Prowler commit
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
+    - name: Update SDK resolved_reference to latest commit
+      if: github.event_name == 'push' && github.ref == 'refs/heads/master'
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: |
@@ -50,21 +50,7 @@ runs:
        echo "Updated resolved_reference:"
        grep -A2 -B2 "resolved_reference" poetry.lock

-    - name: Update SDK resolved_reference to latest commit (prowler repo on push)
-      if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha')
-        echo "Latest commit hash: $LATEST_COMMIT"
-        sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / {
-          s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/
-        }' poetry.lock
-        echo "Updated resolved_reference:"
-        grep -A2 -B2 "resolved_reference" poetry.lock
-
-    - name: Update poetry.lock (prowler repo only)
-      if: github.repository == 'prowler-cloud/prowler'
+    - name: Update poetry.lock
      shell: bash
      working-directory: ${{ inputs.working-directory }}
      run: poetry lock
@@ -83,11 +69,3 @@ runs:
      run: |
        poetry install --no-root
        poetry run pip list
-
-    - name: Update Prowler Cloud API Client
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        poetry remove prowler-cloud-api-client
-        poetry add ./prowler-cloud-api-client
@@ -1,198 +0,0 @@
-# Slack Notification Action
-
-A generic and flexible GitHub composite action for sending Slack notifications using JSON template files. Supports both standalone messages and message updates, with automatic status detection.
-
-## Features
-
- **Template-based**: All messages use JSON template files for consistency
- **Automatic status detection**: Pass `step-outcome` to auto-calculate success/failure
- **Message updates**: Supports updating existing messages (using `chat.update`)
- **Simple API**: Clean and minimal interface
- **Reusable**: Use across all workflows and scenarios
- **Maintainable**: Centralized message templates
-
-## Use Cases
-
-1. **Container releases**: Track push start and completion with automatic status
-2. **Deployments**: Track deployment progress with rich Block Kit formatting
-3. **Custom notifications**: Any scenario where you need to notify Slack
-
-## Inputs
-
-| Input | Description | Required | Default |
-|-------|-------------|----------|---------|
-| `slack-bot-token` | Slack bot token for authentication | Yes | - |
-| `payload-file-path` | Path to JSON file with the Slack message payload | Yes | - |
-| `update-ts` | Message timestamp to update (leave empty for new messages) | No | `''` |
-| `step-outcome` | Step outcome for automatic status detection (sets STATUS_EMOJI and STATUS_TEXT env vars) | No | `''` |
-
-## Outputs
-
-| Output | Description |
-|--------|-------------|
-| `ts` | Timestamp of the Slack message (use for updates) |
-
-## Usage Examples
-
-### Example 1: Container Release with Automatic Status Detection
-
-Using JSON template files with automatic status detection:
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Do the work
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Send completion notification with automatic status detection
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-    step-outcome: ${{ steps.container-push.outcome }}
-```
-
-**Benefits:**
- No status calculation needed in workflow
- Reusable template files
- Clean and concise
- Automatic `STATUS_EMOJI` and `STATUS_TEXT` env vars set by action
- Consistent message format across all workflows
-
-### Example 2: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Determine additional status variables
- name: Determine deployment status
-  if: always()
-  id: deploy-status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "STATUS_COLOR=28a745" >> $GITHUB_ENV
-      echo "STATUS=Completed" >> $GITHUB_ENV
-    else
-      echo "STATUS_COLOR=fc3434" >> $GITHUB_ENV
-      echo "STATUS=Failed" >> $GITHUB_ENV
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ env.STATUS }}
-    STATUS_COLOR: ${{ env.STATUS_COLOR }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-    step-outcome: ${{ steps.deploy.outcome }}
-```
-
-## Automatic Status Detection
-
-When you provide `step-outcome` input, the action automatically sets these environment variables:
-
-| Outcome | STATUS_EMOJI | STATUS_TEXT |
-|---------|--------------|-------------|
-| success | `[✓]` | `completed successfully!` |
-| failure | `[✗]` | `failed` |
-
-These variables are then available in your payload template files.
-
-## Template File Format
-
-All template files must be valid JSON and support environment variable substitution. Example:
-
-```json
-{
-  "channel": "$SLACK_CHANNEL_ID",
-  "text": "$STATUS_EMOJI $COMPONENT container release $RELEASE_TAG push $STATUS_TEXT <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|View run>"
-}
-```
-
-See available templates in [`.github/scripts/slack-messages/`](../../scripts/slack-messages/).
-
-## Requirements
-
- Slack Bot Token with scopes: `chat:write`, `chat:write.public`
- Slack Channel ID where messages will be posted
- JSON template files for your messages
-
-## Benefits
-
- **Consistency**: All notifications use standardized templates
- **Automatic status handling**: No need to calculate success/failure in workflows
- **Clean workflows**: Minimal boilerplate code
- **Reusable templates**: One template for all components
- **Easy to maintain**: Change template once, applies everywhere
- **Version controlled**: All message formats in git
-
-## Related Resources
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
- [Message templates documentation](../../scripts/slack-messages/README.md)
@@ -1,74 +0,0 @@
-name: 'Slack Notification'
-description: 'Generic action to send Slack notifications with optional message updates and automatic status detection'
-inputs:
-  slack-bot-token:
-    description: 'Slack bot token for authentication'
-    required: true
-  payload-file-path:
-    description: 'Path to JSON file with the Slack message payload'
-    required: true
-  update-ts:
-    description: 'Message timestamp to update (only for updates, leave empty for new messages)'
-    required: false
-    default: ''
-  step-outcome:
-    description: 'Outcome of a step to determine status (success/failure) - automatically sets STATUS_TEXT and STATUS_COLOR env vars'
-    required: false
-    default: ''
-outputs:
-  ts:
-    description: 'Timestamp of the Slack message'
-    value: ${{ steps.slack-notification.outputs.ts }}
-runs:
-  using: 'composite'
-  steps:
-    - name: Determine status
-      id: status
-      shell: bash
-      run: |
-        if [[ "${{ inputs.step-outcome }}" == "success" ]]; then
-          echo "STATUS_TEXT=Completed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#6aa84f" >> $GITHUB_ENV
-        elif [[ "${{ inputs.step-outcome }}" == "failure" ]]; then
-          echo "STATUS_TEXT=Failed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#fc3434" >> $GITHUB_ENV
-        else
-          # No outcome provided - pending/in progress state
-          echo "STATUS_COLOR=#dbab09" >> $GITHUB_ENV
-        fi
-
-    - name: Send Slack notification (new message)
-      if: inputs.update-ts == ''
-      id: slack-notification-post
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.postMessage
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Update Slack notification
-      if: inputs.update-ts != ''
-      id: slack-notification-update
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.update
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Set output
-      id: slack-notification
-      shell: bash
-      run: |
-        if [[ "${{ inputs.update-ts }}" == "" ]]; then
-          echo "ts=${{ steps.slack-notification-post.outputs.ts }}" >> $GITHUB_OUTPUT
-        else
-          echo "ts=${{ inputs.update-ts }}" >> $GITHUB_OUTPUT
-        fi
@@ -45,13 +45,22 @@ outputs:
 runs:
  using: 'composite'
  steps:
-    - name: Cache Trivy vulnerability database
-      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+    - name: Run Trivy vulnerability scan (SARIF)
+      if: inputs.upload-sarif == 'true'
+      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
      with:
-        path: ~/.cache/trivy
-        key: trivy-db-${{ runner.os }}-${{ github.run_id }}
-        restore-keys: |
-          trivy-db-${{ runner.os }}-
+        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+        severity: 'CRITICAL,HIGH'
+        exit-code: '0'
+
+    - name: Upload Trivy results to GitHub Security tab
+      if: inputs.upload-sarif == 'true'
+      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        sarif_file: 'trivy-results.sarif'
+        category: 'trivy-container'

    - name: Run Trivy vulnerability scan (JSON)
      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
@@ -61,27 +70,6 @@ runs:
        output: 'trivy-report.json'
        severity: ${{ inputs.severity }}
        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Run Trivy vulnerability scan (SARIF)
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
-      with:
-        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
-        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Upload Trivy results to GitHub Security tab
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-      with:
-        sarif_file: 'trivy-results.sarif'
-        category: 'trivy-container'

    - name: Upload Trivy report artifact
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -121,20 +109,20 @@ runs:
      with:
        script: |
          const comment = require('./.github/scripts/trivy-pr-comment.js');
-
+          
          // Unique identifier to find our comment
          const marker = '<!-- trivy-scan-comment:${{ inputs.image-name }} -->';
          const body = marker + '\n' + comment;
-
+          
          // Find existing comment
          const { data: comments } = await github.rest.issues.listComments({
            owner: context.repo.owner,
            repo: context.repo.repo,
            issue_number: context.issue.number,
          });
-
+          
          const existingComment = comments.find(c => c.body?.includes(marker));
-
+          
          if (existingComment) {
            // Update existing comment
            await github.rest.issues.updateComment({
@@ -1,18 +1,4 @@
-name: 'SDK: CodeQL Config'
-paths:
-  - 'prowler/'
-
+name: "SDK - CodeQL Config"
 paths-ignore:
-  - 'api/'
-  - 'ui/'
-  - 'dashboard/'
-  - 'mcp_server/'
-  - 'tests/**'
-  - 'util/**'
-  - 'contrib/**'
-  - 'examples/**'
-  - 'prowler/**/__pycache__/**'
-  - 'prowler/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "api/"
+  - "ui/"
@@ -1,17 +1,3 @@
-name: 'UI: CodeQL Config'
+name: "UI - CodeQL Config"
 paths:
-  - 'ui/'
-
-paths-ignore:
-  - 'ui/node_modules/**'
-  - 'ui/.next/**'
-  - 'ui/out/**'
-  - 'ui/tests/**'
-  - 'ui/**/*.test.ts'
-  - 'ui/**/*.test.tsx'
-  - 'ui/**/*.spec.ts'
-  - 'ui/**/*.spec.tsx'
-  - 'ui/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "ui/"
@@ -22,13 +22,6 @@ Please add a detailed description of how to review this PR.
 - [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)
 - [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/prowler/CHANGELOG.md), if applicable.

-#### UI
- [ ] All issue/task requirements work as expected on the UI
- [ ] Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
- [ ] Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
- [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/ui/CHANGELOG.md), if applicable.
-
 #### API
 - [ ] Verify if API specs need to be regenerated.
 - [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
@@ -1,462 +0,0 @@
-# Slack Message Templates
-
-This directory contains reusable message templates for Slack notifications sent from GitHub Actions workflows.
-
-## Usage
-
-These JSON templates are used with the `slackapi/slack-github-action` using the Slack API method (`chat.postMessage` and `chat.update`). All templates support rich Block Kit formatting and message updates.
-
-### Available Templates
-
-**Container Releases**
- `container-release-started.json`: Simple one-line notification when container push starts
- `container-release-completed.json`: Simple one-line notification when container release completes
-
-**Deployments**
- `deployment-started.json`: Deployment start notification with Block Kit formatting
- `deployment-completed.json`: Deployment completion notification (updates the start message)
-
-All templates use the Slack API method and require a Slack Bot Token.
-
-## Setup Requirements
-
-1. Create a Slack App (or use existing)
-2. Add Bot Token Scopes: `chat:write`, `chat:write.public`
-3. Install the app to your workspace
-4. Get the Bot Token from OAuth & Permissions page
-5. Add secrets:
-   - `SLACK_BOT_TOKEN`: Your bot token
-   - `SLACK_CHANNEL_ID`: The channel ID where messages will be posted
-
-Reference: [Sending data using a Slack API method](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
-
-## Environment Variables
-
-### Required Secrets (GitHub Secrets)
- `SLACK_BOT_TOKEN`: Passed as `token` parameter to the action (not as env variable)
- `SLACK_CHANNEL_ID`: Used in payload as env variable
-
-### Container Release Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `RELEASE_TAG` / `PROWLER_VERSION`: The release tag or version being deployed
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
- `STATUS_EMOJI`: Status symbol (calculated: `[✓]` for success, `[✗]` for failure)
- `STATUS_TEXT`: Status text (calculated: "completed successfully!" or "failed")
-
-### Deployment Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `ENVIRONMENT`: Environment name (e.g., "DEVELOPMENT", "PRODUCTION")
- `COMMIT_HASH`: Commit hash being deployed
- `VERSION_DEPLOYED`: Version being deployed
- `GITHUB_ACTOR`: User who triggered the workflow
- `GITHUB_WORKFLOW`: Workflow name
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
-
-All other variables (MESSAGE_TS, STATUS, STATUS_COLOR, STATUS_EMOJI, etc.) are calculated internally within the workflow and should NOT be configured as environment variables.
-
-## Example Workflow Usage
-
-### Using the Generic Slack Notification Action (Recommended)
-
-**Recommended approach**: Use the generic reusable action `.github/actions/slack-notification` which provides maximum flexibility:
-
-#### Example 1: Container Release (Start + Completion)
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API container release ${{ env.RELEASE_TAG }} push started... <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-
-# Build and push container
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Calculate status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Send completion notification
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "${{ steps.push-status.outputs.emoji }} API container release ${{ env.RELEASE_TAG }} push ${{ steps.push-status.outputs.text }} <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-```
-
-#### Example 2: Simple One-Time Message
-
-```yaml
- name: Send notification
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "Deployment completed successfully!"
-      }
-```
-
-#### Example 3: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API deployment to PRODUCTION started",
-        "attachments": [
-          {
-            "color": "dbab09",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\nIn Progress"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Calculate status
- name: Determine status
-  if: always()
-  id: status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "color=28a745" >> $GITHUB_OUTPUT
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status=Completed" >> $GITHUB_OUTPUT
-    else
-      echo "color=fc3434" >> $GITHUB_OUTPUT
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status=Failed" >> $GITHUB_OUTPUT
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "ts": "${{ steps.slack-start.outputs.ts }}",
-        "text": "${{ steps.status.outputs.emoji }} API deployment to PRODUCTION ${{ steps.status.outputs.status }}",
-        "attachments": [
-          {
-            "color": "${{ steps.status.outputs.color }}",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\n${{ steps.status.outputs.emoji }} ${{ steps.status.outputs.status }}"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-```
-
-**Benefits of using the generic action:**
- Maximum flexibility: Build any payload you need directly in the workflow
- No template files needed: Everything inline
- Supports all scenarios: one-time messages, start/update patterns, rich Block Kit
- Easy to customize per use case
- Generic: Works for containers, deployments, or any notification type
-
-For more details, see [Slack Notification Action](../../actions/slack-notification/README.md).
-
-### Using Message Templates (Alternative Approach)
-
-Simple one-line notifications for container releases:
-
-```yaml
-# Step 1: Notify when push starts
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Step 2: Build and push container
- name: Build and push container
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Step 3: Determine push status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status-text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status-text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Notify when push completes (success or failure)
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS_EMOJI: ${{ steps.push-status.outputs.status-emoji }}
-    STATUS_TEXT: ${{ steps.push-status.outputs.status-text }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-```
-
-### Deployment with Update Pattern
-
-For deployments that start with one message and update it with the final status:
-
-```yaml
-# Step 1: Send deployment start notification
- name: Notify Deployment Start
-  id: slack-notification-start
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Step 2: Run your deployment steps
- name: Terraform Plan
-  id: terraform-plan
-  run: terraform plan
-
- name: Terraform Apply
-  id: terraform-apply
-  run: terraform apply -auto-approve
-
-# Step 3: Determine status (calculated internally, not configured)
- name: Determine Status
-  if: always()
-  id: determine-status
-  run: |
-    if [[ "${{ steps.terraform-apply.outcome }}" == "success" ]]; then
-      echo "status=Completed" >> $GITHUB_OUTPUT
-      echo "status-color=28a745" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-    elif [[ "${{ steps.terraform-plan.outcome }}" == "failure" || "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      if [[ "${{ steps.terraform-plan.outcome }}" == "failure" ]]; then
-        echo "plan-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-      if [[ "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-        echo "apply-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-    else
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[?]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[?]" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Update the same Slack message (using calculated values)
- name: Notify Deployment Result
-  if: always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-notification-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ steps.determine-status.outputs.status }}
-    STATUS_COLOR: ${{ steps.determine-status.outputs.status-color }}
-    STATUS_EMOJI: ${{ steps.determine-status.outputs.status-emoji }}
-    PLAN_EMOJI: ${{ steps.determine-status.outputs.plan-emoji }}
-    APPLY_EMOJI: ${{ steps.determine-status.outputs.apply-emoji }}
-    TERRAFORM_PLAN_OUTCOME: ${{ steps.terraform-plan.outcome }}
-    TERRAFORM_APPLY_OUTCOME: ${{ steps.terraform-apply.outcome }}
-  with:
-    method: chat.update
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-```
-
-**Note**: Variables like `STATUS`, `STATUS_COLOR`, `STATUS_EMOJI`, `PLAN_EMOJI`, `APPLY_EMOJI` are calculated by the `determine-status` step based on the outcomes of previous steps. They should NOT be manually configured.
-
-## Key Features
-
-### Benefits of Using Slack API Method
-
- **Rich Block Kit Formatting**: Full support for Slack's Block Kit including headers, sections, fields, colors, and attachments
- **Message Updates**: Update the same message instead of posting multiple messages (using `chat.update` with `ts`)
- **Consistent Experience**: Same look and feel as Prowler Cloud notifications
- **Flexible**: Easy to customize message appearance by editing JSON templates
-
-### Differences from Webhook Method
-
-| Feature | webhook-trigger | Slack API (chat.postMessage) |
-|---------|-----------------|------------------------------|
-| Setup | Workflow Builder webhook | Slack Bot Token + Channel ID |
-| Formatting | Plain text/simple | Full Block Kit support |
-| Message Update | No | Yes (with chat.update) |
-| Authentication | Webhook URL | Bot Token |
-| Scopes Required | None | chat:write, chat:write.public |
-
-## Message Appearance
-
-### Container Release (Simple One-Line)
-
-**Start message:**
-```
-API container release 4.5.0 push started... View run
-```
-
-**Completion message (success):**
-```
-[✓] API container release 4.5.0 push completed successfully! View run
-```
-
-**Completion message (failure):**
-```
-[✗] API container release 4.5.0 push failed View run
-```
-
-All messages are simple one-liners with a clickable "View run" link. The completion message adapts to show success `[✓]` or failure `[✗]` based on the outcome of the container push.
-
-### Deployment Start
- Header: Component and environment
- Yellow bar (color: `dbab09`)
- Status: In Progress
- Details: Commit, version, actor, workflow
- Link: Direct link to deployment run
-
-### Deployment Completion
- Header: Component and environment
- Green bar for success (color: `28a745`) / Red bar for failure (color: `fc3434`)
- Status: [✓] Completed or [✗] Failed
- Details: All deployment info plus terraform outcomes
- Link: Direct link to deployment run
-
-## Adding New Templates
-
-1. Create a new JSON file with Block Kit structure
-2. Use environment variable placeholders (e.g., `$VAR_NAME`)
-3. Include `channel` and `text` fields (required)
-4. Add `blocks` or `attachments` for rich formatting
-5. For update templates, include `ts` field as `$MESSAGE_TS`
-6. Document the template in this README
-7. Reference it in your workflow using `payload-file-path`
-
-## Reference
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\n${{ env.STATUS_TEXT }}\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push ${{ env.STATUS_TEXT }}\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\nStarted\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push started...\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -0,0 +1,115 @@
+name: API - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "api/**"
+      - "prowler/**"
+      - ".github/workflows/api-build-lint-push-containers.yml"
+
+  # Uncomment the code below to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "api/**"
+  #     - ".github/workflows/api-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./api
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-api-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,71 +0,0 @@
-name: 'API: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-code-quality:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-code-quality.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Poetry check
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Ruff lint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff check . --exclude contrib
-
-      - name: Ruff format
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff format --check . --exclude contrib
-
-      - name: Pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
@@ -25,7 +25,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  api-analyze:
+  analyze:
    name: CodeQL Security Analysis
    runs-on: ubuntu-latest
    timeout-minutes: 30
@@ -45,12 +45,12 @@ jobs:
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/api-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          category: '/language:${{ matrix.language }}'
@@ -1,184 +0,0 @@
-name: 'API: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'api/**'
-      - 'prowler/**'
-      - '.github/workflows/api-build-lint-push-containers.yml'
-  release:
-    types:
-      - 'published'
-  workflow_dispatch:
-    inputs:
-      release_tag:
-        description: 'Release tag (e.g., 5.14.0)'
-        required: true
-        type: string
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name || inputs.release_tag }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./api
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-latest
-            arch: amd64
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-            arch: arm64
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Notify container push started
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push API container for ${{ matrix.arch }}
-        id: container-push
-        if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          platforms: ${{ matrix.platform }}
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-${{ matrix.arch }}
-          cache-from: type=gha,scope=${{ matrix.arch }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
-
-      - name: Notify container push completed
-        if: (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  # Create and push multi-architecture manifest
-  create-manifest:
-    needs: [setup, container-build-push]
-    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Create and push manifests for push event
-        if: github.event_name == 'push'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Create and push manifests for release event
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Install regctl
-        if: always()
-        uses: regclient/actions/regctl-installer@f61d18f46c86af724a9c804cb9ff2a6fec741c7c # main
-
-      - name: Cleanup intermediate architecture tags
-        if: always()
-        run: |
-          echo "Cleaning up intermediate tags..."
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64" || true
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64" || true
-          echo "Cleanup completed"
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger API deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: api-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,89 +0,0 @@
-name: 'API: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-  IMAGE_NAME: prowler-api
-
-jobs:
-  api-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: api/Dockerfile
-          ignore: DL3013
-
-  api-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/**
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.API_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,228 @@
+name: 'API: Pull Request'
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - '.github/workflows/api-pull-request.yml'
+      - 'api/**'
+      - '!api/docs/**'
+      - '!api/README.md'
+      - '!api/CHANGELOG.md'
+  pull_request:
+    branches:
+      - 'master'
+      - 'v5.*'
+    paths:
+      - '.github/workflows/api-pull-request.yml'
+      - 'api/**'
+      - '!api/docs/**'
+      - '!api/README.md'
+      - '!api/CHANGELOG.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  POSTGRES_HOST: localhost
+  POSTGRES_PORT: 5432
+  POSTGRES_ADMIN_USER: prowler
+  POSTGRES_ADMIN_PASSWORD: S3cret
+  POSTGRES_USER: prowler_user
+  POSTGRES_PASSWORD: prowler
+  POSTGRES_DB: postgres-db
+  VALKEY_HOST: localhost
+  VALKEY_PORT: 6379
+  VALKEY_DB: 0
+  API_WORKING_DIR: ./api
+  IMAGE_NAME: prowler-api
+
+jobs:
+  code-quality:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Poetry check
+        run: poetry check --lock
+
+      - name: Ruff lint
+        run: poetry run ruff check . --exclude contrib
+
+      - name: Ruff format
+        run: poetry run ruff format --check . --exclude contrib
+
+      - name: Pylint
+        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
+
+  security-scans:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Bandit
+        run: poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
+
+      - name: Safety
+        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
+        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
+        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
+
+      - name: Vulture
+        run: poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
+
+  tests:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        python-version:
+          - '3.12'
+    defaults:
+      run:
+        working-directory: ./api
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
+          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      valkey:
+        image: valkey/valkey:7-alpine3.19
+        env:
+          VALKEY_HOST: ${{ env.VALKEY_HOST }}
+          VALKEY_PORT: ${{ env.VALKEY_PORT }}
+          VALKEY_DB: ${{ env.VALKEY_DB }}
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "valkey-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python with Poetry
+        uses: ./.github/actions/setup-python-poetry
+        with:
+          python-version: ${{ matrix.python-version }}
+          working-directory: ./api
+
+      - name: Run tests with pytest
+        run: poetry run pytest --cov=./src/backend --cov-report=xml src/backend
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: api
+
+  dockerfile-lint:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Lint Dockerfile with Hadolint
+        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        with:
+          dockerfile: api/Dockerfile
+          ignore: DL3013
+
+  container-build-and-scan:
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+      security-events: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build container
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.API_WORKING_DIR }}
+          push: false
+          load: true
+          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Scan container with Trivy
+        uses: ./.github/actions/trivy-scan
+        with:
+          image-name: ${{ env.IMAGE_NAME }}
+          image-tag: ${{ github.sha }}
+          fail-on-critical: 'false'
+          severity: 'CRITICAL'
@@ -1,69 +0,0 @@
-name: 'API: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-security-scans:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-security.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
-
-      - name: Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
-        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
-
-      - name: Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
@@ -1,107 +0,0 @@
-name: 'API: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  POSTGRES_HOST: localhost
-  POSTGRES_PORT: 5432
-  POSTGRES_ADMIN_USER: prowler
-  POSTGRES_ADMIN_PASSWORD: S3cret
-  POSTGRES_USER: prowler_user
-  POSTGRES_PASSWORD: prowler
-  POSTGRES_DB: postgres-db
-  VALKEY_HOST: localhost
-  VALKEY_PORT: 6379
-  VALKEY_DB: 0
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
-          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
-          POSTGRES_USER: ${{ env.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
-          POSTGRES_DB: ${{ env.POSTGRES_DB }}
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      valkey:
-        image: valkey/valkey:7-alpine3.19
-        env:
-          VALKEY_HOST: ${{ env.VALKEY_HOST }}
-          VALKEY_PORT: ${{ env.VALKEY_PORT }}
-          VALKEY_DB: ${{ env.VALKEY_DB }}
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "valkey-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-tests.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Run tests with pytest
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pytest --cov=./src/backend --cov-report=xml src/backend
-
-      - name: Upload coverage reports to Codecov
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: api
@@ -7,6 +7,8 @@ on:
    types:
      - 'labeled'
      - 'closed'
+    paths:
+      - '.github/workflows/backport.yml'

 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -38,7 +40,7 @@ jobs:

      - name: Backport PR
        if: steps.label_check.outputs.label_check == 'success'
-        uses: sorenlouv/backport-github-action@516854e7c9f962b9939085c9a92ea28411d1ae90 # v10.2.0
+        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
@@ -1,39 +0,0 @@
-name: 'Tools: Comment Label Update'
-
-on:
-  issue_comment:
-    types:
-      - 'created'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.issue.number }}
-  cancel-in-progress: false
-
-jobs:
-  update-labels:
-    if: contains(github.event.issue.labels.*.name, 'status/awaiting-response')
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      issues: write
-      pull-requests: write
-
-    steps:
-      - name: Remove 'status/awaiting-response' label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-        run: |
-          echo "Removing 'status/awaiting-response' label from #$ISSUE_NUMBER"
-          gh api /repos/${{ github.repository }}/issues/$ISSUE_NUMBER/labels/status%2Fawaiting-response \
-            -X DELETE
-
-      - name: Add 'status/waiting-for-revision' label
-        env:
-          GH_TOKEN: ${{ github.token }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-        run: |
-          echo "Adding 'status/waiting-for-revision' label to #$ISSUE_NUMBER"
-          gh api /repos/${{ github.repository }}/issues/$ISSUE_NUMBER/labels \
-            -X POST \
-            -f labels[]='status/waiting-for-revision'
@@ -26,6 +26,6 @@ jobs:

    steps:
      - name: Check PR title format
-        uses: agenthunt/conventional-commit-checker-action@f1823f632e95a64547566dcd2c7da920e67117ad # v2.0.1
+        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
        with:
          pr-title-regex: '^(feat|fix|docs|style|refactor|perf|test|chore|build|ci|revert)(\([^)]+\))?!?: .+'
@@ -28,6 +28,6 @@ jobs:
          fetch-depth: 0

      - name: Scan for secrets with TruffleHog
-        uses: trufflesecurity/trufflehog@b84c3d14d189e16da175e2c27fa8136603783ffc # v3.90.12
+        uses: trufflesecurity/trufflehog@ad6fc8fb446b8fafbf7ea8193d2d6bfd42f45690 # v3.90.11
        with:
          extra_args: '--results=verified,unknown'
@@ -27,66 +27,3 @@ jobs:
        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
        with:
          sync-labels: true
-
-  label-community:
-    name: Add 'community' label if the PR is from a community contributor
-    needs: labeler
-    if: github.repository == 'prowler-cloud/prowler' && github.event.action == 'opened'
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Check if author is org member
-        id: check_membership
-        env:
-          AUTHOR: ${{ github.event.pull_request.user.login }}
-        run: |
-          # Hardcoded list of prowler-cloud organization members
-          # This list includes members who have set their organization membership as private
-          ORG_MEMBERS=(
-            "AdriiiPRodri"
-            "Alan-TheGentleman"
-            "alejandrobailo"
-            "amitsharm"
-            "andoniaf"
-            "cesararroba"
-            "Chan9390"
-            "danibarranqueroo"
-            "HugoPBrito"
-            "jfagoagas"
-            "josemazo"
-            "lydiavilchez"
-            "mmuller88"
-            "MrCloudSec"
-            "pedrooot"
-            "prowler-bot"
-            "puchy22"
-            "rakan-pro"
-            "RosaRivasProwler"
-            "StylusFrost"
-            "toniblyx"
-            "vicferpoy"
-          )
-
-          echo "Checking if $AUTHOR is a member of prowler-cloud organization"
-
-          # Check if author is in the org members list
-          if printf '%s\n' "${ORG_MEMBERS[@]}" | grep -q "^${AUTHOR}$"; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is an organization member"
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is not an organization member"
-          fi
-
-      - name: Add community label
-        if: steps.check_membership.outputs.is_member == 'false'
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          echo "Adding 'community' label to PR #$PR_NUMBER"
-          gh api /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \
-            -X POST \
-            -f labels[]='community'
@@ -10,24 +10,18 @@ on:
  release:
    types:
      - 'published'
-  workflow_dispatch:
-    inputs:
-      release_tag:
-        description: 'Release tag (e.g., 5.14.0)'
-        required: true
-        type: string

 permissions:
  contents: read

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
+  cancel-in-progress: true

 env:
  # Tags
  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name || inputs.release_tag }}
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
  STABLE_TAG: stable
  WORKING_DIRECTORY: ./mcp_server

@@ -49,16 +43,7 @@ jobs:

  container-build-push:
    needs: setup
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-latest
-            arch: amd64
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-            arch: arm64
+    runs-on: ubuntu-latest
    timeout-minutes: 30
    permissions:
      contents: read
@@ -76,112 +61,47 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

-      - name: Notify container push started
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push MCP container for ${{ matrix.arch }}
-        id: container-push
-        if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+      - name: Build and push MCP container (latest)
+        if: github.event_name == 'push'
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
-          platforms: ${{ matrix.platform }}
          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-${{ matrix.arch }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
          labels: |
            org.opencontainers.image.title=Prowler MCP Server
            org.opencontainers.image.description=Model Context Protocol server for Prowler
            org.opencontainers.image.vendor=ProwlerPro, Inc.
            org.opencontainers.image.source=https://github.com/${{ github.repository }}
            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.created=${{ github.event_name == 'release' && github.event.release.published_at || github.event.head_commit.timestamp }}
-            ${{ github.event_name == 'release' && format('org.opencontainers.image.version={0}', env.RELEASE_TAG) || '' }}
-          cache-from: type=gha,scope=${{ matrix.arch }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
+            org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

-      - name: Notify container push completed
-        if: (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
+      - name: Build and push MCP container (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          labels: |
+            org.opencontainers.image.title=Prowler MCP Server
+            org.opencontainers.image.description=Model Context Protocol server for Prowler
+            org.opencontainers.image.vendor=ProwlerPro, Inc.
+            org.opencontainers.image.version=${{ env.RELEASE_TAG }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ github.event.release.published_at }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

-  # Create and push multi-architecture manifest
-  create-manifest:
-    needs: [setup, container-build-push]
-    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Create and push manifests for push event
-        if: github.event_name == 'push'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Create and push manifests for release event
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Install regctl
-        if: always()
-        uses: regclient/actions/regctl-installer@main
-
-      - name: Cleanup intermediate architecture tags
-        if: always()
-        run: |
-          echo "Cleaning up intermediate tags..."
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64" || true
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64" || true
-          echo "Cleanup completed"
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
      - name: Trigger MCP deployment
+        if: github.event_name == 'push'
        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -1,87 +0,0 @@
-name: 'MCP: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  MCP_WORKING_DIR: ./mcp_server
-  IMAGE_NAME: prowler-mcp
-
-jobs:
-  mcp-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: mcp_server/Dockerfile
-
-  mcp-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for MCP changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/**
-          files_ignore: |
-            mcp_server/README.md
-            mcp_server/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build MCP container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.MCP_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan MCP container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -83,7 +83,7 @@ jobs:

      - name: Update PR comment with changelog status
        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
@@ -97,7 +97,7 @@ jobs:
          body-includes: '<!-- conflict-checker-comment -->'

      - name: Create or update comment
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ github.event.pull_request.number }}
@@ -47,7 +47,7 @@ jobs:
        git config --global user.name 'prowler-bot'
        git config --global user.email '179230569+prowler-bot@users.noreply.github.com'

-    - name: Parse version and determine branch
+    - name: Parse version and read changelogs
      run: |
        # Validate version format (reusing pattern from sdk-bump-version.yml)
        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
@@ -64,83 +64,66 @@ jobs:
          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"

+          # Function to extract the latest version from changelog
+          extract_latest_version() {
+            local changelog_file="$1"
+            if [ -f "$changelog_file" ]; then
+              # Extract the first version entry (most recent) from changelog
+              # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
+              local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
+              echo "$version"
+            else
+              echo ""
+            fi
+          }
+
+          # Read actual versions from changelogs (source of truth)
+          UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
+          API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
+          SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
+          MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
+
+          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
+          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
+          echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
+          echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
+
+          if [ -n "$UI_VERSION" ]; then
+            echo "Read UI version from changelog: $UI_VERSION"
+          else
+            echo "Warning: No UI version found in ui/CHANGELOG.md"
+          fi
+
+          if [ -n "$API_VERSION" ]; then
+            echo "Read API version from changelog: $API_VERSION"
+          else
+            echo "Warning: No API version found in api/CHANGELOG.md"
+          fi
+
+          if [ -n "$SDK_VERSION" ]; then
+            echo "Read SDK version from changelog: $SDK_VERSION"
+          else
+            echo "Warning: No SDK version found in prowler/CHANGELOG.md"
+          fi
+
+          if [ -n "$MCP_VERSION" ]; then
+            echo "Read MCP version from changelog: $MCP_VERSION"
+          else
+            echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
+          fi
+
          echo "Prowler version: $PROWLER_VERSION"
          echo "Branch name: $BRANCH_NAME"
+          echo "UI version: $UI_VERSION"
+          echo "API version: $API_VERSION"
+          echo "SDK version: $SDK_VERSION"
+          echo "MCP version: $MCP_VERSION"
          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
        else
          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
          exit 1
        fi

-    - name: Checkout release branch
-      run: |
-        echo "Checking out branch $BRANCH_NAME for release $PROWLER_VERSION..."
-        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists locally, checking out..."
-          git checkout "$BRANCH_NAME"
-        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
-          echo "Branch $BRANCH_NAME exists remotely, checking out..."
-          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
-        else
-          echo "ERROR: Branch $BRANCH_NAME does not exist. For minor releases (X.Y.0), create it manually first. For patch releases (X.Y.Z), the branch should already exist."
-          exit 1
-        fi
-
-    - name: Read changelog versions from release branch
-      run: |
-        # Function to extract the latest version from changelog
-        extract_latest_version() {
-          local changelog_file="$1"
-          if [ -f "$changelog_file" ]; then
-            # Extract the first version entry (most recent) from changelog
-            # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
-            local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
-            echo "$version"
-          else
-            echo ""
-          fi
-        }
-
-        # Read actual versions from changelogs (source of truth)
-        UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
-        API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
-        SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
-        MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
-
-        echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-        echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-        echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
-        echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
-
-        if [ -n "$UI_VERSION" ]; then
-          echo "Read UI version from changelog: $UI_VERSION"
-        else
-          echo "Warning: No UI version found in ui/CHANGELOG.md"
-        fi
-
-        if [ -n "$API_VERSION" ]; then
-          echo "Read API version from changelog: $API_VERSION"
-        else
-          echo "Warning: No API version found in api/CHANGELOG.md"
-        fi
-
-        if [ -n "$SDK_VERSION" ]; then
-          echo "Read SDK version from changelog: $SDK_VERSION"
-        else
-          echo "Warning: No SDK version found in prowler/CHANGELOG.md"
-        fi
-
-        if [ -n "$MCP_VERSION" ]; then
-          echo "Read MCP version from changelog: $MCP_VERSION"
-        else
-          echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
-        fi
-
-        echo "UI version: $UI_VERSION"
-        echo "API version: $API_VERSION"
-        echo "SDK version: $SDK_VERSION"
-        echo "MCP version: $MCP_VERSION"
-
    - name: Extract and combine changelog entries
      run: |
        set -e
@@ -167,8 +150,8 @@ jobs:
          # Remove --- separators
          sed -i '/^---$/d' "$output_file"

-          # Remove only trailing empty lines (not all empty lines)
-          sed -i -e :a -e '/^\s*$/d;N;ba' "$output_file"
+          # Remove trailing empty lines
+          sed -i '/^$/d' "$output_file"
        }

        # Calculate expected versions for this release
@@ -264,14 +247,24 @@ jobs:
          echo "" >> combined_changelog.md
        fi

-        # Add fallback message if no changelogs were added
-        if [ ! -s combined_changelog.md ]; then
-          echo "No component changes detected for this release." >> combined_changelog.md
-        fi
-
        echo "Combined changelog preview:"
        cat combined_changelog.md

+    - name: Checkout release branch for patch release
+      if: ${{ env.PATCH_VERSION != '0' }}
+      run: |
+        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
+        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists locally, checking out..."
+          git checkout "$BRANCH_NAME"
+        elif git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
+        else
+          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
+          exit 1
+        fi
+
    - name: Verify SDK version in pyproject.toml
      run: |
        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
@@ -325,12 +318,31 @@ jobs:
        fi
        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"

+    - name: Checkout release branch for minor release
+      if: ${{ env.PATCH_VERSION == '0' }}
+      run: |
+        echo "Minor release detected (patch = 0), checking out existing branch $BRANCH_NAME..."
+        if git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
+        else
+          echo "ERROR: Branch $BRANCH_NAME should exist for minor release $PROWLER_VERSION. Please create it manually first."
+          exit 1
+        fi
+
    - name: Update API prowler dependency for minor release
      if: ${{ env.PATCH_VERSION == '0' }}
      run: |
        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')

+        # Create a temporary branch for the PR from the minor version branch
+        TEMP_BRANCH="update-api-dependency-$BRANCH_NAME_TRIMMED-$(date +%s)"
+        echo "TEMP_BRANCH=$TEMP_BRANCH" >> $GITHUB_ENV
+
+        # Create temp branch from the current minor version branch
+        git checkout -b "$TEMP_BRANCH"
+
        # Minor release: update the dependency to use the release branch
        echo "Updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
@@ -348,6 +360,11 @@ jobs:
        poetry lock
        cd ..

+        # Commit and push the temporary branch
+        git add api/pyproject.toml api/poetry.lock
+        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
+        git push origin "$TEMP_BRANCH"
+
        echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"

    - name: Create PR for API dependency update
@@ -355,12 +372,8 @@ jobs:
      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-        commit-message: 'chore(api): update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}'
-        branch: update-api-dependency-${{ env.BRANCH_NAME }}-${{ github.run_number }}
+        branch: ${{ env.TEMP_BRANCH }}
        base: ${{ env.BRANCH_NAME }}
-        add-paths: |
-          api/pyproject.toml
-          api/poetry.lock
        title: "chore(api): Update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}"
        body: |
          ### Description
@@ -382,7 +395,7 @@ jobs:
          no-changelog

    - name: Create draft release
-      uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+      uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
      with:
        tag_name: ${{ env.PROWLER_VERSION }}
        name: Prowler ${{ env.PROWLER_VERSION }}
@@ -393,6 +406,5 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Clean up temporary files
-      if: always()
      run: |
        rm -f prowler_changelog.md api_changelog.md ui_changelog.md mcp_changelog.md combined_changelog.md
@@ -0,0 +1,202 @@
+name: SDK - Build and Push containers
+
+on:
+  push:
+    branches:
+      # For `v3-latest`
+      - "v3"
+      # For `v4-latest`
+      - "v4.6"
+      # For `latest`
+      - "master"
+    paths-ignore:
+      - ".github/**"
+      - "README.md"
+      - "docs/**"
+      - "ui/**"
+      - "api/**"
+
+  release:
+    types: [published]
+
+env:
+  # AWS Configuration
+  AWS_REGION_STG: eu-west-1
+  AWS_REGION_PLATFORM: eu-west-1
+  AWS_REGION: us-east-1
+
+  # Container's configuration
+  IMAGE_NAME: prowler
+  DOCKERFILE_PATH: ./Dockerfile
+
+  # Tags
+  LATEST_TAG: latest
+  STABLE_TAG: stable
+  # The RELEASE_TAG is set during runtime in releases
+  RELEASE_TAG: ""
+  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
+  PROWLER_VERSION: ""
+  PROWLER_VERSION_MAJOR: ""
+  # TEMPORARY_TAG: temporary
+
+  # Python configuration
+  PYTHON_VERSION: 3.12
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
+
+jobs:
+  # Build Prowler OSS container
+  container-build-push:
+    # needs: dockerfile-linter
+    runs-on: ubuntu-latest
+    outputs:
+      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
+      prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup Python
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install Poetry
+        run: |
+          pipx install poetry==2.*
+          pipx inject poetry poetry-bumpversion
+
+      - name: Get Prowler version
+        id: get-prowler-version
+        run: |
+          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
+
+          # Store prowler version major just for the release
+          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
+
+          case ${PROWLER_VERSION_MAJOR} in
+          3)
+              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
+              ;;
+
+
+          4)
+              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
+              ;;
+
+          5)
+              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
+              ;;
+
+          *)
+              # Fallback if any other version is present
+              echo "Releasing another Prowler major version, aborting..."
+              exit 1
+              ;;
+          esac
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          # Use local context to get changes
+          # https://github.com/docker/build-push-action#path-context
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+#      - name: Push README to Docker Hub (toniblyx)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}
+#          readme-filepath: ./README.md
+#
+#      - name: Push README to Docker Hub (prowlercloud)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}
+#          readme-filepath: ./README.md
+
+  dispatch-action:
+    needs: container-build-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest commit info (latest)
+        if: github.event_name == 'push'
+        run: |
+          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
+          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
+
+      - name: Dispatch event (latest)
+        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+
+      - name: Dispatch event (release)
+        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
@@ -1,218 +1,146 @@
-name: 'SDK: Bump Version'
+name: SDK - Bump Version

 on:
  release:
-    types:
-      - 'published'
+    types: [published]

-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false

 env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

 jobs:
-  detect-release-type:
+  bump-version:
+    name: Bump Version
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - name: Detect release type and parse version
-        id: detect
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Get Prowler version
+        shell: bash
        run: |
          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
            MAJOR_VERSION=${BASH_REMATCH[1]}
            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
+            FIX_VERSION=${BASH_REMATCH[3]}

-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
+            # Export version components to GitHub environment
+            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"

-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
+            if (( MAJOR_VERSION == 5 )); then
+                if (( FIX_VERSION == 0 )); then
+                  echo "Minor Release: $PROWLER_VERSION"

-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
+                  # Set up next minor version for master
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=${BASE_BRANCH}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  # Set up patch version for version branch
+                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
+                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
+                else
+                  echo "Patch Release: $PROWLER_VERSION"
+
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                fi
            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
+                echo "Releasing another Prowler major version, aborting..."
+                exit 1
            fi
          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
+            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
            exit 1
          fi

-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next minor version
+      - name: Bump versions in files
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"

-          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
-          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"
+            set -e

-          echo "Current version: $PROWLER_VERSION"
-          echo "Next minor version: $NEXT_MINOR_VERSION"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml

-      - name: Bump versions in files for master
-        run: |
-          set -e
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_MINOR_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_MINOR_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env

-          echo "Files modified:"
-          git --no-pager diff
+            git --no-pager diff

-      - name: Create PR for next minor version to master
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.TARGET_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.NEXT_MINOR_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

-      - name: Checkout version branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first patch version
+      - name: Handle patch version for minor release
+        if: env.FIX_VERSION == '0'
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"

-          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+            set -e

-          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml

-          echo "First patch version: $FIRST_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py

-      - name: Bump versions in files for version branch
-        run: |
-          set -e
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${FIRST_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${FIRST_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env
+            git --no-pager diff

-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for first patch version to version branch
+      - name: Create Pull Request for patch version
+        if: env.FIX_VERSION == '0'
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.VERSION_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.FIRST_PATCH_VERSION }} in version branch after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-
-          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Current version: $PROWLER_VERSION"
-          echo "Next patch version: $NEXT_PATCH_VERSION"
-          echo "Target branch: $VERSION_BRANCH"
-
-      - name: Bump versions in files for version branch
-        run: |
-          set -e
-
-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next patch version to version branch
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
-
-            Bump Prowler version to v${{ env.NEXT_PATCH_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -1,90 +0,0 @@
-name: 'SDK: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-code-quality:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: |
-          poetry install --no-root
-          poetry run pip list
-
-      - name: Check Poetry lock file
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Lint with flake8
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
-
-      - name: Check format with black
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run black --exclude api ui --check .
-
-      - name: Lint with pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
@@ -1,41 +1,44 @@
-name: 'SDK: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: SDK - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
-  sdk-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -44,20 +47,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'python'
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - name: Checkout repository
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
-        with:
-          languages: ${{ matrix.language }}
-          config-file: ./.github/codeql/sdk-codeql-config.yml
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/sdk-codeql-config.yml

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
-        with:
-          category: '/language:${{ matrix.language }}'
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+      with:
+        category: "/language:${{matrix.language}}"
@@ -1,282 +0,0 @@
-name: 'SDK: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'v3'      # For v3-latest
-      - 'v4.6'    # For v4-latest
-      - 'master'  # For latest
-    paths-ignore:
-      - '.github/**'
-      - '!.github/workflows/sdk-container-build-push.yml'
-      - 'README.md'
-      - 'docs/**'
-      - 'ui/**'
-      - 'api/**'
-  release:
-    types:
-      - 'published'
-  workflow_dispatch:
-    inputs:
-      release_tag:
-        description: 'Release tag (e.g., 5.14.0)'
-        required: true
-        type: string
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Container configuration
-  IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Python configuration
-  PYTHON_VERSION: '3.12'
-
-  # Tags (dynamically set based on version)
-  LATEST_TAG: latest
-  STABLE_TAG: stable
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
-
-  # AWS configuration (for ECR)
-  AWS_REGION: us-east-1
-
-jobs:
-  container-build-push:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-latest
-            arch: amd64
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-            arch: arm64
-    timeout-minutes: 45
-    permissions:
-      contents: read
-      packages: write
-    outputs:
-      prowler_version: ${{ steps.get-prowler-version.outputs.prowler_version }}
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.prowler_version_major }}
-      latest_tag: ${{ steps.get-prowler-version.outputs.latest_tag }}
-      stable_tag: ${{ steps.get-prowler-version.outputs.stable_tag }}
-    env:
-      POETRY_VIRTUALENVS_CREATE: 'false'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        run: |
-          pipx install poetry==2.1.1
-          pipx inject poetry poetry-bumpversion
-
-      - name: Get Prowler version and set tags
-        id: get-prowler-version
-        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-          echo "prowler_version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-
-          # Extract major version
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "prowler_version_major=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-
-          # Set version-specific tags
-          case ${PROWLER_VERSION_MAJOR} in
-            3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              echo "latest_tag=v3-latest" >> "${GITHUB_OUTPUT}"
-              echo "stable_tag=v3-stable" >> "${GITHUB_OUTPUT}"
-              echo "✓ Prowler v3 detected - tags: v3-latest, v3-stable"
-              ;;
-            4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
-              echo "latest_tag=v4-latest" >> "${GITHUB_OUTPUT}"
-              echo "stable_tag=v4-stable" >> "${GITHUB_OUTPUT}"
-              echo "✓ Prowler v4 detected - tags: v4-latest, v4-stable"
-              ;;
-            5)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              echo "latest_tag=latest" >> "${GITHUB_OUTPUT}"
-              echo "stable_tag=stable" >> "${GITHUB_OUTPUT}"
-              echo "✓ Prowler v5 detected - tags: latest, stable"
-              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${PROWLER_VERSION_MAJOR}"
-              exit 1
-              ;;
-          esac
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Public ECR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
-        env:
-          AWS_REGION: ${{ env.AWS_REGION }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Notify container push started
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push SDK container for ${{ matrix.arch }}
-        id: container-push
-        if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
-          platforms: ${{ matrix.platform }}
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}-${{ matrix.arch }}
-          cache-from: type=gha,scope=${{ matrix.arch }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
-
-      - name: Notify container push completed
-        if: (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  # Create and push multi-architecture manifest
-  create-manifest:
-    needs: [container-build-push]
-    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Public ECR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
-        env:
-          AWS_REGION: ${{ env.AWS_REGION }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Create and push manifests for push event
-        if: github.event_name == 'push'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }} \
-            -t ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }} \
-            -t ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-arm64
-
-      - name: Create and push manifests for release event
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ needs.container-build-push.outputs.prowler_version }} \
-            -t ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ needs.container-build-push.outputs.stable_tag }} \
-            -t ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ needs.container-build-push.outputs.prowler_version }} \
-            -t ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ needs.container-build-push.outputs.stable_tag }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.prowler_version }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.stable_tag }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-arm64
-
-      - name: Install regctl
-        if: always()
-        uses: regclient/actions/regctl-installer@main
-
-      - name: Cleanup intermediate architecture tags
-        if: always()
-        run: |
-          echo "Cleaning up intermediate tags..."
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-amd64" || true
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.container-build-push.outputs.latest_tag }}-arm64" || true
-          echo "Cleanup completed"
-
-  dispatch-v3-deployment:
-    if: needs.container-build-push.outputs.prowler_version_major == '3'
-    needs: container-build-push
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Calculate short SHA
-        id: short-sha
-        run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-      - name: Dispatch v3 deployment (latest)
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"v3-latest","tag":"${{ steps.short-sha.outputs.short_sha }}"}'
-
-      - name: Dispatch v3 deployment (release)
-        if: github.event_name == 'release'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"release","tag":"${{ needs.container-build-push.outputs.prowler_version }}"}'
@@ -1,103 +0,0 @@
-name: 'SDK: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  IMAGE_NAME: prowler
-
-jobs:
-  sdk-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: Dockerfile
-          ignore: DL3013
-
-  sdk-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build SDK container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan SDK container with Trivy
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,286 @@
+name: SDK - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+  pull_request:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Test if changes are in not ignored paths
+        id: are-non-ignored-files-changed
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: ./**
+          files_ignore: |
+            .github/**
+            docs/**
+            permissions/**
+            api/**
+            ui/**
+            prowler/CHANGELOG.md
+            README.md
+            mkdocs.yml
+            .backportrc.json
+            .env
+            docker-compose*
+            examples/**
+            .gitignore
+
+      - name: Install poetry
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          python -m pip install --upgrade pip
+          pipx install poetry==2.1.1
+
+      - name: Set up Python ${{ matrix.python-version }}
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry install --no-root
+          poetry run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
+            && chmod +x /tmp/hadolint
+
+      - name: Poetry check
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry check --lock
+
+      - name: Lint with flake8
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
+
+      - name: Checking format with black
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run black --exclude api ui --check .
+
+      - name: Lint with pylint
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
+
+      - name: Bandit
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
+
+      - name: Safety
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run safety check --ignore 70612 -r pyproject.toml
+
+      - name: Vulture
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
+
+      - name: Dockerfile - Check if Dockerfile has changed
+        id: dockerfile-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            Dockerfile
+
+      - name: Hadolint
+        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
+
+      # Test AWS
+      - name: AWS - Check if any file has changed
+        id: aws-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/aws/**
+            ./tests/providers/aws/**
+            ./poetry.lock
+
+      - name: AWS - Test
+        if: steps.aws-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
+
+      # Test Azure
+      - name: Azure - Check if any file has changed
+        id: azure-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/azure/**
+            ./tests/providers/azure/**
+            ./poetry.lock
+
+      - name: Azure - Test
+        if: steps.azure-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
+
+      # Test GCP
+      - name: GCP - Check if any file has changed
+        id: gcp-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/gcp/**
+            ./tests/providers/gcp/**
+            ./poetry.lock
+
+      - name: GCP - Test
+        if: steps.gcp-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
+
+      # Test Kubernetes
+      - name: Kubernetes - Check if any file has changed
+        id: kubernetes-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/kubernetes/**
+            ./tests/providers/kubernetes/**
+            ./poetry.lock
+
+      - name: Kubernetes - Test
+        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
+
+      # Test GitHub
+      - name: GitHub - Check if any file has changed
+        id: github-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/github/**
+            ./tests/providers/github/**
+            ./poetry.lock
+
+      - name: GitHub - Test
+        if: steps.github-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
+
+      # Test NHN
+      - name: NHN - Check if any file has changed
+        id: nhn-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/nhn/**
+            ./tests/providers/nhn/**
+            ./poetry.lock
+
+      - name: NHN - Test
+        if: steps.nhn-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
+
+      # Test M365
+      - name: M365 - Check if any file has changed
+        id: m365-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/m365/**
+            ./tests/providers/m365/**
+            ./poetry.lock
+
+      - name: M365 - Test
+        if: steps.m365-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
+
+      # Test IaC
+      - name: IaC - Check if any file has changed
+        id: iac-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/iac/**
+            ./tests/providers/iac/**
+            ./poetry.lock
+
+      - name: IaC - Test
+        if: steps.iac-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
+
+      # Test MongoDB Atlas
+      - name: MongoDB Atlas - Check if any file has changed
+        id: mongodb-atlas-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/mongodbatlas/**
+            ./tests/providers/mongodbatlas/**
+            .poetry.lock
+
+      - name: MongoDB Atlas - Test
+        if: steps.mongodb-atlas-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodb_atlas_coverage.xml tests/providers/mongodbatlas
+
+      # Test OCI
+      - name: OCI - Check if any file has changed
+        id: oci-changed-files
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        with:
+          files: |
+            ./prowler/providers/oraclecloud/**
+            ./tests/providers/oraclecloud/**
+            ./poetry.lock
+
+      - name: OCI - Test
+        if: steps.oci-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/oraclecloud --cov-report=xml:oci_coverage.xml tests/providers/oraclecloud
+
+      # Common Tests
+      - name: Lib - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
+
+      - name: Config - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
+
+      # Codecov
+      - name: Upload coverage reports to Codecov
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: prowler
+          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./github_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./oci_coverage.xml,./lib_coverage.xml,./config_coverage.xml
@@ -1,119 +1,98 @@
-name: 'SDK: PyPI Release'
+name: SDK - PyPI release

 on:
  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
+    types: [published]

 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: '3.12'
+  PYTHON_VERSION: 3.11
+  # CACHE: "poetry"

 jobs:
-  validate-release:
-    if: github.repository == 'prowler-cloud/prowler'
+  repository-check:
+    name: Repository check
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
    outputs:
-      prowler_version: ${{ steps.parse-version.outputs.version }}
-      major_version: ${{ steps.parse-version.outputs.major }}
-
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
    steps:
-      - name: Parse and validate version
-        id: parse-version
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  release-prowler-job:
+    runs-on: ubuntu-latest
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+    name: Release Prowler to PyPI
+    steps:
+      - name: Repository check
+        working-directory: /tmp
+        run: |
+              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
+                  echo "This action only runs for prowler-cloud/prowler"
+                  exit 1
+              fi
+
+      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-          echo "version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"

-          # Extract major version
-          MAJOR_VERSION="${PROWLER_VERSION%%.*}"
-          echo "major=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Validate major version
-          case ${MAJOR_VERSION} in
-            3|4|5)
-              echo "✓ Releasing Prowler v${MAJOR_VERSION} with tag ${PROWLER_VERSION}"
+          case ${PROWLER_VERSION%%.*} in
+          3)
+              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${MAJOR_VERSION}"
+          4)
+              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
+              ;;
+          5)
+              echo "Releasing Prowler v5 with tag ${PROWLER_VERSION}"
+              ;;
+          *)
+              echo "Releasing another Prowler major version, aborting..."
              exit 1
              ;;
          esac

-  publish-prowler:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler
-      url: https://pypi.org/project/prowler/${{ needs.validate-release.outputs.prowler_version }}/
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Install dependencies
+        run: |
+          pipx install poetry==2.1.1

-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
+      - name: Setup Python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
+          # cache: ${{ env.CACHE }}

      - name: Build Prowler package
-        run: poetry build
+        run: |
+          poetry build

      - name: Publish Prowler package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
-
-  publish-prowler-cloud:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler-cloud
-      url: https://pypi.org/project/prowler-cloud/${{ needs.validate-release.outputs.prowler_version }}/
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
-
-      - name: Install toml package
-        run: pip install toml
-
-      - name: Replicate PyPI package for prowler-cloud
        run: |
-          rm -rf ./dist ./build prowler.egg-info
-          python util/replicate_pypi_package.py
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish

-      - name: Build prowler-cloud package
-        run: poetry build
+      - name: Replicate PyPI package
+        run: |
+          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
+          pip install toml
+          python util/replicate_pypi_package.py
+          poetry build

      - name: Publish prowler-cloud package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
@@ -1,90 +1,68 @@
-name: 'SDK: Refresh AWS Regions'
+# This is a basic workflow to help you get started with Actions
+
+name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: '0 9 * * 1' # Every Monday at 09:00 UTC
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
+    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday

 env:
-  PYTHON_VERSION: '3.12'
-  AWS_REGION: 'us-east-1'
+  GITHUB_BRANCH: "master"
+  AWS_REGION_DEV: us-east-1

+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  refresh-aws-regions:
-    if: github.repository == 'prowler-cloud/prowler'
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      id-token: write
      pull-requests: write
      contents: write
-
+    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
-          ref: 'master'
+          ref: ${{ env.GITHUB_BRANCH }}

-      - name: Set up Python ${{ env.PYTHON_VERSION }}
+      - name: setup python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'pip'
+          python-version: 3.9 #install the python needed

      - name: Install dependencies
-        run: pip install boto3
+        run: |
+          python -m pip install --upgrade pip
+          pip install boto3

-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
+      - name: Configure AWS Credentials -- DEV
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
        with:
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
-          role-session-name: prowler-refresh-aws-regions
+          role-session-name: refresh-AWS-regions-dev

-      - name: Update AWS services regions
-        run: python util/update_aws_services_regions.py
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: python3 util/update_aws_services_regions.py

-      - name: Create pull request
-        id: create-pr
+      # Create pull request
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
-          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
-          commit-message: 'feat(aws): update regions for AWS services'
-          branch: 'aws-regions-update-${{ github.run_number }}'
-          title: 'feat(aws): Update regions for AWS services'
-          labels: |
-            status/waiting-for-revision
-            severity/low
-            provider/aws
-            no-changelog
+          commit-message: "feat(regions_update): Update regions for AWS services"
+          branch: "aws-services-regions-updated-${{ github.sha }}"
+          labels: "status/waiting-for-revision, severity/low, provider/aws, no-changelog"
+          title: "chore(regions_update): Changes in regions for AWS services"
          body: |
            ### Description

-            Automated update of AWS service regions from the official AWS IP ranges.
-
-            **Trigger:** ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || github.event_name == 'workflow_dispatch' && 'Manual' || 'Workflow update' }}
-            **Run:** [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
-
-            ### Checklist
-
-            - [x] This is an automated update from AWS official sources
-            - [x] No manual review of region data required
+            This PR updates the regions for AWS services.

            ### License

            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: PR creation result
-        run: |
-          if [[ "${{ steps.create-pr.outputs.pull-request-number }}" ]]; then
-            echo "✓ Pull request #${{ steps.create-pr.outputs.pull-request-number }} created successfully"
-            echo "URL: ${{ steps.create-pr.outputs.pull-request-url }}"
-          else
-            echo "✓ No changes detected - AWS regions are up to date"
-          fi
@@ -1,77 +0,0 @@
-name: 'SDK: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-security-scans:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python 3.12
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: '3.12'
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      - name: Security scan with Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
-
-      - name: Security scan with Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run safety check --ignore 70612 -r pyproject.toml
-
-      - name: Dead code detection with Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
@@ -1,360 +0,0 @@
-name: 'SDK: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-tests:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      # AWS Provider
-      - name: Check if AWS files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-aws
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/aws/**
-            ./tests/**/aws/**
-            ./poetry.lock
-
-      - name: Run AWS tests
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
-
-      - name: Upload AWS coverage to Codecov
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-aws
-          files: ./aws_coverage.xml
-
-      # Azure Provider
-      - name: Check if Azure files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-azure
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/azure/**
-            ./tests/**/azure/**
-            ./poetry.lock
-
-      - name: Run Azure tests
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
-
-      - name: Upload Azure coverage to Codecov
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-azure
-          files: ./azure_coverage.xml
-
-      # GCP Provider
-      - name: Check if GCP files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-gcp
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/gcp/**
-            ./tests/**/gcp/**
-            ./poetry.lock
-
-      - name: Run GCP tests
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
-
-      - name: Upload GCP coverage to Codecov
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-gcp
-          files: ./gcp_coverage.xml
-
-      # Kubernetes Provider
-      - name: Check if Kubernetes files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-kubernetes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/kubernetes/**
-            ./tests/**/kubernetes/**
-            ./poetry.lock
-
-      - name: Run Kubernetes tests
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
-
-      - name: Upload Kubernetes coverage to Codecov
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-kubernetes
-          files: ./kubernetes_coverage.xml
-
-      # GitHub Provider
-      - name: Check if GitHub files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-github
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/github/**
-            ./tests/**/github/**
-            ./poetry.lock
-
-      - name: Run GitHub tests
-        if: steps.changed-github.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
-
-      - name: Upload GitHub coverage to Codecov
-        if: steps.changed-github.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-github
-          files: ./github_coverage.xml
-
-      # NHN Provider
-      - name: Check if NHN files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-nhn
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/nhn/**
-            ./tests/**/nhn/**
-            ./poetry.lock
-
-      - name: Run NHN tests
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
-
-      - name: Upload NHN coverage to Codecov
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-nhn
-          files: ./nhn_coverage.xml
-
-      # M365 Provider
-      - name: Check if M365 files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-m365
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/m365/**
-            ./tests/**/m365/**
-            ./poetry.lock
-
-      - name: Run M365 tests
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
-
-      - name: Upload M365 coverage to Codecov
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-m365
-          files: ./m365_coverage.xml
-
-      # IaC Provider
-      - name: Check if IaC files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-iac
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/iac/**
-            ./tests/**/iac/**
-            ./poetry.lock
-
-      - name: Run IaC tests
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
-
-      - name: Upload IaC coverage to Codecov
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-iac
-          files: ./iac_coverage.xml
-
-      # MongoDB Atlas Provider
-      - name: Check if MongoDB Atlas files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-mongodbatlas
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/mongodbatlas/**
-            ./tests/**/mongodbatlas/**
-            ./poetry.lock
-
-      - name: Run MongoDB Atlas tests
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodbatlas_coverage.xml tests/providers/mongodbatlas
-
-      - name: Upload MongoDB Atlas coverage to Codecov
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-mongodbatlas
-          files: ./mongodbatlas_coverage.xml
-
-      # OCI Provider
-      - name: Check if OCI files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-oraclecloud
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/oraclecloud/**
-            ./tests/**/oraclecloud/**
-            ./poetry.lock
-
-      - name: Run OCI tests
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/oraclecloud --cov-report=xml:oraclecloud_coverage.xml tests/providers/oraclecloud
-
-      - name: Upload OCI coverage to Codecov
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-oraclecloud
-          files: ./oraclecloud_coverage.xml
-
-      # Lib
-      - name: Check if Lib files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-lib
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/lib/**
-            ./tests/lib/**
-            ./poetry.lock
-
-      - name: Run Lib tests
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
-
-      - name: Upload Lib coverage to Codecov
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-lib
-          files: ./lib_coverage.xml
-
-      # Config
-      - name: Check if Config files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-config
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/config/**
-            ./tests/config/**
-            ./poetry.lock
-
-      - name: Run Config tests
-        if: steps.changed-config.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
-
-      - name: Upload Config coverage to Codecov
-        if: steps.changed-config.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-config
-          files: ./config_coverage.xml
@@ -0,0 +1,121 @@
+name: UI - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "ui/**"
+      - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  # Uncomment the below code to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "ui/**"
+  #     - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./ui
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
+  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-ui-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,37 +1,36 @@
-name: 'UI: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: UI - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  schedule:
-    - cron: '00 12 * * *'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    - cron: "00 12 * * *"

 jobs:
-  ui-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -40,20 +39,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'javascript-typescript'
+        language: ["javascript"]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

+      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
        with:
-          category: '/language:${{ matrix.language }}'
+          category: "/language:${{matrix.language}}"
@@ -1,189 +0,0 @@
-name: 'UI: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-container-build-push.yml'
-  release:
-    types:
-      - 'published'
-  workflow_dispatch:
-    inputs:
-      release_tag:
-        description: 'Release tag (e.g., 5.14.0)'
-        required: true
-        type: string
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name || inputs.release_tag }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./ui
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-
-  # Build args
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runner: ubuntu-latest
-            arch: amd64
-          - platform: linux/arm64
-            runner: ubuntu-24.04-arm
-            arch: arm64
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Notify container push started
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push UI container for ${{ matrix.arch }}
-        id: container-push
-        if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && format('v{0}', env.RELEASE_TAG) || needs.setup.outputs.short-sha }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          platforms: ${{ matrix.platform }}
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-${{ matrix.arch }}
-          cache-from: type=gha,scope=${{ matrix.arch }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}
-
-      - name: Notify container push completed
-        if: (github.event_name == 'release' || github.event_name == 'workflow_dispatch') && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  # Create and push multi-architecture manifest
-  create-manifest:
-    needs: [setup, container-build-push]
-    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Create and push manifests for push event
-        if: github.event_name == 'push'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Create and push manifests for release event
-        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
-        run: |
-          docker buildx imagetools create \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }} \
-            -t ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }} \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64 \
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64
-
-      - name: Install regctl
-        if: always()
-        uses: regclient/actions/regctl-installer@main
-
-      - name: Cleanup intermediate architecture tags
-        if: always()
-        run: |
-          echo "Cleaning up intermediate tags..."
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-amd64" || true
-          regctl tag delete "${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}-arm64" || true
-          echo "Cleanup completed"
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger UI deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: ui-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,91 +0,0 @@
-name: 'UI: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  IMAGE_NAME: prowler-ui
-
-jobs:
-  ui-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: ui/Dockerfile
-          ignore: DL3018
-
-  ui-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/**
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build UI container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.UI_WORKING_DIR }}
-          target: prod
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
-
-      - name: Scan UI container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -18,22 +18,6 @@ jobs:
      AUTH_TRUST_HOST: true
      NEXTAUTH_URL: 'http://localhost:3000'
      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
-      E2E_ADMIN_USER: ${{ secrets.E2E_ADMIN_USER }}
-      E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
-      E2E_AWS_PROVIDER_ACCOUNT_ID: ${{ secrets.E2E_AWS_PROVIDER_ACCOUNT_ID }}
-      E2E_AWS_PROVIDER_ACCESS_KEY: ${{ secrets.E2E_AWS_PROVIDER_ACCESS_KEY }}
-      E2E_AWS_PROVIDER_SECRET_KEY: ${{ secrets.E2E_AWS_PROVIDER_SECRET_KEY }}
-      E2E_AWS_PROVIDER_ROLE_ARN: ${{ secrets.E2E_AWS_PROVIDER_ROLE_ARN }}
-      E2E_AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
-      E2E_AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID }}
-      E2E_AZURE_SECRET_ID: ${{ secrets.E2E_AZURE_SECRET_ID }}
-      E2E_AZURE_TENANT_ID: ${{ secrets.E2E_AZURE_TENANT_ID }}
-      E2E_M365_DOMAIN_ID: ${{ secrets.E2E_M365_DOMAIN_ID }}
-      E2E_M365_CLIENT_ID: ${{ secrets.E2E_M365_CLIENT_ID }}
-      E2E_M365_SECRET_ID: ${{ secrets.E2E_M365_SECRET_ID }}
-      E2E_M365_TENANT_ID: ${{ secrets.E2E_M365_TENANT_ID }}
-      E2E_M365_CERTIFICATE_CONTENT: ${{ secrets.E2E_M365_CERTIFICATE_CONTENT }}
-      E2E_NEW_PASSWORD: ${{ secrets.E2E_NEW_PASSWORD }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -75,7 +59,7 @@ jobs:
            echo "All database fixtures loaded successfully!"
          '
      - name: Setup Node.js environment
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
        with:
          node-version: '20.x'
          cache: 'npm'
@@ -0,0 +1,65 @@
+name: UI - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - ".github/workflows/ui-pull-request.yml"
+      - "ui/**"
+  pull_request:
+    branches:
+      - master
+      - "v5.*"
+    paths:
+      - 'ui/**'
+env:
+  UI_WORKING_DIR: ./ui
+  IMAGE_NAME: prowler-ui
+
+jobs:
+  test-and-coverage:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        node-version: [20.x]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+          cache-dependency-path: './ui/package-lock.json'
+      - name: Install dependencies
+        working-directory: ./ui
+        run: npm ci
+      - name: Run Healthcheck
+        working-directory: ./ui
+        run: npm run healthcheck
+      - name: Build the application
+        working-directory: ./ui
+        run: npm run build
+
+  test-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Build Container
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.UI_WORKING_DIR }}
+          # Always build using `prod` target
+          target: prod
+          push: false
+          tags: ${{ env.IMAGE_NAME }}:latest
+          outputs: type=docker
+          build-args: |
+            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
@@ -1,64 +0,0 @@
-name: 'UI: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  NODE_VERSION: '20.x'
-
-jobs:
-  ui-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./ui
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ui/**
-            .github/workflows/ui-tests.yml
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Setup Node.js ${{ env.NODE_VERSION }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm ci
-
-      - name: Run healthcheck
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run healthcheck
-
-      - name: Build application
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run build
@@ -39,92 +39,21 @@ secrets-*/
 # JUnit Reports
 junit-reports/

-# Test and coverage artifacts
-*_coverage.xml
-pytest_*.xml
-.coverage
-htmlcov/
-
-# VSCode files and settings
+# VSCode files
 .vscode/
-*.code-workspace
-.vscode-test/

-# VSCode extension settings and workspaces
-.history/
-.ionide/
-
-# MCP Server Settings (various locations)
-**/cline_mcp_settings.json
-**/mcp_settings.json
-**/mcp-config.json
-**/mcpServers.json
-.mcp/
-
-# AI Coding Assistants - Cursor
+# Cursor files
 .cursorignore
 .cursor/
-.cursorrules

-# AI Coding Assistants - RooCode
+# RooCode files
 .roo/
 .rooignore
 .roomodes

-# AI Coding Assistants - Cline (formerly Claude Dev)
+# Cline files
 .cline/
 .clineignore
-.clinerules
-
-# AI Coding Assistants - Continue
-.continue/
-continue.json
-.continuerc
-.continuerc.json
-
-# AI Coding Assistants - GitHub Copilot
-.copilot/
-.github/copilot/
-
-# AI Coding Assistants - Amazon Q Developer (formerly CodeWhisperer)
-.aws/
-.codewhisperer/
-.amazonq/
-.aws-toolkit/
-
-# AI Coding Assistants - Tabnine
-.tabnine/
-tabnine_config.json
-
-# AI Coding Assistants - Kiro
-.kiro/
-.kiroignore
-kiro.config.json
-
-# AI Coding Assistants - Aider
-.aider/
-.aider.chat.history.md
-.aider.input.history
-.aider.tags.cache.v3/
-
-# AI Coding Assistants - Windsurf
-.windsurf/
-.windsurfignore
-
-# AI Coding Assistants - Replit Agent
-.replit
-.replitignore
-
-# AI Coding Assistants - Supermaven
-.supermaven/
-
-# AI Coding Assistants - Sourcegraph Cody
-.cody/
-
-# AI Coding Assistants - General
-.ai/
-.aiconfig
-ai-config.json

 # Terraform
 .terraform*
@@ -135,6 +64,7 @@ ai-config.json
 ui/.env*
 api/.env*
 mcp_server/.env*
+.env.local

 # Coverage
 .coverage*
@@ -126,12 +126,3 @@ repos:
        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
        language: system
        files: '.*\.py'
-
-      - id: ui-checks
-        name: UI - Husky Pre-commit
-        description: "Run UI pre-commit checks (Claude Code validation + healthcheck)"
-        entry: bash -c 'cd ui && .husky/pre-commit'
-        language: system
-        files: '^ui/.*\.(ts|tsx|js|jsx|json|css)$'
-        pass_filenames: false
-        verbose: true
@@ -10,4 +10,4 @@
 Want some swag as appreciation for your contribution?

 # Prowler Developer Guide
-https://goto.prowler.com/devguide
+https://docs.prowler.com/projects/prowler-open-source/en/latest/developer-guide/introduction/
@@ -4,10 +4,6 @@ LABEL maintainer="https://github.com/prowler-cloud/prowler"
 LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"

 ARG POWERSHELL_VERSION=7.5.0
-ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
-
-ARG TRIVY_VERSION=0.66.0
-ENV TRIVY_VERSION=${TRIVY_VERSION}

 # hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -29,24 +25,6 @@ RUN ARCH=$(uname -m) && \
    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
    rm /tmp/powershell.tar.gz

-# Install Trivy for IaC scanning
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        TRIVY_ARCH="Linux-64bit" ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        TRIVY_ARCH="Linux-ARM64" ; \
-    else \
-        echo "Unsupported architecture for Trivy: $ARCH" && exit 1 ; \
-    fi && \
-    wget --progress=dot:giga "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_${TRIVY_ARCH}.tar.gz" -O /tmp/trivy.tar.gz && \
-    tar zxf /tmp/trivy.tar.gz -C /tmp && \
-    mv /tmp/trivy /usr/local/bin/trivy && \
-    chmod +x /usr/local/bin/trivy && \
-    rm /tmp/trivy.tar.gz && \
-    # Create trivy cache directory with proper permissions
-    mkdir -p /tmp/.cache/trivy && \
-    chmod 777 /tmp/.cache/trivy
-
 # Add prowler user
 RUN addgroup --gid 1000 prowler && \
    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
@@ -56,7 +56,7 @@ Prowler includes hundreds of built-in controls to ensure compliance with standar

 Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

-![Prowler App](docs/images/products/overview.png)
+![Prowler App](docs/products/img/overview.png)

 >For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)

@@ -73,26 +73,26 @@ prowler <provider>
 ```console
 prowler dashboard
 ```
-![Prowler Dashboard](docs/images/products/dashboard.png)
+![Prowler Dashboard](docs/products/img/dashboard.png)

 # Prowler at a Glance
 > [!Tip]
 > For the most accurate and up-to-date information about checks, services, frameworks, and categories, visit [**Prowler Hub**](https://hub.prowler.com).


-| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface |
-|---|---|---|---|---|---|---|
-| AWS | 576 | 82 | 39 | 10 | Official | UI, API, CLI |
-| GCP | 79 | 13 | 13 | 3 | Official | UI, API, CLI |
-| Azure | 162 | 19 | 13 | 4 | Official | UI, API, CLI |
-| Kubernetes | 83 | 7 | 5 | 7 | Official | UI, API, CLI |
+| Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Stage | Interface |
+|---|---|---|---|---|---|---|---|
+| AWS | 576 | 82 | 38 | 10 | Official | Stable | UI, API, CLI |
+| GCP | 79 | 13 | 11 | 3 | Official | Stable | UI, API, CLI |
+| Azure | 162 | 19 | 12 | 4 | Official | Stable | UI, API, CLI |
+| Kubernetes | 83 | 7 | 5 | 7 | Official | Stable | UI, API, CLI |
 | GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
-| M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI |
-| OCI | 51 | 13 | 1 | 10 | Official | UI, API, CLI |
-| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI |
-| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | CLI, API |
-| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI |
-| NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |
+| M365 | 70 | 7 | 3 | 2 | Official | Stable | UI, API, CLI |
+| OCI | 51 | 13 | 1 | 10 | Official | Stable | CLI |
+| IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | Beta | CLI |
+| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | Beta | CLI |
+| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | Beta | CLI |
+| NHN | 6 | 2 | 1 | 0 | Unofficial | Beta | CLI |

 > [!Note]
 > The numbers in the table are updated periodically.
@@ -2,72 +2,7 @@

 All notable changes to the **Prowler API** are documented in this file.

-
-## [1.15.2] (Prowler v5.14.2)
-
-### Fixed
- Unique constraint violation during compliance overviews task [(#9436)](https://github.com/prowler-cloud/prowler/pull/9436)
- Division by zero error in ENS PDF report when all requirements are manual [(#9443)](https://github.com/prowler-cloud/prowler/pull/9443)
-
---
-
-## [1.15.1] (Prowler v5.14.1)
-
-### Fixed
- Typo in PDF reporting [(#9322)](https://github.com/prowler-cloud/prowler/pull/9322)
- IaC provider initialization failure when mutelist processor is configured [(#9331)](https://github.com/prowler-cloud/prowler/pull/9331)
- Match logic for ThreatScore when counting findings [(#9348)](https://github.com/prowler-cloud/prowler/pull/9348)
-
---
-
-## [1.15.0] (Prowler v5.14.0)
-
-### Added
- IaC (Infrastructure as Code) provider support for remote repositories [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751)
- Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975)
- Support for configuring multiple LLM providers [(#8772)](https://github.com/prowler-cloud/prowler/pull/8772)
- Support C5 compliance framework for Azure provider [(#9081)](https://github.com/prowler-cloud/prowler/pull/9081)
- Support for Oracle Cloud Infrastructure (OCI) provider [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927)
- Support muting findings based on simple rules with custom reason [(#9051)](https://github.com/prowler-cloud/prowler/pull/9051)
- Support C5 compliance framework for the GCP provider [(#9097)](https://github.com/prowler-cloud/prowler/pull/9097)
- Support for Amazon Bedrock and OpenAI compatible providers in Lighthouse AI [(#8957)](https://github.com/prowler-cloud/prowler/pull/8957)
- Support PDF reporting for ENS compliance framework [(#9158)](https://github.com/prowler-cloud/prowler/pull/9158)
- Support PDF reporting for NIS2 compliance framework [(#9170)](https://github.com/prowler-cloud/prowler/pull/9170)
- Tenant-wide ThreatScore overview aggregation and snapshot persistence with backfill support [(#9148)](https://github.com/prowler-cloud/prowler/pull/9148)
- Added `metadata`, `details`, and `partition` attributes to `/resources` endpoint & `details`, and `partition` to `/findings` endpoint [(#9098)](https://github.com/prowler-cloud/prowler/pull/9098)
- Support for MongoDB Atlas provider [(#9167)](https://github.com/prowler-cloud/prowler/pull/9167)
- Support Prowler ThreatScore for the K8S provider [(#9235)](https://github.com/prowler-cloud/prowler/pull/9235)
- Enhanced compliance overview endpoint with provider filtering and latest scan aggregation [(#9244)](https://github.com/prowler-cloud/prowler/pull/9244)
- New endpoint `GET /api/v1/overview/regions` to retrieve aggregated findings data by region [(#9273)](https://github.com/prowler-cloud/prowler/pull/9273)
-
-### Changed
- Optimized database write queries for scan related tasks [(#9190)](https://github.com/prowler-cloud/prowler/pull/9190)
- Date filters are now optional for `GET /api/v1/overviews/services` endpoint; returns latest scan data by default [(#9248)](https://github.com/prowler-cloud/prowler/pull/9248)
-
-### Fixed
- Scans no longer fail when findings have UIDs exceeding 300 characters; such findings are now skipped with detailed logging [(#9246)](https://github.com/prowler-cloud/prowler/pull/9246)
- Updated unique constraint for `Provider` model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers [(#9054)](https://github.com/prowler-cloud/prowler/pull/9054)
- Removed compliance generation for providers without compliance frameworks [(#9208)](https://github.com/prowler-cloud/prowler/pull/9208)
- Refresh output report timestamps for each scan [(#9272)](https://github.com/prowler-cloud/prowler/pull/9272)
- Severity overview endpoint now ignores muted findings as expected [(#9283)](https://github.com/prowler-cloud/prowler/pull/9283)
- Fixed discrepancy between ThreatScore PDF report values and database calculations [(#9296)](https://github.com/prowler-cloud/prowler/pull/9296)
-
-### Security
- Django updated to the latest 5.1 security release, 5.1.14, due to problems with potential [SQL injection](https://github.com/prowler-cloud/prowler/security/dependabot/113) and [denial-of-service vulnerability](https://github.com/prowler-cloud/prowler/security/dependabot/114) [(#9176)](https://github.com/prowler-cloud/prowler/pull/9176)
-
---
-
-## [1.14.1] (Prowler v5.13.1)
-
-### Fixed
- `/api/v1/overviews/providers` collapses data by provider type so the UI receives a single aggregated record per cloud family even when multiple accounts exist [(#9053)](https://github.com/prowler-cloud/prowler/pull/9053)
- Added retry logic to database transactions to handle Aurora read replica connection failures during scale-down events [(#9064)](https://github.com/prowler-cloud/prowler/pull/9064)
- Security Hub integrations stop failing when they read relationships via the replica by allowing replica relations and saving updates through the primary [(#9080)](https://github.com/prowler-cloud/prowler/pull/9080)
-
---
-
-## [1.14.0] (Prowler v5.13.0)
+## [1.14.0] (Prowler UNRELEASED)

 ### Added
 - Default JWT keys are generated and stored if they are missing from configuration [(#8655)](https://github.com/prowler-cloud/prowler/pull/8655)
@@ -91,14 +26,14 @@ All notable changes to the **Prowler API** are documented in this file.

 ---

-## [1.13.2] (Prowler v5.12.3)
+## [1.13.2] (Prowler 5.12.3)

 ### Fixed
 - 500 error when deleting user [(#8731)](https://github.com/prowler-cloud/prowler/pull/8731)

 ---

-## [1.13.1] (Prowler v5.12.2)
+## [1.13.1] (Prowler 5.12.2)

 ### Changed
 - Renamed compliance overview task queue to `compliance` [(#8755)](https://github.com/prowler-cloud/prowler/pull/8755)
@@ -108,7 +43,7 @@ All notable changes to the **Prowler API** are documented in this file.

 ---

-## [1.13.0] (Prowler v5.12.0)
+## [1.13.0] (Prowler 5.12.0)

 ### Added
 - Integration with JIRA, enabling sending findings to a JIRA project [(#8622)](https://github.com/prowler-cloud/prowler/pull/8622), [(#8637)](https://github.com/prowler-cloud/prowler/pull/8637)
@@ -117,7 +52,7 @@ All notable changes to the **Prowler API** are documented in this file.

 ---

-## [1.12.0] (Prowler v5.11.0)
+## [1.12.0] (Prowler 5.11.0)

 ### Added
 - Lighthouse support for OpenAI GPT-5 [(#8527)](https://github.com/prowler-cloud/prowler/pull/8527)
@@ -129,7 +64,7 @@ All notable changes to the **Prowler API** are documented in this file.

 ---

-## [1.11.0] (Prowler v5.10.0)
+## [1.11.0] (Prowler 5.10.0)

 ### Added
 - Github provider support [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271)
@@ -5,9 +5,6 @@ LABEL maintainer="https://github.com/prowler-cloud/api"
 ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}

-ARG TRIVY_VERSION=0.66.0
-ENV TRIVY_VERSION=${TRIVY_VERSION}
-
 # hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends \
    wget \
@@ -39,24 +36,6 @@ RUN ARCH=$(uname -m) && \
    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
    rm /tmp/powershell.tar.gz

-# Install Trivy for IaC scanning
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        TRIVY_ARCH="Linux-64bit" ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        TRIVY_ARCH="Linux-ARM64" ; \
-    else \
-        echo "Unsupported architecture for Trivy: $ARCH" && exit 1 ; \
-    fi && \
-    wget --progress=dot:giga "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_${TRIVY_ARCH}.tar.gz" -O /tmp/trivy.tar.gz && \
-    tar zxf /tmp/trivy.tar.gz -C /tmp && \
-    mv /tmp/trivy /usr/local/bin/trivy && \
-    chmod +x /usr/local/bin/trivy && \
-    rm /tmp/trivy.tar.gz && \
-    # Create trivy cache directory with proper permissions
-    mkdir -p /tmp/.cache/trivy && \
-    chmod 777 /tmp/.cache/trivy
-
 # Add prowler user
 RUN addgroup --gid 1000 prowler && \
    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.1.4 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.2.0 and should not be changed by hand.

 [[package]]
 name = "about-time"
@@ -610,24 +610,6 @@ azure-mgmt-core = ">=1.3.2"
 isodate = ">=0.6.1"
 typing-extensions = ">=4.6.0"

-[[package]]
-name = "azure-mgmt-postgresqlflexibleservers"
-version = "1.1.0"
-description = "Microsoft Azure Postgresqlflexibleservers Management Client Library for Python"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "azure_mgmt_postgresqlflexibleservers-1.1.0-py3-none-any.whl", hash = "sha256:87ddb5a5e6d12c45769485d234cfe0322140e3a0a7636d0e61fb00ac544b5d20"},
-    {file = "azure_mgmt_postgresqlflexibleservers-1.1.0.tar.gz", hash = "sha256:9ede9d8ba63e9d2879cb74adc903c649af3bc5460a02787287b0cd18d754af14"},
-]
-
-[package.dependencies]
-azure-common = ">=1.1"
-azure-mgmt-core = ">=1.3.2"
-isodate = ">=0.6.1"
-typing-extensions = ">=4.6.0"
-
 [[package]]
 name = "azure-mgmt-rdbms"
 version = "10.1.0"
@@ -1182,18 +1164,6 @@ files = [
    {file = "charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14"},
 ]

-[[package]]
-name = "circuitbreaker"
-version = "2.1.3"
-description = "Python Circuit Breaker pattern implementation"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "circuitbreaker-2.1.3-py3-none-any.whl", hash = "sha256:87ba6a3ed03fdc7032bc175561c2b04d52ade9d5faf94ca2b035fbdc5e6b1dd1"},
-    {file = "circuitbreaker-2.1.3.tar.gz", hash = "sha256:1a4baee510f7bea3c91b194dcce7c07805fe96c4423ed5594b75af438531d084"},
-]
-
 [[package]]
 name = "click"
 version = "8.2.1"
@@ -1701,14 +1671,14 @@ with-social = ["django-allauth[socialaccount] (>=64.0.0)"]

 [[package]]
 name = "django"
-version = "5.1.14"
+version = "5.1.13"
 description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design."
 optional = false
 python-versions = ">=3.10"
 groups = ["main", "dev"]
 files = [
-    {file = "django-5.1.14-py3-none-any.whl", hash = "sha256:2a4b9c20404fd1bf50aaaa5542a19d860594cba1354f688f642feb271b91df27"},
-    {file = "django-5.1.14.tar.gz", hash = "sha256:b98409fb31fdd6e8c3a6ba2eef3415cc5c0020057b43b21ba7af6eff5f014831"},
+    {file = "django-5.1.13-py3-none-any.whl", hash = "sha256:06f257f79dc4c17f3f9e23b106a4c5ed1335abecbe731e83c598c941d14fbeed"},
+    {file = "django-5.1.13.tar.gz", hash = "sha256:543ff21679f15e80edfc01fe7ea35f8291b6d4ea589433882913626a7c1cf929"},
 ]

 [package.dependencies]
@@ -2468,72 +2438,6 @@ files = [
    {file = "frozenlist-1.7.0.tar.gz", hash = "sha256:2e310d81923c2437ea8670467121cc3e9b0f76d3043cc1d2331d56c7fb7a3a8f"},
 ]

-[[package]]
-name = "gevent"
-version = "25.9.1"
-description = "Coroutine-based network library"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:856b990be5590e44c3a3dc6c8d48a40eaccbb42e99d2b791d11d1e7711a4297e"},
-    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:fe1599d0b30e6093eb3213551751b24feeb43db79f07e89d98dd2f3330c9063e"},
-    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:f0d8b64057b4bf1529b9ef9bd2259495747fba93d1f836c77bfeaacfec373fd0"},
-    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b56cbc820e3136ba52cd690bdf77e47a4c239964d5f80dc657c1068e0fe9521c"},
-    {file = "gevent-25.9.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:c5fa9ce5122c085983e33e0dc058f81f5264cebe746de5c401654ab96dddfca8"},
-    {file = "gevent-25.9.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:03c74fec58eda4b4edc043311fca8ba4f8744ad1632eb0a41d5ec25413581975"},
-    {file = "gevent-25.9.1-cp310-cp310-win_amd64.whl", hash = "sha256:a8ae9f895e8651d10b0a8328a61c9c53da11ea51b666388aa99b0ce90f9fdc27"},
-    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:18e5aff9e8342dc954adb9c9c524db56c2f3557999463445ba3d9cbe3dada7b7"},
-    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:1cdf6db28f050ee103441caa8b0448ace545364f775059d5e2de089da975c457"},
-    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:812debe235a8295be3b2a63b136c2474241fa5c58af55e6a0f8cfc29d4936235"},
-    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b28b61ff9216a3d73fe8f35669eefcafa957f143ac534faf77e8a19eb9e6883a"},
-    {file = "gevent-25.9.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:5e4b6278b37373306fc6b1e5f0f1cf56339a1377f67c35972775143d8d7776ff"},
-    {file = "gevent-25.9.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:d99f0cb2ce43c2e8305bf75bee61a8bde06619d21b9d0316ea190fc7a0620a56"},
-    {file = "gevent-25.9.1-cp311-cp311-win_amd64.whl", hash = "sha256:72152517ecf548e2f838c61b4be76637d99279dbaa7e01b3924df040aa996586"},
-    {file = "gevent-25.9.1-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:46b188248c84ffdec18a686fcac5dbb32365d76912e14fda350db5dc0bfd4f86"},
-    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:f2b54ea3ca6f0c763281cd3f96010ac7e98c2e267feb1221b5a26e2ca0b9a692"},
-    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:7a834804ac00ed8a92a69d3826342c677be651b1c3cd66cc35df8bc711057aa2"},
-    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:323a27192ec4da6b22a9e51c3d9d896ff20bc53fdc9e45e56eaab76d1c39dd74"},
-    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6ea78b39a2c51d47ff0f130f4c755a9a4bbb2dd9721149420ad4712743911a51"},
-    {file = "gevent-25.9.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:dc45cd3e1cc07514a419960af932a62eb8515552ed004e56755e4bf20bad30c5"},
-    {file = "gevent-25.9.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:34e01e50c71eaf67e92c186ee0196a039d6e4f4b35670396baed4a2d8f1b347f"},
-    {file = "gevent-25.9.1-cp312-cp312-win_amd64.whl", hash = "sha256:4acd6bcd5feabf22c7c5174bd3b9535ee9f088d2bbce789f740ad8d6554b18f3"},
-    {file = "gevent-25.9.1-cp313-cp313-macosx_11_0_universal2.whl", hash = "sha256:4f84591d13845ee31c13f44bdf6bd6c3dbf385b5af98b2f25ec328213775f2ed"},
-    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:9cdbb24c276a2d0110ad5c978e49daf620b153719ac8a548ce1250a7eb1b9245"},
-    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:88b6c07169468af631dcf0fdd3658f9246d6822cc51461d43f7c44f28b0abb82"},
-    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:b7bb0e29a7b3e6ca9bed2394aa820244069982c36dc30b70eb1004dd67851a48"},
-    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2951bb070c0ee37b632ac9134e4fdaad70d2e660c931bb792983a0837fe5b7d7"},
-    {file = "gevent-25.9.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e4e17c2d57e9a42e25f2a73d297b22b60b2470a74be5a515b36c984e1a246d47"},
-    {file = "gevent-25.9.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:8d94936f8f8b23d9de2251798fcb603b84f083fdf0d7f427183c1828fb64f117"},
-    {file = "gevent-25.9.1-cp313-cp313-win_amd64.whl", hash = "sha256:eb51c5f9537b07da673258b4832f6635014fee31690c3f0944d34741b69f92fa"},
-    {file = "gevent-25.9.1-cp314-cp314-macosx_11_0_universal2.whl", hash = "sha256:1a3fe4ea1c312dbf6b375b416925036fe79a40054e6bf6248ee46526ea628be1"},
-    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0adb937f13e5fb90cca2edf66d8d7e99d62a299687400ce2edee3f3504009356"},
-    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:427f869a2050a4202d93cf7fd6ab5cffb06d3e9113c10c967b6e2a0d45237cb8"},
-    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:c049880175e8c93124188f9d926af0a62826a3b81aa6d3074928345f8238279e"},
-    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b5a67a0974ad9f24721034d1e008856111e0535f1541499f72a733a73d658d1c"},
-    {file = "gevent-25.9.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:1d0f5d8d73f97e24ea8d24d8be0f51e0cf7c54b8021c1fddb580bf239474690f"},
-    {file = "gevent-25.9.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:ddd3ff26e5c4240d3fbf5516c2d9d5f2a998ef87cfb73e1429cfaeaaec860fa6"},
-    {file = "gevent-25.9.1-cp314-cp314-win_amd64.whl", hash = "sha256:bb63c0d6cb9950cc94036a4995b9cc4667b8915366613449236970f4394f94d7"},
-    {file = "gevent-25.9.1-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f18f80aef6b1f6907219affe15b36677904f7cfeed1f6a6bc198616e507ae2d7"},
-    {file = "gevent-25.9.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b274a53e818124a281540ebb4e7a2c524778f745b7a99b01bdecf0ca3ac0ddb0"},
-    {file = "gevent-25.9.1-cp39-cp39-win32.whl", hash = "sha256:c6c91f7e33c7f01237755884316110ee7ea076f5bdb9aa0982b6dc63243c0a38"},
-    {file = "gevent-25.9.1-cp39-cp39-win_amd64.whl", hash = "sha256:012a44b0121f3d7c800740ff80351c897e85e76a7e4764690f35c5ad9ec17de5"},
-    {file = "gevent-25.9.1.tar.gz", hash = "sha256:adf9cd552de44a4e6754c51ff2e78d9193b7fa6eab123db9578a210e657235dd"},
-]
-
-[package.dependencies]
-cffi = {version = ">=1.17.1", markers = "platform_python_implementation == \"CPython\" and sys_platform == \"win32\""}
-greenlet = {version = ">=3.2.2", markers = "platform_python_implementation == \"CPython\""}
-"zope.event" = "*"
-"zope.interface" = "*"
-
-[package.extras]
-dnspython = ["dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\""]
-docs = ["furo", "repoze.sphinx.autointerface", "sphinx", "sphinxcontrib-programoutput", "zope.schema"]
-monitor = ["psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\""]
-recommended = ["cffi (>=1.17.1) ; platform_python_implementation == \"CPython\"", "dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\"", "psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\""]
-test = ["cffi (>=1.17.1) ; platform_python_implementation == \"CPython\"", "coverage (>=5.0) ; sys_platform != \"win32\"", "dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\"", "objgraph", "psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\"", "requests"]
-
 [[package]]
 name = "google-api-core"
 version = "2.25.1"
@@ -2667,87 +2571,6 @@ files = [
 dev = ["pytest"]
 docs = ["sphinx", "sphinx-autobuild"]

-[[package]]
-name = "greenlet"
-version = "3.2.4"
-description = "Lightweight in-process concurrent programming"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-markers = "platform_python_implementation == \"CPython\""
-files = [
-    {file = "greenlet-3.2.4-cp310-cp310-macosx_11_0_universal2.whl", hash = "sha256:8c68325b0d0acf8d91dde4e6f930967dd52a5302cd4062932a6b2e7c2969f47c"},
-    {file = "greenlet-3.2.4-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:94385f101946790ae13da500603491f04a76b6e4c059dab271b3ce2e283b2590"},
-    {file = "greenlet-3.2.4-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:f10fd42b5ee276335863712fa3da6608e93f70629c631bf77145021600abc23c"},
-    {file = "greenlet-3.2.4-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:c8c9e331e58180d0d83c5b7999255721b725913ff6bc6cf39fa2a45841a4fd4b"},
-    {file = "greenlet-3.2.4-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:58b97143c9cc7b86fc458f215bd0932f1757ce649e05b640fea2e79b54cedb31"},
-    {file = "greenlet-3.2.4-cp310-cp310-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c2ca18a03a8cfb5b25bc1cbe20f3d9a4c80d8c3b13ba3df49ac3961af0b1018d"},
-    {file = "greenlet-3.2.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:9fe0a28a7b952a21e2c062cd5756d34354117796c6d9215a87f55e38d15402c5"},
-    {file = "greenlet-3.2.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:8854167e06950ca75b898b104b63cc646573aa5fef1353d4508ecdd1ee76254f"},
-    {file = "greenlet-3.2.4-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:f47617f698838ba98f4ff4189aef02e7343952df3a615f847bb575c3feb177a7"},
-    {file = "greenlet-3.2.4-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:af41be48a4f60429d5cad9d22175217805098a9ef7c40bfef44f7669fb9d74d8"},
-    {file = "greenlet-3.2.4-cp310-cp310-win_amd64.whl", hash = "sha256:73f49b5368b5359d04e18d15828eecc1806033db5233397748f4ca813ff1056c"},
-    {file = "greenlet-3.2.4-cp311-cp311-macosx_11_0_universal2.whl", hash = "sha256:96378df1de302bc38e99c3a9aa311967b7dc80ced1dcc6f171e99842987882a2"},
-    {file = "greenlet-3.2.4-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1ee8fae0519a337f2329cb78bd7a8e128ec0f881073d43f023c7b8d4831d5246"},
-    {file = "greenlet-3.2.4-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:94abf90142c2a18151632371140b3dba4dee031633fe614cb592dbb6c9e17bc3"},
-    {file = "greenlet-3.2.4-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:4d1378601b85e2e5171b99be8d2dc85f594c79967599328f95c1dc1a40f1c633"},
-    {file = "greenlet-3.2.4-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:0db5594dce18db94f7d1650d7489909b57afde4c580806b8d9203b6e79cdc079"},
-    {file = "greenlet-3.2.4-cp311-cp311-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:2523e5246274f54fdadbce8494458a2ebdcdbc7b802318466ac5606d3cded1f8"},
-    {file = "greenlet-3.2.4-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:1987de92fec508535687fb807a5cea1560f6196285a4cde35c100b8cd632cc52"},
-    {file = "greenlet-3.2.4-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:55e9c5affaa6775e2c6b67659f3a71684de4c549b3dd9afca3bc773533d284fa"},
-    {file = "greenlet-3.2.4-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:c9c6de1940a7d828635fbd254d69db79e54619f165ee7ce32fda763a9cb6a58c"},
-    {file = "greenlet-3.2.4-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:03c5136e7be905045160b1b9fdca93dd6727b180feeafda6818e6496434ed8c5"},
-    {file = "greenlet-3.2.4-cp311-cp311-win_amd64.whl", hash = "sha256:9c40adce87eaa9ddb593ccb0fa6a07caf34015a29bf8d344811665b573138db9"},
-    {file = "greenlet-3.2.4-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:3b67ca49f54cede0186854a008109d6ee71f66bd57bb36abd6d0a0267b540cdd"},
-    {file = "greenlet-3.2.4-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ddf9164e7a5b08e9d22511526865780a576f19ddd00d62f8a665949327fde8bb"},
-    {file = "greenlet-3.2.4-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:f28588772bb5fb869a8eb331374ec06f24a83a9c25bfa1f38b6993afe9c1e968"},
-    {file = "greenlet-3.2.4-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:5c9320971821a7cb77cfab8d956fa8e39cd07ca44b6070db358ceb7f8797c8c9"},
-    {file = "greenlet-3.2.4-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c60a6d84229b271d44b70fb6e5fa23781abb5d742af7b808ae3f6efd7c9c60f6"},
-    {file = "greenlet-3.2.4-cp312-cp312-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:3b3812d8d0c9579967815af437d96623f45c0f2ae5f04e366de62a12d83a8fb0"},
-    {file = "greenlet-3.2.4-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:abbf57b5a870d30c4675928c37278493044d7c14378350b3aa5d484fa65575f0"},
-    {file = "greenlet-3.2.4-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:20fb936b4652b6e307b8f347665e2c615540d4b42b3b4c8a321d8286da7e520f"},
-    {file = "greenlet-3.2.4-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:ee7a6ec486883397d70eec05059353b8e83eca9168b9f3f9a361971e77e0bcd0"},
-    {file = "greenlet-3.2.4-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:326d234cbf337c9c3def0676412eb7040a35a768efc92504b947b3e9cfc7543d"},
-    {file = "greenlet-3.2.4-cp312-cp312-win_amd64.whl", hash = "sha256:a7d4e128405eea3814a12cc2605e0e6aedb4035bf32697f72deca74de4105e02"},
-    {file = "greenlet-3.2.4-cp313-cp313-macosx_11_0_universal2.whl", hash = "sha256:1a921e542453fe531144e91e1feedf12e07351b1cf6c9e8a3325ea600a715a31"},
-    {file = "greenlet-3.2.4-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:cd3c8e693bff0fff6ba55f140bf390fa92c994083f838fece0f63be121334945"},
-    {file = "greenlet-3.2.4-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:710638eb93b1fa52823aa91bf75326f9ecdfd5e0466f00789246a5280f4ba0fc"},
-    {file = "greenlet-3.2.4-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:c5111ccdc9c88f423426df3fd1811bfc40ed66264d35aa373420a34377efc98a"},
-    {file = "greenlet-3.2.4-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d76383238584e9711e20ebe14db6c88ddcedc1829a9ad31a584389463b5aa504"},
-    {file = "greenlet-3.2.4-cp313-cp313-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:23768528f2911bcd7e475210822ffb5254ed10d71f4028387e5a99b4c6699671"},
-    {file = "greenlet-3.2.4-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:00fadb3fedccc447f517ee0d3fd8fe49eae949e1cd0f6a611818f4f6fb7dc83b"},
-    {file = "greenlet-3.2.4-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:d25c5091190f2dc0eaa3f950252122edbbadbb682aa7b1ef2f8af0f8c0afefae"},
-    {file = "greenlet-3.2.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:6e343822feb58ac4d0a1211bd9399de2b3a04963ddeec21530fc426cc121f19b"},
-    {file = "greenlet-3.2.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ca7f6f1f2649b89ce02f6f229d7c19f680a6238af656f61e0115b24857917929"},
-    {file = "greenlet-3.2.4-cp313-cp313-win_amd64.whl", hash = "sha256:554b03b6e73aaabec3745364d6239e9e012d64c68ccd0b8430c64ccc14939a8b"},
-    {file = "greenlet-3.2.4-cp314-cp314-macosx_11_0_universal2.whl", hash = "sha256:49a30d5fda2507ae77be16479bdb62a660fa51b1eb4928b524975b3bde77b3c0"},
-    {file = "greenlet-3.2.4-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:299fd615cd8fc86267b47597123e3f43ad79c9d8a22bebdce535e53550763e2f"},
-    {file = "greenlet-3.2.4-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:c17b6b34111ea72fc5a4e4beec9711d2226285f0386ea83477cbb97c30a3f3a5"},
-    {file = "greenlet-3.2.4-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:b4a1870c51720687af7fa3e7cda6d08d801dae660f75a76f3845b642b4da6ee1"},
-    {file = "greenlet-3.2.4-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:061dc4cf2c34852b052a8620d40f36324554bc192be474b9e9770e8c042fd735"},
-    {file = "greenlet-3.2.4-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:44358b9bf66c8576a9f57a590d5f5d6e72fa4228b763d0e43fee6d3b06d3a337"},
-    {file = "greenlet-3.2.4-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:2917bdf657f5859fbf3386b12d68ede4cf1f04c90c3a6bc1f013dd68a22e2269"},
-    {file = "greenlet-3.2.4-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:015d48959d4add5d6c9f6c5210ee3803a830dce46356e3bc326d6776bde54681"},
-    {file = "greenlet-3.2.4-cp314-cp314-win_amd64.whl", hash = "sha256:e37ab26028f12dbb0ff65f29a8d3d44a765c61e729647bf2ddfbbed621726f01"},
-    {file = "greenlet-3.2.4-cp39-cp39-macosx_11_0_universal2.whl", hash = "sha256:b6a7c19cf0d2742d0809a4c05975db036fdff50cd294a93632d6a310bf9ac02c"},
-    {file = "greenlet-3.2.4-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:27890167f55d2387576d1f41d9487ef171849ea0359ce1510ca6e06c8bece11d"},
-    {file = "greenlet-3.2.4-cp39-cp39-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:18d9260df2b5fbf41ae5139e1be4e796d99655f023a636cd0e11e6406cca7d58"},
-    {file = "greenlet-3.2.4-cp39-cp39-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:671df96c1f23c4a0d4077a325483c1503c96a1b7d9db26592ae770daa41233d4"},
-    {file = "greenlet-3.2.4-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:16458c245a38991aa19676900d48bd1a6f2ce3e16595051a4db9d012154e8433"},
-    {file = "greenlet-3.2.4-cp39-cp39-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c9913f1a30e4526f432991f89ae263459b1c64d1608c0d22a5c79c287b3c70df"},
-    {file = "greenlet-3.2.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:b90654e092f928f110e0007f572007c9727b5265f7632c2fa7415b4689351594"},
-    {file = "greenlet-3.2.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:81701fd84f26330f0d5f4944d4e92e61afe6319dcd9775e39396e39d7c3e5f98"},
-    {file = "greenlet-3.2.4-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:28a3c6b7cd72a96f61b0e4b2a36f681025b60ae4779cc73c1535eb5f29560b10"},
-    {file = "greenlet-3.2.4-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:52206cd642670b0b320a1fd1cbfd95bca0e043179c1d8a045f2c6109dfe973be"},
-    {file = "greenlet-3.2.4-cp39-cp39-win32.whl", hash = "sha256:65458b409c1ed459ea899e939f0e1cdb14f58dbc803f2f93c5eab5694d32671b"},
-    {file = "greenlet-3.2.4-cp39-cp39-win_amd64.whl", hash = "sha256:d2e685ade4dafd447ede19c31277a224a239a0a1a4eca4e6390efedf20260cfb"},
-    {file = "greenlet-3.2.4.tar.gz", hash = "sha256:0dca0d95ff849f9a364385f36ab49f50065d76964944638be9691e1832e9f86d"},
-]
-
-[package.extras]
-docs = ["Sphinx", "furo"]
-test = ["objgraph", "psutil", "setuptools"]
-
 [[package]]
 name = "gunicorn"
 version = "23.0.0"
@@ -4223,29 +4046,6 @@ rsa = ["cryptography (>=3.0.0)"]
 signals = ["blinker (>=1.4.0)"]
 signedtoken = ["cryptography (>=3.0.0)", "pyjwt (>=2.0.0,<3)"]

-[[package]]
-name = "oci"
-version = "2.160.3"
-description = "Oracle Cloud Infrastructure Python SDK"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "oci-2.160.3-py3-none-any.whl", hash = "sha256:858bff3e697098bdda44833d2476bfb4632126f0182178e7dbde4dbd156d71f0"},
-    {file = "oci-2.160.3.tar.gz", hash = "sha256:57514889be3b713a8385d86e3ba8a33cf46e3563c2a7e29a93027fb30b8a2537"},
-]
-
-[package.dependencies]
-certifi = "*"
-circuitbreaker = {version = ">=1.3.1,<3.0.0", markers = "python_version >= \"3.7\""}
-cryptography = ">=3.2.1,<46.0.0"
-pyOpenSSL = ">=17.5.0,<25.0.0"
-python-dateutil = ">=2.5.3,<3.0.0"
-pytz = ">=2016.10"
-
-[package.extras]
-adk = ["docstring-parser (>=0.16) ; python_version >= \"3.10\" and python_version < \"4\"", "mcp (>=1.6.0) ; python_version >= \"3.10\" and python_version < \"4\"", "pydantic (>=2.10.6) ; python_version >= \"3.10\" and python_version < \"4\"", "rich (>=13.9.4) ; python_version >= \"3.10\" and python_version < \"4\""]
-
 [[package]]
 name = "openai"
 version = "1.101.0"
@@ -4780,7 +4580,7 @@ files = [

 [[package]]
 name = "prowler"
-version = "5.14.0"
+version = "5.13.0"
 description = "Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks."
 optional = false
 python-versions = ">3.9.1,<3.13"
@@ -4805,7 +4605,6 @@ azure-mgmt-keyvault = "10.3.1"
 azure-mgmt-loganalytics = "12.0.0"
 azure-mgmt-monitor = "6.0.2"
 azure-mgmt-network = "28.1.0"
-azure-mgmt-postgresqlflexibleservers = "1.1.0"
 azure-mgmt-rdbms = "10.1.0"
 azure-mgmt-recoveryservices = "3.1.0"
 azure-mgmt-recoveryservicesbackup = "9.2.0"
@@ -4835,7 +4634,6 @@ markdown = "3.9.0"
 microsoft-kiota-abstractions = "1.9.2"
 msgraph-sdk = "1.23.0"
 numpy = "2.0.2"
-oci = "2.160.3"
 pandas = "2.2.3"
 py-iam-expand = "0.1.0"
 py-ocsf-models = "0.5.0"
@@ -4852,8 +4650,8 @@ tzlocal = "5.3.1"
 [package.source]
 type = "git"
 url = "https://github.com/prowler-cloud/prowler.git"
-reference = "v5.14"
-resolved_reference = "3b05a1430e016cee92b60973705cba400255d9e5"
+reference = "master"
+resolved_reference = "a52697bfdfee83d14a49c11dcbe96888b5cd767e"

 [[package]]
 name = "psutil"
@@ -5338,25 +5136,6 @@ cffi = ">=1.4.1"
 docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"]
 tests = ["hypothesis (>=3.27.0)", "pytest (>=3.2.1,!=3.3.0)"]

-[[package]]
-name = "pyopenssl"
-version = "24.3.0"
-description = "Python wrapper module around the OpenSSL library"
-optional = false
-python-versions = ">=3.7"
-groups = ["main"]
-files = [
-    {file = "pyOpenSSL-24.3.0-py3-none-any.whl", hash = "sha256:e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a"},
-    {file = "pyopenssl-24.3.0.tar.gz", hash = "sha256:49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36"},
-]
-
-[package.dependencies]
-cryptography = ">=41.0.5,<45"
-
-[package.extras]
-docs = ["sphinx (!=5.2.0,!=5.2.0.post0,!=7.2.5)", "sphinx_rtd_theme"]
-test = ["pretend", "pytest (>=3.0.1)", "pytest-rerunfailures"]
-
 [[package]]
 name = "pyparsing"
 version = "3.2.3"
@@ -7004,69 +6783,7 @@ enabler = ["pytest-enabler (>=2.2)"]
 test = ["big-O", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more_itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"]
 type = ["pytest-mypy"]

-[[package]]
-name = "zope-event"
-version = "6.1"
-description = "Very basic event publishing system"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "zope_event-6.1-py3-none-any.whl", hash = "sha256:0ca78b6391b694272b23ec1335c0294cc471065ed10f7f606858fc54566c25a0"},
-    {file = "zope_event-6.1.tar.gz", hash = "sha256:6052a3e0cb8565d3d4ef1a3a7809336ac519bc4fe38398cb8d466db09adef4f0"},
-]
-
-[package.extras]
-docs = ["Sphinx"]
-test = ["zope.testrunner (>=6.4)"]
-
-[[package]]
-name = "zope-interface"
-version = "8.1.1"
-description = "Interfaces for Python"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "zope_interface-8.1.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5c6b12b656c7d7e3d79cad8e2afc4a37eae6b6076e2c209a33345143148e435e"},
-    {file = "zope_interface-8.1.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:557c0f1363c300db406e9eeaae8ab6d1ba429d4fed60d8ab7dadab5ca66ccd35"},
-    {file = "zope_interface-8.1.1-cp310-cp310-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:127b0e4c873752b777721543cf8525b3db5e76b88bd33bab807f03c568e9003f"},
-    {file = "zope_interface-8.1.1-cp310-cp310-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e0892c9d2dd47b45f62d1861bcae8b427fcc49b4a04fff67f12c5c55e56654d7"},
-    {file = "zope_interface-8.1.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ff8a92dc8c8a2c605074e464984e25b9b5a8ac9b2a0238dd73a0f374df59a77e"},
-    {file = "zope_interface-8.1.1-cp310-cp310-win_amd64.whl", hash = "sha256:54627ddf6034aab1f506ba750dd093f67d353be6249467d720e9f278a578efe5"},
-    {file = "zope_interface-8.1.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:e8a0fdd5048c1bb733e4693eae9bc4145a19419ea6a1c95299318a93fe9f3d72"},
-    {file = "zope_interface-8.1.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:a4cb0ea75a26b606f5bc8524fbce7b7d8628161b6da002c80e6417ce5ec757c0"},
-    {file = "zope_interface-8.1.1-cp311-cp311-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:c267b00b5a49a12743f5e1d3b4beef45479d696dab090f11fe3faded078a5133"},
-    {file = "zope_interface-8.1.1-cp311-cp311-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e25d3e2b9299e7ec54b626573673bdf0d740cf628c22aef0a3afef85b438aa54"},
-    {file = "zope_interface-8.1.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:63db1241804417aff95ac229c13376c8c12752b83cc06964d62581b493e6551b"},
-    {file = "zope_interface-8.1.1-cp311-cp311-win_amd64.whl", hash = "sha256:9639bf4ed07b5277fb231e54109117c30d608254685e48a7104a34618bcbfc83"},
-    {file = "zope_interface-8.1.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:a16715808408db7252b8c1597ed9008bdad7bf378ed48eb9b0595fad4170e49d"},
-    {file = "zope_interface-8.1.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce6b58752acc3352c4aa0b55bbeae2a941d61537e6afdad2467a624219025aae"},
-    {file = "zope_interface-8.1.1-cp312-cp312-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:807778883d07177713136479de7fd566f9056a13aef63b686f0ab4807c6be259"},
-    {file = "zope_interface-8.1.1-cp312-cp312-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:50e5eb3b504a7d63dc25211b9298071d5b10a3eb754d6bf2f8ef06cb49f807ab"},
-    {file = "zope_interface-8.1.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:eee6f93b2512ec9466cf30c37548fd3ed7bc4436ab29cd5943d7a0b561f14f0f"},
-    {file = "zope_interface-8.1.1-cp312-cp312-win_amd64.whl", hash = "sha256:80edee6116d569883c58ff8efcecac3b737733d646802036dc337aa839a5f06b"},
-    {file = "zope_interface-8.1.1-cp313-cp313-macosx_10_9_x86_64.whl", hash = "sha256:84f9be6d959640de9da5d14ac1f6a89148b16da766e88db37ed17e936160b0b1"},
-    {file = "zope_interface-8.1.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:531fba91dcb97538f70cf4642a19d6574269460274e3f6004bba6fe684449c51"},
-    {file = "zope_interface-8.1.1-cp313-cp313-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:fc65f5633d5a9583ee8d88d1f5de6b46cd42c62e47757cfe86be36fb7c8c4c9b"},
-    {file = "zope_interface-8.1.1-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:efef80ddec4d7d99618ef71bc93b88859248075ca2e1ae1c78636654d3d55533"},
-    {file = "zope_interface-8.1.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:49aad83525eca3b4747ef51117d302e891f0042b06f32aa1c7023c62642f962b"},
-    {file = "zope_interface-8.1.1-cp313-cp313-win_amd64.whl", hash = "sha256:71cf329a21f98cb2bd9077340a589e316ac8a415cac900575a32544b3dffcb98"},
-    {file = "zope_interface-8.1.1-cp314-cp314-macosx_10_9_x86_64.whl", hash = "sha256:da311e9d253991ca327601f47c4644d72359bac6950fbb22f971b24cd7850f8c"},
-    {file = "zope_interface-8.1.1-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:3fb25fca0442c7fb93c4ee40b42e3e033fef2f648730c4b7ae6d43222a3e8946"},
-    {file = "zope_interface-8.1.1-cp314-cp314-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:bac588d0742b4e35efb7c7df1dacc0397b51ed37a17d4169a38019a1cebacf0a"},
-    {file = "zope_interface-8.1.1-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:3d1f053d2d5e2b393e619bce1e55954885c2e63969159aa521839e719442db49"},
-    {file = "zope_interface-8.1.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:64a1ad7f4cb17d948c6bdc525a1d60c0e567b2526feb4fa38b38f249961306b8"},
-    {file = "zope_interface-8.1.1-cp314-cp314-win_amd64.whl", hash = "sha256:169214da1b82b7695d1a36f92d70b11166d66b6b09d03df35d150cc62ac52276"},
-    {file = "zope_interface-8.1.1.tar.gz", hash = "sha256:51b10e6e8e238d719636a401f44f1e366146912407b58453936b781a19be19ec"},
-]
-
-[package.extras]
-docs = ["Sphinx", "furo", "repoze.sphinx.autointerface"]
-test = ["coverage[toml]", "zope.event", "zope.testing"]
-testing = ["coverage[toml]", "zope.event", "zope.testing"]
-
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "6dcdbbed2a46ab0111f4e32979fb7e5c7e3f6a80c4d293ac21b8c1f73c555204"
+content-hash = "3c9164d668d37d6373eb5200bbe768232ead934d9312b9c68046b1df922789f3"
@@ -7,7 +7,7 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django (==5.1.14)",
+  "django (==5.1.13)",
  "django-allauth[saml] (>=65.8.0,<66.0.0)",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
@@ -24,7 +24,7 @@ dependencies = [
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
  "lxml==5.3.2",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.14",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
@@ -35,8 +35,7 @@ dependencies = [
  "markdown (>=3.9,<4.0)",
  "drf-simple-apikey (==2.2.1)",
  "matplotlib (>=3.10.6,<4.0.0)",
-  "reportlab (>=4.4.4,<5.0.0)",
-  "gevent (>=25.9.1,<26.0.0)"
+  "reportlab (>=4.4.4,<5.0.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -44,7 +43,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.15.2"
+version = "1.14.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -0,0 +1,3 @@
+# from django.contrib import admin
+
+# Register your models here.
@@ -144,7 +144,6 @@ def generate_scan_compliance(
    Returns:
        None: This function modifies the compliance_overview in place.
    """
-
    for compliance_id in PROWLER_CHECKS[provider_type][check_id]:
        for requirement in compliance_overview[compliance_id]["requirements"].values():
            if check_id in requirement["checks"]:
@@ -48,9 +48,8 @@ class MainRouter:
        return db == self.admin_db

    def allow_relation(self, obj1, obj2, **hints):  # noqa: F841
-        # Allow relations when both objects originate from allowed connectors
-        allowed_dbs = {self.default_db, self.admin_db, self.replica_db}
-        if {obj1._state.db, obj2._state.db} <= allowed_dbs:
+        # Allow relations if both objects are in either "default" or "admin" db connectors
+        if {obj1._state.db, obj2._state.db} <= {self.default_db, self.admin_db}:
            return True
        return None

@@ -1,35 +1,18 @@
 import re
 import secrets
-import time
 import uuid
 from contextlib import contextmanager
 from datetime import datetime, timedelta, timezone

-from celery.utils.log import get_task_logger
-from config.env import env
 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
-from django.db import (
-    DEFAULT_DB_ALIAS,
-    OperationalError,
-    connection,
-    connections,
-    models,
-    transaction,
-)
+from django.db import DEFAULT_DB_ALIAS, connection, connections, models, transaction
 from django_celery_beat.models import PeriodicTask
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
 from rest_framework_json_api.serializers import ValidationError

-from api.db_router import (
-    READ_REPLICA_ALIAS,
-    get_read_db_alias,
-    reset_read_db_alias,
-    set_read_db_alias,
-)
-
-logger = get_task_logger(__name__)
+from api.db_router import get_read_db_alias, reset_read_db_alias, set_read_db_alias

 DB_USER = settings.DATABASES["default"]["USER"] if not settings.TESTING else "test"
 DB_PASSWORD = (
@@ -45,9 +28,6 @@ TASK_RUNNER_DB_TABLE = "django_celery_results_taskresult"
 POSTGRES_TENANT_VAR = "api.tenant_id"
 POSTGRES_USER_VAR = "api.user_id"

-REPLICA_MAX_ATTEMPTS = env.int("POSTGRES_REPLICA_MAX_ATTEMPTS", default=3)
-REPLICA_RETRY_BASE_DELAY = env.float("POSTGRES_REPLICA_RETRY_BASE_DELAY", default=0.5)
-
 SET_CONFIG_QUERY = "SELECT set_config(%s, %s::text, TRUE);"


@@ -91,51 +71,24 @@ def rls_transaction(
    if db_alias not in connections:
        db_alias = DEFAULT_DB_ALIAS

-    alias = db_alias
-    is_replica = READ_REPLICA_ALIAS and alias == READ_REPLICA_ALIAS
-    max_attempts = REPLICA_MAX_ATTEMPTS if is_replica else 1
+    router_token = None
+    try:
+        if db_alias != DEFAULT_DB_ALIAS:
+            router_token = set_read_db_alias(db_alias)

-    for attempt in range(1, max_attempts + 1):
-        router_token = None
-
-        # On final attempt, fallback to primary
-        if attempt == max_attempts and is_replica:
-            logger.warning(
-                f"RLS transaction failed after {attempt - 1} attempts on replica, "
-                f"falling back to primary DB"
-            )
-            alias = DEFAULT_DB_ALIAS
-
-        conn = connections[alias]
-        try:
-            if alias != DEFAULT_DB_ALIAS:
-                router_token = set_read_db_alias(alias)
-
-            with transaction.atomic(using=alias):
-                with conn.cursor() as cursor:
-                    try:
-                        # just in case the value is a UUID object
-                        uuid.UUID(str(value))
-                    except ValueError:
-                        raise ValidationError("Must be a valid UUID")
-                    cursor.execute(SET_CONFIG_QUERY, [parameter, value])
-                    yield cursor
-            return
-        except OperationalError as e:
-            # If on primary or max attempts reached, raise
-            if not is_replica or attempt == max_attempts:
-                raise
-
-            # Retry with exponential backoff
-            delay = REPLICA_RETRY_BASE_DELAY * (2 ** (attempt - 1))
-            logger.info(
-                f"RLS transaction failed on replica (attempt {attempt}/{max_attempts}), "
-                f"retrying in {delay}s. Error: {e}"
-            )
-            time.sleep(delay)
-        finally:
-            if router_token is not None:
-                reset_read_db_alias(router_token)
+        with transaction.atomic(using=db_alias):
+            conn = connections[db_alias]
+            with conn.cursor() as cursor:
+                try:
+                    # just in case the value is a UUID object
+                    uuid.UUID(str(value))
+                except ValueError:
+                    raise ValidationError("Must be a valid UUID")
+                cursor.execute(SET_CONFIG_QUERY, [parameter, value])
+                yield cursor
+    finally:
+        if router_token is not None:
+            reset_read_db_alias(router_token)


 class CustomUserManager(BaseUserManager):
@@ -27,10 +27,7 @@ from api.models import (
    Finding,
    Integration,
    Invitation,
-    LighthouseProviderConfiguration,
-    LighthouseProviderModels,
    Membership,
-    MuteRule,
    OverviewStatusChoices,
    PermissionChoices,
    Processor,
@@ -47,7 +44,6 @@ from api.models import (
    StatusChoices,
    Task,
    TenantAPIKey,
-    ThreatScoreSnapshot,
    User,
 )
 from api.rls import Tenant
@@ -249,14 +245,6 @@ class ProviderFilter(FilterSet):
        choices=Provider.ProviderChoices.choices,
        lookup_expr="in",
    )
-    provider_type = ChoiceFilter(
-        choices=Provider.ProviderChoices.choices, field_name="provider"
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )

    class Meta:
        model = Provider
@@ -761,14 +749,6 @@ class RoleFilter(FilterSet):
 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    scan_id = UUIDFilter(field_name="scan_id")
-    provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
-    )
    region = CharFilter(field_name="region")

    class Meta:
@@ -820,8 +800,7 @@ class ScanSummarySeverityFilter(ScanSummaryFilter):
        elif value == OverviewStatusChoices.PASS:
            return queryset.annotate(status_count=F("_pass"))
        else:
-            # Exclude muted findings by default
-            return queryset.annotate(status_count=F("_pass") + F("fail"))
+            return queryset.annotate(status_count=F("total"))

    def filter_status_in(self, queryset, name, value):
        # Validate the status values
@@ -830,7 +809,7 @@ class ScanSummarySeverityFilter(ScanSummaryFilter):
            if status_val not in valid_statuses:
                raise ValidationError(f"Invalid status value: {status_val}")

-        # If all statuses or no valid statuses, exclude muted findings (pass + fail)
+        # If all statuses or no valid statuses, use total
        if (
            set(value)
            >= {
@@ -839,7 +818,7 @@ class ScanSummarySeverityFilter(ScanSummaryFilter):
            }
            or not value
        ):
-            return queryset.annotate(status_count=F("_pass") + F("fail"))
+            return queryset.annotate(status_count=F("total"))

        # Build the sum expression based on status values
        sum_expression = None
@@ -857,7 +836,7 @@ class ScanSummarySeverityFilter(ScanSummaryFilter):
                sum_expression = sum_expression + field_expr

        if sum_expression is None:
-            return queryset.annotate(status_count=F("_pass") + F("fail"))
+            return queryset.annotate(status_count=F("total"))

        return queryset.annotate(status_count=sum_expression)

@@ -869,6 +848,26 @@ class ScanSummarySeverityFilter(ScanSummaryFilter):
        }


+class ServiceOverviewFilter(ScanSummaryFilter):
+    def is_valid(self):
+        # Check if at least one of the inserted_at filters is present
+        inserted_at_filters = [
+            self.data.get("inserted_at"),
+            self.data.get("inserted_at__gte"),
+            self.data.get("inserted_at__lte"),
+        ]
+        if not any(inserted_at_filters):
+            raise ValidationError(
+                {
+                    "inserted_at": [
+                        "At least one of filter[inserted_at], filter[inserted_at__gte], or "
+                        "filter[inserted_at__lte] is required."
+                    ]
+                }
+            )
+        return super().is_valid()
+
+
 class IntegrationFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    integration_type = ChoiceFilter(choices=Integration.IntegrationChoices.choices)
@@ -929,95 +928,3 @@ class TenantApiKeyFilter(FilterSet):
            "revoked": ["exact"],
            "name": ["exact", "icontains"],
        }
-
-
-class LighthouseProviderConfigFilter(FilterSet):
-    provider_type = ChoiceFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_type",
-        lookup_expr="in",
-    )
-    is_active = BooleanFilter()
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = {
-            "provider_type": ["exact", "in"],
-            "is_active": ["exact"],
-        }
-
-
-class LighthouseProviderModelsFilter(FilterSet):
-    provider_type = ChoiceFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_configuration__provider_type",
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=LighthouseProviderConfiguration.LLMProviderChoices.choices,
-        field_name="provider_configuration__provider_type",
-        lookup_expr="in",
-    )
-
-    # Allow filtering by model id
-    model_id = CharFilter(field_name="model_id", lookup_expr="exact")
-    model_id__icontains = CharFilter(field_name="model_id", lookup_expr="icontains")
-    model_id__in = CharInFilter(field_name="model_id", lookup_expr="in")
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = {
-            "model_id": ["exact", "icontains", "in"],
-        }
-
-
-class MuteRuleFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    created_by = UUIDFilter(field_name="created_by__id", lookup_expr="exact")
-
-    class Meta:
-        model = MuteRule
-        fields = {
-            "id": ["exact", "in"],
-            "name": ["exact", "icontains"],
-            "reason": ["icontains"],
-            "enabled": ["exact"],
-            "inserted_at": ["gte", "lte"],
-            "updated_at": ["gte", "lte"],
-        }
-
-
-class ThreatScoreSnapshotFilter(FilterSet):
-    """
-    Filter for ThreatScore snapshots.
-    Allows filtering by scan, provider, compliance_id, and date ranges.
-    """
-
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    scan_id = UUIDFilter(field_name="scan__id", lookup_expr="exact")
-    scan_id__in = UUIDInFilter(field_name="scan__id", lookup_expr="in")
-    provider_id = UUIDFilter(field_name="provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        field_name="provider__provider", choices=Provider.ProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="provider__provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )
-    compliance_id = CharFilter(field_name="compliance_id", lookup_expr="exact")
-    compliance_id__in = CharInFilter(field_name="compliance_id", lookup_expr="in")
-
-    class Meta:
-        model = ThreatScoreSnapshot
-        fields = {
-            "scan": ["exact", "in"],
-            "provider": ["exact", "in"],
-            "compliance_id": ["exact", "in"],
-            "inserted_at": ["date", "gte", "lte"],
-            "overall_score": ["exact", "gte", "lte"],
-        }
@@ -24,7 +24,7 @@ class Migration(migrations.Migration):
                (
                    "name",
                    models.CharField(
-                        max_length=100,
+                        max_length=255,
                        validators=[django.core.validators.MinLengthValidator(3)],
                    ),
                ),
@@ -1,266 +0,0 @@
-# Generated by Django 5.1.12 on 2025-10-09 07:50
-
-import json
-import logging
-import uuid
-
-import django.db.models.deletion
-from config.custom_logging import BackendLogger
-from cryptography.fernet import Fernet
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-from api.db_router import MainRouter
-
-logger = logging.getLogger(BackendLogger.API)
-
-
-def migrate_lighthouse_configs_forward(apps, schema_editor):
-    """
-    Migrate data from old LighthouseConfiguration to new multi-provider models.
-    Old system: one LighthouseConfiguration per tenant (always OpenAI).
-    """
-    LighthouseConfiguration = apps.get_model("api", "LighthouseConfiguration")
-    LighthouseProviderConfiguration = apps.get_model(
-        "api", "LighthouseProviderConfiguration"
-    )
-    LighthouseTenantConfiguration = apps.get_model(
-        "api", "LighthouseTenantConfiguration"
-    )
-    LighthouseProviderModels = apps.get_model("api", "LighthouseProviderModels")
-
-    fernet = Fernet(settings.SECRETS_ENCRYPTION_KEY.encode())
-
-    # Migrate only tenants that actually have a LighthouseConfiguration
-    for old_config in (
-        LighthouseConfiguration.objects.using(MainRouter.admin_db)
-        .select_related("tenant")
-        .all()
-    ):
-        tenant = old_config.tenant
-        tenant_id = str(tenant.id)
-
-        try:
-            # Create OpenAI provider configuration for this tenant
-            api_key_decrypted = fernet.decrypt(bytes(old_config.api_key)).decode()
-            credentials_encrypted = fernet.encrypt(
-                json.dumps({"api_key": api_key_decrypted}).encode()
-            )
-            provider_config = LighthouseProviderConfiguration.objects.using(
-                MainRouter.admin_db
-            ).create(
-                tenant=tenant,
-                provider_type="openai",
-                credentials=credentials_encrypted,
-                is_active=old_config.is_active,
-            )
-
-            # Create tenant configuration from old values
-            LighthouseTenantConfiguration.objects.using(MainRouter.admin_db).create(
-                tenant=tenant,
-                business_context=old_config.business_context or "",
-                default_provider="openai",
-                default_models={"openai": old_config.model},
-            )
-
-            # Create initial provider model record
-            LighthouseProviderModels.objects.using(MainRouter.admin_db).create(
-                tenant=tenant,
-                provider_configuration=provider_config,
-                model_id=old_config.model,
-                model_name=old_config.model,
-                default_parameters={},
-            )
-
-        except Exception:
-            logger.exception(
-                "Failed to migrate lighthouse config for tenant %s", tenant_id
-            )
-            continue
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0049_compliancerequirementoverview_passed_failed_findings"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="LighthouseProviderConfiguration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "provider_type",
-                    models.CharField(
-                        choices=[("openai", "OpenAI")],
-                        help_text="LLM provider name",
-                        max_length=50,
-                    ),
-                ),
-                ("base_url", models.URLField(blank=True, null=True)),
-                (
-                    "credentials",
-                    models.BinaryField(
-                        help_text="Encrypted JSON credentials for the provider"
-                    ),
-                ),
-                ("is_active", models.BooleanField(default=True)),
-            ],
-            options={
-                "db_table": "lighthouse_provider_configurations",
-                "abstract": False,
-            },
-        ),
-        migrations.CreateModel(
-            name="LighthouseProviderModels",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("model_id", models.CharField(max_length=100)),
-                ("model_name", models.CharField(max_length=100)),
-                ("default_parameters", models.JSONField(blank=True, default=dict)),
-            ],
-            options={
-                "db_table": "lighthouse_provider_models",
-                "abstract": False,
-            },
-        ),
-        migrations.CreateModel(
-            name="LighthouseTenantConfiguration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("business_context", models.TextField(blank=True, default="")),
-                ("default_provider", models.CharField(blank=True, max_length=50)),
-                ("default_models", models.JSONField(blank=True, default=dict)),
-            ],
-            options={
-                "db_table": "lighthouse_tenant_config",
-                "abstract": False,
-            },
-        ),
-        migrations.AddField(
-            model_name="lighthouseproviderconfiguration",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthouseprovidermodels",
-            name="provider_configuration",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE,
-                related_name="available_models",
-                to="api.lighthouseproviderconfiguration",
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthouseprovidermodels",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddField(
-            model_name="lighthousetenantconfiguration",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="lighthouseproviderconfiguration",
-            index=models.Index(
-                fields=["tenant_id", "provider_type"], name="lh_pc_tenant_type_idx"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseproviderconfiguration",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthouseproviderconfiguration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseproviderconfiguration",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider_type"),
-                name="unique_provider_config_per_tenant",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="lighthouseprovidermodels",
-            index=models.Index(
-                fields=["tenant_id", "provider_configuration"],
-                name="lh_prov_models_cfg_idx",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseprovidermodels",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthouseprovidermodels",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthouseprovidermodels",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider_configuration", "model_id"),
-                name="unique_provider_model_per_configuration",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthousetenantconfiguration",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_lighthousetenantconfiguration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="lighthousetenantconfiguration",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id",), name="unique_tenant_lighthouse_config"
-            ),
-        ),
-        # Migrate data from old LighthouseConfiguration to new tables
-        # This runs after all tables, indexes, and constraints are created
-        # The old Lighthouse configuration table is not removed, so reverse_code is noop
-        # During rollbacks, the old Lighthouse configuration remains intact while the new tables are removed
-        migrations.RunPython(
-            migrate_lighthouse_configs_forward,
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
@@ -1,34 +0,0 @@
-# Generated by Django 5.1.7 on 2025-10-14 00:00
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0050_lighthouse_multi_llm"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'oraclecloud';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,117 +0,0 @@
-# Generated by Django 5.1.13 on 2025-10-22 11:56
-
-import uuid
-
-import django.contrib.postgres.fields
-import django.core.validators
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0051_oraclecloud_provider"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="MuteRule",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "name",
-                    models.CharField(
-                        help_text="Human-readable name for this rule",
-                        max_length=100,
-                        validators=[django.core.validators.MinLengthValidator(3)],
-                    ),
-                ),
-                (
-                    "reason",
-                    models.TextField(
-                        help_text="Reason for muting",
-                        max_length=500,
-                        validators=[django.core.validators.MinLengthValidator(3)],
-                    ),
-                ),
-                (
-                    "enabled",
-                    models.BooleanField(
-                        default=True, help_text="Whether this rule is currently enabled"
-                    ),
-                ),
-                (
-                    "finding_uids",
-                    django.contrib.postgres.fields.ArrayField(
-                        base_field=models.CharField(max_length=255),
-                        help_text="List of finding UIDs to mute",
-                        size=None,
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "mute_rules",
-                "abstract": False,
-            },
-        ),
-        migrations.AddField(
-            model_name="finding",
-            name="muted_at",
-            field=models.DateTimeField(
-                blank=True, help_text="Timestamp when this finding was muted", null=True
-            ),
-        ),
-        migrations.AlterField(
-            model_name="tenantapikey",
-            name="name",
-            field=models.CharField(
-                max_length=100,
-                validators=[django.core.validators.MinLengthValidator(3)],
-            ),
-        ),
-        migrations.AddField(
-            model_name="muterule",
-            name="created_by",
-            field=models.ForeignKey(
-                help_text="User who created this rule",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="created_mute_rules",
-                to=settings.AUTH_USER_MODEL,
-            ),
-        ),
-        migrations.AddField(
-            model_name="muterule",
-            name="tenant",
-            field=models.ForeignKey(
-                on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="muterule",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_muterule",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="muterule",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "name"), name="unique_mute_rule_name_per_tenant"
-            ),
-        ),
-    ]
@@ -1,25 +0,0 @@
-# Generated by Django 5.1.12 on 2025-10-14 11:46
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0052_mute_rules"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="lighthouseproviderconfiguration",
-            name="provider_type",
-            field=models.CharField(
-                choices=[
-                    ("openai", "OpenAI"),
-                    ("bedrock", "AWS Bedrock"),
-                    ("openai_compatible", "OpenAI Compatible"),
-                ],
-                help_text="LLM provider name",
-                max_length=50,
-            ),
-        )
-    ]
@@ -1,35 +0,0 @@
-# Generated by Django 5.1.10 on 2025-09-09 09:25
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0053_lighthouse_bedrock_openai_compatible"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                    ("iac", "IaC"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'iac';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,36 +0,0 @@
-# Generated by Django 5.1.13 on 2025-11-05 08:37
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0054_iac_provider"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("mongodbatlas", "MongoDB Atlas"),
-                    ("iac", "IaC"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'mongodbatlas';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,24 +0,0 @@
-# Generated by Django 5.1.13 on 2025-11-06 09:20
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0055_mongodbatlas_provider"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                condition=models.Q(("is_deleted", False)),
-                fields=("tenant_id", "provider", "uid"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
@@ -1,170 +0,0 @@
-# Generated by Django 5.1.13 on 2025-10-31 09:04
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0056_remove_provider_unique_provider_uids_and_more"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="ThreatScoreSnapshot",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "compliance_id",
-                    models.CharField(
-                        help_text="Compliance framework ID (e.g., 'prowler_threatscore_aws')",
-                        max_length=100,
-                    ),
-                ),
-                (
-                    "overall_score",
-                    models.DecimalField(
-                        decimal_places=2,
-                        help_text="Overall ThreatScore percentage (0-100)",
-                        max_digits=5,
-                    ),
-                ),
-                (
-                    "score_delta",
-                    models.DecimalField(
-                        blank=True,
-                        decimal_places=2,
-                        help_text="Score change compared to previous snapshot (positive = improvement)",
-                        max_digits=5,
-                        null=True,
-                    ),
-                ),
-                (
-                    "section_scores",
-                    models.JSONField(
-                        blank=True,
-                        default=dict,
-                        help_text="ThreatScore breakdown by section",
-                    ),
-                ),
-                (
-                    "critical_requirements",
-                    models.JSONField(
-                        blank=True,
-                        default=list,
-                        help_text="List of critical failed requirements (risk >= 4)",
-                    ),
-                ),
-                (
-                    "total_requirements",
-                    models.IntegerField(
-                        default=0, help_text="Total number of requirements evaluated"
-                    ),
-                ),
-                (
-                    "passed_requirements",
-                    models.IntegerField(
-                        default=0, help_text="Number of requirements with PASS status"
-                    ),
-                ),
-                (
-                    "failed_requirements",
-                    models.IntegerField(
-                        default=0, help_text="Number of requirements with FAIL status"
-                    ),
-                ),
-                (
-                    "manual_requirements",
-                    models.IntegerField(
-                        default=0, help_text="Number of requirements with MANUAL status"
-                    ),
-                ),
-                (
-                    "total_findings",
-                    models.IntegerField(
-                        default=0,
-                        help_text="Total number of findings across all requirements",
-                    ),
-                ),
-                (
-                    "passed_findings",
-                    models.IntegerField(
-                        default=0, help_text="Number of findings with PASS status"
-                    ),
-                ),
-                (
-                    "failed_findings",
-                    models.IntegerField(
-                        default=0, help_text="Number of findings with FAIL status"
-                    ),
-                ),
-                (
-                    "provider",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="threatscore_snapshots",
-                        related_query_name="threatscore_snapshot",
-                        to="api.provider",
-                    ),
-                ),
-                (
-                    "scan",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="threatscore_snapshots",
-                        related_query_name="threatscore_snapshot",
-                        to="api.scan",
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "threatscore_snapshots",
-                "abstract": False,
-            },
-        ),
-        migrations.AddIndex(
-            model_name="threatscoresnapshot",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="threatscore_snap_t_scan_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="threatscoresnapshot",
-            index=models.Index(
-                fields=["tenant_id", "provider_id"], name="threatscore_snap_t_prov_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="threatscoresnapshot",
-            index=models.Index(
-                fields=["tenant_id", "inserted_at"], name="threatscore_snap_t_time_idx"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="threatscoresnapshot",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_threatscoresnapshot",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -1,29 +0,0 @@
-from django.contrib.postgres.operations import RemoveIndexConcurrently
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0057_threatscoresnapshot"),
-    ]
-
-    operations = [
-        RemoveIndexConcurrently(
-            model_name="compliancerequirementoverview",
-            name="cro_tenant_scan_idx",
-        ),
-        RemoveIndexConcurrently(
-            model_name="compliancerequirementoverview",
-            name="cro_scan_comp_idx",
-        ),
-        RemoveIndexConcurrently(
-            model_name="compliancerequirementoverview",
-            name="cro_scan_comp_req_idx",
-        ),
-        RemoveIndexConcurrently(
-            model_name="compliancerequirementoverview",
-            name="cro_scan_comp_req_reg_idx",
-        ),
-    ]
@@ -1,75 +0,0 @@
-# Generated by Django 5.1.13 on 2025-10-30 15:23
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0058_drop_redundant_compliance_requirement_indexes"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="ComplianceOverviewSummary",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("compliance_id", models.TextField()),
-                ("requirements_passed", models.IntegerField(default=0)),
-                ("requirements_failed", models.IntegerField(default=0)),
-                ("requirements_manual", models.IntegerField(default=0)),
-                ("total_requirements", models.IntegerField(default=0)),
-                (
-                    "scan",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="compliance_summaries",
-                        related_query_name="compliance_summary",
-                        to="api.scan",
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "compliance_overview_summaries",
-                "abstract": False,
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "scan_id"], name="cos_tenant_scan_idx"
-                    )
-                ],
-                "constraints": [
-                    models.UniqueConstraint(
-                        fields=("tenant_id", "scan_id", "compliance_id"),
-                        name="unique_compliance_summary_per_scan",
-                    )
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="complianceoverviewsummary",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_complianceoverviewsummary",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -284,9 +284,6 @@ class Provider(RowLevelSecurityProtectedModel):
        KUBERNETES = "kubernetes", _("Kubernetes")
        M365 = "m365", _("M365")
        GITHUB = "github", _("GitHub")
-        MONGODBATLAS = "mongodbatlas", _("MongoDB Atlas")
-        IAC = "iac", _("IaC")
-        ORACLECLOUD = "oraclecloud", _("Oracle Cloud Infrastructure")

    @staticmethod
    def validate_aws_uid(value):
@@ -357,40 +354,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_iac_uid(value):
-        # Validate that it's a valid repository URL (git URL format)
-        if not re.match(
-            r"^(https?://|git@|ssh://)[^\s/]+[^\s]*\.git$|^(https?://)[^\s/]+[^\s]*$",
-            value,
-        ):
-            raise ModelValidationError(
-                detail="IaC provider ID must be a valid repository URL (e.g., https://github.com/user/repo or https://github.com/user/repo.git).",
-                code="iac-uid",
-                pointer="/data/attributes/uid",
-            )
-
-    @staticmethod
-    def validate_oraclecloud_uid(value):
-        if not re.match(
-            r"^ocid1\.([a-z0-9_-]+)\.([a-z0-9_-]+)\.([a-z0-9_-]*)\.([a-z0-9]+)$", value
-        ):
-            raise ModelValidationError(
-                detail="Oracle Cloud Infrastructure provider ID must be a valid tenancy OCID in the format: "
-                "ocid1.<resource_type>.<realm>.<region>.<unique_id>",
-                code="oraclecloud-uid",
-                pointer="/data/attributes/uid",
-            )
-
-    @staticmethod
-    def validate_mongodbatlas_uid(value):
-        if not re.match(r"^[0-9a-fA-F]{24}$", value):
-            raise ModelValidationError(
-                detail="MongoDB Atlas organization ID must be a 24-character hexadecimal string.",
-                code="mongodbatlas-uid",
-                pointer="/data/attributes/uid",
-            )
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -425,8 +388,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid"),
-                condition=Q(is_deleted=False),
+                fields=("tenant_id", "provider", "uid", "is_deleted"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -848,9 +810,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    muted_reason = models.TextField(
        blank=True, null=True, validators=[MinLengthValidator(3)], max_length=500
    )
-    muted_at = models.DateTimeField(
-        null=True, blank=True, help_text="Timestamp when this finding was muted"
-    )
    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Denormalize resource data for performance
@@ -1371,70 +1330,35 @@ class ComplianceRequirementOverview(RowLevelSecurityProtectedModel):
            ),
        ]
        indexes = [
+            models.Index(fields=["tenant_id", "scan_id"], name="cro_tenant_scan_idx"),
+            models.Index(
+                fields=["tenant_id", "scan_id", "compliance_id"],
+                name="cro_scan_comp_idx",
+            ),
            models.Index(
                fields=["tenant_id", "scan_id", "compliance_id", "region"],
                name="cro_scan_comp_reg_idx",
            ),
+            models.Index(
+                fields=["tenant_id", "scan_id", "compliance_id", "requirement_id"],
+                name="cro_scan_comp_req_idx",
+            ),
+            models.Index(
+                fields=[
+                    "tenant_id",
+                    "scan_id",
+                    "compliance_id",
+                    "requirement_id",
+                    "region",
+                ],
+                name="cro_scan_comp_req_reg_idx",
+            ),
        ]

    class JSONAPIMeta:
        resource_name = "compliance-requirements-overviews"


-class ComplianceOverviewSummary(RowLevelSecurityProtectedModel):
-    """
-    Pre-aggregated compliance overview aggregated across ALL regions.
-    One row per (scan_id, compliance_id) combination.
-
-    This table optimizes the common case where users view overall compliance
-    without filtering by region. For region-specific views, the detailed
-    ComplianceRequirementOverview table is used instead.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-
-    scan = models.ForeignKey(
-        Scan,
-        on_delete=models.CASCADE,
-        related_name="compliance_summaries",
-        related_query_name="compliance_summary",
-    )
-
-    compliance_id = models.TextField(blank=False)
-
-    # Pre-aggregated scores (computed across ALL regions)
-    requirements_passed = models.IntegerField(default=0)
-    requirements_failed = models.IntegerField(default=0)
-    requirements_manual = models.IntegerField(default=0)
-    total_requirements = models.IntegerField(default=0)
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "compliance_overview_summaries"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "scan_id", "compliance_id"),
-                name="unique_compliance_summary_per_scan",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "DELETE"],
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "scan_id"],
-                name="cos_tenant_scan_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "compliance-overview-summaries"
-
-
 class ScanSummary(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
@@ -1949,6 +1873,22 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
    def clean(self):
        super().clean()

+        # Validate temperature
+        if not 0 <= self.temperature <= 1:
+            raise ModelValidationError(
+                detail="Temperature must be between 0 and 1",
+                code="invalid_temperature",
+                pointer="/data/attributes/temperature",
+            )
+
+        # Validate max_tokens
+        if not 500 <= self.max_tokens <= 5000:
+            raise ModelValidationError(
+                detail="Max tokens must be between 500 and 5000",
+                code="invalid_max_tokens",
+                pointer="/data/attributes/max_tokens",
+            )
+
    @property
    def api_key_decoded(self):
        """Return the decrypted API key, or None if unavailable or invalid."""
@@ -1973,6 +1913,15 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
                code="invalid_api_key",
                pointer="/data/attributes/api_key",
            )
+
+        # Validate OpenAI API key format
+        openai_key_pattern = r"^sk-[\w-]+T3BlbkFJ[\w-]+$"
+        if not re.match(openai_key_pattern, value):
+            raise ModelValidationError(
+                detail="Invalid OpenAI API key format.",
+                code="invalid_api_key",
+                pointer="/data/attributes/api_key",
+            )
        self.api_key = fernet.encrypt(value.encode())

    def save(self, *args, **kwargs):
@@ -1998,59 +1947,6 @@ class LighthouseConfiguration(RowLevelSecurityProtectedModel):
        resource_name = "lighthouse-configurations"


-class MuteRule(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    # Rule metadata
-    name = models.CharField(
-        max_length=100,
-        validators=[MinLengthValidator(3)],
-        help_text="Human-readable name for this rule",
-    )
-    reason = models.TextField(
-        validators=[MinLengthValidator(3)],
-        max_length=500,
-        help_text="Reason for muting",
-    )
-    enabled = models.BooleanField(
-        default=True, help_text="Whether this rule is currently enabled"
-    )
-
-    # Audit fields
-    created_by = models.ForeignKey(
-        User,
-        on_delete=models.SET_NULL,
-        null=True,
-        related_name="created_mute_rules",
-        help_text="User who created this rule",
-    )
-
-    # Rule criteria - array of finding UIDs
-    finding_uids = ArrayField(
-        models.CharField(max_length=255), help_text="List of finding UIDs to mute"
-    )
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "mute_rules"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=("tenant_id", "name"),
-                name="unique_mute_rule_name_per_tenant",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "mute-rules"
-
-
 class Processor(RowLevelSecurityProtectedModel):
    class ProcessorChoices(models.TextChoices):
        MUTELIST = "mutelist", _("Mutelist")
@@ -2088,320 +1984,3 @@ class Processor(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "processors"
-
-
-class LighthouseProviderConfiguration(RowLevelSecurityProtectedModel):
-    """
-    Per-tenant configuration for an LLM provider (credentials, base URL, activation).
-
-    One configuration per provider type per tenant.
-    """
-
-    class LLMProviderChoices(models.TextChoices):
-        OPENAI = "openai", _("OpenAI")
-        BEDROCK = "bedrock", _("AWS Bedrock")
-        OPENAI_COMPATIBLE = "openai_compatible", _("OpenAI Compatible")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    provider_type = models.CharField(
-        max_length=50,
-        choices=LLMProviderChoices.choices,
-        help_text="LLM provider name",
-    )
-
-    # For OpenAI-compatible providers
-    base_url = models.URLField(blank=True, null=True)
-
-    # Encrypted JSON for provider-specific auth
-    credentials = models.BinaryField(
-        blank=False, null=False, help_text="Encrypted JSON credentials for the provider"
-    )
-
-    is_active = models.BooleanField(default=True)
-
-    def __str__(self):
-        return f"{self.get_provider_type_display()} ({self.tenant_id})"
-
-    def clean(self):
-        super().clean()
-
-    @property
-    def credentials_decoded(self):
-        if not self.credentials:
-            return None
-        try:
-            decrypted_data = fernet.decrypt(bytes(self.credentials))
-            return json.loads(decrypted_data.decode())
-        except (InvalidToken, json.JSONDecodeError) as e:
-            logger.warning("Failed to decrypt provider credentials: %s", e)
-            return None
-        except Exception as e:
-            logger.exception(
-                "Unexpected error while decrypting provider credentials: %s", e
-            )
-            return None
-
-    @credentials_decoded.setter
-    def credentials_decoded(self, value):
-        """
-        Set and encrypt credentials (assumes serializer performed validation).
-        """
-        if not value:
-            raise ModelValidationError(
-                detail="Credentials are required",
-                code="invalid_credentials",
-                pointer="/data/attributes/credentials",
-            )
-        self.credentials = fernet.encrypt(json.dumps(value).encode())
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_provider_configurations"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id", "provider_type"],
-                name="unique_provider_config_per_tenant",
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "provider_type"],
-                name="lh_pc_tenant_type_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-providers"
-
-
-class LighthouseTenantConfiguration(RowLevelSecurityProtectedModel):
-    """
-    Tenant-level Lighthouse settings (business context and defaults).
-    One record per tenant.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    business_context = models.TextField(blank=True, default="")
-
-    # Preferred provider key (e.g., "openai", "bedrock", "openai_compatible")
-    default_provider = models.CharField(max_length=50, blank=True)
-
-    # Mapping of provider -> model id, e.g., {"openai": "gpt-4o", "bedrock": "anthropic.claude-v2"}
-    default_models = models.JSONField(default=dict, blank=True)
-
-    def __str__(self):
-        return f"Lighthouse Tenant Config for {self.tenant_id}"
-
-    def clean(self):
-        super().clean()
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_tenant_config"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id"], name="unique_tenant_lighthouse_config"
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-configurations"
-
-
-class LighthouseProviderModels(RowLevelSecurityProtectedModel):
-    """
-    Per-tenant, per-provider configuration list of available LLM models.
-    RLS-protected; populated via provider API using tenant-scoped credentials.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-
-    # Scope to a specific provider configuration within a tenant
-    provider_configuration = models.ForeignKey(
-        LighthouseProviderConfiguration,
-        on_delete=models.CASCADE,
-        related_name="available_models",
-    )
-    model_id = models.CharField(max_length=100)
-
-    # Human-friendly model name
-    model_name = models.CharField(max_length=100)
-
-    # Model-specific default parameters (e.g., temperature, max_tokens)
-    default_parameters = models.JSONField(default=dict, blank=True)
-
-    def __str__(self):
-        return f"{self.provider_configuration.provider_type}:{self.model_id} ({self.tenant_id})"
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "lighthouse_provider_models"
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=["tenant_id", "provider_configuration", "model_id"],
-                name="unique_provider_model_per_configuration",
-            ),
-        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "provider_configuration"],
-                name="lh_prov_models_cfg_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-models"
-
-
-class ThreatScoreSnapshot(RowLevelSecurityProtectedModel):
-    """
-    Stores historical ThreatScore metrics for a given scan.
-    Snapshots are created automatically after each ThreatScore report generation.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-
-    scan = models.ForeignKey(
-        Scan,
-        on_delete=models.CASCADE,
-        related_name="threatscore_snapshots",
-        related_query_name="threatscore_snapshot",
-    )
-
-    provider = models.ForeignKey(
-        Provider,
-        on_delete=models.CASCADE,
-        related_name="threatscore_snapshots",
-        related_query_name="threatscore_snapshot",
-    )
-
-    compliance_id = models.CharField(
-        max_length=100,
-        blank=False,
-        null=False,
-        help_text="Compliance framework ID (e.g., 'prowler_threatscore_aws')",
-    )
-
-    # Overall ThreatScore metrics
-    overall_score = models.DecimalField(
-        max_digits=5,
-        decimal_places=2,
-        help_text="Overall ThreatScore percentage (0-100)",
-    )
-
-    # Score improvement/degradation compared to previous snapshot
-    score_delta = models.DecimalField(
-        max_digits=5,
-        decimal_places=2,
-        null=True,
-        blank=True,
-        help_text="Score change compared to previous snapshot (positive = improvement)",
-    )
-
-    # Section breakdown stored as JSON
-    # Format: {"1. IAM": 85.5, "2. Attack Surface": 92.3, ...}
-    section_scores = models.JSONField(
-        default=dict,
-        blank=True,
-        help_text="ThreatScore breakdown by section",
-    )
-
-    # Critical requirements metadata stored as JSON
-    # Format: [{"requirement_id": "...", "risk_level": 5, "weight": 150, ...}, ...]
-    critical_requirements = models.JSONField(
-        default=list,
-        blank=True,
-        help_text="List of critical failed requirements (risk >= 4)",
-    )
-
-    # Summary statistics
-    total_requirements = models.IntegerField(
-        default=0,
-        help_text="Total number of requirements evaluated",
-    )
-
-    passed_requirements = models.IntegerField(
-        default=0,
-        help_text="Number of requirements with PASS status",
-    )
-
-    failed_requirements = models.IntegerField(
-        default=0,
-        help_text="Number of requirements with FAIL status",
-    )
-
-    manual_requirements = models.IntegerField(
-        default=0,
-        help_text="Number of requirements with MANUAL status",
-    )
-
-    total_findings = models.IntegerField(
-        default=0,
-        help_text="Total number of findings across all requirements",
-    )
-
-    passed_findings = models.IntegerField(
-        default=0,
-        help_text="Number of findings with PASS status",
-    )
-
-    failed_findings = models.IntegerField(
-        default=0,
-        help_text="Number of findings with FAIL status",
-    )
-
-    def __str__(self):
-        return f"ThreatScore {self.overall_score}% for scan {self.scan_id} ({self.inserted_at})"
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "threatscore_snapshots"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "scan_id"],
-                name="threatscore_snap_t_scan_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "provider_id"],
-                name="threatscore_snap_t_prov_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "inserted_at"],
-                name="threatscore_snap_t_time_idx",
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "threatscore-snapshots"
@@ -6,14 +6,7 @@ from django.dispatch import receiver
 from django_celery_results.backends.database import DatabaseBackend

 from api.db_utils import delete_related_daily_task
-from api.models import (
-    LighthouseProviderConfiguration,
-    LighthouseTenantConfiguration,
-    Membership,
-    Provider,
-    TenantAPIKey,
-    User,
-)
+from api.models import Membership, Provider, TenantAPIKey, User


 def create_task_result_on_publish(sender=None, headers=None, **kwargs):  # noqa: F841
@@ -63,33 +56,3 @@ def revoke_membership_api_keys(sender, instance, **kwargs):  # noqa: F841
    TenantAPIKey.objects.filter(
        entity=instance.user, tenant_id=instance.tenant.id
    ).update(revoked=True)
-
-
-@receiver(pre_delete, sender=LighthouseProviderConfiguration)
-def cleanup_lighthouse_defaults_before_delete(sender, instance, **kwargs):  # noqa: F841
-    """
-    Ensure tenant Lighthouse defaults do not reference a soon-to-be-deleted provider.
-
-    This runs for both per-instance deletes and queryset (bulk) deletes.
-    """
-    try:
-        tenant_cfg = LighthouseTenantConfiguration.objects.get(
-            tenant_id=instance.tenant_id
-        )
-    except LighthouseTenantConfiguration.DoesNotExist:
-        return
-
-    updated = False
-    defaults = tenant_cfg.default_models or {}
-
-    if instance.provider_type in defaults:
-        defaults.pop(instance.provider_type, None)
-        tenant_cfg.default_models = defaults
-        updated = True
-
-    if tenant_cfg.default_provider == instance.provider_type:
-        tenant_cfg.default_provider = ""
-        updated = True
-
-    if updated:
-        tenant_cfg.save()
@@ -1,39 +0,0 @@
-"""Tests for rls_transaction retry and fallback logic."""
-
-import pytest
-from django.db import DEFAULT_DB_ALIAS
-from rest_framework_json_api.serializers import ValidationError
-
-from api.db_utils import rls_transaction
-
-
-@pytest.mark.django_db
-class TestRLSTransaction:
-    """Simple integration tests for rls_transaction using real DB."""
-
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def test_success_on_primary(self, tenant):
-        """Basic: transaction succeeds on primary database."""
-        with rls_transaction(str(tenant.id), using=DEFAULT_DB_ALIAS) as cursor:
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result == (1,)
-
-    def test_invalid_uuid_raises_validation_error(self):
-        """Invalid UUID raises ValidationError before DB operations."""
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction("not-a-uuid", using=DEFAULT_DB_ALIAS):
-                pass
-
-    def test_custom_parameter_name(self, tenant):
-        """Test custom RLS parameter name."""
-        custom_param = "api.custom_id"
-        with rls_transaction(
-            str(tenant.id), parameter=custom_param, using=DEFAULT_DB_ALIAS
-        ) as cursor:
-            cursor.execute("SELECT current_setting(%s, true)", [custom_param])
-            result = cursor.fetchone()
-            assert result == (str(tenant.id),)
@@ -1,15 +1,12 @@
 from datetime import datetime, timezone
 from enum import Enum
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch

 import pytest
 from django.conf import settings
-from django.db import DEFAULT_DB_ALIAS, OperationalError
 from freezegun import freeze_time
-from rest_framework_json_api.serializers import ValidationError

 from api.db_utils import (
-    POSTGRES_TENANT_VAR,
    _should_create_index_on_partition,
    batch_delete,
    create_objects_in_batches,
@@ -17,22 +14,11 @@ from api.db_utils import (
    generate_api_key_prefix,
    generate_random_token,
    one_week_from_now,
-    rls_transaction,
    update_objects_in_batches,
 )
 from api.models import Provider


-@pytest.fixture
-def enable_read_replica():
-    """
-    Fixture to enable READ_REPLICA_ALIAS for tests that need replica functionality.
-    This avoids polluting the global test configuration.
-    """
-    with patch("api.db_utils.READ_REPLICA_ALIAS", "replica"):
-        yield "replica"
-
-
 class TestEnumToChoices:
    def test_enum_to_choices_simple(self):
        class Color(Enum):
@@ -353,498 +339,3 @@ class TestGenerateApiKeyPrefix:
            prefix = generate_api_key_prefix()
            random_part = prefix[3:]  # Strip 'pk_'
            assert all(char in allowed_chars for char in random_part)
-
-
-@pytest.mark.django_db
-class TestRlsTransaction:
-    def test_rls_transaction_valid_uuid_string(self, tenants_fixture):
-        """Test rls_transaction with valid UUID string."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_valid_uuid_object(self, tenants_fixture):
-        """Test rls_transaction with UUID object."""
-        tenant = tenants_fixture[0]
-
-        with rls_transaction(tenant.id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == str(tenant.id)
-
-    def test_rls_transaction_invalid_uuid_raises_validation_error(self):
-        """Test rls_transaction raises ValidationError for invalid UUID."""
-        invalid_uuid = "not-a-valid-uuid"
-
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction(invalid_uuid):
-                pass
-
-    def test_rls_transaction_uses_default_database_when_no_alias(self, tenants_fixture):
-        """Test rls_transaction uses DEFAULT_DB_ALIAS when no alias specified."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_uses_specified_alias(self, tenants_fixture):
-        """Test rls_transaction uses specified database alias via using parameter."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_connections.__getitem__.assert_called_with(custom_alias)
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_uses_read_replica_from_router(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test rls_transaction uses read replica alias from router."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            mock_set_alias.return_value = "test_token"
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_connections.__getitem__.assert_called()
-                            mock_set_alias.assert_called_once()
-                            mock_reset_alias.assert_called_once()
-
-    def test_rls_transaction_fallback_to_default_when_alias_not_in_connections(
-        self, tenants_fixture
-    ):
-        """Test rls_transaction falls back to DEFAULT_DB_ALIAS when alias not in connections."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        invalid_alias = "nonexistent_db"
-
-        with patch("api.db_utils.get_read_db_alias", return_value=invalid_alias):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-
-                def contains_check(alias):
-                    return alias == DEFAULT_DB_ALIAS
-
-                mock_connections.__contains__.side_effect = contains_check
-                mock_connections.__getitem__.return_value = mock_conn
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                    mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_successful_execution_on_replica_no_retries(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test successful execution on replica without retries."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias", return_value="token"):
-                        with patch("api.db_utils.reset_read_db_alias"):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            assert mock_cursor.execute.call_count == 1
-
-    def test_rls_transaction_retry_with_exponential_backoff_on_operational_error(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test retry with exponential backoff on OperationalError on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Connection error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_sleep.call_count == 2
-                                    mock_sleep.assert_any_call(0.5)
-                                    mock_sleep.assert_any_call(1.0)
-                                    assert mock_logger.info.call_count == 2
-
-    def test_rls_transaction_max_three_attempts_for_replica(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test maximum 3 attempts for replica database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Persistent error")
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                assert mock_atomic.call_count == 3
-
-    def test_rls_transaction_only_one_attempt_for_primary(self, tenants_fixture):
-        """Test only 1 attempt for primary database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with pytest.raises(OperationalError):
-                        with rls_transaction(tenant_id):
-                            pass
-
-                    assert mock_atomic.call_count == 1
-
-    def test_rls_transaction_fallback_to_primary_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test fallback to primary DB after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    mock_logger.warning.assert_called_once()
-                                    warning_msg = mock_logger.warning.call_args[0][0]
-                                    assert "falling back to primary DB" in warning_msg
-
-    def test_rls_transaction_logger_warning_on_fallback(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test logger warnings are emitted on fallback to primary."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_logger.info.call_count == 2
-                                    assert mock_logger.warning.call_count == 1
-
-    def test_rls_transaction_operational_error_raised_immediately_on_primary(
-        self, tenants_fixture
-    ):
-        """Test OperationalError raised immediately on primary without retry."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with pytest.raises(OperationalError):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                        mock_sleep.assert_not_called()
-
-    def test_rls_transaction_operational_error_raised_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test OperationalError raised after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError(
-                        "Persistent replica error"
-                    )
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-    def test_rls_transaction_router_token_set_for_non_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is set when using non-default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_reset_in_finally_block(self, tenants_fixture):
-        """Test router token is reset in finally block even on error."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                mock_atomic.side_effect = Exception("Unexpected error")
-
-                with patch("api.db_utils.set_read_db_alias", return_value="test_token"):
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        with pytest.raises(Exception):
-                            with rls_transaction(tenant_id, using=custom_alias):
-                                pass
-
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_not_set_for_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is not set when using default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_set_alias.assert_not_called()
-                            mock_reset_alias.assert_not_called()
-
-    def test_rls_transaction_set_config_query_executed_with_correct_params(
-        self, tenants_fixture
-    ):
-        """Test SET_CONFIG_QUERY executed with correct parameters."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_custom_parameter(self, tenants_fixture):
-        """Test rls_transaction with custom parameter name."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_param = "api.user_id"
-
-        with rls_transaction(tenant_id, parameter=custom_param) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [custom_param])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_cursor_yielded_correctly(self, tenants_fixture):
-        """Test cursor is yielded correctly."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result[0] == 1
@@ -20,12 +20,8 @@ from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHubConnection
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
-from prowler.providers.github.github_provider import GithubProvider
-from prowler.providers.iac.iac_provider import IacProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider
-from prowler.providers.mongodbatlas.mongodbatlas_provider import MongodbatlasProvider
-from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider


 class TestMergeDicts:
@@ -112,10 +108,6 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.AZURE.value, AzureProvider),
            (Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
            (Provider.ProviderChoices.M365.value, M365Provider),
-            (Provider.ProviderChoices.GITHUB.value, GithubProvider),
-            (Provider.ProviderChoices.MONGODBATLAS.value, MongodbatlasProvider),
-            (Provider.ProviderChoices.ORACLECLOUD.value, OraclecloudProvider),
-            (Provider.ProviderChoices.IAC.value, IacProvider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -211,14 +203,6 @@ class TestGetProwlerProviderKwargs:
                Provider.ProviderChoices.GITHUB.value,
                {"organizations": ["provider_uid"]},
            ),
-            (
-                Provider.ProviderChoices.ORACLECLOUD.value,
-                {},
-            ),
-            (
-                Provider.ProviderChoices.MONGODBATLAS.value,
-                {"atlas_organization_id": "provider_uid"},
-            ),
        ],
    )
    def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
@@ -256,72 +240,6 @@ class TestGetProwlerProviderKwargs:
        expected_result = {**secret_dict, "mutelist_content": {"key": "value"}}
        assert result == expected_result

-    def test_get_prowler_provider_kwargs_iac_provider(self):
-        """Test that IaC provider gets correct kwargs with repository URL."""
-        provider_uid = "https://github.com/org/repo"
-        secret_dict = {"access_token": "test_token"}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.IAC.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider)
-
-        expected_result = {
-            "scan_repository_url": provider_uid,
-            "oauth_app_token": "test_token",
-        }
-        assert result == expected_result
-
-    def test_get_prowler_provider_kwargs_iac_provider_without_token(self):
-        """Test that IaC provider works without access token for public repos."""
-        provider_uid = "https://github.com/org/public-repo"
-        secret_dict = {}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.IAC.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider)
-
-        expected_result = {"scan_repository_url": provider_uid}
-        assert result == expected_result
-
-    def test_get_prowler_provider_kwargs_iac_provider_ignores_mutelist(self):
-        """Test that IaC provider does NOT receive mutelist_content.
-
-        IaC provider uses Trivy's built-in mutelist logic, so it should not
-        receive mutelist_content even when a mutelist processor is configured.
-        """
-        provider_uid = "https://github.com/org/repo"
-        secret_dict = {"access_token": "test_token"}
-        secret_mock = MagicMock()
-        secret_mock.secret = secret_dict
-
-        mutelist_processor = MagicMock()
-        mutelist_processor.configuration = {"Mutelist": {"key": "value"}}
-
-        provider = MagicMock()
-        provider.provider = Provider.ProviderChoices.IAC.value
-        provider.secret = secret_mock
-        provider.uid = provider_uid
-
-        result = get_prowler_provider_kwargs(provider, mutelist_processor)
-
-        # IaC provider should NOT have mutelist_content
-        assert "mutelist_content" not in result
-        expected_result = {
-            "scan_repository_url": provider_uid,
-            "oauth_app_token": "test_token",
-        }
-        assert result == expected_result
-
    def test_get_prowler_provider_kwargs_unsupported_provider(self):
        # Setup
        provider_uid = "provider_uid"
@@ -18,11 +18,8 @@ from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.github.github_provider import GithubProvider
-from prowler.providers.iac.iac_provider import IacProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
 from prowler.providers.m365.m365_provider import M365Provider
-from prowler.providers.mongodbatlas.mongodbatlas_provider import MongodbatlasProvider
-from prowler.providers.oraclecloud.oraclecloud_provider import OraclecloudProvider


 class CustomOAuth2Client(OAuth2Client):
@@ -68,11 +65,8 @@ def return_prowler_provider(
    | AzureProvider
    | GcpProvider
    | GithubProvider
-    | IacProvider
    | KubernetesProvider
    | M365Provider
-    | MongodbatlasProvider
-    | OraclecloudProvider
 ]:
    """Return the Prowler provider class based on the given provider type.

@@ -80,7 +74,7 @@ def return_prowler_provider(
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -98,12 +92,6 @@ def return_prowler_provider(
            prowler_provider = M365Provider
        case Provider.ProviderChoices.GITHUB.value:
            prowler_provider = GithubProvider
-        case Provider.ProviderChoices.MONGODBATLAS.value:
-            prowler_provider = MongodbatlasProvider
-        case Provider.ProviderChoices.IAC.value:
-            prowler_provider = IacProvider
-        case Provider.ProviderChoices.ORACLECLOUD.value:
-            prowler_provider = OraclecloudProvider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -140,26 +128,10 @@ def get_prowler_provider_kwargs(
                **prowler_provider_kwargs,
                "organizations": [provider.uid],
            }
-    elif provider.provider == Provider.ProviderChoices.IAC.value:
-        # For IaC provider, uid contains the repository URL
-        # Extract the access token if present in the secret
-        prowler_provider_kwargs = {
-            "scan_repository_url": provider.uid,
-        }
-        if "access_token" in provider.secret.secret:
-            prowler_provider_kwargs["oauth_app_token"] = provider.secret.secret[
-                "access_token"
-            ]
-    elif provider.provider == Provider.ProviderChoices.MONGODBATLAS.value:
-        prowler_provider_kwargs = {
-            **prowler_provider_kwargs,
-            "atlas_organization_id": provider.uid,
-        }

    if mutelist_processor:
        mutelist_content = mutelist_processor.configuration.get("Mutelist", {})
-        # IaC provider doesn't support mutelist (uses Trivy's built-in logic)
-        if mutelist_content and provider.provider != Provider.ProviderChoices.IAC.value:
+        if mutelist_content:
            prowler_provider_kwargs["mutelist_content"] = mutelist_content

    return prowler_provider_kwargs
@@ -173,11 +145,8 @@ def initialize_prowler_provider(
    | AzureProvider
    | GcpProvider
    | GithubProvider
-    | IacProvider
    | KubernetesProvider
    | M365Provider
-    | MongodbatlasProvider
-    | OraclecloudProvider
 ):
    """Initialize a Prowler provider instance based on the given provider type.

@@ -186,8 +155,8 @@ def initialize_prowler_provider(
        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `IacProvider`, `KubernetesProvider`, `M365Provider`, `OraclecloudProvider` or `MongodbatlasProvider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
@@ -211,23 +180,9 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
        return Connection(is_connected=False, error=secret_error)

-    # For IaC provider, construct the kwargs properly for test_connection
-    if provider.provider == Provider.ProviderChoices.IAC.value:
-        # Don't pass repository_url from secret, use scan_repository_url with the UID
-        iac_test_kwargs = {
-            "scan_repository_url": provider.uid,
-            "raise_on_exception": False,
-        }
-        # Add access_token if present in the secret
-        if "access_token" in prowler_provider_kwargs:
-            iac_test_kwargs["access_token"] = prowler_provider_kwargs["access_token"]
-        return prowler_provider.test_connection(**iac_test_kwargs)
-    else:
-        return prowler_provider.test_connection(
-            **prowler_provider_kwargs,
-            provider_id=provider.uid,
-            raise_on_exception=False,
-        )
+    return prowler_provider.test_connection(
+        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
+    )


 def prowler_integration_connection_test(integration: Integration) -> Connection:
@@ -12,24 +12,6 @@ from api.models import StateChoices, Task
 from api.v1.serializers import TaskSerializer


-class DisablePaginationMixin:
-    disable_pagination_query_param = "page[disable]"
-    disable_pagination_truthy_values = {"true"}
-
-    def should_disable_pagination(self) -> bool:
-        if not hasattr(self, "request"):
-            return False
-        value = self.request.query_params.get(self.disable_pagination_query_param)
-        if value is None:
-            return False
-        return str(value).lower() in self.disable_pagination_truthy_values
-
-    def paginate_queryset(self, queryset):
-        if self.should_disable_pagination():
-            return None
-        return super().paginate_queryset(queryset)
-
-
 class PaginateByPkMixin:
    """
    Mixin to paginate on a list of PKs (cheaper than heavy JOINs),
@@ -1,209 +0,0 @@
-import re
-
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-
-
-class OpenAICredentialsSerializer(serializers.Serializer):
-    api_key = serializers.CharField()
-
-    def validate_api_key(self, value: str) -> str:
-        pattern = r"^sk-[\w-]+$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError("Invalid OpenAI API key format.")
-        return value
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-class BedrockCredentialsSerializer(serializers.Serializer):
-    """
-    Serializer for AWS Bedrock credentials validation.
-
-    Validates long-term AWS credentials (AKIA) and region format.
-    """
-
-    access_key_id = serializers.CharField()
-    secret_access_key = serializers.CharField()
-    region = serializers.CharField()
-
-    def validate_access_key_id(self, value: str) -> str:
-        """Validate AWS access key ID format (AKIA for long-term credentials)."""
-        pattern = r"^AKIA[0-9A-Z]{16}$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS access key ID format. Must be AKIA followed by 16 alphanumeric characters."
-            )
-        return value
-
-    def validate_secret_access_key(self, value: str) -> str:
-        """Validate AWS secret access key format (40 base64 characters)."""
-        pattern = r"^[A-Za-z0-9/+=]{40}$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS secret access key format. Must be 40 base64 characters."
-            )
-        return value
-
-    def validate_region(self, value: str) -> str:
-        """Validate AWS region format."""
-        pattern = r"^[a-z]{2}-[a-z]+-\d+$"
-        if not re.match(pattern, value or ""):
-            raise serializers.ValidationError(
-                "Invalid AWS region format. Expected format like 'us-east-1' or 'eu-west-2'."
-            )
-        return value
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-class BedrockCredentialsUpdateSerializer(BedrockCredentialsSerializer):
-    """
-    Serializer for AWS Bedrock credentials during UPDATE operations.
-
-    Inherits all validation logic from BedrockCredentialsSerializer but makes
-    all fields optional to support partial updates.
-    """
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        # Make all fields optional for updates
-        for field in self.fields.values():
-            field.required = False
-
-
-class OpenAICompatibleCredentialsSerializer(serializers.Serializer):
-    """
-    Minimal serializer for OpenAI-compatible credentials.
-
-    Many OpenAI-compatible providers do not use the same key format as OpenAI.
-    We only require a non-empty API key string. Additional fields can be added later
-    without breaking existing configurations.
-    """
-
-    api_key = serializers.CharField()
-
-    def validate_api_key(self, value: str) -> str:
-        if not isinstance(value, str) or not value.strip():
-            raise serializers.ValidationError("API key is required.")
-        return value.strip()
-
-    def to_internal_value(self, data):
-        """Check for unknown fields before DRF filters them out."""
-        if not isinstance(data, dict):
-            raise serializers.ValidationError(
-                {"non_field_errors": ["Credentials must be an object"]}
-            )
-
-        allowed_fields = set(self.fields.keys())
-        provided_fields = set(data.keys())
-        extra_fields = provided_fields - allowed_fields
-
-        if extra_fields:
-            raise serializers.ValidationError(
-                {
-                    "non_field_errors": [
-                        f"Unknown fields in credentials: {', '.join(sorted(extra_fields))}"
-                    ]
-                }
-            )
-
-        return super().to_internal_value(data)
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "OpenAI Credentials",
-                "properties": {
-                    "api_key": {
-                        "type": "string",
-                        "description": "OpenAI API key. Must start with 'sk-' followed by alphanumeric characters, "
-                        "hyphens, or underscores.",
-                        "pattern": "^sk-[\\w-]+$",
-                    }
-                },
-                "required": ["api_key"],
-            },
-            {
-                "type": "object",
-                "title": "AWS Bedrock Credentials",
-                "properties": {
-                    "access_key_id": {
-                        "type": "string",
-                        "description": "AWS access key ID.",
-                        "pattern": "^AKIA[0-9A-Z]{16}$",
-                    },
-                    "secret_access_key": {
-                        "type": "string",
-                        "description": "AWS secret access key.",
-                        "pattern": "^[A-Za-z0-9/+=]{40}$",
-                    },
-                    "region": {
-                        "type": "string",
-                        "description": "AWS region identifier where Bedrock is available. Examples: us-east-1, "
-                        "us-west-2, eu-west-1, ap-northeast-1.",
-                        "pattern": "^[a-z]{2}-[a-z]+-\\d+$",
-                    },
-                },
-                "required": ["access_key_id", "secret_access_key", "region"],
-            },
-            {
-                "type": "object",
-                "title": "OpenAI Compatible Credentials",
-                "properties": {
-                    "api_key": {
-                        "type": "string",
-                        "description": "API key for OpenAI-compatible provider. The format varies by provider. "
-                        "Note: The 'base_url' field (separate from credentials) is required when using this provider type.",
-                    }
-                },
-                "required": ["api_key"],
-            },
-        ]
-    }
-)
-class LighthouseCredentialsField(serializers.JSONField):
-    pass
@@ -239,71 +239,6 @@ from rest_framework_json_api import serializers
                },
                "required": ["github_app_id", "github_app_key"],
            },
-            {
-                "type": "object",
-                "title": "IaC Repository Credentials",
-                "properties": {
-                    "repository_url": {
-                        "type": "string",
-                        "description": "Repository URL to scan for IaC files.",
-                    },
-                    "access_token": {
-                        "type": "string",
-                        "description": "Optional access token for private repositories.",
-                    },
-                },
-                "required": ["repository_url"],
-            },
-            {
-                "type": "object",
-                "title": "Oracle Cloud Infrastructure (OCI) API Key Credentials",
-                "properties": {
-                    "user": {
-                        "type": "string",
-                        "description": "The OCID of the user to authenticate with.",
-                    },
-                    "fingerprint": {
-                        "type": "string",
-                        "description": "The fingerprint of the API signing key.",
-                    },
-                    "key_file": {
-                        "type": "string",
-                        "description": "The path to the private key file for API signing. Either key_file or key_content must be provided.",
-                    },
-                    "key_content": {
-                        "type": "string",
-                        "description": "The content of the private key for API signing (base64 encoded). Either key_file or key_content must be provided.",
-                    },
-                    "tenancy": {
-                        "type": "string",
-                        "description": "The OCID of the tenancy.",
-                    },
-                    "region": {
-                        "type": "string",
-                        "description": "The OCI region identifier (e.g., us-ashburn-1, us-phoenix-1).",
-                    },
-                    "pass_phrase": {
-                        "type": "string",
-                        "description": "The passphrase for the private key, if encrypted.",
-                    },
-                },
-                "required": ["user", "fingerprint", "tenancy", "region"],
-            },
-            {
-                "type": "object",
-                "title": "MongoDB Atlas API Key",
-                "properties": {
-                    "atlas_public_key": {
-                        "type": "string",
-                        "description": "MongoDB Atlas API public key.",
-                    },
-                    "atlas_private_key": {
-                        "type": "string",
-                        "description": "MongoDB Atlas API private key.",
-                    },
-                },
-                "required": ["atlas_public_key", "atlas_private_key"],
-            },
        ]
    }
 )
@@ -6,10 +6,8 @@ from django.conf import settings
 from django.contrib.auth import authenticate
 from django.contrib.auth.models import update_last_login
 from django.contrib.auth.password_validation import validate_password
-from django.db import IntegrityError
 from drf_spectacular.utils import extend_schema_field
 from jwt.exceptions import InvalidKeyError
-from rest_framework.reverse import reverse
 from rest_framework.validators import UniqueTogetherValidator
 from rest_framework_json_api import serializers
 from rest_framework_json_api.relations import SerializerMethodResourceRelatedField
@@ -27,11 +25,7 @@ from api.models import (
    Invitation,
    InvitationRoleRelationship,
    LighthouseConfiguration,
-    LighthouseProviderConfiguration,
-    LighthouseProviderModels,
-    LighthouseTenantConfiguration,
    Membership,
-    MuteRule,
    Processor,
    Provider,
    ProviderGroup,
@@ -47,7 +41,6 @@ from api.models import (
    StatusChoices,
    Task,
    TenantAPIKey,
-    ThreatScoreSnapshot,
    User,
    UserRoleRelationship,
 )
@@ -61,13 +54,6 @@ from api.v1.serializer_utils.integrations import (
    S3ConfigSerializer,
    SecurityHubConfigSerializer,
 )
-from api.v1.serializer_utils.lighthouse import (
-    BedrockCredentialsSerializer,
-    BedrockCredentialsUpdateSerializer,
-    LighthouseCredentialsField,
-    OpenAICompatibleCredentialsSerializer,
-    OpenAICredentialsSerializer,
-)
 from api.v1.serializer_utils.processors import ProcessorConfigField
 from api.v1.serializer_utils.providers import ProviderSecretField
 from prowler.lib.mutelist.mutelist import Mutelist
@@ -1167,17 +1153,11 @@ class ResourceSerializer(RLSSerializer):
            "findings",
            "failed_findings_count",
            "url",
-            "metadata",
-            "details",
-            "partition",
        ]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
-            "metadata": {"read_only": True},
-            "details": {"read_only": True},
-            "partition": {"read_only": True},
        }

    included_serializers = {
@@ -1234,15 +1214,11 @@ class ResourceIncludeSerializer(RLSSerializer):
            "service",
            "type_",
            "tags",
-            "details",
-            "partition",
        ]
        extra_kwargs = {
            "id": {"read_only": True},
            "inserted_at": {"read_only": True},
            "updated_at": {"read_only": True},
-            "details": {"read_only": True},
-            "partition": {"read_only": True},
        }

    @extend_schema_field(
@@ -1373,16 +1349,10 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = GCPProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.GITHUB.value:
                serializer = GithubProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.IAC.value:
-                serializer = IacProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.M365.value:
                serializer = M365ProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.ORACLECLOUD.value:
-                serializer = OracleCloudProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.MONGODBATLAS.value:
-                serializer = MongoDBAtlasProviderSecret(data=secret)
            else:
                raise serializers.ValidationError(
                    {"provider": f"Provider type not supported {provider_type}"}
@@ -1479,14 +1449,6 @@ class GCPServiceAccountProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class MongoDBAtlasProviderSecret(serializers.Serializer):
-    atlas_public_key = serializers.CharField()
-    atlas_private_key = serializers.CharField()
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class KubernetesProviderSecret(serializers.Serializer):
    kubeconfig_content = serializers.CharField()

@@ -1504,27 +1466,6 @@ class GithubProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class IacProviderSecret(serializers.Serializer):
-    repository_url = serializers.CharField()
-    access_token = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
-class OracleCloudProviderSecret(serializers.Serializer):
-    user = serializers.CharField()
-    fingerprint = serializers.CharField()
-    key_file = serializers.CharField(required=False)
-    key_content = serializers.CharField(required=False)
-    tenancy = serializers.CharField()
-    region = serializers.CharField()
-    pass_phrase = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
    external_id = serializers.CharField()
@@ -2158,17 +2099,6 @@ class OverviewProviderSerializer(serializers.Serializer):
        }


-class OverviewProviderCountSerializer(serializers.Serializer):
-    id = serializers.CharField(source="provider")
-    count = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "providers-count-overview"
-
-    def get_root_meta(self, _resource, _many):
-        return {"version": "v1"}
-
-
 class OverviewFindingSerializer(serializers.Serializer):
    id = serializers.CharField(default="n/a")
    new = serializers.IntegerField()
@@ -2229,30 +2159,6 @@ class OverviewServiceSerializer(serializers.Serializer):
        return {"version": "v1"}


-class OverviewRegionSerializer(serializers.Serializer):
-    id = serializers.SerializerMethodField()
-    provider_type = serializers.CharField()
-    region = serializers.CharField()
-    total = serializers.IntegerField()
-    _pass = serializers.IntegerField()
-    fail = serializers.IntegerField()
-    muted = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "regions-overview"
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields["pass"] = self.fields.pop("_pass")
-
-    def get_id(self, obj):
-        """Generate unique ID from provider_type and region."""
-        return f"{obj['provider_type']}:{obj['region']}"
-
-    def get_root_meta(self, _resource, _many):
-        return {"version": "v1"}
-
-
 # Schedules


@@ -2844,16 +2750,6 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
            "updated_at": {"read_only": True},
        }

-    def validate_temperature(self, value):
-        if not 0 <= value <= 1:
-            raise ValidationError("Temperature must be between 0 and 1.")
-        return value
-
-    def validate_max_tokens(self, value):
-        if not 500 <= value <= 5000:
-            raise ValidationError("Max tokens must be between 500 and 5000.")
-        return value
-
    def validate(self, attrs):
        tenant_id = self.context.get("request").tenant_id
        if LighthouseConfiguration.objects.filter(tenant_id=tenant_id).exists():
@@ -2862,11 +2758,6 @@ class LighthouseConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
                    "tenant_id": "Lighthouse configuration already exists for this tenant."
                }
            )
-        api_key = attrs.get("api_key")
-        if api_key is not None:
-            OpenAICredentialsSerializer(data={"api_key": api_key}).is_valid(
-                raise_exception=True
-            )
        return super().validate(attrs)

    def create(self, validated_data):
@@ -2911,24 +2802,6 @@ class LighthouseConfigUpdateSerializer(BaseWriteSerializer):
            "max_tokens": {"required": False},
        }

-    def validate_temperature(self, value):
-        if not 0 <= value <= 1:
-            raise ValidationError("Temperature must be between 0 and 1.")
-        return value
-
-    def validate_max_tokens(self, value):
-        if not 500 <= value <= 5000:
-            raise ValidationError("Max tokens must be between 500 and 5000.")
-        return value
-
-    def validate(self, attrs):
-        api_key = attrs.get("api_key", None)
-        if api_key is not None:
-            OpenAICredentialsSerializer(data={"api_key": api_key}).is_valid(
-                raise_exception=True
-            )
-        return super().validate(attrs)
-
    def update(self, instance, validated_data):
        api_key = validated_data.pop("api_key", None)
        instance = super().update(instance, validated_data)
@@ -3058,667 +2931,3 @@ class TenantApiKeyUpdateSerializer(RLSSerializer, BaseWriteSerializer):
        ):
            raise ValidationError("An API key with this name already exists.")
        return value
-
-
-# Lighthouse: Provider configurations
-
-
-class LighthouseProviderConfigSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseProviderConfiguration.
-    """
-
-    # Decrypted credentials are only returned in to_representation when requested
-    credentials = serializers.JSONField(required=False, read_only=True)
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "provider_type",
-            "base_url",
-            "is_active",
-            "credentials",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "is_active": {"read_only": True},
-            "url": {"read_only": True, "view_name": "lighthouse-providers-detail"},
-        }
-
-    class JSONAPIMeta:
-        resource_name = "lighthouse-providers"
-
-    def to_representation(self, instance):
-        data = super().to_representation(instance)
-        # Support JSON:API fields filter: fields[lighthouse-providers]=credentials,base_url
-        fields_param = self.context.get("request", None) and self.context[
-            "request"
-        ].query_params.get("fields[lighthouse-providers]", "")
-
-        creds = instance.credentials_decoded
-
-        requested_fields = (
-            [f.strip() for f in fields_param.split(",")] if fields_param else []
-        )
-
-        if "credentials" in requested_fields:
-            # Return full decrypted credentials JSON
-            data["credentials"] = creds
-        else:
-            # Return masked credentials by default
-            def mask_value(value):
-                if isinstance(value, str):
-                    return "*" * len(value)
-                if isinstance(value, dict):
-                    return {k: mask_value(v) for k, v in value.items()}
-                if isinstance(value, list):
-                    return [mask_value(v) for v in value]
-                return value
-
-            # Always return masked credentials, even if creds is None
-            if creds is not None:
-                data["credentials"] = mask_value(creds)
-            else:
-                # If credentials_decoded returns None, return None for credentials field
-                data["credentials"] = None
-
-        return data
-
-
-class LighthouseProviderConfigCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Create serializer for LighthouseProviderConfiguration.
-    Accepts credentials as JSON; stored encrypted via credentials_decoded.
-    """
-
-    credentials = LighthouseCredentialsField(write_only=True, required=True)
-    base_url = serializers.URLField(
-        required=False,
-        allow_null=True,
-        help_text="Base URL for the LLM provider API. Required for 'openai_compatible' provider type.",
-    )
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "provider_type",
-            "base_url",
-            "credentials",
-            "is_active",
-        ]
-        extra_kwargs = {
-            "is_active": {"required": False},
-            "provider_type": {
-                "help_text": "LLM provider type. Determines which credential format to use. "
-                "See 'credentials' field documentation for provider-specific requirements."
-            },
-        }
-
-    def create(self, validated_data):
-        credentials = validated_data.pop("credentials")
-
-        instance = LighthouseProviderConfiguration(**validated_data)
-        instance.tenant_id = self.context.get("tenant_id")
-        instance.credentials_decoded = credentials
-
-        try:
-            instance.save()
-            return instance
-        except IntegrityError:
-            raise ValidationError(
-                {
-                    "provider_type": "Configuration for this provider already exists for the tenant."
-                }
-            )
-
-    def validate(self, attrs):
-        provider_type = attrs.get("provider_type")
-        credentials = attrs.get("credentials") or {}
-        base_url = attrs.get("base_url")
-
-        if provider_type == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI:
-            try:
-                OpenAICredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            provider_type == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            try:
-                BedrockCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            if not base_url:
-                raise ValidationError({"base_url": "Base URL is required."})
-            try:
-                OpenAICompatibleCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-
-        return super().validate(attrs)
-
-
-class LighthouseProviderConfigUpdateSerializer(BaseWriteSerializer):
-    """
-    Update serializer for LighthouseProviderConfiguration.
-    """
-
-    credentials = LighthouseCredentialsField(write_only=True, required=False)
-    base_url = serializers.URLField(
-        required=False,
-        allow_null=True,
-        help_text="Base URL for the LLM provider API. Required for 'openai_compatible' provider type.",
-    )
-
-    class Meta:
-        model = LighthouseProviderConfiguration
-        fields = [
-            "id",
-            "provider_type",
-            "base_url",
-            "credentials",
-            "is_active",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "provider_type": {"read_only": True},
-            "is_active": {"required": False},
-        }
-
-    def update(self, instance, validated_data):
-        credentials = validated_data.pop("credentials", None)
-
-        for attr, value in validated_data.items():
-            setattr(instance, attr, value)
-
-        if credentials is not None:
-            # Merge partial credentials with existing ones
-            # New values overwrite existing ones, but unspecified fields are preserved
-            existing_credentials = instance.credentials_decoded or {}
-            merged_credentials = {**existing_credentials, **credentials}
-            instance.credentials_decoded = merged_credentials
-
-        instance.save()
-        return instance
-
-    def validate(self, attrs):
-        provider_type = getattr(self.instance, "provider_type", None)
-        credentials = attrs.get("credentials", None)
-        base_url = attrs.get("base_url", None)
-
-        if (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            try:
-                OpenAICredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            try:
-                BedrockCredentialsUpdateSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-        elif (
-            credentials is not None
-            and provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            if base_url is None:
-                pass
-            elif not base_url:
-                raise ValidationError({"base_url": "Base URL cannot be empty."})
-            try:
-                OpenAICompatibleCredentialsSerializer(data=credentials).is_valid(
-                    raise_exception=True
-                )
-            except ValidationError as e:
-                details = e.detail.copy()
-                for key, value in details.items():
-                    e.detail[f"credentials/{key}"] = value
-                    del e.detail[key]
-                raise e
-
-        return super().validate(attrs)
-
-
-# Lighthouse: Tenant configuration
-
-
-class LighthouseTenantConfigSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseTenantConfiguration.
-    """
-
-    # Build singleton URL without pk
-    url = serializers.SerializerMethodField()
-
-    def get_url(self, obj):
-        request = self.context.get("request")
-        return reverse("lighthouse-configurations", request=request)
-
-    class Meta:
-        model = LighthouseTenantConfiguration
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "business_context",
-            "default_provider",
-            "default_models",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True},
-        }
-
-
-class LighthouseTenantConfigUpdateSerializer(BaseWriteSerializer):
-    class Meta:
-        model = LighthouseTenantConfiguration
-        fields = [
-            "id",
-            "business_context",
-            "default_provider",
-            "default_models",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        request = self.context.get("request")
-        tenant_id = self.context.get("tenant_id") or (
-            getattr(request, "tenant_id", None) if request else None
-        )
-
-        default_provider = attrs.get(
-            "default_provider", getattr(self.instance, "default_provider", "")
-        )
-        default_models = attrs.get(
-            "default_models", getattr(self.instance, "default_models", {})
-        )
-
-        if default_provider:
-            supported = set(LighthouseProviderConfiguration.LLMProviderChoices.values)
-            if default_provider not in supported:
-                raise ValidationError(
-                    {"default_provider": f"Unsupported provider '{default_provider}'."}
-                )
-            if not LighthouseProviderConfiguration.objects.filter(
-                tenant_id=tenant_id, provider_type=default_provider, is_active=True
-            ).exists():
-                raise ValidationError(
-                    {
-                        "default_provider": f"No active configuration found for '{default_provider}'."
-                    }
-                )
-
-        if default_models is not None and not isinstance(default_models, dict):
-            raise ValidationError(
-                {"default_models": "Must be an object mapping provider -> model_id."}
-            )
-
-        for provider_type, model_id in (default_models or {}).items():
-            provider_cfg = LighthouseProviderConfiguration.objects.filter(
-                tenant_id=tenant_id, provider_type=provider_type, is_active=True
-            ).first()
-            if not provider_cfg:
-                raise ValidationError(
-                    {
-                        "default_models": f"No active configuration for provider '{provider_type}'."
-                    }
-                )
-            if not LighthouseProviderModels.objects.filter(
-                tenant_id=tenant_id,
-                provider_configuration=provider_cfg,
-                model_id=model_id,
-            ).exists():
-                raise ValidationError(
-                    {
-                        "default_models": f"Invalid model '{model_id}' for provider '{provider_type}'."
-                    }
-                )
-
-        return super().validate(attrs)
-
-
-# Lighthouse: Provider models
-
-
-class LighthouseProviderModelsSerializer(RLSSerializer):
-    """
-    Read serializer for LighthouseProviderModels.
-    """
-
-    provider_configuration = serializers.ResourceRelatedField(read_only=True)
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "provider_configuration",
-            "model_id",
-            "model_name",
-            "default_parameters",
-            "url",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "url": {"read_only": True, "view_name": "lighthouse-models-detail"},
-        }
-
-
-class LighthouseProviderModelsCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    provider_configuration = serializers.ResourceRelatedField(
-        queryset=LighthouseProviderConfiguration.objects.all()
-    )
-
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "provider_configuration",
-            "model_id",
-            "default_parameters",
-        ]
-        extra_kwargs = {
-            "default_parameters": {"required": False},
-        }
-
-
-class LighthouseProviderModelsUpdateSerializer(BaseWriteSerializer):
-    class Meta:
-        model = LighthouseProviderModels
-        fields = [
-            "id",
-            "default_parameters",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-        }
-
-
-# Mute Rules
-
-
-class MuteRuleSerializer(RLSSerializer):
-    """
-    Serializer for reading MuteRule instances.
-    """
-
-    finding_uids = serializers.ListField(
-        child=serializers.CharField(),
-        read_only=True,
-        help_text="List of finding UIDs that are muted by this rule",
-    )
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "name",
-            "reason",
-            "enabled",
-            "created_by",
-            "finding_uids",
-        ]
-
-    included_serializers = {
-        "created_by": "api.v1.serializers.UserIncludeSerializer",
-    }
-
-
-class MuteRuleCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    """
-    Serializer for creating new MuteRule instances.
-
-    Accepts finding_ids in the request, converts them to UIDs, and stores in finding_uids.
-    """
-
-    finding_ids = serializers.ListField(
-        child=serializers.UUIDField(),
-        write_only=True,
-        required=True,
-        help_text="List of Finding IDs to mute (will be converted to UIDs)",
-    )
-    finding_uids = serializers.ListField(
-        child=serializers.CharField(),
-        read_only=True,
-        help_text="List of finding UIDs that are muted by this rule",
-    )
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "name",
-            "reason",
-            "enabled",
-            "created_by",
-            "finding_ids",
-            "finding_uids",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "enabled": {"read_only": True},
-            "created_by": {"read_only": True},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant."""
-        tenant_id = self.context.get("tenant_id")
-        if MuteRule.objects.filter(tenant_id=tenant_id, name=value).exists():
-            raise ValidationError("A mute rule with this name already exists.")
-        return value
-
-    def validate_finding_ids(self, value):
-        """Validate that all finding IDs exist and belong to the tenant."""
-        if not value:
-            raise ValidationError("At least one finding_id must be provided.")
-
-        tenant_id = self.context.get("tenant_id")
-
-        # Check that all findings exist and belong to this tenant
-        findings = Finding.all_objects.filter(tenant_id=tenant_id, id__in=value)
-        found_ids = set(findings.values_list("id", flat=True))
-        provided_ids = set(value)
-
-        missing_ids = provided_ids - found_ids
-        if missing_ids:
-            raise ValidationError(
-                f"The following finding IDs do not exist or do not belong to your tenant: {missing_ids}"
-            )
-
-        return value
-
-    def validate(self, data):
-        """Validate the entire mute rule, including overlap detection."""
-        data = super().validate(data)
-
-        tenant_id = self.context.get("tenant_id")
-        finding_ids = data.get("finding_ids", [])
-
-        if not finding_ids:
-            return data
-
-        # Convert finding IDs to UIDs (deduplicate in case multiple findings have same UID)
-        findings = Finding.all_objects.filter(id__in=finding_ids, tenant_id=tenant_id)
-        finding_uids = list(set(findings.values_list("uid", flat=True)))
-
-        # Check for overlaps with existing enabled rules
-        existing_rules = MuteRule.objects.filter(tenant_id=tenant_id, enabled=True)
-
-        for rule in existing_rules:
-            overlap = set(finding_uids) & set(rule.finding_uids)
-            if overlap:
-                raise ConflictException(
-                    detail=f"The following finding UIDs are already muted by rule '{rule.name}': {overlap}"
-                )
-
-        # Store finding_uids in validated_data for create
-        data["finding_uids"] = finding_uids
-
-        return data
-
-    def create(self, validated_data):
-        """Create a new mute rule and set created_by."""
-        # Remove finding_ids from validated_data (we've already converted to finding_uids)
-        validated_data.pop("finding_ids", None)
-
-        # Set created_by to the current user
-        request = self.context.get("request")
-        if request and hasattr(request, "user"):
-            validated_data["created_by"] = request.user
-
-        return super().create(validated_data)
-
-
-class MuteRuleUpdateSerializer(BaseWriteSerializer):
-    """
-    Serializer for updating MuteRule instances.
-    """
-
-    class Meta:
-        model = MuteRule
-        fields = [
-            "id",
-            "name",
-            "reason",
-            "enabled",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "name": {"required": False},
-            "reason": {"required": False},
-            "enabled": {"required": False},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant, excluding current instance."""
-        tenant_id = self.context.get("tenant_id")
-        if (
-            MuteRule.objects.filter(tenant_id=tenant_id, name=value)
-            .exclude(id=self.instance.id)
-            .exists()
-        ):
-            raise ValidationError("A mute rule with this name already exists.")
-        return value
-
-
-# ThreatScore Snapshots
-
-
-class ThreatScoreSnapshotSerializer(RLSSerializer):
-    """
-    Serializer for ThreatScore snapshots.
-    Read-only serializer for retrieving historical ThreatScore metrics.
-    """
-
-    id = serializers.SerializerMethodField()
-
-    class Meta:
-        model = ThreatScoreSnapshot
-        fields = [
-            "id",
-            "inserted_at",
-            "scan",
-            "provider",
-            "compliance_id",
-            "overall_score",
-            "score_delta",
-            "section_scores",
-            "critical_requirements",
-            "total_requirements",
-            "passed_requirements",
-            "failed_requirements",
-            "manual_requirements",
-            "total_findings",
-            "passed_findings",
-            "failed_findings",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "scan": {"read_only": True},
-            "provider": {"read_only": True},
-            "compliance_id": {"read_only": True},
-            "overall_score": {"read_only": True},
-            "score_delta": {"read_only": True},
-            "section_scores": {"read_only": True},
-            "critical_requirements": {"read_only": True},
-            "total_requirements": {"read_only": True},
-            "passed_requirements": {"read_only": True},
-            "failed_requirements": {"read_only": True},
-            "manual_requirements": {"read_only": True},
-            "total_findings": {"read_only": True},
-            "passed_findings": {"read_only": True},
-            "failed_findings": {"read_only": True},
-        }
-
-    included_serializers = {
-        "scan": "api.v1.serializers.ScanIncludeSerializer",
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
-    }
-
-    def get_id(self, obj):
-        if getattr(obj, "_aggregated", False):
-            return "n/a"
-        return str(obj.id)
@@ -17,11 +17,7 @@ from api.v1.views import (
    InvitationAcceptViewSet,
    InvitationViewSet,
    LighthouseConfigViewSet,
-    LighthouseProviderConfigViewSet,
-    LighthouseProviderModelsViewSet,
-    LighthouseTenantConfigViewSet,
    MembershipViewSet,
-    MuteRuleViewSet,
    OverviewViewSet,
    ProcessorViewSet,
    ProviderGroupProvidersRelationshipView,
@@ -38,12 +34,12 @@ from api.v1.views import (
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
-    TenantApiKeyViewSet,
    TenantFinishACSView,
    TenantMembersViewSet,
    TenantViewSet,
    UserRoleRelationshipView,
    UserViewSet,
+    TenantApiKeyViewSet,
 )

 router = routers.DefaultRouter(trailing_slash=False)
@@ -71,17 +67,6 @@ router.register(
    basename="lighthouseconfiguration",
 )
 router.register(r"api-keys", TenantApiKeyViewSet, basename="api-key")
-router.register(
-    r"lighthouse/providers",
-    LighthouseProviderConfigViewSet,
-    basename="lighthouse-providers",
-)
-router.register(
-    r"lighthouse/models",
-    LighthouseProviderModelsViewSet,
-    basename="lighthouse-models",
-)
-router.register(r"mute-rules", MuteRuleViewSet, basename="mute-rule")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -152,13 +137,6 @@ urlpatterns = [
        ),
        name="provider_group-providers-relationship",
    ),
-    path(
-        "lighthouse/configuration",
-        LighthouseTenantConfigViewSet.as_view(
-            {"get": "list", "patch": "partial_update"}
-        ),
-        name="lighthouse-configurations",
-    ),
    # API endpoint to start SAML SSO flow
    path(
        "auth/saml/initiate/", SAMLInitiateAPIView.as_view(), name="api_saml_initiate"
@@ -1,5 +1,7 @@
+from django.contrib import admin
 from django.urls import include, path

 urlpatterns = [
+    path("admin/", admin.site.urls),
    path("api/v1/", include("api.v1.urls")),
 ]
@@ -23,7 +23,6 @@ from api.models import (
    Invitation,
    LighthouseConfiguration,
    Membership,
-    MuteRule,
    Processor,
    Provider,
    ProviderGroup,
@@ -500,29 +499,8 @@ def providers_fixture(tenants_fixture):
        alias="m365_testing",
        tenant_id=tenant.id,
    )
-    provider7 = Provider.objects.create(
-        provider="oraclecloud",
-        uid="ocid1.tenancy.oc1..aaaaaaaa3dwoazoox4q7wrvriywpokp5grlhgnkwtyt6dmwyou7no6mdmzda",
-        alias="oci_testing",
-        tenant_id=tenant.id,
-    )
-    provider8 = Provider.objects.create(
-        provider="mongodbatlas",
-        uid="64b1d3c0e4b03b1234567890",
-        alias="mongodbatlas_testing",
-        tenant_id=tenant.id,
-    )

-    return (
-        provider1,
-        provider2,
-        provider3,
-        provider4,
-        provider5,
-        provider6,
-        provider7,
-        provider8,
-    )
+    return provider1, provider2, provider3, provider4, provider5, provider6


@pytest.fixture
@@ -1108,8 +1086,8 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        region="region1",
        _pass=1,
        fail=0,
-        muted=2,
-        total=3,
+        muted=0,
+        total=1,
        new=1,
        changed=0,
        unchanged=0,
@@ -1117,7 +1095,7 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        fail_changed=0,
        pass_new=1,
        pass_changed=0,
-        muted_new=2,
+        muted_new=0,
        muted_changed=0,
        scan=scan,
    )
@@ -1130,8 +1108,8 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        region="region2",
        _pass=0,
        fail=1,
-        muted=3,
-        total=4,
+        muted=1,
+        total=2,
        new=2,
        changed=0,
        unchanged=0,
@@ -1139,7 +1117,7 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        fail_changed=0,
        pass_new=0,
        pass_changed=0,
-        muted_new=3,
+        muted_new=1,
        muted_changed=0,
        scan=scan,
    )
@@ -1152,8 +1130,8 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        region="region1",
        _pass=1,
        fail=0,
-        muted=1,
-        total=2,
+        muted=0,
+        total=1,
        new=1,
        changed=0,
        unchanged=0,
@@ -1161,7 +1139,7 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
        fail_changed=0,
        pass_new=1,
        pass_changed=0,
-        muted_new=1,
+        muted_new=0,
        muted_changed=0,
        scan=scan,
    )
@@ -1441,34 +1419,6 @@ def api_keys_fixture(tenants_fixture, create_test_user):
    return [api_key1, api_key2, api_key3]


-@pytest.fixture
-def mute_rules_fixture(tenants_fixture, create_test_user, findings_fixture):
-    """Create test mute rules for testing."""
-    tenant = tenants_fixture[0]
-    user = create_test_user
-
-    # Create two mute rules: one enabled, one disabled
-    mute_rule1 = MuteRule.objects.create(
-        tenant_id=tenant.id,
-        name="Test Rule 1",
-        reason="Security exception for testing",
-        enabled=True,
-        created_by=user,
-        finding_uids=[findings_fixture[0].uid],
-    )
-
-    mute_rule2 = MuteRule.objects.create(
-        tenant_id=tenant.id,
-        name="Test Rule 2",
-        reason="Compliance exception approved",
-        enabled=False,
-        created_by=user,
-        finding_uids=[findings_fixture[1].uid],
-    )
-
-    return mute_rule1, mute_rule2
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

@@ -1,10 +1,5 @@
-from collections import defaultdict
-
-from api.db_router import READ_REPLICA_ALIAS
 from api.db_utils import rls_transaction
 from api.models import (
-    ComplianceOverviewSummary,
-    ComplianceRequirementOverview,
    Resource,
    ResourceFindingMapping,
    ResourceScanSummary,
@@ -14,7 +9,7 @@ from api.models import (


 def backfill_resource_scan_summaries(tenant_id: str, scan_id: str):
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
+    with rls_transaction(tenant_id):
        if ResourceScanSummary.objects.filter(
            tenant_id=tenant_id, scan_id=scan_id
        ).exists():
@@ -64,114 +59,3 @@ def backfill_resource_scan_summaries(tenant_id: str, scan_id: str):
            )

    return {"status": "backfilled", "inserted": len(summaries)}
-
-
-def backfill_compliance_summaries(tenant_id: str, scan_id: str):
-    """
-    Backfill ComplianceOverviewSummary records for a completed scan.
-
-    This function checks if summary records already exist for the scan.
-    If not, it aggregates compliance requirement data and creates the summaries.
-
-    Args:
-        tenant_id: Target tenant UUID
-        scan_id: Scan UUID to backfill
-
-    Returns:
-        dict: Status indicating whether backfill was performed
-    """
-    with rls_transaction(tenant_id):
-        if ComplianceOverviewSummary.objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id
-        ).exists():
-            return {"status": "already backfilled"}
-
-    with rls_transaction(tenant_id):
-        if not Scan.objects.filter(
-            tenant_id=tenant_id,
-            id=scan_id,
-            state__in=(StateChoices.COMPLETED, StateChoices.FAILED),
-        ).exists():
-            return {"status": "scan is not completed"}
-
-        # Fetch all compliance requirement overview rows for this scan
-        requirement_rows = ComplianceRequirementOverview.objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id
-        ).values(
-            "compliance_id",
-            "requirement_id",
-            "requirement_status",
-        )
-
-        if not requirement_rows:
-            return {"status": "no compliance data to backfill"}
-
-        # Group by (compliance_id, requirement_id) across regions
-        requirement_statuses = defaultdict(
-            lambda: {"fail_count": 0, "pass_count": 0, "total_count": 0}
-        )
-
-        for row in requirement_rows:
-            compliance_id = row["compliance_id"]
-            requirement_id = row["requirement_id"]
-            requirement_status = row["requirement_status"]
-
-            # Aggregate requirement status across regions
-            key = (compliance_id, requirement_id)
-            requirement_statuses[key]["total_count"] += 1
-
-            if requirement_status == "FAIL":
-                requirement_statuses[key]["fail_count"] += 1
-            elif requirement_status == "PASS":
-                requirement_statuses[key]["pass_count"] += 1
-
-        # Determine per-requirement status and aggregate to compliance level
-        compliance_summaries = defaultdict(
-            lambda: {
-                "total_requirements": 0,
-                "requirements_passed": 0,
-                "requirements_failed": 0,
-                "requirements_manual": 0,
-            }
-        )
-
-        for (compliance_id, requirement_id), counts in requirement_statuses.items():
-            # Apply business rule: any FAIL → requirement fails
-            if counts["fail_count"] > 0:
-                req_status = "FAIL"
-            elif counts["pass_count"] == counts["total_count"]:
-                req_status = "PASS"
-            else:
-                req_status = "MANUAL"
-
-            # Aggregate to compliance level
-            compliance_summaries[compliance_id]["total_requirements"] += 1
-            if req_status == "PASS":
-                compliance_summaries[compliance_id]["requirements_passed"] += 1
-            elif req_status == "FAIL":
-                compliance_summaries[compliance_id]["requirements_failed"] += 1
-            else:
-                compliance_summaries[compliance_id]["requirements_manual"] += 1
-
-        # Create summary objects
-        summary_objects = []
-        for compliance_id, data in compliance_summaries.items():
-            summary_objects.append(
-                ComplianceOverviewSummary(
-                    tenant_id=tenant_id,
-                    scan_id=scan_id,
-                    compliance_id=compliance_id,
-                    requirements_passed=data["requirements_passed"],
-                    requirements_failed=data["requirements_failed"],
-                    requirements_manual=data["requirements_manual"],
-                    total_requirements=data["total_requirements"],
-                )
-            )
-
-        # Bulk insert summaries
-        if summary_objects:
-            ComplianceOverviewSummary.objects.bulk_create(
-                summary_objects, batch_size=500, ignore_conflicts=True
-            )
-
-    return {"status": "backfilled", "inserted": len(summary_objects)}
@@ -15,25 +15,21 @@ from prowler.config.config import (
    html_file_suffix,
    json_asff_file_suffix,
    json_ocsf_file_suffix,
-    set_output_timestamp,
 )
 from prowler.lib.outputs.asff.asff import ASFF
 from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
    AWSWellArchitected,
 )
-from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
-from prowler.lib.outputs.compliance.c5.c5_azure import AzureC5
-from prowler.lib.outputs.compliance.c5.c5_gcp import GCPC5
 from prowler.lib.outputs.compliance.ccc.ccc_aws import CCC_AWS
 from prowler.lib.outputs.compliance.ccc.ccc_azure import CCC_Azure
 from prowler.lib.outputs.compliance.ccc.ccc_gcp import CCC_GCP
+from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
 from prowler.lib.outputs.compliance.cis.cis_github import GithubCIS
 from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
 from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
-from prowler.lib.outputs.compliance.cis.cis_oraclecloud import OracleCloudCIS
 from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
 from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
 from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
@@ -59,9 +55,6 @@ from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_azur
 from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_gcp import (
    ProwlerThreatScoreGCP,
 )
-from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_kubernetes import (
-    ProwlerThreatScoreKubernetes,
-)
 from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_m365 import (
    ProwlerThreatScoreM365,
 )
@@ -94,7 +87,6 @@ COMPLIANCE_CLASS_MAP = {
        (lambda name: name.startswith("iso27001_"), AzureISO27001),
        (lambda name: name == "ccc_azure", CCC_Azure),
        (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
-        (lambda name: name == "c5_azure", AzureC5),
    ],
    "gcp": [
        (lambda name: name.startswith("cis_"), GCPCIS),
@@ -103,15 +95,10 @@ COMPLIANCE_CLASS_MAP = {
        (lambda name: name.startswith("iso27001_"), GCPISO27001),
        (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
        (lambda name: name == "ccc_gcp", CCC_GCP),
-        (lambda name: name == "c5_gcp", GCPC5),
    ],
    "kubernetes": [
        (lambda name: name.startswith("cis_"), KubernetesCIS),
        (lambda name: name.startswith("iso27001_"), KubernetesISO27001),
-        (
-            lambda name: name == "prowler_threatscore_kubernetes",
-            ProwlerThreatScoreKubernetes,
-        ),
    ],
    "m365": [
        (lambda name: name.startswith("cis_"), M365CIS),
@@ -121,13 +108,6 @@ COMPLIANCE_CLASS_MAP = {
    "github": [
        (lambda name: name.startswith("cis_"), GithubCIS),
    ],
-    "iac": [
-        # IaC provider doesn't have specific compliance frameworks yet
-        # Trivy handles its own compliance checks
-    ],
-    "oraclecloud": [
-        (lambda name: name.startswith("cis_"), OracleCloudCIS),
-    ],
 }


@@ -203,21 +183,18 @@ def get_s3_client():
    return s3_client


-def _upload_to_s3(
-    tenant_id: str, scan_id: str, local_path: str, relative_key: str
-) -> str | None:
+def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
    """
-    Upload a local artifact to an S3 bucket under the tenant/scan prefix.
-
+    Upload the specified ZIP file to an S3 bucket.
+    If the S3 bucket environment variables are not configured,
+    the function returns None without performing an upload.
    Args:
-        tenant_id (str): The tenant identifier used as the first segment of the S3 key.
-        scan_id (str): The scan identifier used as the second segment of the S3 key.
-        local_path (str): Filesystem path to the artifact to upload.
-        relative_key (str): Object key relative to `<tenant_id>/<scan_id>/`.
-
+        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
+        zip_path (str): The local file system path to the ZIP file to be uploaded.
+        scan_id (str): The scan identifier, used as part of the S3 key prefix.
    Returns:
-        str | None: S3 URI of the uploaded artifact, or None if the upload is skipped.
-
+        str: The S3 URI of the uploaded file (e.g., "s3://<bucket>/<key>") if successful.
+        None: If the required environment variables for the S3 bucket are not set.
    Raises:
        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
    """
@@ -225,50 +202,61 @@ def _upload_to_s3(
    if not bucket:
        return

-    if not relative_key:
-        return
-
-    if not os.path.isfile(local_path):
-        return
-
    try:
        s3 = get_s3_client()

-        s3_key = f"{tenant_id}/{scan_id}/{relative_key}"
-        s3.upload_file(Filename=local_path, Bucket=bucket, Key=s3_key)
+        # Upload the ZIP file (outputs) to the S3 bucket
+        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
+        s3.upload_file(
+            Filename=zip_path,
+            Bucket=bucket,
+            Key=zip_key,
+        )

-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{s3_key}"
+        # Upload the compliance directory to the S3 bucket
+        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
+        for filename in os.listdir(compliance_dir):
+            local_path = os.path.join(compliance_dir, filename)
+            if not os.path.isfile(local_path):
+                continue
+            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
+            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
+
+        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
    except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
        logger.error(f"S3 upload failed: {str(e)}")


-def _build_output_path(
-    output_directory: str,
-    prowler_provider: str,
-    tenant_id: str,
-    scan_id: str,
-    subdirectory: str = None,
-) -> str:
+def _generate_output_directory(
+    output_directory, prowler_provider: object, tenant_id: str, scan_id: str
+) -> tuple[str, str, str]:
    """
-    Build a file system path for the output directory of a prowler scan.
+    Generate a file system path for the output directory of a prowler scan.
+
+    This function constructs the output directory path by combining a base
+    temporary output directory, the tenant ID, the scan ID, and details about
+    the prowler provider along with a timestamp. The resulting path is used to
+    store the output files of a prowler scan.
+
+    Note:
+        This function depends on one external variable:
+          - `output_file_timestamp`: A timestamp (as a string) used to uniquely identify the output.

    Args:
        output_directory (str): The base output directory.
-        prowler_provider (str): An identifier or descriptor for the prowler provider.
-                               Typically, this is a string indicating the provider (e.g., "aws").
+        prowler_provider (object): An identifier or descriptor for the prowler provider.
+                                   Typically, this is a string indicating the provider (e.g., "aws").
        tenant_id (str): The unique identifier for the tenant.
        scan_id (str): The unique identifier for the scan.
-        subdirectory (str, optional): Optional subdirectory to include in the path
-                                     (e.g., "compliance", "threatscore", "ens").

    Returns:
-        str: The constructed path with directory created.
+        str: The constructed file system path for the prowler scan output directory.

    Example:
-        >>> _build_output_path("/tmp", "aws", "tenant-1234", "scan-5678")
-        '/tmp/tenant-1234/scan-5678/prowler-output-aws-20230215123456'
-        >>> _build_output_path("/tmp", "aws", "tenant-1234", "scan-5678", "threatscore")
-        '/tmp/tenant-1234/scan-5678/threatscore/prowler-output-aws-20230215123456'
+        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
+        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
+        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
+        '/tmp/tenant-1234/aws/scan-5678/threatscore/prowler-output-2023-02-15T12:34:56'
    """
    # Sanitize the prowler provider name to ensure it is a valid directory name
    prowler_provider_sanitized = re.sub(r"[^\w\-]", "-", prowler_provider)
@@ -276,107 +264,23 @@ def _build_output_path(
    with rls_transaction(tenant_id):
        started_at = Scan.objects.get(id=scan_id).started_at

-    set_output_timestamp(started_at)
-
    timestamp = started_at.strftime("%Y%m%d%H%M%S")
-
-    if subdirectory:
-        path = (
-            f"{output_directory}/{tenant_id}/{scan_id}/{subdirectory}/prowler-output-"
-            f"{prowler_provider_sanitized}-{timestamp}"
-        )
-    else:
-        path = (
-            f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
-            f"{prowler_provider_sanitized}-{timestamp}"
-        )
-
-    # Create directory for the path if it doesn't exist
+    path = (
+        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
+        f"{prowler_provider_sanitized}-{timestamp}"
+    )
    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)

-    return path
-
-
-def _generate_compliance_output_directory(
-    output_directory: str,
-    prowler_provider: str,
-    tenant_id: str,
-    scan_id: str,
-    compliance_framework: str,
-) -> str:
-    """
-    Generate a file system path for a compliance framework output directory.
-
-    This function constructs the output directory path specifically for a compliance
-    framework (e.g., "threatscore", "ens") by combining a base temporary output directory,
-    the tenant ID, the scan ID, the compliance framework name, and details about the
-    prowler provider along with a timestamp.
-
-    Args:
-        output_directory (str): The base output directory.
-        prowler_provider (str): An identifier or descriptor for the prowler provider.
-                               Typically, this is a string indicating the provider (e.g., "aws").
-        tenant_id (str): The unique identifier for the tenant.
-        scan_id (str): The unique identifier for the scan.
-        compliance_framework (str): The compliance framework name (e.g., "threatscore", "ens").
-
-    Returns:
-        str: The path for the compliance framework output directory.
-
-    Example:
-        >>> _generate_compliance_output_directory("/tmp", "aws", "tenant-1234", "scan-5678", "threatscore")
-        '/tmp/tenant-1234/scan-5678/threatscore/prowler-output-aws-20230215123456'
-        >>> _generate_compliance_output_directory("/tmp", "aws", "tenant-1234", "scan-5678", "ens")
-        '/tmp/tenant-1234/scan-5678/ens/prowler-output-aws-20230215123456'
-        >>> _generate_compliance_output_directory("/tmp", "aws", "tenant-1234", "scan-5678", "nis2")
-        '/tmp/tenant-1234/scan-5678/nis2/prowler-output-aws-20230215123456'
-    """
-    return _build_output_path(
-        output_directory,
-        prowler_provider,
-        tenant_id,
-        scan_id,
-        subdirectory=compliance_framework,
+    compliance_path = (
+        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
+        f"{prowler_provider_sanitized}-{timestamp}"
    )
+    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)

-
-def _generate_output_directory(
-    output_directory: str,
-    prowler_provider: str,
-    tenant_id: str,
-    scan_id: str,
-) -> tuple[str, str]:
-    """
-    Generate file system paths for the standard and compliance output directories of a prowler scan.
-
-    This function constructs both the standard output directory path and the compliance
-    output directory path by combining a base temporary output directory, the tenant ID,
-    the scan ID, and details about the prowler provider along with a timestamp.
-
-    Args:
-        output_directory (str): The base output directory.
-        prowler_provider (str): An identifier or descriptor for the prowler provider.
-                               Typically, this is a string indicating the provider (e.g., "aws").
-        tenant_id (str): The unique identifier for the tenant.
-        scan_id (str): The unique identifier for the scan.
-
-    Returns:
-        tuple[str, str]: A tuple containing (standard_path, compliance_path).
-
-    Example:
-        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
-        ('/tmp/tenant-1234/scan-5678/prowler-output-aws-20230215123456',
-         '/tmp/tenant-1234/scan-5678/compliance/prowler-output-aws-20230215123456')
-    """
-    standard_path = _build_output_path(
-        output_directory, prowler_provider, tenant_id, scan_id
-    )
-    compliance_path = _build_output_path(
-        output_directory,
-        prowler_provider,
-        tenant_id,
-        scan_id,
-        subdirectory="compliance",
+    threatscore_path = (
+        f"{output_directory}/{tenant_id}/{scan_id}/threatscore/prowler-output-"
+        f"{prowler_provider_sanitized}-{timestamp}"
    )
+    os.makedirs("/".join(threatscore_path.split("/")[:-1]), exist_ok=True)

-    return standard_path, compliance_path
+    return path, compliance_path, threatscore_path
@@ -5,7 +5,7 @@ from celery.utils.log import get_task_logger
 from config.django.base import DJANGO_FINDINGS_BATCH_SIZE
 from tasks.utils import batched

-from api.db_router import READ_REPLICA_ALIAS, MainRouter
+from api.db_router import READ_REPLICA_ALIAS
 from api.db_utils import rls_transaction
 from api.models import Finding, Integration, Provider
 from api.utils import initialize_prowler_integration, initialize_prowler_provider
@@ -179,7 +179,7 @@ def get_security_hub_client_from_integration(
        if the connection was successful and the SecurityHub client or connection object.
    """
    # Get the provider associated with this integration
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
+    with rls_transaction(tenant_id):
        provider_relationship = integration.integrationproviderrelationship_set.first()
        if not provider_relationship:
            return Connection(
@@ -208,7 +208,7 @@ def get_security_hub_client_from_integration(
            regions_status[region] = region in connection.enabled_regions

        # Save regions information in the integration configuration
-        with rls_transaction(tenant_id, using=MainRouter.default_db):
+        with rls_transaction(tenant_id):
            integration.configuration["regions"] = regions_status
            integration.save()

@@ -223,7 +223,7 @@ def get_security_hub_client_from_integration(
        return True, security_hub
    else:
        # Reset regions information if connection fails
-        with rls_transaction(tenant_id, using=MainRouter.default_db):
+        with rls_transaction(tenant_id):
            integration.configuration["regions"] = {}
            integration.save()

@@ -334,11 +334,8 @@ def upload_security_hub_integration(
                                        f"Security Hub connection failed for integration {integration.id}: "
                                        f"{security_hub.error}"
                                    )
-                                    with rls_transaction(
-                                        tenant_id, using=MainRouter.default_db
-                                    ):
-                                        integration.connected = False
-                                        integration.save()
+                                    integration.connected = False
+                                    integration.save()
                                    break  # Skip this integration

                                security_hub_client = security_hub
@@ -1,452 +0,0 @@
-from typing import Dict
-
-import boto3
-import openai
-from botocore.exceptions import BotoCoreError, ClientError
-from celery.utils.log import get_task_logger
-
-from api.models import LighthouseProviderConfiguration, LighthouseProviderModels
-
-logger = get_task_logger(__name__)
-
-
-def _extract_openai_api_key(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> str | None:
-    """
-    Safely extract the OpenAI API key from a provider configuration.
-
-    Args:
-        provider_cfg (LighthouseProviderConfiguration): The provider configuration instance
-            containing the credentials.
-
-    Returns:
-        str | None: The API key string if present and valid, otherwise None.
-    """
-    creds = provider_cfg.credentials_decoded
-    if not isinstance(creds, dict):
-        return None
-    api_key = creds.get("api_key")
-    if not isinstance(api_key, str) or not api_key:
-        return None
-    return api_key
-
-
-def _extract_openai_compatible_params(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> Dict[str, str] | None:
-    """
-    Extract base_url and api_key for OpenAI-compatible providers.
-    """
-    creds = provider_cfg.credentials_decoded
-    base_url = provider_cfg.base_url
-    if not isinstance(creds, dict):
-        return None
-    api_key = creds.get("api_key")
-    if not isinstance(api_key, str) or not api_key:
-        return None
-    if not isinstance(base_url, str) or not base_url:
-        return None
-    return {"base_url": base_url, "api_key": api_key}
-
-
-def _extract_bedrock_credentials(
-    provider_cfg: LighthouseProviderConfiguration,
-) -> Dict[str, str] | None:
-    """
-    Safely extract AWS Bedrock credentials from a provider configuration.
-
-    Args:
-        provider_cfg (LighthouseProviderConfiguration): The provider configuration instance
-            containing the credentials.
-
-    Returns:
-        Dict[str, str] | None: Dictionary with 'access_key_id', 'secret_access_key', and
-            'region' if present and valid, otherwise None.
-    """
-    creds = provider_cfg.credentials_decoded
-    if not isinstance(creds, dict):
-        return None
-
-    access_key_id = creds.get("access_key_id")
-    secret_access_key = creds.get("secret_access_key")
-    region = creds.get("region")
-
-    # Validate all required fields are present and are strings
-    if (
-        not isinstance(access_key_id, str)
-        or not access_key_id
-        or not isinstance(secret_access_key, str)
-        or not secret_access_key
-        or not isinstance(region, str)
-        or not region
-    ):
-        return None
-
-    return {
-        "access_key_id": access_key_id,
-        "secret_access_key": secret_access_key,
-        "region": region,
-    }
-
-
-def check_lighthouse_provider_connection(provider_config_id: str) -> Dict:
-    """
-    Validate a Lighthouse provider configuration by calling the provider API and
-    toggle its active state accordingly.
-
-    Args:
-        provider_config_id: The primary key of the `LighthouseProviderConfiguration`
-            to validate.
-
-    Returns:
-        dict: A result dictionary with the following keys:
-            - "connected" (bool): Whether the provider credentials are valid.
-            - "error" (str | None): The error message when not connected, otherwise None.
-
-    Side Effects:
-        - Updates and persists `is_active` on the `LighthouseProviderConfiguration`.
-
-    Raises:
-        LighthouseProviderConfiguration.DoesNotExist: If no configuration exists with the given ID.
-    """
-    provider_cfg = LighthouseProviderConfiguration.objects.get(pk=provider_config_id)
-
-    try:
-        if (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            api_key = _extract_openai_api_key(provider_cfg)
-            if not api_key:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {"connected": False, "error": "API key is invalid or missing"}
-
-            # Test connection by listing models
-            client = openai.OpenAI(api_key=api_key)
-            _ = client.models.list()
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            bedrock_creds = _extract_bedrock_credentials(provider_cfg)
-            if not bedrock_creds:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {
-                    "connected": False,
-                    "error": "AWS credentials are invalid or missing",
-                }
-
-            # Test connection by listing foundation models
-            bedrock_client = boto3.client(
-                "bedrock",
-                aws_access_key_id=bedrock_creds["access_key_id"],
-                aws_secret_access_key=bedrock_creds["secret_access_key"],
-                region_name=bedrock_creds["region"],
-            )
-            _ = bedrock_client.list_foundation_models()
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            params = _extract_openai_compatible_params(provider_cfg)
-            if not params:
-                provider_cfg.is_active = False
-                provider_cfg.save()
-                return {
-                    "connected": False,
-                    "error": "Base URL or API key is invalid or missing",
-                }
-
-            # Test connection using OpenAI SDK with custom base_url
-            # Note: base_url should include version (e.g., https://openrouter.ai/api/v1)
-            client = openai.OpenAI(
-                api_key=params["api_key"],
-                base_url=params["base_url"],
-            )
-            _ = client.models.list()
-
-        else:
-            return {"connected": False, "error": "Unsupported provider type"}
-
-        # Connection successful
-        provider_cfg.is_active = True
-        provider_cfg.save()
-        return {"connected": True, "error": None}
-
-    except Exception as e:
-        logger.warning(
-            "%s connection check failed: %s", provider_cfg.provider_type, str(e)
-        )
-        provider_cfg.is_active = False
-        provider_cfg.save()
-        return {"connected": False, "error": str(e)}
-
-
-def _fetch_openai_models(api_key: str) -> Dict[str, str]:
-    """
-    Fetch available models from OpenAI API.
-
-    Args:
-        api_key: OpenAI API key for authentication.
-
-    Returns:
-        Dict mapping model_id to model_name. For OpenAI, both are the same
-        as the API doesn't provide separate display names.
-
-    Raises:
-        Exception: If the API call fails.
-    """
-    client = openai.OpenAI(api_key=api_key)
-    models = client.models.list()
-    # OpenAI uses model.id for both ID and display name
-    return {m.id: m.id for m in getattr(models, "data", [])}
-
-
-def _fetch_openai_compatible_models(base_url: str, api_key: str) -> Dict[str, str]:
-    """
-    Fetch available models from an OpenAI-compatible API using the OpenAI SDK.
-
-    Returns a mapping of model_id -> model_name. Prefers the 'name' attribute
-    if available (e.g., from OpenRouter), otherwise falls back to 'id'.
-
-    Note: base_url should include version (e.g., https://openrouter.ai/api/v1)
-    """
-    client = openai.OpenAI(api_key=api_key, base_url=base_url)
-    models = client.models.list()
-
-    available_models: Dict[str, str] = {}
-    for model in models.data:
-        model_id = model.id
-        # Prefer provider-supplied human-friendly name when available
-        name = getattr(model, "name", None)
-        if name:
-            available_models[model_id] = name
-        else:
-            available_models[model_id] = model_id
-
-    return available_models
-
-
-def _fetch_bedrock_models(bedrock_creds: Dict[str, str]) -> Dict[str, str]:
-    """
-    Fetch available models from AWS Bedrock with entitlement verification.
-
-    This function:
-    1. Lists foundation models with TEXT modality support
-    2. Lists inference profiles with TEXT modality support
-    3. Verifies user has entitlement access to each model
-
-    Args:
-        bedrock_creds: Dictionary with 'access_key_id', 'secret_access_key', and 'region'.
-
-    Returns:
-        Dict mapping model_id to model_name for all accessible models.
-
-    Raises:
-        BotoCoreError, ClientError: If AWS API calls fail.
-    """
-    bedrock_client = boto3.client(
-        "bedrock",
-        aws_access_key_id=bedrock_creds["access_key_id"],
-        aws_secret_access_key=bedrock_creds["secret_access_key"],
-        region_name=bedrock_creds["region"],
-    )
-
-    models_to_check: Dict[str, str] = {}
-
-    # Step 1: Get foundation models with TEXT modality
-    foundation_response = bedrock_client.list_foundation_models()
-    model_summaries = foundation_response.get("modelSummaries", [])
-
-    for model in model_summaries:
-        # Check if model supports TEXT input and output modality
-        input_modalities = model.get("inputModalities", [])
-        output_modalities = model.get("outputModalities", [])
-
-        if "TEXT" not in input_modalities or "TEXT" not in output_modalities:
-            continue
-
-        model_id = model.get("modelId")
-        if not model_id:
-            continue
-
-        inference_types = model.get("inferenceTypesSupported", [])
-
-        # Only include models with ON_DEMAND inference support
-        if "ON_DEMAND" in inference_types:
-            models_to_check[model_id] = model["modelName"]
-
-    # Step 2: Get inference profiles
-    try:
-        inference_profiles_response = bedrock_client.list_inference_profiles()
-        inference_profiles = inference_profiles_response.get(
-            "inferenceProfileSummaries", []
-        )
-
-        for profile in inference_profiles:
-            # Check if profile supports TEXT modality
-            input_modalities = profile.get("inputModalities", [])
-            output_modalities = profile.get("outputModalities", [])
-
-            if "TEXT" not in input_modalities or "TEXT" not in output_modalities:
-                continue
-
-            profile_id = profile.get("inferenceProfileId")
-            if profile_id:
-                models_to_check[profile_id] = profile["inferenceProfileName"]
-
-    except (BotoCoreError, ClientError) as e:
-        logger.info(
-            "Could not fetch inference profiles in %s: %s",
-            bedrock_creds["region"],
-            str(e),
-        )
-
-    # Step 3: Verify entitlement availability for each model
-    available_models: Dict[str, str] = {}
-
-    for model_id, model_name in models_to_check.items():
-        try:
-            availability = bedrock_client.get_foundation_model_availability(
-                modelId=model_id
-            )
-
-            entitlement = availability.get("entitlementAvailability")
-
-            # Only include models user has access to
-            if entitlement == "AVAILABLE":
-                available_models[model_id] = model_name
-            else:
-                logger.debug(
-                    "Skipping model %s - entitlement status: %s", model_id, entitlement
-                )
-
-        except (BotoCoreError, ClientError) as e:
-            logger.debug(
-                "Could not check availability for model %s: %s", model_id, str(e)
-            )
-            continue
-
-    return available_models
-
-
-def refresh_lighthouse_provider_models(provider_config_id: str) -> Dict:
-    """
-    Refresh the catalog of models for a Lighthouse provider configuration.
-
-    Fetches the current list of models from the provider, upserts entries into
-    `LighthouseProviderModels`, and deletes stale entries no longer returned.
-
-    Args:
-        provider_config_id: The primary key of the `LighthouseProviderConfiguration`
-            whose models should be refreshed.
-
-    Returns:
-        dict: A result dictionary with the following keys on success:
-            - "created" (int): Number of new model rows created.
-            - "updated" (int): Number of existing model rows updated.
-            - "deleted" (int): Number of stale model rows removed.
-        If an error occurs, the dictionary will contain an "error" (str) field instead.
-
-    Raises:
-        LighthouseProviderConfiguration.DoesNotExist: If no configuration exists with the given ID.
-    """
-    provider_cfg = LighthouseProviderConfiguration.objects.get(pk=provider_config_id)
-    fetched_models: Dict[str, str] = {}
-
-    # Fetch models from the appropriate provider
-    try:
-        if (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI
-        ):
-            api_key = _extract_openai_api_key(provider_cfg)
-            if not api_key:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "API key is invalid or missing",
-                }
-            fetched_models = _fetch_openai_models(api_key)
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.BEDROCK
-        ):
-            bedrock_creds = _extract_bedrock_credentials(provider_cfg)
-            if not bedrock_creds:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "AWS credentials are invalid or missing",
-                }
-            fetched_models = _fetch_bedrock_models(bedrock_creds)
-
-        elif (
-            provider_cfg.provider_type
-            == LighthouseProviderConfiguration.LLMProviderChoices.OPENAI_COMPATIBLE
-        ):
-            params = _extract_openai_compatible_params(provider_cfg)
-            if not params:
-                return {
-                    "created": 0,
-                    "updated": 0,
-                    "deleted": 0,
-                    "error": "Base URL or API key is invalid or missing",
-                }
-            fetched_models = _fetch_openai_compatible_models(
-                params["base_url"], params["api_key"]
-            )
-
-        else:
-            return {
-                "created": 0,
-                "updated": 0,
-                "deleted": 0,
-                "error": "Unsupported provider type",
-            }
-
-    except Exception as e:
-        logger.warning(
-            "Unexpected error refreshing %s models: %s",
-            provider_cfg.provider_type,
-            str(e),
-        )
-        return {"created": 0, "updated": 0, "deleted": 0, "error": str(e)}
-
-    # Upsert models into the catalog
-    created = 0
-    updated = 0
-
-    for model_id, model_name in fetched_models.items():
-        obj, was_created = LighthouseProviderModels.objects.update_or_create(
-            tenant_id=provider_cfg.tenant_id,
-            provider_configuration=provider_cfg,
-            model_id=model_id,
-            defaults={
-                "model_name": model_name,
-                "default_parameters": {},
-            },
-        )
-        if was_created:
-            created += 1
-        else:
-            updated += 1
-
-    # Delete stale models not present anymore
-    deleted, _ = (
-        LighthouseProviderModels.objects.filter(
-            tenant_id=provider_cfg.tenant_id, provider_configuration=provider_cfg
-        )
-        .exclude(model_id__in=fetched_models.keys())
-        .delete()
-    )
-
-    return {"created": created, "updated": updated, "deleted": deleted}
@@ -1,64 +0,0 @@
-from celery.utils.log import get_task_logger
-from config.django.base import DJANGO_FINDINGS_BATCH_SIZE
-from tasks.utils import batched
-
-from api.db_utils import rls_transaction
-from api.models import Finding, MuteRule
-
-logger = get_task_logger(__name__)
-
-
-def mute_historical_findings(tenant_id: str, mute_rule_id: str):
-    """
-    Mute historical findings that match the given mute rule.
-
-    This function processes findings in batches, updating their muted status
-    and adding the mute reason.
-
-    Args:
-        tenant_id (str): The tenant ID for RLS context
-        mute_rule_id (str): The ID of the mute rule to apply
-
-    Returns:
-        dict: Summary of the muting operation with findings_muted count
-    """
-    findings_muted_count = 0
-
-    # Get the list of UIDs to mute and the reason
-    with rls_transaction(tenant_id):
-        mute_rule = MuteRule.objects.get(id=mute_rule_id, tenant_id=tenant_id)
-        finding_uids = mute_rule.finding_uids
-        mute_reason = mute_rule.reason
-        muted_at = mute_rule.inserted_at
-
-    # Query findings that match the UIDs and are not already muted
-    with rls_transaction(tenant_id):
-        findings_to_mute = Finding.objects.filter(
-            tenant_id=tenant_id, uid__in=finding_uids, muted=False
-        )
-        total_findings = findings_to_mute.count()
-
-        logger.info(
-            f"Processing {total_findings} findings for mute rule {mute_rule_id}"
-        )
-
-        if total_findings > 0:
-            for batch, is_last in batched(
-                findings_to_mute.iterator(), DJANGO_FINDINGS_BATCH_SIZE
-            ):
-                batch_ids = [f.id for f in batch]
-                updated_count = Finding.all_objects.filter(
-                    id__in=batch_ids, tenant_id=tenant_id
-                ).update(
-                    muted=True,
-                    muted_at=muted_at,
-                    muted_reason=mute_reason,
-                )
-                findings_muted_count += updated_count
-
-    logger.info(f"Muted {findings_muted_count} findings for rule {mute_rule_id}")
-
-    return {
-        "findings_muted": findings_muted_count,
-        "rule_id": mute_rule_id,
-    }
@@ -1,214 +0,0 @@
-from celery.utils.log import get_task_logger
-from tasks.jobs.threatscore_utils import (
-    _aggregate_requirement_statistics_from_database,
-    _calculate_requirements_data_from_statistics,
-)
-
-from api.db_router import READ_REPLICA_ALIAS
-from api.db_utils import rls_transaction
-from api.models import Provider, StatusChoices
-from prowler.lib.check.compliance_models import Compliance
-
-logger = get_task_logger(__name__)
-
-
-def compute_threatscore_metrics(
-    tenant_id: str,
-    scan_id: str,
-    provider_id: str,
-    compliance_id: str,
-    min_risk_level: int = 4,
-) -> dict:
-    """
-    Compute ThreatScore metrics for a given scan.
-
-    This function calculates all the metrics needed for a ThreatScore snapshot:
-    - Overall ThreatScore percentage
-    - Section-by-section scores
-    - Critical failed requirements (risk >= min_risk_level)
-    - Summary statistics (requirements and findings counts)
-
-    Args:
-        tenant_id (str): The tenant ID for Row-Level Security context.
-        scan_id (str): The ID of the scan to analyze.
-        provider_id (str): The ID of the provider used in the scan.
-        compliance_id (str): Compliance framework ID (e.g., "prowler_threatscore_aws").
-        min_risk_level (int): Minimum risk level for critical requirements. Defaults to 4.
-
-    Returns:
-        dict: A dictionary containing:
-            - overall_score (float): Overall ThreatScore percentage (0-100)
-            - section_scores (dict): Section name -> score percentage mapping
-            - critical_requirements (list): List of critical failed requirement dicts
-            - total_requirements (int): Total number of requirements
-            - passed_requirements (int): Number of PASS requirements
-            - failed_requirements (int): Number of FAIL requirements
-            - manual_requirements (int): Number of MANUAL requirements
-            - total_findings (int): Total findings count
-            - passed_findings (int): Passed findings count
-            - failed_findings (int): Failed findings count
-
-    Example:
-        >>> metrics = compute_threatscore_metrics(
-        ...     tenant_id="tenant-123",
-        ...     scan_id="scan-456",
-        ...     provider_id="provider-789",
-        ...     compliance_id="prowler_threatscore_aws"
-        ... )
-        >>> print(f"Overall ThreatScore: {metrics['overall_score']:.2f}%")
-    """
-    # Get provider and compliance information
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        provider_obj = Provider.objects.get(id=provider_id)
-        provider_type = provider_obj.provider
-
-        frameworks_bulk = Compliance.get_bulk(provider_type)
-        compliance_obj = frameworks_bulk[compliance_id]
-
-    # Aggregate requirement statistics from database
-    requirement_statistics_by_check_id = (
-        _aggregate_requirement_statistics_from_database(tenant_id, scan_id)
-    )
-
-    # Calculate requirements data using aggregated statistics
-    attributes_by_requirement_id, requirements_list = (
-        _calculate_requirements_data_from_statistics(
-            compliance_obj, requirement_statistics_by_check_id
-        )
-    )
-
-    # Initialize metrics
-    overall_numerator = 0
-    overall_denominator = 0
-    overall_has_findings = False
-
-    sections_data = {}
-
-    total_requirements = len(requirements_list)
-    passed_requirements = 0
-    failed_requirements = 0
-    manual_requirements = 0
-    total_findings = 0
-    passed_findings = 0
-    failed_findings = 0
-
-    critical_requirements_list = []
-
-    # Process each requirement
-    for requirement in requirements_list:
-        requirement_id = requirement["id"]
-        requirement_status = requirement["attributes"]["status"]
-        requirement_attributes = attributes_by_requirement_id.get(requirement_id, {})
-
-        # Count requirements by status
-        if requirement_status == StatusChoices.PASS:
-            passed_requirements += 1
-        elif requirement_status == StatusChoices.FAIL:
-            failed_requirements += 1
-        elif requirement_status == StatusChoices.MANUAL:
-            manual_requirements += 1
-
-        # Get findings data
-        req_passed_findings = requirement["attributes"].get("passed_findings", 0)
-        req_total_findings = requirement["attributes"].get("total_findings", 0)
-
-        # Accumulate findings counts
-        total_findings += req_total_findings
-        passed_findings += req_passed_findings
-        failed_findings += req_total_findings - req_passed_findings
-
-        # Skip requirements with no findings
-        if req_total_findings == 0:
-            continue
-
-        overall_has_findings = True
-
-        # Get requirement metadata
-        metadata = requirement_attributes.get("attributes", {}).get(
-            "req_attributes", []
-        )
-        if not metadata or len(metadata) == 0:
-            continue
-
-        m = metadata[0]
-        risk_level = getattr(m, "LevelOfRisk", 0)
-        weight = getattr(m, "Weight", 0)
-        section = getattr(m, "Section", "Unknown")
-
-        # Calculate ThreatScore components using formula from UI
-        rate_i = req_passed_findings / req_total_findings
-        rfac_i = 1 + 0.25 * risk_level
-
-        # Update overall score
-        overall_numerator += rate_i * req_total_findings * weight * rfac_i
-        overall_denominator += req_total_findings * weight * rfac_i
-
-        # Update section scores
-        if section not in sections_data:
-            sections_data[section] = {
-                "numerator": 0,
-                "denominator": 0,
-                "has_findings": False,
-            }
-
-        sections_data[section]["has_findings"] = True
-        sections_data[section]["numerator"] += (
-            rate_i * req_total_findings * weight * rfac_i
-        )
-        sections_data[section]["denominator"] += req_total_findings * weight * rfac_i
-
-        # Identify critical failed requirements
-        if requirement_status == StatusChoices.FAIL and risk_level >= min_risk_level:
-            critical_requirements_list.append(
-                {
-                    "requirement_id": requirement_id,
-                    "title": getattr(m, "Title", "N/A"),
-                    "section": section,
-                    "subsection": getattr(m, "SubSection", "N/A"),
-                    "risk_level": risk_level,
-                    "weight": weight,
-                    "passed_findings": req_passed_findings,
-                    "total_findings": req_total_findings,
-                    "description": getattr(m, "AttributeDescription", "N/A"),
-                }
-            )
-
-    # Calculate overall ThreatScore
-    if not overall_has_findings:
-        overall_score = 100.0
-    elif overall_denominator > 0:
-        overall_score = (overall_numerator / overall_denominator) * 100
-    else:
-        overall_score = 0.0
-
-    # Calculate section scores
-    section_scores = {}
-    for section, data in sections_data.items():
-        if data["has_findings"] and data["denominator"] > 0:
-            section_scores[section] = (data["numerator"] / data["denominator"]) * 100
-        else:
-            section_scores[section] = 100.0
-
-    # Sort critical requirements by risk level (desc) and weight (desc)
-    critical_requirements_list.sort(
-        key=lambda x: (x["risk_level"], x["weight"]), reverse=True
-    )
-
-    logger.info(
-        f"ThreatScore computed: {overall_score:.2f}% "
-        f"({passed_requirements}/{total_requirements} requirements passed, "
-        f"{len(critical_requirements_list)} critical failures)"
-    )
-
-    return {
-        "overall_score": round(overall_score, 2),
-        "section_scores": {k: round(v, 2) for k, v in section_scores.items()},
-        "critical_requirements": critical_requirements_list,
-        "total_requirements": total_requirements,
-        "passed_requirements": passed_requirements,
-        "failed_requirements": failed_requirements,
-        "manual_requirements": manual_requirements,
-        "total_findings": total_findings,
-        "passed_findings": passed_findings,
-        "failed_findings": failed_findings,
-    }
@@ -1,239 +0,0 @@
-from collections import defaultdict
-
-from celery.utils.log import get_task_logger
-from config.django.base import DJANGO_FINDINGS_BATCH_SIZE
-from django.db.models import Count, Q
-from tasks.utils import batched
-
-from api.db_router import READ_REPLICA_ALIAS
-from api.db_utils import rls_transaction
-from api.models import Finding, StatusChoices
-from prowler.lib.outputs.finding import Finding as FindingOutput
-
-logger = get_task_logger(__name__)
-
-
-def _aggregate_requirement_statistics_from_database(
-    tenant_id: str, scan_id: str
-) -> dict[str, dict[str, int]]:
-    """
-    Aggregate finding statistics by check_id using database aggregation.
-
-    This function uses Django ORM aggregation to calculate pass/fail statistics
-    entirely in the database, avoiding the need to load findings into memory.
-
-    Args:
-        tenant_id (str): The tenant ID for Row-Level Security context.
-        scan_id (str): The ID of the scan to retrieve findings for.
-
-    Returns:
-        dict[str, dict[str, int]]: Dictionary mapping check_id to statistics:
-            - 'passed' (int): Number of passed findings for this check
-            - 'total' (int): Total number of findings for this check
-
-    Example:
-        {
-            'aws_iam_user_mfa_enabled': {'passed': 10, 'total': 15},
-            'aws_s3_bucket_public_access': {'passed': 0, 'total': 5}
-        }
-    """
-    requirement_statistics_by_check_id = {}
-
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        aggregated_statistics_queryset = (
-            Finding.all_objects.filter(
-                tenant_id=tenant_id, scan_id=scan_id, muted=False
-            )
-            .values("check_id")
-            .annotate(
-                total_findings=Count(
-                    "id",
-                    filter=Q(status__in=[StatusChoices.PASS, StatusChoices.FAIL]),
-                ),
-                passed_findings=Count("id", filter=Q(status=StatusChoices.PASS)),
-            )
-        )
-
-        for aggregated_stat in aggregated_statistics_queryset:
-            check_id = aggregated_stat["check_id"]
-            requirement_statistics_by_check_id[check_id] = {
-                "passed": aggregated_stat["passed_findings"],
-                "total": aggregated_stat["total_findings"],
-            }
-
-    logger.info(
-        f"Aggregated statistics for {len(requirement_statistics_by_check_id)} unique checks"
-    )
-    return requirement_statistics_by_check_id
-
-
-def _calculate_requirements_data_from_statistics(
-    compliance_obj, requirement_statistics_by_check_id: dict[str, dict[str, int]]
-) -> tuple[dict[str, dict], list[dict]]:
-    """
-    Calculate requirement status and statistics using pre-aggregated database statistics.
-
-    Args:
-        compliance_obj: The compliance framework object containing requirements.
-        requirement_statistics_by_check_id (dict[str, dict[str, int]]): Pre-aggregated statistics
-            mapping check_id to {'passed': int, 'total': int} counts.
-
-    Returns:
-        tuple[dict[str, dict], list[dict]]: A tuple containing:
-            - attributes_by_requirement_id: Dictionary mapping requirement IDs to their attributes.
-            - requirements_list: List of requirement dictionaries with status and statistics.
-    """
-    attributes_by_requirement_id = {}
-    requirements_list = []
-
-    compliance_framework = getattr(compliance_obj, "Framework", "N/A")
-    compliance_version = getattr(compliance_obj, "Version", "N/A")
-
-    for requirement in compliance_obj.Requirements:
-        requirement_id = requirement.Id
-        requirement_description = getattr(requirement, "Description", "")
-        requirement_checks = getattr(requirement, "Checks", [])
-        requirement_attributes = getattr(requirement, "Attributes", [])
-
-        attributes_by_requirement_id[requirement_id] = {
-            "attributes": {
-                "req_attributes": requirement_attributes,
-                "checks": requirement_checks,
-            },
-            "description": requirement_description,
-        }
-
-        total_passed_findings = 0
-        total_findings_count = 0
-
-        for check_id in requirement_checks:
-            if check_id in requirement_statistics_by_check_id:
-                check_statistics = requirement_statistics_by_check_id[check_id]
-                total_findings_count += check_statistics["total"]
-                total_passed_findings += check_statistics["passed"]
-
-        if total_findings_count > 0:
-            if total_passed_findings == total_findings_count:
-                requirement_status = StatusChoices.PASS
-            else:
-                requirement_status = StatusChoices.FAIL
-        else:
-            requirement_status = StatusChoices.MANUAL
-
-        requirements_list.append(
-            {
-                "id": requirement_id,
-                "attributes": {
-                    "framework": compliance_framework,
-                    "version": compliance_version,
-                    "status": requirement_status,
-                    "description": requirement_description,
-                    "passed_findings": total_passed_findings,
-                    "total_findings": total_findings_count,
-                },
-            }
-        )
-
-    return attributes_by_requirement_id, requirements_list
-
-
-def _load_findings_for_requirement_checks(
-    tenant_id: str,
-    scan_id: str,
-    check_ids: list[str],
-    prowler_provider,
-    findings_cache: dict[str, list[FindingOutput]] | None = None,
-) -> dict[str, list[FindingOutput]]:
-    """
-    Load findings for specific check IDs on-demand with optional caching.
-
-    This function loads only the findings needed for a specific set of checks,
-    minimizing memory usage by avoiding loading all findings at once. This is used
-    when generating detailed findings tables for specific requirements in the PDF.
-
-    Supports optional caching to avoid duplicate queries when generating multiple
-    reports for the same scan.
-
-    Args:
-        tenant_id (str): The tenant ID for Row-Level Security context.
-        scan_id (str): The ID of the scan to retrieve findings for.
-        check_ids (list[str]): List of check IDs to load findings for.
-        prowler_provider: The initialized Prowler provider instance.
-        findings_cache (dict, optional): Cache of already loaded findings.
-            If provided, checks are first looked up in cache before querying database.
-
-    Returns:
-        dict[str, list[FindingOutput]]: Dictionary mapping check_id to list of FindingOutput objects.
-
-    Example:
-        {
-            'aws_iam_user_mfa_enabled': [FindingOutput(...), FindingOutput(...)],
-            'aws_s3_bucket_public_access': [FindingOutput(...)]
-        }
-    """
-    findings_by_check_id = defaultdict(list)
-
-    if not check_ids:
-        return dict(findings_by_check_id)
-
-    # Initialize cache if not provided
-    if findings_cache is None:
-        findings_cache = {}
-
-    # Separate cached and non-cached check_ids
-    check_ids_to_load = []
-    cache_hits = 0
-    cache_misses = 0
-
-    for check_id in check_ids:
-        if check_id in findings_cache:
-            # Reuse from cache
-            findings_by_check_id[check_id] = findings_cache[check_id]
-            cache_hits += 1
-        else:
-            # Need to load from database
-            check_ids_to_load.append(check_id)
-            cache_misses += 1
-
-    if cache_hits > 0:
-        logger.info(
-            f"Findings cache: {cache_hits} hits, {cache_misses} misses "
-            f"({cache_hits / (cache_hits + cache_misses) * 100:.1f}% hit rate)"
-        )
-
-    # If all check_ids were in cache, return early
-    if not check_ids_to_load:
-        return dict(findings_by_check_id)
-
-    logger.info(f"Loading findings for {len(check_ids_to_load)} checks on-demand")
-
-    findings_queryset = (
-        Finding.all_objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id, check_id__in=check_ids_to_load
-        )
-        .order_by("uid")
-        .iterator()
-    )
-
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        for batch, is_last_batch in batched(
-            findings_queryset, DJANGO_FINDINGS_BATCH_SIZE
-        ):
-            for finding_model in batch:
-                finding_output = FindingOutput.transform_api_finding(
-                    finding_model, prowler_provider
-                )
-                findings_by_check_id[finding_output.check_id].append(finding_output)
-                # Update cache with newly loaded findings
-                if finding_output.check_id not in findings_cache:
-                    findings_cache[finding_output.check_id] = []
-                findings_cache[finding_output.check_id].append(finding_output)
-
-    total_findings_loaded = sum(
-        len(findings) for findings in findings_by_check_id.values()
-    )
-    logger.info(
-        f"Loaded {total_findings_loaded} findings for {len(findings_by_check_id)} checks"
-    )
-
-    return dict(findings_by_check_id)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Alan Buscaglia	3ca3432250	fix: conditionally pass href prop only when asLink is truthy	2025-10-22 18:16:10 +02:00
Alan Buscaglia	822b85dcdc	Merge branch 'master' into refactor/graph-components-kebab-case	2025-10-22 18:15:11 +02:00
Alan Buscaglia	219d3ea9c2	fix: adjust map region filter layout to fit content width - Changed SelectTrigger from w-full to min-w-[200px] - Filter now only takes space it needs instead of stretching full width - Updated import path for Select component	2025-10-22 15:28:08 +02:00
Alan Buscaglia	124d2db9f1	refactor(ui): rename graph components to kebab-case naming convention - Rename threat-map.tsx to map-chart.tsx - Add map-region-filter component - Update component exports in graphs and ui indices	2025-10-22 15:11:25 +02:00
alejandrobailo	6fb6bebe59	Merge remote-tracking branch 'origin/master' into refactor/graph-components-kebab-case	2025-10-22 14:38:23 +02:00
alejandrobailo	0985e45ddf	chore: update package-lock.json with dependency version changes	2025-10-22 14:33:30 +02:00
alejandrobailo	c8e096ca7c	refactor: revert changes in /ui	2025-10-22 14:28:19 +02:00
Alan Buscaglia	409331804b	fix: update data-table-pagination select import path Fixed import path from @/components/shared/shadcn to @/components/ui/select after removing the shadcn folder from shared directory.	2025-10-22 12:49:42 +02:00
Alan Buscaglia	9506c95965	feat: use shadcn select in threat-map component Replaced native select element with shadcn Select component from @/components/ui/select. Maintains all theme color support via CHART_COLORS.	2025-10-22 12:49:35 +02:00
Alan Buscaglia	d01df2a729	refactor: remove shadcn select folder from shared Removed the shadcn select component folder from shared directory. Select component moved back to ui/components/ui/select/.	2025-10-22 12:45:29 +02:00
Alan Buscaglia	672c41bdfb	refactor: revert threat-map select to native element Reverted from shadcn Select back to native <select> element with custom ChevronDown icon. Maintains full theme color support and functionality.	2025-10-22 12:35:27 +02:00
Alan Buscaglia	d6589e807b	style: format alert-pill component	2025-10-22 10:21:33 +02:00
Alan Buscaglia	62735ed4e9	refactor: remove deleted component exports from overview index	2025-10-22 10:20:23 +02:00
Alan Buscaglia	e5364911bb	feat: implement comprehensive light/dark theme support for all chart components - Add CSS variables to all chart tooltips and components for dynamic theme switching - Update AlertPill component to use theme-aware colors (--chart-alert-bg, --chart-alert-text) - Change all alert icons to use red color (--chart-fail) consistently across charts - Add ScatterDataPoint type to centralized types.ts - Fix scatter-plot-with-selection component type definitions and imports - Migrate shadcn Select component to shared folder structure - Update ThreatMap to use shadcn Select instead of native select element - Ensure all graph components dynamically update colors when theme toggles This enables seamless light/dark theme support across: - ChartTooltip and MultiSeriesChartTooltip - LineChart, RadarChart, ScatterPlot custom tooltips - AlertPill and icon coloring - All form elements now use shadcn components	2025-10-22 10:19:12 +02:00
Alan Buscaglia	17a841a86d	feat: add comprehensive light/dark theme support for all graph components - Add complete CSS variables for both light and dark themes in globals.css - Light theme: dark text on light backgrounds (primary: #1f2937, bg: #f9fafb) - Dark theme: white text on dark backgrounds (primary: #ffffff, bg: #1e293b) - Update all chart components to use CSS variables instead of hardcoded colors - Tooltips, legends, titles, and text automatically adapt to theme changes - Fix SankeyChart text to properly display in light mode (was hardcoded white) - Update DonutChart center label to use theme-aware text colors - All components now dynamically respond to theme toggle via next-themes	2025-10-21 17:07:23 +02:00
Alan Buscaglia	f223b24060	Revert "feat: add light theme support for graph components" This reverts commit `bbad5b79a6`.	2025-10-21 16:33:50 +02:00
Alan Buscaglia	bbad5b79a6	feat: add light theme support for graph components	2025-10-21 16:32:40 +02:00
Alan Buscaglia	53497721f3	fix: add sample data to RadarChartWithSelection component	2025-10-21 16:24:32 +02:00
Alan Buscaglia	5758487584	feat: add missing RadarChartWithSelection and ScatterPlotWithSelection components	2025-10-21 16:20:57 +02:00
Alan Buscaglia	9b98fa12c5	fix: add missing graph component imports (RadarChart, ScatterPlot)	2025-10-21 16:18:56 +02:00
Alan Buscaglia	1ee54eeb1a	refactor: rename graph components to kebab-case	2025-10-21 16:04:11 +02:00
Alan Buscaglia	f16c2cb415	refactor(ui): enhance SankeyChart with interactive tooltips and remove BarChart - Remove BarChart component (no longer needed) - Add interactive hover states and tooltips to SankeyChart - Implement link and node highlighting on hover - Add PROVIDER_COLORS and STATUS_COLORS constants - Update Google provider color to official brand color	2025-10-17 12:38:30 +02:00
Alan Buscaglia	b9747dc604	feat(ui): add ThreatMap component and refactor chart color system - Add ThreatMap component with world map visualization - Refactor chart colors to use chart- prefix in CSS variables - Update all graph components to use new color system - Add topojson-client and d3-geo dependencies	2025-10-17 10:45:23 +02:00