fix: accept legacy metadata from db

2026-06-10 21:42:29 +00:00 · 2026-03-20 09:35:23 +01:00
218 changed files with 2155 additions and 13023 deletions
@@ -13,9 +13,6 @@ env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

-permissions:
-  contents: read
-
 jobs:
  detect-release-type:
    runs-on: ubuntu-latest
@@ -30,11 +27,6 @@ jobs:
      patch_version: ${{ steps.detect.outputs.patch_version }}
      current_api_version: ${{ steps.get_api_version.outputs.current_api_version }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -87,11 +79,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -217,11 +204,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -17,9 +17,6 @@ concurrency:
 env:
  API_WORKING_DIR: ./api

-permissions:
-  contents: read
-
 jobs:
  api-code-quality:
    runs-on: ubuntu-latest
@@ -35,11 +32,6 @@ jobs:
        working-directory: ./api

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -24,9 +24,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  api-analyze:
    name: CodeQL Security Analysis
@@ -44,11 +41,6 @@ jobs:
          - 'python'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -18,6 +18,9 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false
@@ -33,9 +36,6 @@ env:
  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api

-permissions:
-  contents: read
-
 jobs:
  setup:
    if: github.repository == 'prowler-cloud/prowler'
@@ -43,14 +43,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Calculate short SHA
        id: set-short-sha
        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
@@ -62,14 +55,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -108,11 +94,6 @@ jobs:
      packages: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -151,15 +132,8 @@ jobs:
    needs: [setup, container-build-push]
    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Login to DockerHub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
@@ -210,14 +184,7 @@ jobs:
    needs: [setup, notify-release-started, container-build-push, create-manifest]
    runs-on: ubuntu-latest
    timeout-minutes: 5
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -260,11 +227,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Trigger API deployment
        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
        with:
@@ -18,9 +18,6 @@ env:
  API_WORKING_DIR: ./api
  IMAGE_NAME: prowler-api

-permissions:
-  contents: read
-
 jobs:
  api-dockerfile-lint:
    if: github.repository == 'prowler-cloud/prowler'
@@ -30,11 +27,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -73,11 +65,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -17,9 +17,6 @@ concurrency:
 env:
  API_WORKING_DIR: ./api

-permissions:
-  contents: read
-
 jobs:
  api-security-scans:
    runs-on: ubuntu-latest
@@ -35,11 +32,6 @@ jobs:
        working-directory: ./api

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -27,9 +27,6 @@ env:
  VALKEY_DB: 0
  API_WORKING_DIR: ./api

-permissions:
-  contents: read
-
 jobs:
  api-tests:
    runs-on: ubuntu-latest
@@ -75,11 +72,6 @@ jobs:
          --health-retries 5

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -17,9 +17,6 @@ env:
  BACKPORT_LABEL_PREFIX: backport-to-
  BACKPORT_LABEL_IGNORE: was-backported

-permissions:
-  contents: read
-
 jobs:
  backport:
    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
@@ -30,11 +27,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Check labels
        id: label_check
        uses: agilepathway/label-checker@c3d16ad512e7cea5961df85ff2486bb774caf3c5 # v1.6.65
@@ -21,9 +21,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  zizmor:
    if: github.repository == 'prowler-cloud/prowler'
@@ -36,11 +33,6 @@ jobs:
      actions: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -9,9 +9,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.issue.number }}
  cancel-in-progress: false

-permissions:
-  contents: read
-
 jobs:
  update-labels:
    if: contains(github.event.issue.labels.*.name, 'status/awaiting-response')
@@ -22,11 +19,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Remove 'status/awaiting-response' label
        env:
          GH_TOKEN: ${{ github.token }}
@@ -16,9 +16,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  conventional-commit-check:
    runs-on: ubuntu-latest
@@ -28,11 +25,6 @@ jobs:
      pull-requests: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Check PR title format
        uses: agenthunt/conventional-commit-checker-action@f1823f632e95a64547566dcd2c7da920e67117ad # v2.0.1
        with:
@@ -13,9 +13,6 @@ env:
  BACKPORT_LABEL_PREFIX: backport-to-
  BACKPORT_LABEL_COLOR: B60205

-permissions:
-  contents: read
-
 jobs:
  create-label:
    runs-on: ubuntu-latest
@@ -25,11 +22,6 @@ jobs:
      issues: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Create backport label for minor releases
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -13,9 +13,6 @@ env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

-permissions:
-  contents: read
-
 jobs:
  detect-release-type:
    runs-on: ubuntu-latest
@@ -30,11 +27,6 @@ jobs:
      patch_version: ${{ steps.detect.outputs.patch_version }}
      current_docs_version: ${{ steps.get_docs_version.outputs.current_docs_version }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -87,11 +79,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -217,11 +204,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -14,9 +14,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  scan-secrets:
    runs-on: ubuntu-latest
@@ -25,11 +22,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -21,9 +21,6 @@ concurrency:
 env:
  CHART_PATH: contrib/k8s/helm/prowler-app

-permissions:
-  contents: read
-
 jobs:
  helm-lint:
    if: github.repository == 'prowler-cloud/prowler'
@@ -33,11 +30,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
@@ -13,9 +13,6 @@ concurrency:
 env:
  CHART_PATH: contrib/k8s/helm/prowler-app

-permissions:
-  contents: read
-
 jobs:
  release-helm-chart:
    if: github.repository == 'prowler-cloud/prowler'
@@ -26,11 +23,6 @@ jobs:
      packages: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
@@ -65,11 +65,6 @@ jobs:
      text: ${{ steps.compute-text.outputs.text }}
      title: ${{ steps.compute-text.outputs.title }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -134,11 +129,6 @@ jobs:
      output_types: ${{ steps.collect_output.outputs.output_types }}
      secret_verification_result: ${{ steps.validate-secret.outputs.verification_result }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -869,11 +859,6 @@ jobs:
      tools_reported: ${{ steps.missing_tool.outputs.tools_reported }}
      total_count: ${{ steps.missing_tool.outputs.total_count }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -981,11 +966,6 @@ jobs:
    outputs:
      success: ${{ steps.parse_results.outputs.success }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -1090,11 +1070,6 @@ jobs:
    outputs:
      activated: ${{ (steps.check_membership.outputs.is_team_member == 'true') && (steps.check_rate_limit.outputs.rate_limit_ok == 'true') }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -1163,11 +1138,6 @@ jobs:
      process_safe_outputs_processed_count: ${{ steps.process_safe_outputs.outputs.processed_count }}
      process_safe_outputs_temporary_id_map: ${{ steps.process_safe_outputs.outputs.temporary_id_map }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Setup Scripts
        uses: github/gh-aw/actions/setup@9382be3ca9ac18917e111a99d4e6bbff58d0dccc # v0.43.23
        with:
@@ -15,9 +15,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  labeler:
    runs-on: ubuntu-latest
@@ -27,11 +24,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Apply labels to PR
        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
        with:
@@ -46,11 +38,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Check if author is org member
        id: check_membership
        env:
@@ -78,7 +65,7 @@ jobs:
            "RosaRivasProwler"
            "StylusFrost"
            "toniblyx"
-            "davidm4r"
+            "vicferpoy"
          )

          echo "Checking if $AUTHOR is a member of prowler-cloud organization"
@@ -17,6 +17,9 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false
@@ -32,9 +35,6 @@ env:
  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-mcp

-permissions:
-  contents: read
-
 jobs:
  setup:
    if: github.repository == 'prowler-cloud/prowler'
@@ -42,14 +42,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Calculate short SHA
        id: set-short-sha
        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
@@ -61,14 +54,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -106,11 +92,6 @@ jobs:
      contents: read
      packages: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -151,15 +132,8 @@ jobs:
    needs: [setup, container-build-push]
    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Login to DockerHub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
@@ -210,14 +184,7 @@ jobs:
    needs: [setup, notify-release-started, container-build-push, create-manifest]
    runs-on: ubuntu-latest
    timeout-minutes: 5
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -260,11 +227,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Trigger MCP deployment
        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
        with:
@@ -18,9 +18,6 @@ env:
  MCP_WORKING_DIR: ./mcp_server
  IMAGE_NAME: prowler-mcp

-permissions:
-  contents: read
-
 jobs:
  mcp-dockerfile-lint:
    if: github.repository == 'prowler-cloud/prowler'
@@ -30,11 +27,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -72,11 +64,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -14,9 +14,6 @@ env:
  PYTHON_VERSION: "3.12"
  WORKING_DIRECTORY: ./mcp_server

-permissions:
-  contents: read
-
 jobs:
  validate-release:
    if: github.repository == 'prowler-cloud/prowler'
@@ -29,11 +26,6 @@ jobs:
      major_version: ${{ steps.parse-version.outputs.major }}

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Parse and validate version
        id: parse-version
        run: |
@@ -67,18 +59,13 @@ jobs:
      url: https://pypi.org/project/prowler-mcp/

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Install uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7
        with:
          enable-cache: false

@@ -16,9 +16,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  check-changelog:
    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
@@ -31,11 +28,6 @@ jobs:
      MONITORED_FOLDERS: 'api ui prowler mcp_server'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -15,9 +15,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  check-conflicts:
    runs-on: ubuntu-latest
@@ -28,11 +25,6 @@ jobs:
      issues: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout PR head
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -12,9 +12,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: false

-permissions:
-  contents: read
-
 jobs:
  trigger-cloud-pull-request:
    if: |
@@ -26,11 +23,6 @@ jobs:
    permissions:
      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Calculate short commit SHA
        id: vars
        run: |
@@ -17,9 +17,6 @@ concurrency:
 env:
  PROWLER_VERSION: ${{ inputs.prowler_version }}

-permissions:
-  contents: read
-
 jobs:
  prepare-release:
    if: github.event_name == 'workflow_dispatch' && github.repository == 'prowler-cloud/prowler'
@@ -29,11 +26,6 @@ jobs:
      contents: write
      pull-requests: write
    steps:
-    - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-      with:
-        egress-policy: audit
-
    - name: Checkout repository
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
@@ -13,9 +13,6 @@ env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

-permissions:
-  contents: read
-
 jobs:
  detect-release-type:
    runs-on: ubuntu-latest
@@ -29,11 +26,6 @@ jobs:
      minor_version: ${{ steps.detect.outputs.minor_version }}
      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Detect release type and parse version
        id: detect
        run: |
@@ -74,11 +66,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -188,11 +175,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -10,9 +10,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  check-duplicate-test-names:
    if: github.repository == 'prowler-cloud/prowler'
@@ -22,11 +19,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -14,9 +14,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  sdk-code-quality:
    if: github.repository == 'prowler-cloud/prowler'
@@ -33,11 +30,6 @@ jobs:
          - '3.12'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -30,9 +30,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  sdk-analyze:
    if: github.repository == 'prowler-cloud/prowler'
@@ -51,11 +48,6 @@ jobs:
          - 'python'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -23,6 +23,9 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false
@@ -46,9 +49,6 @@ env:
  # AWS configuration (for ECR)
  AWS_REGION: us-east-1

-permissions:
-  contents: read
-
 jobs:
  setup:
    if: github.repository == 'prowler-cloud/prowler'
@@ -59,14 +59,7 @@ jobs:
      prowler_version_major: ${{ steps.get-prowler-version.outputs.prowler_version_major }}
      latest_tag: ${{ steps.get-prowler-version.outputs.latest_tag }}
      stable_tag: ${{ steps.get-prowler-version.outputs.stable_tag }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -122,14 +115,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -168,11 +154,6 @@ jobs:
      packages: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -215,15 +196,8 @@ jobs:
    needs: [setup, container-build-push]
    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Login to DockerHub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
@@ -290,14 +264,7 @@ jobs:
    needs: [setup, notify-release-started, container-build-push, create-manifest]
    runs-on: ubuntu-latest
    timeout-minutes: 5
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -340,11 +307,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Calculate short SHA
        id: short-sha
        run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
@@ -17,9 +17,6 @@ concurrency:
 env:
  IMAGE_NAME: prowler

-permissions:
-  contents: read
-
 jobs:
  sdk-dockerfile-lint:
    if: github.repository == 'prowler-cloud/prowler'
@@ -29,11 +26,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -72,11 +64,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -13,9 +13,6 @@ env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
  PYTHON_VERSION: '3.12'

-permissions:
-  contents: read
-
 jobs:
  validate-release:
    if: github.repository == 'prowler-cloud/prowler'
@@ -28,11 +25,6 @@ jobs:
      major_version: ${{ steps.parse-version.outputs.major }}

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Parse and validate version
        id: parse-version
        run: |
@@ -66,11 +58,6 @@ jobs:
      url: https://pypi.org/project/prowler/${{ needs.validate-release.outputs.prowler_version }}/

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -104,11 +91,6 @@ jobs:
      url: https://pypi.org/project/prowler-cloud/${{ needs.validate-release.outputs.prowler_version }}/

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -13,9 +13,6 @@ env:
  PYTHON_VERSION: '3.12'
  AWS_REGION: 'us-east-1'

-permissions:
-  contents: read
-
 jobs:
  refresh-aws-regions:
    if: github.repository == 'prowler-cloud/prowler'
@@ -27,11 +24,6 @@ jobs:
      contents: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -12,9 +12,6 @@ concurrency:
 env:
  PYTHON_VERSION: '3.12'

-permissions:
-  contents: read
-
 jobs:
  refresh-oci-regions:
    if: github.repository == 'prowler-cloud/prowler'
@@ -25,11 +22,6 @@ jobs:
      contents: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -14,9 +14,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  sdk-security-scans:
    if: github.repository == 'prowler-cloud/prowler'
@@ -26,11 +23,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -14,9 +14,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  sdk-tests:
    if: github.repository == 'prowler-cloud/prowler'
@@ -33,11 +30,6 @@ jobs:
          - '3.12'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -31,9 +31,6 @@ on:
        description: "Whether there are UI E2E tests to run"
        value: ${{ jobs.analyze.outputs.has-ui-e2e }}

-permissions:
-  contents: read
-
 jobs:
  analyze:
    runs-on: ubuntu-latest
@@ -48,15 +45,8 @@ jobs:
      has-sdk-tests: ${{ steps.set-flags.outputs.has-sdk-tests }}
      has-api-tests: ${{ steps.set-flags.outputs.has-api-tests }}
      has-ui-e2e: ${{ steps.set-flags.outputs.has-ui-e2e }}
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -13,9 +13,6 @@ env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

-permissions:
-  contents: read
-
 jobs:
  detect-release-type:
    runs-on: ubuntu-latest
@@ -29,11 +26,6 @@ jobs:
      minor_version: ${{ steps.detect.outputs.minor_version }}
      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Detect release type and parse version
        id: detect
        run: |
@@ -74,11 +66,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -102,7 +89,7 @@ jobs:
        run: |
          set -e

-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=.*|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff
@@ -156,7 +143,7 @@ jobs:
        run: |
          set -e

-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=.*|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff
@@ -192,11 +179,6 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -226,7 +208,7 @@ jobs:
        run: |
          set -e

-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=.*|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff
@@ -26,9 +26,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-permissions:
-  contents: read
-
 jobs:
  ui-analyze:
    if: github.repository == 'prowler-cloud/prowler'
@@ -47,11 +44,6 @@ jobs:
          - 'javascript-typescript'

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -17,6 +17,9 @@ on:
        required: true
        type: string

+permissions:
+  contents: read
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false
@@ -35,9 +38,6 @@ env:
  # Build args
  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1

-permissions:
-  contents: read
-
 jobs:
  setup:
    if: github.repository == 'prowler-cloud/prowler'
@@ -45,14 +45,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Calculate short SHA
        id: set-short-sha
        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
@@ -64,14 +57,7 @@ jobs:
    timeout-minutes: 5
    outputs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -110,11 +96,6 @@ jobs:
      packages: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -150,15 +131,8 @@ jobs:
    needs: [setup, container-build-push]
    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Login to DockerHub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
@@ -209,14 +183,7 @@ jobs:
    needs: [setup, notify-release-started, container-build-push, create-manifest]
    runs-on: ubuntu-latest
    timeout-minutes: 5
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -259,11 +226,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Trigger UI deployment
        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
        with:
@@ -18,9 +18,6 @@ env:
  UI_WORKING_DIR: ./ui
  IMAGE_NAME: prowler-ui

-permissions:
-  contents: read
-
 jobs:
  ui-dockerfile-lint:
    if: github.repository == 'prowler-cloud/prowler'
@@ -30,11 +27,6 @@ jobs:
      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -73,11 +65,6 @@ jobs:
      pull-requests: write

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -22,8 +22,6 @@ jobs:
  # First, analyze which tests need to run
  impact-analysis:
    if: github.repository == 'prowler-cloud/prowler'
-    permissions:
-      contents: read
    uses: ./.github/workflows/test-impact-analysis.yml

  # Run E2E tests based on impact analysis
@@ -77,15 +75,8 @@ jobs:
      # Pass E2E paths from impact analysis
      E2E_TEST_PATHS: ${{ needs.impact-analysis.outputs.ui-e2e }}
      RUN_ALL_TESTS: ${{ needs.impact-analysis.outputs.run-all }}
-    permissions:
-      contents: read

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -166,7 +157,7 @@ jobs:
          node-version: '24.13.0'

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4
        with:
          version: 10
          run_install: false
@@ -282,14 +273,7 @@ jobs:
      needs.impact-analysis.outputs.has-ui-e2e != 'true' &&
      needs.impact-analysis.outputs.run-all != 'true'
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: No E2E tests needed
        run: |
          echo "## E2E Tests Skipped" >> $GITHUB_STEP_SUMMARY
@@ -18,9 +18,6 @@ env:
  UI_WORKING_DIR: ./ui
  NODE_VERSION: '24.13.0'

-permissions:
-  contents: read
-
 jobs:
  ui-tests:
    runs-on: ubuntu-latest
@@ -32,11 +29,6 @@ jobs:
        working-directory: ./ui

    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
-        with:
-          egress-policy: audit
-
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
@@ -92,7 +84,7 @@ jobs:

      - name: Setup pnpm
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4
        with:
          version: 10
          run_install: false
@@ -1,25 +0,0 @@
-rules:
-  secrets-outside-env:
-    ignore:
-      - api-bump-version.yml
-      - api-container-build-push.yml
-      - api-tests.yml
-      - backport.yml
-      - docs-bump-version.yml
-      - issue-triage.lock.yml
-      - mcp-container-build-push.yml
-      - pr-merged.yml
-      - prepare-release.yml
-      - sdk-bump-version.yml
-      - sdk-container-build-push.yml
-      - sdk-refresh-aws-services-regions.yml
-      - sdk-refresh-oci-regions.yml
-      - sdk-tests.yml
-      - ui-bump-version.yml
-      - ui-container-build-push.yml
-      - ui-e2e-tests-v2.yml
-  superfluous-actions:
-    ignore:
-      - pr-check-changelog.yml
-      - pr-conflict-checker.yml
-      - prepare-release.yml
@@ -1,4 +1,4 @@
-FROM python:3.12.11-slim-bookworm@sha256:519591d6871b7bc437060736b9f7456b8731f1499a57e22e6c285135ae657bf7 AS build
+FROM python:3.12.11-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
 LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
@@ -2,48 +2,6 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.24.0] (Prowler UNRELEASED)
-
-### 🔐 Security
-
- Pin all unpinned dependencies to exact versions to prevent supply chain attacks and ensure reproducible builds [(#10469)](https://github.com/prowler-cloud/prowler/pull/10469)
-
-### 🐞 Fixed
-
- Finding groups list/latest now apply computed status/severity filters and finding-level prefilters (delta, region, service, category, resource group, scan, resource type), plus `check_title` support for sort/filter consistency [(#10428)](https://github.com/prowler-cloud/prowler/pull/10428)
- Populate compliance data inside `check_metadata` for findings, which was always returned as `null` [(#10449)](https://github.com/prowler-cloud/prowler/pull/10449)
- 403 error for admin users listing tenants due to roles query not using the admin database connection [(#10460)](https://github.com/prowler-cloud/prowler/pull/10460)
- Filter transient Neo4j defunct connection logs in Sentry `before_send` to suppress false-positive alerts handled by `RetryableSession` retries [(#10452)](https://github.com/prowler-cloud/prowler/pull/10452)
- `MANAGE_ACCOUNT` permission no longer required for listing and creating tenants [(#10468)](https://github.com/prowler-cloud/prowler/pull/10468)
- Finding groups muted filter, counters, metadata extraction and mute reaggregation [(#10477)](https://github.com/prowler-cloud/prowler/pull/10477)
-
-## [1.23.0] (Prowler v5.22.0)
-
-### 🚀 Added
-
- Finding groups support `check_title` substring filtering [(#10377)](https://github.com/prowler-cloud/prowler/pull/10377)
-
-### 🐞 Fixed
-
- Finding groups latest endpoint now aggregates the latest snapshot per provider before check-level totals, keeping impacted resources aligned across providers [(#10419)](https://github.com/prowler-cloud/prowler/pull/10419)
- Mute rule creation now triggers finding-group summary re-aggregation after historical muting, keeping stats in sync after mute operations [(#10419)](https://github.com/prowler-cloud/prowler/pull/10419)
- Attack Paths: Deduplicate nodes before ProwlerFinding lookup in Attack Paths Cypher queries, reducing execution time [(#10424)](https://github.com/prowler-cloud/prowler/pull/10424)
-
-### 🔐 Security
-
- Replace stdlib XML parser with `defusedxml` in SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks [(#10165)](https://github.com/prowler-cloud/prowler/pull/10165)
- Bump `flask` to 3.1.3 (CVE-2026-27205) and `werkzeug` to 3.1.6 (CVE-2026-27199) [(#10430)](https://github.com/prowler-cloud/prowler/pull/10430)
-
---
-
-## [1.22.1] (Prowler v5.21.1)
-
-### 🐞 Fixed
-
- Threat score aggregation query to eliminate unnecessary JOINs and `COUNT(DISTINCT)` overhead [(#10394)](https://github.com/prowler-cloud/prowler/pull/10394)
-
---
-
 ## [1.22.0] (Prowler v5.21.0)

 ### 🚀 Added
@@ -63,7 +21,6 @@ All notable changes to the **Prowler API** are documented in this file.
 ### 🔐 Security

 - Use `psycopg2.sql` to safely compose DDL in `PostgresEnumMigration`, preventing SQL injection via f-string interpolation [(#10166)](https://github.com/prowler-cloud/prowler/pull/10166)
- Replace stdlib XML parser with `defusedxml` in SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks [(#10165)](https://github.com/prowler-cloud/prowler/pull/10165)

 ---

@@ -1,4 +1,4 @@
-FROM python:3.12.10-slim-bookworm@sha256:fd95fa221297a88e1cf49c55ec1828edd7c5a428187e67b5d1805692d11588db AS build
+FROM python:3.12.10-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.1.4 and should not be changed by hand.

 [[package]]
 name = "about-time"
@@ -2469,18 +2469,22 @@ toml = ["tomli ; python_full_version <= \"3.11.0a6\""]

 [[package]]
 name = "cron-descriptor"
-version = "1.4.5"
+version = "2.0.6"
 description = "A Python library that converts cron expressions into human readable strings."
 optional = false
-python-versions = "*"
+python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "cron_descriptor-1.4.5-py3-none-any.whl", hash = "sha256:736b3ae9d1a99bc3dbfc5b55b5e6e7c12031e7ba5de716625772f8b02dcd6013"},
-    {file = "cron_descriptor-1.4.5.tar.gz", hash = "sha256:f51ce4ffc1d1f2816939add8524f206c376a42c87a5fca3091ce26725b3b1bca"},
+    {file = "cron_descriptor-2.0.6-py3-none-any.whl", hash = "sha256:3a1c0d837c0e5a32e415f821b36cf758eb92d510e6beff8fbfe4fa16573d93d6"},
+    {file = "cron_descriptor-2.0.6.tar.gz", hash = "sha256:e39d2848e1d8913cfb6e3452e701b5eec662ee18bea8cc5aa53ee1a7bb217157"},
 ]

+[package.dependencies]
+typing_extensions = "*"
+
 [package.extras]
-dev = ["polib"]
+dev = ["mypy", "polib", "ruff"]
+test = ["pytest"]

 [[package]]
 name = "crowdstrike-falconpy"
@@ -2696,17 +2700,23 @@ files = [
 ]

 [[package]]
-name = "defusedxml"
-version = "0.7.1"
-description = "XML bomb protection for Python stdlib modules"
+name = "deprecated"
+version = "1.3.1"
+description = "Python @deprecated decorator to deprecate old python classes, functions or methods."
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7"
 groups = ["main"]
 files = [
-    {file = "defusedxml-0.7.1-py2.py3-none-any.whl", hash = "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"},
-    {file = "defusedxml-0.7.1.tar.gz", hash = "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69"},
+    {file = "deprecated-1.3.1-py2.py3-none-any.whl", hash = "sha256:597bfef186b6f60181535a29fbe44865ce137a5079f295b479886c82729d5f3f"},
+    {file = "deprecated-1.3.1.tar.gz", hash = "sha256:b1b50e0ff0c1fddaa5708a2c6b0a6588bb09b892825ab2b214ac9ea9d92a5223"},
 ]

+[package.dependencies]
+wrapt = ">=1.10,<3"
+
+[package.extras]
+dev = ["PyTest", "PyTest-Cov", "bump2version (<1)", "setuptools ; python_version >= \"3.12\"", "tox"]
+
 [[package]]
 name = "detect-secrets"
 version = "1.5.0"
@@ -2797,14 +2807,14 @@ bcrypt = ["bcrypt"]

 [[package]]
 name = "django-allauth"
-version = "65.15.0"
+version = "65.14.0"
 description = "Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication."
 optional = false
-python-versions = ">=3.10"
+python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "django_allauth-65.15.0-py3-none-any.whl", hash = "sha256:ad9fc49c49a9368eaa5bb95456b76e2a4f377b3c6862ee8443507816578c098d"},
-    {file = "django_allauth-65.15.0.tar.gz", hash = "sha256:b404d48cf0c3ee14dacc834c541f30adedba2ff1c433980ecc494d6cb0b395a8"},
+    {file = "django_allauth-65.14.0-py3-none-any.whl", hash = "sha256:448f5f7877f95fcbe1657256510fe7822d7871f202521a29e23ef937f3325a97"},
+    {file = "django_allauth-65.14.0.tar.gz", hash = "sha256:5529227aba2b1377d900e9274a3f24496c645e65400fbae3cad5789944bc4d0b"},
 ]

 [package.dependencies]
@@ -2827,20 +2837,20 @@ steam = ["python3-openid (>=3.0.8,<4)"]

 [[package]]
 name = "django-celery-beat"
-version = "2.9.0"
+version = "2.8.1"
 description = "Database-backed Periodic Tasks."
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "django_celery_beat-2.9.0-py3-none-any.whl", hash = "sha256:4a9e5ebe26d6f8d7215e1fc5c46e466016279dc102435a28141108649bdf2157"},
-    {file = "django_celery_beat-2.9.0.tar.gz", hash = "sha256:92404650f52fcb44cf08e2b09635cb1558327c54b1a5d570f0e2d3a22130934c"},
+    {file = "django_celery_beat-2.8.1-py3-none-any.whl", hash = "sha256:da2b1c6939495c05a551717509d6e3b79444e114a027f7b77bf3727c2a39d171"},
+    {file = "django_celery_beat-2.8.1.tar.gz", hash = "sha256:dfad0201c0ac50c91a34700ef8fa0a10ee098cc7f3375fe5debed79f2204f80a"},
 ]

 [package.dependencies]
 celery = ">=5.2.3,<6.0"
-cron-descriptor = ">=1.2.32,<2.0.0"
-Django = ">=2.2,<6.1"
+cron-descriptor = ">=1.2.32"
+Django = ">=2.2,<6.0"
 django-timezone-field = ">=5.0"
 python-crontab = ">=2.3.4"
 tzdata = "*"
@@ -2961,7 +2971,7 @@ files = [
 [package.dependencies]
 autopep8 = "*"
 Django = ">=4.2"
-gprof2dot = ">=2017.9.19"
+gprof2dot = ">=2017.09.19"
 sqlparse = "*"

 [[package]]
@@ -3348,14 +3358,14 @@ files = [

 [[package]]
 name = "flask"
-version = "3.1.3"
+version = "3.1.2"
 description = "A simple framework for building complex web applications."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "flask-3.1.3-py3-none-any.whl", hash = "sha256:f4bcbefc124291925f1a26446da31a5178f9483862233b23c0c96a20701f670c"},
-    {file = "flask-3.1.3.tar.gz", hash = "sha256:0ef0e52b8a9cd932855379197dd8f94047b359ca0a78695144304cb45f87c9eb"},
+    {file = "flask-3.1.2-py3-none-any.whl", hash = "sha256:ca1d8112ec8a6158cc29ea4858963350011b5c846a414cdb7a954aa9e967d03c"},
+    {file = "flask-3.1.2.tar.gz", hash = "sha256:bf656c15c80190ed628ad08cdfd3aaa35beb087855e2f494910aa3774cc4fd87"},
 ]

 [package.dependencies]
@@ -3372,62 +3382,62 @@ dotenv = ["python-dotenv"]

 [[package]]
 name = "fonttools"
-version = "4.62.1"
+version = "4.61.1"
 description = "Tools to manipulate font files"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
 files = [
-    {file = "fonttools-4.62.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:ad5cca75776cd453b1b035b530e943334957ae152a36a88a320e779d61fc980c"},
-    {file = "fonttools-4.62.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0b3ae47e8636156a9accff64c02c0924cbebad62854c4a6dbdc110cd5b4b341a"},
-    {file = "fonttools-4.62.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c9b9e288b4da2f64fd6180644221749de651703e8d0c16bd4b719533a3a7d6e3"},
-    {file = "fonttools-4.62.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:7bca7a1c1faf235ffe25d4f2e555246b4750220b38de8261d94ebc5ce8a23c23"},
-    {file = "fonttools-4.62.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:b4e0fcf265ad26e487c56cb12a42dffe7162de708762db951e1b3f755319507d"},
-    {file = "fonttools-4.62.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:2d850f66830a27b0d498ee05adb13a3781637b1826982cd7e2b3789ef0cc71ae"},
-    {file = "fonttools-4.62.1-cp310-cp310-win32.whl", hash = "sha256:486f32c8047ccd05652aba17e4a8819a3a9d78570eb8a0e3b4503142947880ed"},
-    {file = "fonttools-4.62.1-cp310-cp310-win_amd64.whl", hash = "sha256:5a648bde915fba9da05ae98856987ca91ba832949a9e2888b48c47ef8b96c5a9"},
-    {file = "fonttools-4.62.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:40975849bac44fb0b9253d77420c6d8b523ac4dcdcefeff6e4d706838a5b80f7"},
-    {file = "fonttools-4.62.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:9dde91633f77fa576879a0c76b1d89de373cae751a98ddf0109d54e173b40f14"},
-    {file = "fonttools-4.62.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6acb4109f8bee00fec985c8c7afb02299e35e9c94b57287f3ea542f28bd0b0a7"},
-    {file = "fonttools-4.62.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:1c5c25671ce8805e0d080e2ffdeca7f1e86778c5cbfbeae86d7f866d8830517b"},
-    {file = "fonttools-4.62.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:a5d8825e1140f04e6c99bb7d37a9e31c172f3bc208afbe02175339e699c710e1"},
-    {file = "fonttools-4.62.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:268abb1cb221e66c014acc234e872b7870d8b5d4657a83a8f4205094c32d2416"},
-    {file = "fonttools-4.62.1-cp311-cp311-win32.whl", hash = "sha256:942b03094d7edbb99bdf1ae7e9090898cad7bf9030b3d21f33d7072dbcb51a53"},
-    {file = "fonttools-4.62.1-cp311-cp311-win_amd64.whl", hash = "sha256:e8514f4924375f77084e81467e63238b095abda5107620f49421c368a6017ed2"},
-    {file = "fonttools-4.62.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:90365821debbd7db678809c7491ca4acd1e0779b9624cdc6ddaf1f31992bf974"},
-    {file = "fonttools-4.62.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:12859ff0b47dd20f110804c3e0d0970f7b832f561630cd879969011541a464a9"},
-    {file = "fonttools-4.62.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9c125ffa00c3d9003cdaaf7f2c79e6e535628093e14b5de1dccb08859b680936"},
-    {file = "fonttools-4.62.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:149f7d84afca659d1a97e39a4778794a2f83bf344c5ee5134e09995086cc2392"},
-    {file = "fonttools-4.62.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:0aa72c43a601cfa9273bb1ae0518f1acadc01ee181a6fc60cd758d7fdadffc04"},
-    {file = "fonttools-4.62.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:19177c8d96c7c36359266e571c5173bcee9157b59cfc8cb0153c5673dc5a3a7d"},
-    {file = "fonttools-4.62.1-cp312-cp312-win32.whl", hash = "sha256:a24decd24d60744ee8b4679d38e88b8303d86772053afc29b19d23bb8207803c"},
-    {file = "fonttools-4.62.1-cp312-cp312-win_amd64.whl", hash = "sha256:9e7863e10b3de72376280b515d35b14f5eeed639d1aa7824f4cf06779ec65e42"},
-    {file = "fonttools-4.62.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:c22b1014017111c401469e3acc5433e6acf6ebcc6aa9efb538a533c800971c79"},
-    {file = "fonttools-4.62.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:68959f5fc58ed4599b44aad161c2837477d7f35f5f79402d97439974faebfebe"},
-    {file = "fonttools-4.62.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ef46db46c9447103b8f3ff91e8ba009d5fe181b1920a83757a5762551e32bb68"},
-    {file = "fonttools-4.62.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6706d1cb1d5e6251a97ad3c1b9347505c5615c112e66047abbef0f8545fa30d1"},
-    {file = "fonttools-4.62.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:2e7abd2b1e11736f58c1de27819e1955a53267c21732e78243fa2fa2e5c1e069"},
-    {file = "fonttools-4.62.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:403d28ce06ebfc547fbcb0cb8b7f7cc2f7a2d3e1a67ba9a34b14632df9e080f9"},
-    {file = "fonttools-4.62.1-cp313-cp313-win32.whl", hash = "sha256:93c316e0f5301b2adbe6a5f658634307c096fd5aae60a5b3412e4f3e1728ab24"},
-    {file = "fonttools-4.62.1-cp313-cp313-win_amd64.whl", hash = "sha256:7aa21ff53e28a9c2157acbc44e5b401149d3c9178107130e82d74ceb500e5056"},
-    {file = "fonttools-4.62.1-cp314-cp314-macosx_10_15_universal2.whl", hash = "sha256:fa1d16210b6b10a826d71bed68dd9ec24a9e218d5a5e2797f37c573e7ec215ca"},
-    {file = "fonttools-4.62.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:aa69d10ed420d8121118e628ad47d86e4caa79ba37f968597b958f6cceab7eca"},
-    {file = "fonttools-4.62.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:bd13b7999d59c5eb1c2b442eb2d0c427cb517a0b7a1f5798fc5c9e003f5ff782"},
-    {file = "fonttools-4.62.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8d337fdd49a79b0d51c4da87bc38169d21c3abbf0c1aa9367eff5c6656fb6dae"},
-    {file = "fonttools-4.62.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:d241cdc4a67b5431c6d7f115fdf63335222414995e3a1df1a41e1182acd4bcc7"},
-    {file = "fonttools-4.62.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:c05557a78f8fa514da0f869556eeda40887a8abc77c76ee3f74cf241778afd5a"},
-    {file = "fonttools-4.62.1-cp314-cp314-win32.whl", hash = "sha256:49a445d2f544ce4a69338694cad575ba97b9a75fff02720da0882d1a73f12800"},
-    {file = "fonttools-4.62.1-cp314-cp314-win_amd64.whl", hash = "sha256:1eecc128c86c552fb963fe846ca4e011b1be053728f798185a1687502f6d398e"},
-    {file = "fonttools-4.62.1-cp314-cp314t-macosx_10_15_universal2.whl", hash = "sha256:1596aeaddf7f78e21e68293c011316a25267b3effdaccaf4d59bc9159d681b82"},
-    {file = "fonttools-4.62.1-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:8f8fca95d3bb3208f59626a4b0ea6e526ee51f5a8ad5d91821c165903e8d9260"},
-    {file = "fonttools-4.62.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee91628c08e76f77b533d65feb3fbe6d9dad699f95be51cf0d022db94089cdc4"},
-    {file = "fonttools-4.62.1-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:5f37df1cac61d906e7b836abe356bc2f34c99d4477467755c216b72aa3dc748b"},
-    {file = "fonttools-4.62.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:92bb00a947e666169c99b43753c4305fc95a890a60ef3aeb2a6963e07902cc87"},
-    {file = "fonttools-4.62.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:bdfe592802ef939a0e33106ea4a318eeb17822c7ee168c290273cbd5fabd746c"},
-    {file = "fonttools-4.62.1-cp314-cp314t-win32.whl", hash = "sha256:b820fcb92d4655513d8402d5b219f94481c4443d825b4372c75a2072aa4b357a"},
-    {file = "fonttools-4.62.1-cp314-cp314t-win_amd64.whl", hash = "sha256:59b372b4f0e113d3746b88985f1c796e7bf830dd54b28374cd85c2b8acd7583e"},
-    {file = "fonttools-4.62.1-py3-none-any.whl", hash = "sha256:7487782e2113861f4ddcc07c3436450659e3caa5e470b27dc2177cade2d8e7fd"},
-    {file = "fonttools-4.62.1.tar.gz", hash = "sha256:e54c75fd6041f1122476776880f7c3c3295ffa31962dc6ebe2543c00dca58b5d"},
+    {file = "fonttools-4.61.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7c7db70d57e5e1089a274cbb2b1fd635c9a24de809a231b154965d415d6c6d24"},
+    {file = "fonttools-4.61.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5fe9fd43882620017add5eabb781ebfbc6998ee49b35bd7f8f79af1f9f99a958"},
+    {file = "fonttools-4.61.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d8db08051fc9e7d8bc622f2112511b8107d8f27cd89e2f64ec45e9825e8288da"},
+    {file = "fonttools-4.61.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:a76d4cb80f41ba94a6691264be76435e5f72f2cb3cab0b092a6212855f71c2f6"},
+    {file = "fonttools-4.61.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:a13fc8aeb24bad755eea8f7f9d409438eb94e82cf86b08fe77a03fbc8f6a96b1"},
+    {file = "fonttools-4.61.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:b846a1fcf8beadeb9ea4f44ec5bdde393e2f1569e17d700bfc49cd69bde75881"},
+    {file = "fonttools-4.61.1-cp310-cp310-win32.whl", hash = "sha256:78a7d3ab09dc47ac1a363a493e6112d8cabed7ba7caad5f54dbe2f08676d1b47"},
+    {file = "fonttools-4.61.1-cp310-cp310-win_amd64.whl", hash = "sha256:eff1ac3cc66c2ac7cda1e64b4e2f3ffef474b7335f92fc3833fc632d595fcee6"},
+    {file = "fonttools-4.61.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:c6604b735bb12fef8e0efd5578c9fb5d3d8532d5001ea13a19cddf295673ee09"},
+    {file = "fonttools-4.61.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5ce02f38a754f207f2f06557523cd39a06438ba3aafc0639c477ac409fc64e37"},
+    {file = "fonttools-4.61.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:77efb033d8d7ff233385f30c62c7c79271c8885d5c9657d967ede124671bbdfb"},
+    {file = "fonttools-4.61.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:75c1a6dfac6abd407634420c93864a1e274ebc1c7531346d9254c0d8f6ca00f9"},
+    {file = "fonttools-4.61.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:0de30bfe7745c0d1ffa2b0b7048fb7123ad0d71107e10ee090fa0b16b9452e87"},
+    {file = "fonttools-4.61.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:58b0ee0ab5b1fc9921eccfe11d1435added19d6494dde14e323f25ad2bc30c56"},
+    {file = "fonttools-4.61.1-cp311-cp311-win32.whl", hash = "sha256:f79b168428351d11e10c5aeb61a74e1851ec221081299f4cf56036a95431c43a"},
+    {file = "fonttools-4.61.1-cp311-cp311-win_amd64.whl", hash = "sha256:fe2efccb324948a11dd09d22136fe2ac8a97d6c1347cf0b58a911dcd529f66b7"},
+    {file = "fonttools-4.61.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:f3cb4a569029b9f291f88aafc927dd53683757e640081ca8c412781ea144565e"},
+    {file = "fonttools-4.61.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:41a7170d042e8c0024703ed13b71893519a1a6d6e18e933e3ec7507a2c26a4b2"},
+    {file = "fonttools-4.61.1-cp312-cp312-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:10d88e55330e092940584774ee5e8a6971b01fc2f4d3466a1d6c158230880796"},
+    {file = "fonttools-4.61.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:15acc09befd16a0fb8a8f62bc147e1a82817542d72184acca9ce6e0aeda9fa6d"},
+    {file = "fonttools-4.61.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e6bcdf33aec38d16508ce61fd81838f24c83c90a1d1b8c68982857038673d6b8"},
+    {file = "fonttools-4.61.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:5fade934607a523614726119164ff621e8c30e8fa1ffffbbd358662056ba69f0"},
+    {file = "fonttools-4.61.1-cp312-cp312-win32.whl", hash = "sha256:75da8f28eff26defba42c52986de97b22106cb8f26515b7c22443ebc9c2d3261"},
+    {file = "fonttools-4.61.1-cp312-cp312-win_amd64.whl", hash = "sha256:497c31ce314219888c0e2fce5ad9178ca83fe5230b01a5006726cdf3ac9f24d9"},
+    {file = "fonttools-4.61.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:8c56c488ab471628ff3bfa80964372fc13504ece601e0d97a78ee74126b2045c"},
+    {file = "fonttools-4.61.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:dc492779501fa723b04d0ab1f5be046797fee17d27700476edc7ee9ae535a61e"},
+    {file = "fonttools-4.61.1-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:64102ca87e84261419c3747a0d20f396eb024bdbeb04c2bfb37e2891f5fadcb5"},
+    {file = "fonttools-4.61.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c1b526c8d3f615a7b1867f38a9410849c8f4aef078535742198e942fba0e9bd"},
+    {file = "fonttools-4.61.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:41ed4b5ec103bd306bb68f81dc166e77409e5209443e5773cb4ed837bcc9b0d3"},
+    {file = "fonttools-4.61.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b501c862d4901792adaec7c25b1ecc749e2662543f68bb194c42ba18d6eec98d"},
+    {file = "fonttools-4.61.1-cp313-cp313-win32.whl", hash = "sha256:4d7092bb38c53bbc78e9255a59158b150bcdc115a1e3b3ce0b5f267dc35dd63c"},
+    {file = "fonttools-4.61.1-cp313-cp313-win_amd64.whl", hash = "sha256:21e7c8d76f62ab13c9472ccf74515ca5b9a761d1bde3265152a6dc58700d895b"},
+    {file = "fonttools-4.61.1-cp314-cp314-macosx_10_15_universal2.whl", hash = "sha256:fff4f534200a04b4a36e7ae3cb74493afe807b517a09e99cb4faa89a34ed6ecd"},
+    {file = "fonttools-4.61.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:d9203500f7c63545b4ce3799319fe4d9feb1a1b89b28d3cb5abd11b9dd64147e"},
+    {file = "fonttools-4.61.1-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:fa646ecec9528bef693415c79a86e733c70a4965dd938e9a226b0fc64c9d2e6c"},
+    {file = "fonttools-4.61.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:11f35ad7805edba3aac1a3710d104592df59f4b957e30108ae0ba6c10b11dd75"},
+    {file = "fonttools-4.61.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:b931ae8f62db78861b0ff1ac017851764602288575d65b8e8ff1963fed419063"},
+    {file = "fonttools-4.61.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:b148b56f5de675ee16d45e769e69f87623a4944f7443850bf9a9376e628a89d2"},
+    {file = "fonttools-4.61.1-cp314-cp314-win32.whl", hash = "sha256:9b666a475a65f4e839d3d10473fad6d47e0a9db14a2f4a224029c5bfde58ad2c"},
+    {file = "fonttools-4.61.1-cp314-cp314-win_amd64.whl", hash = "sha256:4f5686e1fe5fce75d82d93c47a438a25bf0d1319d2843a926f741140b2b16e0c"},
+    {file = "fonttools-4.61.1-cp314-cp314t-macosx_10_15_universal2.whl", hash = "sha256:e76ce097e3c57c4bcb67c5aa24a0ecdbd9f74ea9219997a707a4061fbe2707aa"},
+    {file = "fonttools-4.61.1-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:9cfef3ab326780c04d6646f68d4b4742aae222e8b8ea1d627c74e38afcbc9d91"},
+    {file = "fonttools-4.61.1-cp314-cp314t-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:a75c301f96db737e1c5ed5fd7d77d9c34466de16095a266509e13da09751bd19"},
+    {file = "fonttools-4.61.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:91669ccac46bbc1d09e9273546181919064e8df73488ea087dcac3e2968df9ba"},
+    {file = "fonttools-4.61.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:c33ab3ca9d3ccd581d58e989d67554e42d8d4ded94ab3ade3508455fe70e65f7"},
+    {file = "fonttools-4.61.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:664c5a68ec406f6b1547946683008576ef8b38275608e1cee6c061828171c118"},
+    {file = "fonttools-4.61.1-cp314-cp314t-win32.whl", hash = "sha256:aed04cabe26f30c1647ef0e8fbb207516fd40fe9472e9439695f5c6998e60ac5"},
+    {file = "fonttools-4.61.1-cp314-cp314t-win_amd64.whl", hash = "sha256:2180f14c141d2f0f3da43f3a81bc8aa4684860f6b0e6f9e165a4831f24e6a23b"},
+    {file = "fonttools-4.61.1-py3-none-any.whl", hash = "sha256:17d2bf5d541add43822bcf0c43d7d847b160c9bb01d15d5007d84e2217aaa371"},
+    {file = "fonttools-4.61.1.tar.gz", hash = "sha256:6675329885c44657f826ef01d9e4fb33b9158e9d93c537d84ad8399539bc6f69"},
 ]

 [package.extras]
@@ -4569,7 +4579,7 @@ files = [

 [package.dependencies]
 attrs = ">=22.2.0"
-jsonschema-specifications = ">=2023.3.6"
+jsonschema-specifications = ">=2023.03.6"
 referencing = ">=0.28.4"
 rpds-py = ">=0.7.1"

@@ -4777,7 +4787,7 @@ librabbitmq = ["librabbitmq (>=2.0.0) ; python_version < \"3.11\""]
 mongodb = ["pymongo (==4.15.3)"]
 msgpack = ["msgpack (==1.1.2)"]
 pyro = ["pyro4 (==4.82)"]
-qpid = ["qpid-python (==1.36.0.post1)", "qpid-tools (==1.36.0.post1)"]
+qpid = ["qpid-python (==1.36.0-1)", "qpid-tools (==1.36.0-1)"]
 redis = ["redis (>=4.5.2,!=4.5.5,!=5.0.2,<6.5)"]
 slmq = ["softlayer_messaging (>=1.0.3)"]
 sqlalchemy = ["sqlalchemy (>=1.4.48,<2.1)"]
@@ -4798,7 +4808,7 @@ files = [
 ]

 [package.dependencies]
-certifi = ">=14.5.14"
+certifi = ">=14.05.14"
 durationpy = ">=0.7"
 google-auth = ">=1.0.1"
 oauthlib = ">=3.2.2"
@@ -5042,18 +5052,18 @@ tests = ["psutil", "pytest (!=3.3.0)", "pytest-cov"]

 [[package]]
 name = "markdown"
-version = "3.10.2"
+version = "3.9"
 description = "Python implementation of John Gruber's Markdown."
 optional = false
-python-versions = ">=3.10"
+python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "markdown-3.10.2-py3-none-any.whl", hash = "sha256:e91464b71ae3ee7afd3017d9f358ef0baf158fd9a298db92f1d4761133824c36"},
-    {file = "markdown-3.10.2.tar.gz", hash = "sha256:994d51325d25ad8aa7ce4ebaec003febcce822c3f8c911e3b17c52f7f589f950"},
+    {file = "markdown-3.9-py3-none-any.whl", hash = "sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280"},
+    {file = "markdown-3.9.tar.gz", hash = "sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a"},
 ]

 [package.extras]
-docs = ["mdx_gh_links (>=0.2)", "mkdocs (>=1.6)", "mkdocs-gen-files", "mkdocs-literate-nav", "mkdocs-nature (>=0.6)", "mkdocs-section-index", "mkdocstrings[python] (>=0.28.3)"]
+docs = ["mdx_gh_links (>=0.2)", "mkdocs (>=1.6)", "mkdocs-gen-files", "mkdocs-literate-nav", "mkdocs-nature (>=0.6)", "mkdocs-section-index", "mkdocstrings[python]"]
 testing = ["coverage", "pyyaml"]

 [[package]]
@@ -6632,10 +6642,10 @@ files = [

 [[package]]
 name = "prowler"
-version = "5.23.0"
+version = "5.19.0"
 description = "Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks."
 optional = false
-python-versions = ">=3.10,<3.13"
+python-versions = ">3.9.1,<3.13"
 groups = ["main"]
 files = []
 develop = false
@@ -6690,7 +6700,6 @@ colorama = "0.4.6"
 cryptography = "44.0.3"
 dash = "3.1.1"
 dash-bootstrap-components = "2.0.3"
-defusedxml = ">=0.7.1"
 detect-secrets = "1.5.0"
 dulwich = "0.23.0"
 google-api-python-client = "2.163.0"
@@ -6698,7 +6707,7 @@ google-auth-httplib2 = ">=0.1,<0.3"
 h2 = "4.3.0"
 jsonschema = "4.23.0"
 kubernetes = "32.0.1"
-markdown = "3.10.2"
+markdown = "3.9.0"
 microsoft-kiota-abstractions = "1.9.2"
 msgraph-sdk = "1.23.0"
 numpy = "2.0.2"
@@ -6708,7 +6717,7 @@ pandas = "2.2.3"
 py-iam-expand = "0.1.0"
 py-ocsf-models = "0.8.1"
 pydantic = ">=2.0,<3.0"
-pygithub = "2.8.0"
+pygithub = "2.5.0"
 python-dateutil = ">=2.9.0.post0,<3.0.0"
 pytz = "2025.1"
 schema = "0.7.5"
@@ -6716,13 +6725,12 @@ shodan = "1.31.0"
 slack-sdk = "3.39.0"
 tabulate = "0.9.0"
 tzlocal = "5.3.1"
-uuid6 = "2024.7.10"

 [package.source]
 type = "git"
 url = "https://github.com/prowler-cloud/prowler.git"
 reference = "master"
-resolved_reference = "2ddd5b3091bcdd8c7d44aba73b13c5c6f8f99e35"
+resolved_reference = "b31145616064bd6727139777dca1cea9b977346a"

 [[package]]
 name = "psutil"
@@ -7095,21 +7103,22 @@ typing-extensions = ">=4.14.1"

 [[package]]
 name = "pygithub"
-version = "2.8.0"
+version = "2.5.0"
 description = "Use the full Github API v3"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "pygithub-2.8.0-py3-none-any.whl", hash = "sha256:11a3473c1c2f1c39c525d0ee8c559f369c6d46c272cb7321c9b0cabc7aa1ce7d"},
-    {file = "pygithub-2.8.0.tar.gz", hash = "sha256:72f5f2677d86bc3a8843aa720c6ce4c1c42fb7500243b136e3d5e14ddb5c3386"},
+    {file = "PyGithub-2.5.0-py3-none-any.whl", hash = "sha256:b0b635999a658ab8e08720bdd3318893ff20e2275f6446fcf35bf3f44f2c0fd2"},
+    {file = "pygithub-2.5.0.tar.gz", hash = "sha256:e1613ac508a9be710920d26eb18b1905ebd9926aa49398e88151c1b526aad3cf"},
 ]

 [package.dependencies]
+Deprecated = "*"
 pyjwt = {version = ">=2.4.0", extras = ["crypto"]}
 pynacl = ">=1.4.0"
 requests = ">=2.14.0"
-typing-extensions = ">=4.5.0"
+typing-extensions = ">=4.0.0"
 urllib3 = ">=1.26.0"

 [[package]]
@@ -7161,7 +7170,7 @@ files = [
 ]

 [package.dependencies]
-astroid = ">=3.2.2,<=3.3.0.dev0"
+astroid = ">=3.2.2,<=3.3.0-dev0"
 colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""}
 dill = [
    {version = ">=0.3.7", markers = "python_version >= \"3.12\""},
@@ -7345,14 +7354,14 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygments

 [[package]]
 name = "pytest-celery"
-version = "1.3.0"
+version = "1.2.1"
 description = "Pytest plugin for Celery"
 optional = false
-python-versions = "<4.0,>=3.9"
+python-versions = "<4.0,>=3.8"
 groups = ["main"]
 files = [
-    {file = "pytest_celery-1.3.0-py3-none-any.whl", hash = "sha256:f02201d7770584a0c412a1ded329a142170c24012467c7046f2c72cc8205ad5d"},
-    {file = "pytest_celery-1.3.0.tar.gz", hash = "sha256:bd9e5b0f594ec5de9ab97cf27e3a11c644718a761bab6b997d01800fd7394f64"},
+    {file = "pytest_celery-1.2.1-py3-none-any.whl", hash = "sha256:0441ab0c2a712b775be16ffda3d7deb31995fd7b5e9d71630e7ea98b474346a3"},
+    {file = "pytest_celery-1.2.1.tar.gz", hash = "sha256:7873fb3cf4fbfe9b0dd15d359bdb8bbab4a41c7e48f5b0adb7d36138d3704d52"},
 ]

 [package.dependencies]
@@ -7363,13 +7372,14 @@ kombu = "*"
 psutil = ">=7.0.0"
 pytest-docker-tools = ">=3.1.3"
 redis = {version = "*", optional = true, markers = "extra == \"all\" or extra == \"redis\""}
+setuptools = {version = ">=75.8.0", markers = "python_version >= \"3.9\" and python_version < \"4.0\""}
 tenacity = ">=9.0.0"

 [package.extras]
-all = ["boto3", "botocore", "pycurl (>=7.43) ; sys_platform != \"win32\" and platform_python_implementation == \"CPython\"", "python-memcached", "redis", "urllib3 (>=1.26.16,<2.0)"]
+all = ["boto3", "botocore", "python-memcached", "redis", "urllib3 (>=1.26.16,<2.0)"]
 memcached = ["python-memcached"]
 redis = ["redis"]
-sqs = ["boto3", "botocore", "pycurl (>=7.43) ; sys_platform != \"win32\" and platform_python_implementation == \"CPython\"", "urllib3 (>=1.26.16,<2.0)"]
+sqs = ["boto3", "botocore", "urllib3 (>=1.26.16,<2.0)"]

 [[package]]
 name = "pytest-cov"
@@ -7854,14 +7864,14 @@ files = [

 [[package]]
 name = "reportlab"
-version = "4.4.10"
+version = "4.4.9"
 description = "The Reportlab Toolkit"
 optional = false
 python-versions = "<4,>=3.9"
 groups = ["main"]
 files = [
-    {file = "reportlab-4.4.10-py3-none-any.whl", hash = "sha256:5abc815746ae2bc44e7ff25db96814f921349ca814c992c7eac3c26029bf7c24"},
-    {file = "reportlab-4.4.10.tar.gz", hash = "sha256:5cbbb34ac3546039d0086deb2938cdec06b12da3cdb836e813258eb33cd28487"},
+    {file = "reportlab-4.4.9-py3-none-any.whl", hash = "sha256:68e2d103ae8041a37714e8896ec9b79a1c1e911d68c3bd2ea17546568cf17bfd"},
+    {file = "reportlab-4.4.9.tar.gz", hash = "sha256:7cf487764294ee791a4781f5a157bebce262a666ae4bbb87786760a9676c9378"},
 ]

 [package.dependencies]
@@ -8174,10 +8184,10 @@ files = [
 ]

 [package.dependencies]
-botocore = ">=1.37.4,<2.0a0"
+botocore = ">=1.37.4,<2.0a.0"

 [package.extras]
-crt = ["botocore[crt] (>=1.37.4,<2.0a0)"]
+crt = ["botocore[crt] (>=1.37.4,<2.0a.0)"]

 [[package]]
 name = "safety"
@@ -8283,14 +8293,14 @@ contextlib2 = ">=0.5.5"

 [[package]]
 name = "sentry-sdk"
-version = "2.56.0"
+version = "2.51.0"
 description = "Python client for Sentry (https://sentry.io)"
 optional = false
 python-versions = ">=3.6"
 groups = ["main"]
 files = [
-    {file = "sentry_sdk-2.56.0-py2.py3-none-any.whl", hash = "sha256:5afafb744ceb91d22f4cc650c6bd048ac6af5f7412dcc6c59305a2e36f4dbc02"},
-    {file = "sentry_sdk-2.56.0.tar.gz", hash = "sha256:fdab72030b69625665b2eeb9738bdde748ad254e8073085a0ce95382678e8168"},
+    {file = "sentry_sdk-2.51.0-py2.py3-none-any.whl", hash = "sha256:e21016d318a097c2b617bb980afd9fc737e1efc55f9b4f0cdc819982c9717d5f"},
+    {file = "sentry_sdk-2.51.0.tar.gz", hash = "sha256:b89d64577075fd8c13088bc3609a2ce77a154e5beb8cba7cc16560b0539df4f7"},
 ]

 [package.dependencies]
@@ -8763,14 +8773,14 @@ test = ["pytest", "websockets"]

 [[package]]
 name = "werkzeug"
-version = "3.1.7"
+version = "3.1.5"
 description = "The comprehensive WSGI web application library."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "werkzeug-3.1.7-py3-none-any.whl", hash = "sha256:4b314d81163a3e1a169b6a0be2a000a0e204e8873c5de6586f453c55688d422f"},
-    {file = "werkzeug-3.1.7.tar.gz", hash = "sha256:fb8c01fe6ab13b9b7cdb46892b99b1d66754e1d7ab8e542e865ec13f526b5351"},
+    {file = "werkzeug-3.1.5-py3-none-any.whl", hash = "sha256:5111e36e91086ece91f93268bb39b4a35c1e6f1feac762c9c822ded0a4e322dc"},
+    {file = "werkzeug-3.1.5.tar.gz", hash = "sha256:6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67"},
 ]

 [package.dependencies]
@@ -9372,4 +9382,4 @@ files = [
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "167d4549788b8bc8bb7772b9a81ade1eab73d8f354251a8d6af4901223cc7f67"
+content-hash = "6e38c38b1f8dc05b881f49703fa445eec299527e6697992b18e4613534fbcdb6"
@@ -5,44 +5,43 @@ requires = ["poetry-core"]
 [project]
 authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
-  "celery (==5.6.2)",
+  "celery (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
  "django (==5.1.15)",
-  "django-allauth[saml] (==65.15.0)",
-  "django-celery-beat (==2.9.0)",
-  "django-celery-results (==2.6.0)",
+  "django-allauth[saml] (>=65.13.0,<66.0.0)",
+  "django-celery-beat (>=2.7.0,<3.0.0)",
+  "django-celery-results (>=2.5.1,<3.0.0)",
  "django-cors-headers==4.4.0",
  "django-environ==0.11.2",
  "django-filter==24.3",
  "django-guid==3.5.0",
-  "django-postgres-extra (==2.0.9)",
+  "django-postgres-extra (>=2.0.8,<3.0.0)",
  "djangorestframework==3.15.2",
  "djangorestframework-jsonapi==7.0.2",
-  "djangorestframework-simplejwt (==5.5.1)",
-  "drf-nested-routers (==0.95.0)",
+  "djangorestframework-simplejwt (>=5.3.1,<6.0.0)",
+  "drf-nested-routers (>=0.94.1,<1.0.0)",
  "drf-spectacular==0.27.2",
  "drf-spectacular-jsonapi==0.5.1",
-  "defusedxml==0.7.1",
  "gunicorn==23.0.0",
  "lxml==5.3.2",
  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
-  "pytest-celery[redis] (==1.3.0)",
-  "sentry-sdk[django] (==2.56.0)",
+  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
+  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
  "uuid6==2024.7.10",
-  "openai (==1.109.1)",
+  "openai (>=1.82.0,<2.0.0)",
  "xmlsec==1.3.14",
  "h2 (==4.3.0)",
-  "markdown (==3.10.2)",
+  "markdown (>=3.9,<4.0)",
  "drf-simple-apikey (==2.2.1)",
-  "matplotlib (==3.10.8)",
-  "reportlab (==4.4.10)",
-  "neo4j (==6.1.0)",
+  "matplotlib (>=3.10.6,<4.0.0)",
+  "reportlab (>=4.4.4,<5.0.0)",
+  "neo4j (>=6.0.0,<7.0.0)",
  "cartography (==0.132.0)",
-  "gevent (==25.9.1)",
-  "werkzeug (==3.1.7)",
-  "sqlparse (==0.5.5)",
-  "fonttools (==4.62.1)"
+  "gevent (>=25.9.1,<26.0.0)",
+  "werkzeug (>=3.1.4)",
+  "sqlparse (>=0.5.4)",
+  "fonttools (>=4.60.2)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -50,7 +49,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.24.0"
+version = "1.23.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -62,7 +61,7 @@ django-silk = "5.3.2"
 docker = "7.1.0"
 filelock = "3.20.3"
 freezegun = "1.5.1"
-marshmallow = "==3.26.2"
+marshmallow = ">=3.15.0,<4.0.0"
 mypy = "1.10.1"
 pylint = "3.2.5"
 pytest = "8.2.2"
@@ -15,7 +15,6 @@ from django_filters.rest_framework import (
 from rest_framework_json_api.django_filters.backends import DjangoFilterBackend
 from rest_framework_json_api.serializers import ValidationError

-from api.constants import SEVERITY_ORDER
 from api.db_utils import (
    FindingDeltaEnumField,
    InvitationStateEnumField,
@@ -265,13 +264,6 @@ class CommonFindingFilters(FilterSet):
            )
        return queryset.filter(overall_query).distinct()

-    def filter_check_title_icontains(self, queryset, name, value):
-        return queryset.filter(
-            Q(check_metadata__CheckTitle__icontains=value)
-            | Q(check_metadata__checktitle__icontains=value)
-            | Q(check_metadata__Checktitle__icontains=value)
-        )
-

 class TenantFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
@@ -811,15 +803,11 @@ class FindingGroupFilter(CommonFindingFilters):
    check_id = CharFilter(field_name="check_id", lookup_expr="exact")
    check_id__in = CharInFilter(field_name="check_id", lookup_expr="in")
    check_id__icontains = CharFilter(field_name="check_id", lookup_expr="icontains")
-    check_title__icontains = CharFilter(method="filter_check_title_icontains")
-    scan = UUIDFilter(field_name="scan_id", lookup_expr="exact")
-    scan__in = UUIDInFilter(field_name="scan_id", lookup_expr="in")

    class Meta:
        model = Finding
        fields = {
            "check_id": ["exact", "in", "icontains"],
-            "scan": ["exact", "in"],
        }

    def filter_queryset(self, queryset):
@@ -907,15 +895,11 @@ class LatestFindingGroupFilter(CommonFindingFilters):
    check_id = CharFilter(field_name="check_id", lookup_expr="exact")
    check_id__in = CharInFilter(field_name="check_id", lookup_expr="in")
    check_id__icontains = CharFilter(field_name="check_id", lookup_expr="icontains")
-    check_title__icontains = CharFilter(method="filter_check_title_icontains")
-    scan = UUIDFilter(field_name="scan_id", lookup_expr="exact")
-    scan__in = UUIDInFilter(field_name="scan_id", lookup_expr="in")

    class Meta:
        model = Finding
        fields = {
            "check_id": ["exact", "in", "icontains"],
-            "scan": ["exact", "in"],
        }


@@ -942,9 +926,6 @@ class FindingGroupSummaryFilter(FilterSet):
    check_id = CharFilter(field_name="check_id", lookup_expr="exact")
    check_id__in = CharInFilter(field_name="check_id", lookup_expr="in")
    check_id__icontains = CharFilter(field_name="check_id", lookup_expr="icontains")
-    check_title__icontains = CharFilter(
-        field_name="check_title", lookup_expr="icontains"
-    )

    # Provider filters
    provider_id = UUIDFilter(field_name="provider_id", lookup_expr="exact")
@@ -1044,9 +1025,6 @@ class LatestFindingGroupSummaryFilter(FilterSet):
    check_id = CharFilter(field_name="check_id", lookup_expr="exact")
    check_id__in = CharInFilter(field_name="check_id", lookup_expr="in")
    check_id__icontains = CharFilter(field_name="check_id", lookup_expr="icontains")
-    check_title__icontains = CharFilter(
-        field_name="check_title", lookup_expr="icontains"
-    )

    # Provider filters
    provider_id = UUIDFilter(field_name="provider_id", lookup_expr="exact")
@@ -1064,98 +1042,6 @@ class LatestFindingGroupSummaryFilter(FilterSet):
        }


-class FindingGroupAggregatedComputedFilter(FilterSet):
-    """Filter aggregated finding-group rows by computed status/severity/muted."""
-
-    STATUS_CHOICES = (
-        ("FAIL", "Fail"),
-        ("PASS", "Pass"),
-        ("MUTED", "Muted"),
-    )
-
-    status = ChoiceFilter(method="filter_status", choices=STATUS_CHOICES)
-    status__in = CharInFilter(method="filter_status_in", lookup_expr="in")
-    severity = ChoiceFilter(method="filter_severity", choices=SeverityChoices)
-    severity__in = CharInFilter(method="filter_severity_in", lookup_expr="in")
-    include_muted = BooleanFilter(method="filter_include_muted")
-
-    def filter_status(self, queryset, name, value):
-        return queryset.filter(aggregated_status=value)
-
-    def filter_status_in(self, queryset, name, value):
-        values = value
-        if isinstance(value, str):
-            values = [part.strip() for part in value.split(",") if part.strip()]
-
-        allowed = {choice[0] for choice in self.STATUS_CHOICES}
-        invalid = [
-            status_value for status_value in values if status_value not in allowed
-        ]
-        if invalid:
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"invalid status filter: {invalid[0]}",
-                        "status": "400",
-                        "source": {"pointer": "/data"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        if not values:
-            return queryset
-
-        return queryset.filter(aggregated_status__in=values)
-
-    def filter_severity(self, queryset, name, value):
-        severity_order = SEVERITY_ORDER.get(value)
-        if severity_order is None:
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"invalid severity filter: {value}",
-                        "status": "400",
-                        "source": {"pointer": "/data"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-        return queryset.filter(severity_order=severity_order)
-
-    def filter_severity_in(self, queryset, name, value):
-        values = value
-        if isinstance(value, str):
-            values = [part.strip() for part in value.split(",") if part.strip()]
-
-        orders = []
-        for severity_value in values:
-            severity_order = SEVERITY_ORDER.get(severity_value)
-            if severity_order is None:
-                raise ValidationError(
-                    [
-                        {
-                            "detail": f"invalid severity filter: {severity_value}",
-                            "status": "400",
-                            "source": {"pointer": "/data"},
-                            "code": "invalid",
-                        }
-                    ]
-                )
-            orders.append(severity_order)
-
-        if not orders:
-            return queryset
-
-        return queryset.filter(severity_order__in=orders)
-
-    def filter_include_muted(self, queryset, name, value):
-        if value is True:
-            return queryset
-        # include_muted=false: exclude fully-muted groups
-        return queryset.exclude(fail_count=0, pass_count=0, muted_count__gt=0)
-
-
 class ProviderSecretFilter(FilterSet):
    inserted_at = DateFilter(
        field_name="inserted_at",
@@ -1,6 +1,7 @@
 import json
 import logging
 import re
+import xml.etree.ElementTree as ET
 from datetime import datetime, timedelta, timezone
 from uuid import UUID, uuid4

@@ -8,8 +9,6 @@ from allauth.socialaccount.models import SocialApp
 from config.custom_logging import BackendLogger
 from config.settings.social_login import SOCIALACCOUNT_PROVIDERS
 from cryptography.fernet import Fernet, InvalidToken
-import defusedxml
-from defusedxml import ElementTree as ET
 from django.conf import settings
 from django.contrib.auth.models import AbstractBaseUser
 from django.contrib.postgres.fields import ArrayField
@@ -2068,8 +2067,6 @@ class SAMLConfiguration(RowLevelSecurityProtectedModel):
            root = ET.fromstring(self.metadata_xml)
        except ET.ParseError as e:
            raise ValidationError({"metadata_xml": f"Invalid XML: {e}"})
-        except defusedxml.DefusedXmlException as e:
-            raise ValidationError({"metadata_xml": f"Unsafe XML content rejected: {e}"})

        # Entity ID
        entity_id = root.attrib.get("entityID")
@@ -30,10 +30,7 @@ class HasPermissions(BasePermission):
            return True

        user_roles = (
-            User.objects.using(MainRouter.admin_db)
-            .get(id=request.user.id)
-            .roles.using(MainRouter.admin_db)
-            .all()
+            User.objects.using(MainRouter.admin_db).get(id=request.user.id).roles.all()
        )
        if not user_roles:
            return False
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: Prowler API
-  version: 1.24.0
+  version: 1.23.0
  description: |-
    Prowler API specification.

@@ -301,7 +301,7 @@ class TestTokenSwitchTenant:
        assert invalid_tenant_response.status_code == 400
        assert invalid_tenant_response.json()["errors"][0]["code"] == "invalid"
        assert invalid_tenant_response.json()["errors"][0]["detail"] == (
-            "Tenant does not exist or user is not a member."
+            "Tenant does not exist or user is not a " "member."
        )


@@ -912,9 +912,10 @@ class TestAPIKeyLifecycle:
        auth_response = client.get(reverse("provider-list"), headers=api_key_headers)

        # Must return 401 Unauthorized, not 500 Internal Server Error
-        assert (
-            auth_response.status_code == 401
-        ), f"Expected 401 but got {auth_response.status_code}: {auth_response.json()}"
+        assert auth_response.status_code == 401, (
+            f"Expected 401 but got {auth_response.status_code}: "
+            f"{auth_response.json()}"
+        )

        # Verify error message is present
        response_json = auth_response.json()
@@ -10,11 +10,11 @@ from django.conf import settings
 import api
 import api.apps as api_apps_module
 from api.apps import (
+    ApiConfig,
    PRIVATE_KEY_FILE,
    PUBLIC_KEY_FILE,
    SIGNING_KEY_ENV,
    VERIFYING_KEY_ENV,
-    ApiConfig,
 )


@@ -187,10 +187,9 @@ def test_ready_initializes_driver_for_api_process(monkeypatch):
    _set_argv(monkeypatch, ["gunicorn"])
    _set_testing(monkeypatch, False)

-    with (
-        patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None),
-        patch("api.attack_paths.database.init_driver") as init_driver,
-    ):
+    with patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None), patch(
+        "api.attack_paths.database.init_driver"
+    ) as init_driver:
        config.ready()

    init_driver.assert_called_once()
@@ -201,10 +200,9 @@ def test_ready_skips_driver_for_celery(monkeypatch):
    _set_argv(monkeypatch, ["celery", "-A", "api"])
    _set_testing(monkeypatch, False)

-    with (
-        patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None),
-        patch("api.attack_paths.database.init_driver") as init_driver,
-    ):
+    with patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None), patch(
+        "api.attack_paths.database.init_driver"
+    ) as init_driver:
        config.ready()

    init_driver.assert_not_called()
@@ -215,10 +213,9 @@ def test_ready_skips_driver_for_manage_py_skip_command(monkeypatch):
    _set_argv(monkeypatch, ["manage.py", "migrate"])
    _set_testing(monkeypatch, False)

-    with (
-        patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None),
-        patch("api.attack_paths.database.init_driver") as init_driver,
-    ):
+    with patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None), patch(
+        "api.attack_paths.database.init_driver"
+    ) as init_driver:
        config.ready()

    init_driver.assert_not_called()
@@ -229,10 +226,9 @@ def test_ready_skips_driver_when_testing(monkeypatch):
    _set_argv(monkeypatch, ["gunicorn"])
    _set_testing(monkeypatch, True)

-    with (
-        patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None),
-        patch("api.attack_paths.database.init_driver") as init_driver,
-    ):
+    with patch.object(ApiConfig, "_ensure_crypto_keys", return_value=None), patch(
+        "api.attack_paths.database.init_driver"
+    ) as init_driver:
        config.ready()

    init_driver.assert_not_called()
@@ -243,39 +243,6 @@ class TestSAMLConfigurationModel:
        assert "Invalid XML" in errors["metadata_xml"][0]
        assert "not well-formed" in errors["metadata_xml"][0]

-    def test_xml_bomb_rejected(self, tenants_fixture):
-        """
-        Regression test: a 'billion laughs' XML bomb in the SAML metadata field
-        must be rejected and not allowed to exhaust server memory / CPU.
-
-        Before the fix, xml.etree.ElementTree was used directly, which does not
-        protect against entity-expansion attacks.  The fix switches to defusedxml
-        which raises an exception for any XML containing entity definitions.
-        """
-        tenant = tenants_fixture[0]
-        xml_bomb = (
-            "<?xml version='1.0'?>"
-            "<!DOCTYPE bomb ["
-            "  <!ENTITY a 'aaaaaaaaaa'>"
-            "  <!ENTITY b '&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;'>"
-            "  <!ENTITY c '&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;'>"
-            "  <!ENTITY d '&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;'>"
-            "]>"
-            "<md:EntityDescriptor entityID='&d;' "
-            "xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'/>"
-        )
-        config = SAMLConfiguration(
-            email_domain="xmlbomb.com",
-            metadata_xml=xml_bomb,
-            tenant=tenant,
-        )
-
-        with pytest.raises(ValidationError) as exc_info:
-            config._parse_metadata()
-
-        errors = exc_info.value.message_dict
-        assert "metadata_xml" in errors
-
    def test_metadata_missing_sso_fails(self, tenants_fixture):
        tenant = tenants_fixture[0]
        xml = """<md:EntityDescriptor entityID="x" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
@@ -4,25 +4,14 @@ from unittest.mock import MagicMock
 from config.settings.sentry import before_send


-def _make_log_record(msg, level=logging.ERROR, name="test", args=None):
-    """Build a real LogRecord so getMessage() works like in production."""
-    record = logging.LogRecord(
-        name=name,
-        level=level,
-        pathname="",
-        lineno=0,
-        msg=msg,
-        args=args,
-        exc_info=None,
-    )
-    return record
-
-
 def test_before_send_ignores_log_with_ignored_exception():
    """Test that before_send ignores logs containing ignored exceptions."""
-    log_record = _make_log_record("Provider kubernetes is not connected")
+    log_record = MagicMock()
+    log_record.msg = "Provider kubernetes is not connected"
+    log_record.levelno = logging.ERROR  # 40

    hint = {"log_record": log_record}
+
    event = MagicMock()

    result = before_send(event, hint)
@@ -47,9 +36,12 @@ def test_before_send_ignores_exception_with_ignored_exception():

 def test_before_send_passes_through_non_ignored_log():
    """Test that before_send passes through logs that don't contain ignored exceptions."""
-    log_record = _make_log_record("Some other error message")
+    log_record = MagicMock()
+    log_record.msg = "Some other error message"
+    log_record.levelno = logging.ERROR  # 40

    hint = {"log_record": log_record}
+
    event = MagicMock()

    result = before_send(event, hint)
@@ -74,53 +66,15 @@ def test_before_send_passes_through_non_ignored_exception():

 def test_before_send_handles_warning_level():
    """Test that before_send handles warning level logs."""
-    log_record = _make_log_record(
-        "Provider kubernetes is not connected", level=logging.WARNING
-    )
+    log_record = MagicMock()
+    log_record.msg = "Provider kubernetes is not connected"
+    log_record.levelno = logging.WARNING  # 30

    hint = {"log_record": log_record}
+
    event = MagicMock()

    result = before_send(event, hint)

    # Assert that the event was dropped (None returned)
    assert result is None
-
-
-def test_before_send_ignores_neo4j_defunct_connection():
-    """Test that before_send drops neo4j.io defunct connection logs.
-
-    The Neo4j driver logs transient connection errors at ERROR level
-    before RetryableSession retries them. These are noise.
-
-    The driver uses %s formatting, so "defunct" is in the args, not
-    in the template. This test mirrors the real LogRecord structure.
-    """
-    log_record = _make_log_record(
-        msg="[#%04X]  _: <CONNECTION> error: %s: %r",
-        name="neo4j.io",
-        args=(
-            0xE5CC,
-            "Failed to read from defunct connection "
-            "IPv4Address(('cloud-neo4j.prowler.com', 7687))",
-            ConnectionResetError(104, "Connection reset by peer"),
-        ),
-    )
-
-    hint = {"log_record": log_record}
-    event = MagicMock()
-
-    assert before_send(event, hint) is None
-
-
-def test_before_send_passes_non_defunct_neo4j_log():
-    """Test that before_send passes through neo4j.io logs that are not about defunct connections."""
-    log_record = _make_log_record(
-        msg="Some other neo4j transport error",
-        name="neo4j.io",
-    )
-
-    hint = {"log_record": log_record}
-    event = MagicMock()
-
-    assert before_send(event, hint) == event
@@ -807,63 +807,6 @@ class TestTenantViewSet:
        )
        assert response.status_code == status.HTTP_404_NOT_FOUND

-    def test_tenants_list_no_permissions(
-        self, authenticated_client_no_permissions_rbac, tenants_fixture
-    ):
-        response = authenticated_client_no_permissions_rbac.get(reverse("tenant-list"))
-        assert response.status_code == status.HTTP_200_OK
-
-    def test_tenants_retrieve_no_permissions(
-        self, authenticated_client_no_permissions_rbac, tenants_fixture
-    ):
-        tenant1, *_ = tenants_fixture
-        response = authenticated_client_no_permissions_rbac.get(
-            reverse("tenant-detail", kwargs={"pk": tenant1.id})
-        )
-        assert response.status_code == status.HTTP_200_OK
-
-    def test_tenants_create_no_permissions(
-        self, authenticated_client_no_permissions_rbac, valid_tenant_payload
-    ):
-        response = authenticated_client_no_permissions_rbac.post(
-            reverse("tenant-list"),
-            data=valid_tenant_payload,
-            format="json",
-        )
-        assert response.status_code == status.HTTP_201_CREATED
-
-    def test_tenants_partial_update_no_permissions(
-        self, authenticated_client_no_permissions_rbac, tenants_fixture
-    ):
-        tenant1, *_ = tenants_fixture
-        payload = {
-            "data": {
-                "type": "tenants",
-                "id": str(tenant1.id),
-                "attributes": {"name": "Unauthorized update"},
-            },
-        }
-        response = authenticated_client_no_permissions_rbac.patch(
-            reverse("tenant-detail", kwargs={"pk": tenant1.id}),
-            data=payload,
-            content_type=API_JSON_CONTENT_TYPE,
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-    @patch("api.v1.views.delete_tenant_task.apply_async")
-    def test_tenants_delete_no_permissions(
-        self,
-        delete_tenant_mock,
-        authenticated_client_no_permissions_rbac,
-        tenants_fixture,
-    ):
-        tenant1, *_ = tenants_fixture
-        response = authenticated_client_no_permissions_rbac.delete(
-            reverse("tenant-detail", kwargs={"pk": tenant1.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-        delete_tenant_mock.assert_not_called()
-

@pytest.mark.django_db
 class TestMembershipViewSet:
@@ -14746,16 +14689,10 @@ class TestMuteRuleViewSet:
        assert len(data) == 2
        assert data[0]["id"] == str(mute_rules_fixture[first_index].id)

-    @patch("api.v1.views.chain")
-    @patch("api.v1.views.reaggregate_all_finding_group_summaries_task.si")
-    @patch("api.v1.views.mute_historical_findings_task.si")
-    @patch("api.v1.views.transaction.on_commit", side_effect=lambda fn: fn())
+    @patch("tasks.tasks.mute_historical_findings_task.apply_async")
    def test_mute_rules_create_valid(
        self,
-        _mock_on_commit,
-        mock_mute_signature,
-        mock_reaggregate_signature,
-        mock_chain,
+        mock_task,
        authenticated_client,
        findings_fixture,
        create_test_user,
@@ -14793,14 +14730,8 @@ class TestMuteRuleViewSet:
        assert finding.muted_at is not None
        assert finding.muted_reason == "Security exception approved"

-        # Verify background task chain was called: mute → reaggregate all
-        mock_mute_signature.assert_called_once()
-        mock_reaggregate_signature.assert_called_once()
-        mock_chain.assert_called_once_with(
-            mock_mute_signature.return_value,
-            mock_reaggregate_signature.return_value,
-        )
-        mock_chain.return_value.apply_async.assert_called_once()
+        # Verify background task was called
+        mock_task.assert_called_once()

    @patch("tasks.tasks.mute_historical_findings_task.apply_async")
    def test_mute_rules_create_converts_finding_ids_to_uids(
@@ -15273,29 +15204,6 @@ class TestFindingGroupViewSet:
        # ec2_instance_public_ip has 1 PASS and 1 FAIL, should aggregate to FAIL
        assert data[0]["attributes"]["status"] == "FAIL"

-    def test_finding_groups_region_filter_reaggregates_metrics(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test finding-level filters recompute group metrics from matching findings."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {
-                "filter[inserted_at]": TODAY,
-                "filter[check_id]": "ec2_instance_public_ip",
-                "filter[region]": "us-east-1",
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-
-        attrs = data[0]["attributes"]
-        assert attrs["status"] == "PASS"
-        assert attrs["pass_count"] == 1
-        assert attrs["fail_count"] == 0
-        assert attrs["resources_total"] == 1
-        assert attrs["resources_fail"] == 0
-
    def test_finding_groups_status_pass_when_no_fail(
        self, authenticated_client, finding_groups_fixture
    ):
@@ -15324,182 +15232,6 @@ class TestFindingGroupViewSet:
        # rds_encryption has all muted findings
        assert data[0]["attributes"]["status"] == "MUTED"

-    def test_finding_groups_status_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test finding groups can be filtered by aggregated status."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {"filter[inserted_at]": TODAY, "filter[status]": "FAIL"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["status"] == "FAIL" for item in data)
-
-    def test_finding_groups_status_in_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test finding groups support status__in filter on aggregated status."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {"filter[inserted_at]": TODAY, "filter[status__in]": "FAIL,PASS"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["status"] in {"FAIL", "PASS"} for item in data)
-
-    def test_finding_groups_severity_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test finding groups can be filtered by aggregated severity."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {"filter[inserted_at]": TODAY, "filter[severity]": "critical"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["severity"] == "critical" for item in data)
-
-    @pytest.mark.parametrize(
-        "endpoint_name", ["finding-group-list", "finding-group-latest"]
-    )
-    def test_finding_groups_combined_region_and_status_filters(
-        self, authenticated_client, finding_groups_fixture, endpoint_name
-    ):
-        """Test combined region + aggregated status filters."""
-        params = {"filter[region]": "us-east-1", "filter[status]": "FAIL"}
-        if endpoint_name == "finding-group-list":
-            params["filter[inserted_at]"] = TODAY
-
-        response = authenticated_client.get(reverse(endpoint_name), params)
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        check_ids = {item["id"] for item in data}
-        assert check_ids == {"s3_bucket_public_access", "cloudtrail_enabled"}
-        assert all(item["attributes"]["status"] == "FAIL" for item in data)
-
-    @pytest.mark.parametrize(
-        "endpoint_name", ["finding-group-list", "finding-group-latest"]
-    )
-    def test_finding_groups_combined_delta_and_severity_filters(
-        self, authenticated_client, finding_groups_fixture, endpoint_name
-    ):
-        """Test combined delta + aggregated severity filters."""
-        params = {"filter[delta]": "new", "filter[severity]": "critical"}
-        if endpoint_name == "finding-group-list":
-            params["filter[inserted_at]"] = TODAY
-
-        response = authenticated_client.get(reverse(endpoint_name), params)
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        check_ids = {item["id"] for item in data}
-        assert check_ids == {"s3_bucket_public_access", "cloudtrail_enabled"}
-        assert all(item["attributes"]["severity"] == "critical" for item in data)
-
-    @pytest.mark.parametrize(
-        "endpoint_name", ["finding-group-list", "finding-group-latest"]
-    )
-    @pytest.mark.parametrize(
-        "filter_key,filter_value",
-        [
-            ("status", "INVALID_STATUS"),
-            ("severity", "INVALID_SEVERITY"),
-        ],
-    )
-    def test_finding_groups_invalid_status_or_severity_returns_400(
-        self,
-        authenticated_client,
-        finding_groups_fixture,
-        endpoint_name,
-        filter_key,
-        filter_value,
-    ):
-        """Test invalid aggregated status/severity values are rejected."""
-        params = {f"filter[{filter_key}]": filter_value}
-        if endpoint_name == "finding-group-list":
-            params["filter[inserted_at]"] = TODAY
-
-        response = authenticated_client.get(reverse(endpoint_name), params)
-
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-        assert response.json()["errors"][0]["code"] == "invalid"
-
-    @pytest.mark.parametrize(
-        "endpoint_name", ["finding-group-list", "finding-group-latest"]
-    )
-    @pytest.mark.parametrize(
-        "filter_key,filter_value,expected_detail",
-        [
-            ("status__in", "FAIL,INVALID_STATUS", "invalid status filter"),
-            ("severity__in", "critical,INVALID_SEVERITY", "invalid severity filter"),
-        ],
-    )
-    def test_finding_groups_invalid_in_filters_return_400(
-        self,
-        authenticated_client,
-        finding_groups_fixture,
-        endpoint_name,
-        filter_key,
-        filter_value,
-        expected_detail,
-    ):
-        """Test invalid values in status__in/severity__in are rejected."""
-        params = {f"filter[{filter_key}]": filter_value}
-        if endpoint_name == "finding-group-list":
-            params["filter[inserted_at]"] = TODAY
-
-        response = authenticated_client.get(reverse(endpoint_name), params)
-
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-        errors = response.json()["errors"]
-        assert errors[0]["code"] == "invalid"
-        assert expected_detail in errors[0]["detail"]
-
-    @pytest.mark.parametrize(
-        "filter_name,filter_value",
-        [
-            ("region", "__region_does_not_exist__"),
-            ("service", "__service_does_not_exist__"),
-            ("category", "__category_does_not_exist__"),
-            ("resource_groups", "__group_does_not_exist__"),
-            ("resource_type", "__type_does_not_exist__"),
-            ("scan", "00000000-0000-7000-8000-000000000001"),
-        ],
-    )
-    def test_finding_groups_finding_level_filters_are_applied(
-        self,
-        authenticated_client,
-        finding_groups_fixture,
-        filter_name,
-        filter_value,
-    ):
-        """Test finding-level filters are applied in /finding-groups aggregation."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {"filter[inserted_at]": TODAY, f"filter[{filter_name}]": filter_value},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 0
-
-    def test_finding_groups_delta_filter_is_applied(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test delta filter is applied in /finding-groups aggregation."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {"filter[inserted_at]": TODAY, "filter[delta]": "new"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["new_count"] > 0 for item in data)
-
    def test_finding_groups_provider_aggregation(
        self, authenticated_client, finding_groups_fixture
    ):
@@ -15794,22 +15526,6 @@ class TestFindingGroupViewSet:
        assert len(response.json()["data"]) == 1
        assert "bucket" in response.json()["data"][0]["id"].lower()

-    def test_finding_groups_check_title_icontains(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test searching check titles with icontains."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {
-                "filter[inserted_at]": TODAY,
-                "filter[check_title.icontains]": "public access",
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-        assert data[0]["id"] == "s3_bucket_public_access"
-
    def test_resources_not_found(self, authenticated_client):
        """Test 404 returned for nonexistent check_id."""
        response = authenticated_client.get(
@@ -16108,258 +15824,6 @@ class TestFindingGroupViewSet:
        assert len(data) == 1
        assert data[0]["id"] == "cloudtrail_enabled"

-    def test_finding_groups_latest_status_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest supports status filter on aggregated status."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"filter[status]": "FAIL"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["status"] == "FAIL" for item in data)
-
-    def test_finding_groups_latest_region_filter_reaggregates_metrics(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest recomputes metrics from findings matching region filter."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {
-                "filter[check_id]": "ec2_instance_public_ip",
-                "filter[region]": "us-east-1",
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-
-        attrs = data[0]["attributes"]
-        assert attrs["status"] == "PASS"
-        assert attrs["pass_count"] == 1
-        assert attrs["fail_count"] == 0
-        assert attrs["resources_total"] == 1
-        assert attrs["resources_fail"] == 0
-
-    def test_finding_groups_latest_status_in_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest supports status__in filter on aggregated status."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"filter[status__in]": "FAIL,PASS"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["status"] in {"FAIL", "PASS"} for item in data)
-
-    def test_finding_groups_latest_severity_filter(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest supports severity filter on aggregated severity."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"filter[severity]": "critical"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["severity"] == "critical" for item in data)
-
-    @pytest.mark.parametrize(
-        "filter_name,filter_value",
-        [
-            ("region", "__region_does_not_exist__"),
-            ("service", "__service_does_not_exist__"),
-            ("category", "__category_does_not_exist__"),
-            ("resource_groups", "__group_does_not_exist__"),
-            ("resource_type", "__type_does_not_exist__"),
-            ("scan", "00000000-0000-7000-8000-000000000001"),
-        ],
-    )
-    def test_finding_groups_latest_finding_level_filters_are_applied(
-        self,
-        authenticated_client,
-        finding_groups_fixture,
-        filter_name,
-        filter_value,
-    ):
-        """Test finding-level filters are applied in /finding-groups/latest aggregation."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {f"filter[{filter_name}]": filter_value},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 0
-
-    def test_finding_groups_check_title_filter_applies_with_delta(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test check_title filter is honored when finding-level path is used."""
-        response = authenticated_client.get(
-            reverse("finding-group-list"),
-            {
-                "filter[inserted_at]": TODAY,
-                "filter[delta]": "new",
-                "filter[check_title.icontains]": "__missing_check_title__",
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 0
-
-    def test_finding_groups_latest_check_title_filter_applies_with_delta(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest check_title filter is honored on finding-level path."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {
-                "filter[delta]": "new",
-                "filter[check_title.icontains]": "__missing_check_title__",
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 0
-
-    def test_finding_groups_latest_delta_filter_is_applied(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test delta filter is applied in /finding-groups/latest aggregation."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"filter[delta]": "new"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-        assert all(item["attributes"]["new_count"] > 0 for item in data)
-
-    def test_finding_groups_latest_aggregates_latest_per_provider(
-        self,
-        authenticated_client,
-        providers_fixture,
-        resources_fixture,
-    ):
-        """Test /latest keeps all findings from the latest scan per provider.
-
-        Verifies that when the latest scan produces multiple findings for the
-        same check_id (e.g. one per resource), all of them are included in the
-        aggregation — not just one.
-        """
-        provider1 = providers_fixture[0]
-        provider2 = providers_fixture[1]
-        resource1 = resources_fixture[0]
-        resource2 = resources_fixture[1]
-        resource3 = resources_fixture[2]
-        check_id = "cross_provider_latest_resources_total"
-
-        latest_scan_provider1 = Scan.objects.create(
-            tenant_id=provider1.tenant_id,
-            provider=provider1,
-            state=StateChoices.COMPLETED,
-            trigger=Scan.TriggerChoices.MANUAL,
-            completed_at=datetime.now(timezone.utc),
-        )
-
-        latest_scan_provider2 = Scan.objects.create(
-            tenant_id=provider2.tenant_id,
-            provider=provider2,
-            state=StateChoices.COMPLETED,
-            trigger=Scan.TriggerChoices.MANUAL,
-            completed_at=datetime.now(timezone.utc),
-        )
-
-        older_scan_provider1 = Scan.objects.create(
-            tenant_id=provider1.tenant_id,
-            provider=provider1,
-            state=StateChoices.COMPLETED,
-            trigger=Scan.TriggerChoices.MANUAL,
-            completed_at=datetime.now(timezone.utc) - timedelta(days=1),
-        )
-
-        # Older scan — these should be excluded from /latest
-        Finding.objects.create(
-            tenant_id=provider1.tenant_id,
-            uid="old_cross_provider_1",
-            scan=older_scan_provider1,
-            delta="new",
-            status="FAIL",
-            severity="high",
-            impact="high",
-            check_id=check_id,
-            check_metadata={"CheckId": check_id, "checktitle": "Cross provider check"},
-            first_seen_at=datetime.now(timezone.utc) - timedelta(days=2),
-            muted=False,
-        )
-
-        # Latest scan provider1: TWO findings (PASS + FAIL) for the same check
-        latest_p1_pass = Finding.objects.create(
-            tenant_id=provider1.tenant_id,
-            uid="latest_cross_provider_1_pass",
-            scan=latest_scan_provider1,
-            delta="new",
-            status="PASS",
-            severity="high",
-            impact="high",
-            check_id=check_id,
-            check_metadata={"CheckId": check_id, "checktitle": "Cross provider check"},
-            first_seen_at=datetime.now(timezone.utc) - timedelta(hours=1),
-            muted=False,
-        )
-        latest_p1_pass.add_resources([resource1])
-
-        latest_p1_fail = Finding.objects.create(
-            tenant_id=provider1.tenant_id,
-            uid="latest_cross_provider_1_fail",
-            scan=latest_scan_provider1,
-            delta="new",
-            status="FAIL",
-            severity="high",
-            impact="high",
-            check_id=check_id,
-            check_metadata={"CheckId": check_id, "checktitle": "Cross provider check"},
-            first_seen_at=datetime.now(timezone.utc) - timedelta(hours=1),
-            muted=False,
-        )
-        latest_p1_fail.add_resources([resource2])
-
-        # Latest scan provider2: one finding
-        latest_p2 = Finding.objects.create(
-            tenant_id=provider2.tenant_id,
-            uid="latest_cross_provider_2",
-            scan=latest_scan_provider2,
-            delta="new",
-            status="FAIL",
-            severity="high",
-            impact="high",
-            check_id=check_id,
-            check_metadata={"CheckId": check_id, "checktitle": "Cross provider check"},
-            first_seen_at=datetime.now(timezone.utc) - timedelta(hours=1),
-            muted=False,
-        )
-        latest_p2.add_resources([resource3])
-
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"filter[check_id]": check_id, "filter[delta]": "new"},
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-        attrs = data[0]["attributes"]
-        # 3 findings total: 2 from provider1 latest + 1 from provider2 latest
-        assert attrs["pass_count"] == 1
-        assert attrs["fail_count"] == 2
-        assert attrs["resources_total"] == 3
-        assert attrs["resources_fail"] == 2
-
    def test_finding_groups_latest_provider_type_filter(
        self, authenticated_client, finding_groups_fixture
    ):
@@ -16399,44 +15863,6 @@ class TestFindingGroupViewSet:
        check_ids = [item["id"] for item in data]
        assert check_ids == sorted(check_ids)

-    def test_finding_groups_latest_sort_by_check_title(
-        self, authenticated_client, finding_groups_fixture
-    ):
-        """Test /latest supports sorting by check_title."""
-        response = authenticated_client.get(
-            reverse("finding-group-latest"),
-            {"sort": "check_title"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        check_titles = [item["attributes"]["check_title"] for item in data]
-        assert check_titles == sorted(check_titles)
-
-    @pytest.mark.parametrize(
-        "endpoint_name", ["finding-group-list", "finding-group-latest"]
-    )
-    @pytest.mark.parametrize(
-        "sort_field",
-        ["first_seen_at", "-first_seen_at", "last_seen_at", "failing_since"],
-    )
-    def test_finding_groups_sort_by_time_fields(
-        self,
-        authenticated_client,
-        finding_groups_fixture,
-        endpoint_name,
-        sort_field,
-    ):
-        """Test sorting by aggregated time fields (first_seen_at, last_seen_at, failing_since)."""
-        params = {"sort": sort_field}
-        if endpoint_name == "finding-group-list":
-            params["filter[inserted_at]"] = TODAY
-
-        response = authenticated_client.get(reverse(endpoint_name), params)
-
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) > 0
-
    def test_finding_groups_latest_ignores_date_filters(
        self, authenticated_client, finding_groups_fixture
    ):
@@ -4180,7 +4180,6 @@ class FindingGroupResourceSerializer(BaseSerializerV1):
    severity = serializers.CharField()
    first_seen_at = serializers.DateTimeField(required=False, allow_null=True)
    last_seen_at = serializers.DateTimeField(required=False, allow_null=True)
-    muted_reason = serializers.CharField(required=False, allow_null=True)

    class JSONAPIMeta:
        resource_name = "finding-group-resources"
@@ -4,6 +4,7 @@ import json
 import logging
 import os
 import time
+
 from collections import defaultdict
 from copy import deepcopy
 from datetime import datetime, timedelta, timezone
@@ -11,12 +12,12 @@ from decimal import ROUND_HALF_UP, Decimal, InvalidOperation
 from urllib.parse import urljoin

 import sentry_sdk
+
 from allauth.socialaccount.models import SocialAccount, SocialApp
 from allauth.socialaccount.providers.github.views import GitHubOAuth2Adapter
 from allauth.socialaccount.providers.google.views import GoogleOAuth2Adapter
 from allauth.socialaccount.providers.saml.views import FinishACSView, LoginView
 from botocore.exceptions import ClientError, NoCredentialsError, ParamValidationError
-from celery import chain
 from celery.result import AsyncResult
 from config.custom_logging import BackendLogger
 from config.env import env
@@ -31,7 +32,6 @@ from django.contrib.postgres.search import SearchQuery
 from django.db import transaction
 from django.db.models import (
    Case,
-    CharField,
    Count,
    DecimalField,
    ExpressionWrapper,
@@ -48,8 +48,7 @@ from django.db.models import (
    When,
    Window,
 )
-from django.db.models.fields.json import KeyTextTransform
-from django.db.models.functions import Cast, Coalesce, RowNumber
+from django.db.models.functions import Coalesce, RowNumber
 from django.http import HttpResponse, QueryDict
 from django.shortcuts import redirect
 from django.urls import reverse
@@ -77,7 +76,6 @@ from rest_framework.exceptions import (
 )
 from rest_framework.generics import GenericAPIView, get_object_or_404
 from rest_framework.permissions import SAFE_METHODS
-from rest_framework_json_api import filters as jsonapi_filters
 from rest_framework_json_api.views import RelationshipView, Response
 from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
 from tasks.beat import schedule_provider_scan
@@ -95,7 +93,6 @@ from tasks.tasks import (
    jira_integration_task,
    mute_historical_findings_task,
    perform_scan_task,
-    reaggregate_all_finding_group_summaries_task,
    refresh_lighthouse_provider_models_task,
 )

@@ -103,6 +100,7 @@ from api.attack_paths import database as graph_database
 from api.attack_paths import get_queries_for_provider, get_query_by_id
 from api.attack_paths import views_helpers as attack_paths_views_helpers
 from api.base_views import BaseRLSViewSet, BaseTenantViewset, BaseUserViewset
+from api.renderers import APIJSONRenderer, PlainTextRenderer
 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    get_compliance_frameworks,
@@ -126,7 +124,6 @@ from api.filters import (
    CustomDjangoFilterBackend,
    DailySeveritySummaryFilter,
    FindingFilter,
-    FindingGroupAggregatedComputedFilter,
    FindingGroupFilter,
    FindingGroupSummaryFilter,
    IntegrationFilter,
@@ -202,7 +199,6 @@ from api.models import (
 )
 from api.pagination import ComplianceOverviewPagination
 from api.rbac.permissions import Permissions, get_providers, get_role
-from api.renderers import APIJSONRenderer, PlainTextRenderer
 from api.rls import Tenant
 from api.utils import (
    CustomOAuth2Client,
@@ -412,7 +408,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.24.0"
+        spectacular_settings.VERSION = "1.23.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -1211,17 +1207,6 @@ class TenantViewSet(BaseTenantViewset):
    # RBAC required permissions
    required_permissions = [Permissions.MANAGE_ACCOUNT]

-    def set_required_permissions(self):
-        """
-        Returns the required permissions based on the request method.
-        """
-        if self.action in ("list", "retrieve", "create"):
-            # No permissions required for listing, retrieving or creating tenants
-            self.required_permissions = []
-        else:
-            # Require MANAGE_ACCOUNT for update and delete
-            self.required_permissions = [Permissions.MANAGE_ACCOUNT]
-
    def get_queryset(self):
        queryset = Tenant.objects.filter(membership__user=self.request.user)
        return queryset.prefetch_related("memberships")
@@ -6740,18 +6725,11 @@ class MuteRuleViewSet(BaseRLSViewSet):
            muted_reason=mute_rule.reason,
        )

-        # Launch background task for historical muting + reaggregation
-        transaction.on_commit(
-            lambda: chain(
-                mute_historical_findings_task.si(
-                    tenant_id=tenant_id,
-                    mute_rule_id=str(mute_rule.id),
-                ),
-                reaggregate_all_finding_group_summaries_task.si(
-                    tenant_id=tenant_id,
-                ),
-            ).apply_async()
-        )
+        # Launch background task for historical muting
+        with transaction.atomic():
+            mute_historical_findings_task.apply_async(
+                kwargs={"tenant_id": tenant_id, "mute_rule_id": str(mute_rule.id)}
+            )

        # Return the created mute rule
        serializer = self.get_serializer(mute_rule)
@@ -6792,37 +6770,21 @@ class FindingGroupViewSet(BaseRLSViewSet):
    security analysts to see which checks are failing across their
    infrastructure without scrolling through thousands of individual findings.

-    Uses a hybrid strategy: pre-aggregated daily summaries when possible,
-    and raw findings when finding-level filters require precise subset metrics.
+    Uses pre-aggregated FindingGroupDailySummary table for efficient queries.
+    Daily summaries are re-aggregated across the requested date range.
    """

    queryset = FindingGroupDailySummary.objects.all()
    serializer_class = FindingGroupSerializer
-    filterset_class = FindingGroupFilter
-    filter_backends = [
-        jsonapi_filters.QueryParameterValidationFilter,
-        jsonapi_filters.OrderingFilter,
-        CustomDjangoFilterBackend,
-    ]
+    filterset_class = FindingGroupSummaryFilter
    http_method_names = ["get"]
    required_permissions = []

    def get_filterset_class(self):
-        """Return the filterset class used for schema generation and the list action.
-
-        Note: The resources and latest_resources actions do not use this method
-        at runtime. They manually instantiate FindingGroupFilter /
-        LatestFindingGroupFilter against a Finding queryset (see
-        _get_finding_queryset). The class returned here for those actions only
-        affects the OpenAPI schema generated by drf-spectacular.
-        """
+        """Return appropriate filter based on action."""
        if self.action == "latest":
-            return LatestFindingGroupFilter
-        if self.action == "resources":
-            return FindingGroupFilter
-        if self.action == "latest_resources":
-            return LatestFindingGroupFilter
-        return FindingGroupFilter
+            return LatestFindingGroupSummaryFilter
+        return FindingGroupSummaryFilter

    def get_queryset(self):
        """Get the base FindingGroupDailySummary queryset with RLS filtering."""
@@ -6929,27 +6891,20 @@ class FindingGroupViewSet(BaseRLSViewSet):

        return filterset.qs.values("id")

-    def _get_finding_level_filter_keys(self, latest: bool = False) -> set[str]:
-        """Derive filters that require querying raw findings."""
-        summary_filterset = (
-            LatestFindingGroupSummaryFilter if latest else FindingGroupSummaryFilter
-        )
-        finding_filterset = LatestFindingGroupFilter if latest else FindingGroupFilter
-
-        summary_supported = set(summary_filterset.base_filters.keys())
-        finding_supported = set(finding_filterset.base_filters.keys())
-        return finding_supported - summary_supported
-
-    def _requires_finding_level_aggregation(
-        self, params: QueryDict, latest: bool = False
-    ) -> bool:
-        finding_level_keys = self._get_finding_level_filter_keys(latest=latest)
-        return any(key in finding_level_keys for key in params.keys())
-
    def _aggregate_daily_summaries(self, queryset):
-        """Re-aggregate summary rows by check_id."""
+        """
+        Re-aggregate daily summaries across the date range.
+
+        Takes pre-computed daily summaries and aggregates them by check_id
+        to produce totals across the selected date range.
+        """
+        from django.db.models import CharField
+        from django.db.models.functions import Cast
+
        return queryset.values("check_id").annotate(
+            # Max severity across days
            severity_order=Max("severity_order"),
+            # Sum counts across days
            pass_count=Sum("pass_count"),
            fail_count=Sum("fail_count"),
            muted_count=Sum("muted_count"),
@@ -6957,99 +6912,22 @@ class FindingGroupViewSet(BaseRLSViewSet):
            changed_count=Sum("changed_count"),
            resources_total=Sum("resources_total"),
            resources_fail=Sum("resources_fail"),
+            # Collect provider types using StringAgg (cast enum to text first)
            impacted_providers_str=StringAgg(
                Cast("provider__provider", CharField()),
                delimiter=",",
                distinct=True,
                default="",
            ),
-            agg_first_seen_at=Min("first_seen_at"),
-            agg_last_seen_at=Max("last_seen_at"),
-            agg_failing_since=Min("failing_since"),
+            # Min/Max timing across days
+            first_seen_at=Min("first_seen_at"),
+            last_seen_at=Max("last_seen_at"),
+            failing_since=Min("failing_since"),
+            # Get check metadata from first row (same for all days)
            check_title=Max("check_title"),
            check_description=Max("check_description"),
        )

-    def _aggregate_findings(self, queryset):
-        """Aggregate findings by check_id for finding-group endpoints."""
-        severity_case = Case(
-            *[
-                When(severity=severity, then=Value(order))
-                for severity, order in SEVERITY_ORDER.items()
-            ],
-            output_field=IntegerField(),
-        )
-
-        return queryset.values("check_id").annotate(
-            severity_order=Max(severity_case),
-            pass_count=Count("id", filter=Q(status="PASS", muted=False)),
-            fail_count=Count("id", filter=Q(status="FAIL", muted=False)),
-            muted_count=Count("id", filter=Q(muted=True)),
-            new_count=Count("id", filter=Q(delta="new", muted=False)),
-            changed_count=Count("id", filter=Q(delta="changed", muted=False)),
-            resources_total=Count("resources__id", distinct=True),
-            resources_fail=Count(
-                "resources__id",
-                distinct=True,
-                filter=Q(status="FAIL", muted=False),
-            ),
-            impacted_providers_str=StringAgg(
-                Cast("scan__provider__provider", CharField()),
-                delimiter=",",
-                distinct=True,
-                default="",
-            ),
-            agg_first_seen_at=Min("first_seen_at"),
-            agg_last_seen_at=Max("inserted_at"),
-            agg_failing_since=Min(
-                "first_seen_at", filter=Q(status="FAIL", muted=False)
-            ),
-            check_title=Coalesce(
-                Max(KeyTextTransform("checktitle", "check_metadata")),
-                Max(KeyTextTransform("CheckTitle", "check_metadata")),
-                Max(KeyTextTransform("Checktitle", "check_metadata")),
-            ),
-            check_description=Coalesce(
-                Max(KeyTextTransform("description", "check_metadata")),
-                Max(KeyTextTransform("Description", "check_metadata")),
-            ),
-        )
-
-    def _split_computed_aggregate_filters(
-        self, params: QueryDict
-    ) -> tuple[QueryDict, QueryDict]:
-        """Split finding filters from computed aggregate filters."""
-        computed_keys = {
-            "status",
-            "status__in",
-            "severity",
-            "severity__in",
-            "include_muted",
-        }
-        finding_params = QueryDict(mutable=True)
-        computed_params = QueryDict(mutable=True)
-
-        for key, values in params.lists():
-            if key in computed_keys:
-                computed_params.setlist(key, values)
-            else:
-                finding_params.setlist(key, values)
-
-        return finding_params, computed_params
-
-    def _get_latest_findings_per_provider(self, filtered_queryset):
-        """Keep only findings from each provider's most recent completed scan."""
-        latest_scan_ids = (
-            Scan.objects.filter(
-                tenant_id=self.request.tenant_id,
-                state=StateChoices.COMPLETED,
-            )
-            .order_by("provider_id", "-completed_at", "-inserted_at")
-            .distinct("provider_id")
-            .values("id")
-        )
-        return filtered_queryset.filter(scan_id__in=latest_scan_ids)
-
    def _post_process_aggregation(self, aggregated_data):
        """
        Post-process aggregation results to add computed fields.
@@ -7066,13 +6944,6 @@ class FindingGroupViewSet(BaseRLSViewSet):
                severity_order, "informational"
            )

-            if "agg_first_seen_at" in row:
-                row["first_seen_at"] = row.pop("agg_first_seen_at")
-            if "agg_last_seen_at" in row:
-                row["last_seen_at"] = row.pop("agg_last_seen_at")
-            if "agg_failing_since" in row:
-                row["failing_since"] = row.pop("agg_failing_since")
-
            # Compute aggregated status
            if row.get("fail_count", 0) > 0:
                row["status"] = "FAIL"
@@ -7095,7 +6966,6 @@ class FindingGroupViewSet(BaseRLSViewSet):
        """Validate and map JSON:API sort fields for aggregated finding groups."""
        sort_field_map = {
            "check_id": "check_id",
-            "check_title": "check_title",
            "severity": "severity_order",
            "fail_count": "fail_count",
            "pass_count": "pass_count",
@@ -7104,9 +6974,9 @@ class FindingGroupViewSet(BaseRLSViewSet):
            "changed_count": "changed_count",
            "resources_total": "resources_total",
            "resources_fail": "resources_fail",
-            "first_seen_at": "agg_first_seen_at",
-            "last_seen_at": "agg_last_seen_at",
-            "failing_since": "agg_failing_since",
+            "first_seen_at": "first_seen_at",
+            "last_seen_at": "last_seen_at",
+            "failing_since": "failing_since",
        }

        ordering = []
@@ -7133,33 +7003,6 @@ class FindingGroupViewSet(BaseRLSViewSet):

        return ordering

-    def _apply_aggregated_computed_filters(self, queryset, computed_params: QueryDict):
-        """Apply computed filters (status/severity) on aggregated finding-group rows."""
-        if not computed_params:
-            return queryset
-
-        if computed_params.get("status") or computed_params.getlist("status__in"):
-            queryset = queryset.annotate(
-                aggregated_status=Case(
-                    When(fail_count__gt=0, then=Value("FAIL")),
-                    When(pass_count__gt=0, then=Value("PASS")),
-                    default=Value("MUTED"),
-                    output_field=CharField(),
-                )
-            )
-
-        # Exclude fully-muted groups by default unless include_muted is set
-        if "include_muted" not in computed_params:
-            queryset = queryset.exclude(fail_count=0, pass_count=0, muted_count__gt=0)
-
-        filterset = FindingGroupAggregatedComputedFilter(
-            computed_params, queryset=queryset
-        )
-        if not filterset.is_valid():
-            raise ValidationError(filterset.errors)
-
-        return filterset.qs
-
    def _build_resource_mapping_queryset(
        self, filtered_queryset, resource_ids=None, tenant_id: str | None = None
    ):
@@ -7232,11 +7075,6 @@ class FindingGroupViewSet(BaseRLSViewSet):
                ),
                first_seen_at=Min("finding__first_seen_at"),
                last_seen_at=Max("finding__inserted_at"),
-                # Max() picks an arbitrary reason when a resource has multiple
-                # muted findings; this is acceptable because mute rules are
-                # applied per-check so all findings for the same resource
-                # share the same muted_reason in practice.
-                muted_reason=Max("finding__muted_reason"),
            )
            .filter(resource_id__isnull=False)
            .order_by("resource_id")
@@ -7272,89 +7110,56 @@ class FindingGroupViewSet(BaseRLSViewSet):
                    ),
                    "first_seen_at": row["first_seen_at"],
                    "last_seen_at": row["last_seen_at"],
-                    "muted_reason": row.get("muted_reason"),
                }
            )

        return results

-    def _build_aggregated_queryset(self, finding_params, latest=False):
-        """Select the summary or findings path and return an aggregated queryset."""
-        finding_filterset_class = (
-            LatestFindingGroupFilter if latest else FindingGroupFilter
-        )
-        summary_filterset_class = (
-            LatestFindingGroupSummaryFilter if latest else FindingGroupSummaryFilter
-        )
-
-        if self._requires_finding_level_aggregation(finding_params, latest=latest):
-            finding_queryset = self._get_finding_queryset()
-            filterset = finding_filterset_class(
-                finding_params, queryset=finding_queryset
-            )
-            if not filterset.is_valid():
-                raise ValidationError(filterset.errors)
-            filtered_queryset = filterset.qs
-            if latest:
-                filtered_queryset = self._get_latest_findings_per_provider(
-                    filtered_queryset
-                )
-            return self._aggregate_findings(filtered_queryset)
-
-        summary_queryset = self.get_queryset()
-        filterset = summary_filterset_class(finding_params, queryset=summary_queryset)
-        if not filterset.is_valid():
-            raise ValidationError(filterset.errors)
-        filtered_queryset = filterset.qs
-        # Only include summaries from each provider's most recent date
-        # (within the filtered range)
-        filtered_queryset = filtered_queryset.annotate(
-            _max_provider_date=Window(
-                expression=Max("inserted_at"),
-                partition_by=[F("provider_id")],
-            ),
-        ).filter(inserted_at=F("_max_provider_date"))
-        return self._aggregate_daily_summaries(filtered_queryset)
-
-    def _sorted_paginated_response(self, request, aggregated_queryset):
-        """Apply ordering, pagination, post-processing, and return the Response."""
-        sort_param = request.query_params.get("sort")
-        if sort_param:
-            ordering = self._validate_sort_fields(sort_param)
-            if ordering:
-                aggregated_queryset = aggregated_queryset.order_by(*ordering)
-        else:
-            aggregated_queryset = aggregated_queryset.order_by(
-                "-fail_count", "-severity_order", "check_id"
-            )
-
-        page = self.paginate_queryset(aggregated_queryset)
-        if page is not None:
-            processed_data = self._post_process_aggregation(page)
-            serializer = self.get_serializer(processed_data, many=True)
-            return self.get_paginated_response(serializer.data)
-
-        processed_data = self._post_process_aggregation(aggregated_queryset)
-        serializer = self.get_serializer(processed_data, many=True)
-        return Response(serializer.data)
-
    def list(self, request, *args, **kwargs):
        """
        List finding groups with aggregation and filtering.

        Returns findings grouped by check_id with aggregated metrics.
        Requires at least one date filter for performance.
-        Uses summaries when possible and raw findings for finding-level filters.
+        Uses pre-aggregated daily summaries for efficient queries.
        """
+        queryset = self.get_queryset()
+
+        # Apply filters
        normalized_params = self._normalize_jsonapi_params(request.query_params)
-        finding_params, computed_params = self._split_computed_aggregate_filters(
-            normalized_params
-        )
-        aggregated_qs = self._build_aggregated_queryset(finding_params, latest=False)
-        aggregated_qs = self._apply_aggregated_computed_filters(
-            aggregated_qs, computed_params
-        )
-        return self._sorted_paginated_response(request, aggregated_qs)
+        filterset = self.filterset_class(normalized_params, queryset=queryset)
+        if not filterset.is_valid():
+            raise ValidationError(filterset.errors)
+        filtered_queryset = filterset.qs
+
+        # Re-aggregate daily summaries across the date range
+        aggregated_queryset = self._aggregate_daily_summaries(filtered_queryset)
+
+        # Apply ordering (respect JSON:API sort param or use default)
+        sort_param = request.query_params.get("sort")
+        if sort_param:
+            # Convert JSON:API sort notation (prefix '-' for descending)
+            ordering = self._validate_sort_fields(sort_param)
+            if ordering:
+                aggregated_queryset = aggregated_queryset.order_by(*ordering)
+        else:
+            # Default ordering: failures first, then severity, then check_id
+            aggregated_queryset = aggregated_queryset.order_by(
+                "-fail_count", "-severity_order", "check_id"
+            )
+
+        # Paginate
+        page = self.paginate_queryset(aggregated_queryset)
+        if page is not None:
+            # Post-process the page
+            processed_data = self._post_process_aggregation(page)
+            serializer = self.get_serializer(processed_data, many=True)
+            return self.get_paginated_response(serializer.data)
+
+        # Post-process all results (no pagination)
+        processed_data = self._post_process_aggregation(aggregated_queryset)
+        serializer = self.get_serializer(processed_data, many=True)
+        return Response(serializer.data)

    @extend_schema(
        summary="List latest finding groups",
@@ -7372,22 +7177,56 @@ class FindingGroupViewSet(BaseRLSViewSet):
        """
        List the latest finding group state per check_id.

-        Returns findings grouped by check_id using latest data per
-        (check_id, provider), without requiring date filters.
+        Returns findings grouped by check_id using the latest available
+        inserted_at date per check_id, without requiring date filters.
        """
+        queryset = self.get_queryset()
+
+        # Apply other filters (provider_id, provider_type, check_id, etc.)
        normalized_params = self._normalize_jsonapi_params(request.query_params)
+        # Remove date filters since we're using latest
        for key in list(normalized_params.keys()):
            if key.startswith("inserted_at"):
                del normalized_params[key]

-        finding_params, computed_params = self._split_computed_aggregate_filters(
-            normalized_params
-        )
-        aggregated_qs = self._build_aggregated_queryset(finding_params, latest=True)
-        aggregated_qs = self._apply_aggregated_computed_filters(
-            aggregated_qs, computed_params
-        )
-        return self._sorted_paginated_response(request, aggregated_qs)
+        filterset_class = self.get_filterset_class()
+        filterset = filterset_class(normalized_params, queryset=queryset)
+        if not filterset.is_valid():
+            raise ValidationError(filterset.errors)
+        filtered_queryset = filterset.qs
+
+        # Keep only rows from the latest inserted_at date per check_id
+        latest_per_check = filtered_queryset.annotate(
+            latest_inserted_at=Window(
+                expression=Max("inserted_at"),
+                partition_by=[F("check_id")],
+            )
+        ).filter(inserted_at=F("latest_inserted_at"))
+
+        # Re-aggregate daily summaries
+        aggregated_queryset = self._aggregate_daily_summaries(latest_per_check)
+
+        # Apply ordering
+        sort_param = request.query_params.get("sort")
+        if sort_param:
+            ordering = self._validate_sort_fields(sort_param)
+            if ordering:
+                aggregated_queryset = aggregated_queryset.order_by(*ordering)
+        else:
+            aggregated_queryset = aggregated_queryset.order_by(
+                "-fail_count", "-severity_order", "check_id"
+            )
+
+        # Paginate
+        page = self.paginate_queryset(aggregated_queryset)
+        if page is not None:
+            processed_data = self._post_process_aggregation(page)
+            serializer = self.get_serializer(processed_data, many=True)
+            return self.get_paginated_response(serializer.data)
+
+        processed_data = self._post_process_aggregation(aggregated_queryset)
+        serializer = self.get_serializer(processed_data, many=True)
+        return Response(serializer.data)

    @extend_schema(
        summary="List resources for a finding group",
@@ -7398,7 +7237,6 @@ class FindingGroupViewSet(BaseRLSViewSet):
        and timing information including how long they have been failing.
        """,
        tags=["Finding Groups"],
-        filters=True,
    )
    @action(detail=True, methods=["get"], url_path="resources")
    def resources(self, request, pk=None):
@@ -7473,7 +7311,6 @@ class FindingGroupViewSet(BaseRLSViewSet):
        and timing information. No date filters required.
        """,
        tags=["Finding Groups"],
-        filters=True,
    )
    @action(
        detail=False,
@@ -1,5 +1,4 @@
 import sentry_sdk
-
 from config.env import env

 IGNORED_EXCEPTIONS = [
@@ -86,20 +85,8 @@ def before_send(event, hint):
    # Ignore logs with the ignored_exceptions
    # https://docs.python.org/3/library/logging.html#logrecord-objects
    if "log_record" in hint:
-        log_record = hint["log_record"]
-        log_msg = log_record.getMessage()
-        log_lvl = log_record.levelno
-
-        # The Neo4j driver logs transient connection errors (defunct
-        # connections, resets) at ERROR level via the `neo4j.io` logger.
-        # `RetryableSession` handles these with retries. If all retries
-        # are exhausted, the exception propagates and Sentry captures
-        # it as a normal exception event.
-        if (
-            getattr(log_record, "name", "").startswith("neo4j.io")
-            and "defunct" in log_msg
-        ):
-            return None
+        log_msg = hint["log_record"].msg
+        log_lvl = hint["log_record"].levelno

        # Handle Error and Critical events and discard the rest
        if log_lvl <= 40 and any(ignored in log_msg for ignored in IGNORED_EXCEPTIONS):
@@ -677,7 +677,6 @@ def _process_finding_micro_batch(

        # Create finding object (don't save yet)
        check_metadata = finding.get_metadata()
-        check_metadata["compliance"] = finding.compliance
        finding_instance = Finding(
            tenant_id=tenant_id,
            uid=finding_uid,
@@ -1888,8 +1887,7 @@ def aggregate_finding_group_summaries(tenant_id: str, scan_id: str):
                    inserted_at=summary_timestamp,
                    updated_at=updated_at,
                    check_title=metadata.get("checktitle", ""),
-                    check_description=metadata.get("description", "")
-                    or metadata.get("Description", ""),
+                    check_description=metadata.get("Description", ""),
                    severity_order=row["severity_order"] or 1,
                    pass_count=row["pass_count"],
                    fail_count=row["fail_count"],
@@ -4,7 +4,7 @@ from django.db.models import Count, Q

 from api.db_router import READ_REPLICA_ALIAS
 from api.db_utils import rls_transaction
-from api.models import Finding, Scan, StatusChoices
+from api.models import Finding, StatusChoices
 from prowler.lib.outputs.finding import Finding as FindingOutput

 logger = get_task_logger(__name__)
@@ -35,26 +35,25 @@ def _aggregate_requirement_statistics_from_database(
        }
    """
    requirement_statistics_by_check_id = {}
-    # TODO: review when finding-resource relation changes from 1:1
+    # TODO: take into account that now the relation is 1 finding == 1 resource, review this when the logic changes
    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        # Pre-check: skip if the scan's provider is deleted (avoids JOINs in the main query)
-        if Scan.all_objects.filter(id=scan_id, provider__is_deleted=True).exists():
-            return requirement_statistics_by_check_id
-
        aggregated_statistics_queryset = (
            Finding.all_objects.filter(
                tenant_id=tenant_id,
                scan_id=scan_id,
                muted=False,
+                resources__provider__is_deleted=False,
            )
            .values("check_id")
            .annotate(
                total_findings=Count(
                    "id",
+                    distinct=True,
                    filter=Q(status__in=[StatusChoices.PASS, StatusChoices.FAIL]),
                ),
                passed_findings=Count(
                    "id",
+                    distinct=True,
                    filter=Q(status=StatusChoices.PASS),
                ),
            )
@@ -11,8 +11,8 @@ from django_celery_beat.models import PeriodicTask
 from tasks.jobs.attack_paths import (
    attack_paths_scan,
    can_provider_run_attack_paths_scan,
+    db_utils as attack_paths_db_utils,
 )
-from tasks.jobs.attack_paths import db_utils as attack_paths_db_utils
 from tasks.jobs.backfill import (
    backfill_compliance_summaries,
    backfill_daily_severity_summaries,
@@ -760,33 +760,6 @@ def aggregate_finding_group_summaries_task(tenant_id: str, scan_id: str):
    return aggregate_finding_group_summaries(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(
-    base=RLSTask, name="reaggregate-all-finding-group-summaries", queue="overview"
-)
-@set_tenant(keep_tenant=True)
-def reaggregate_all_finding_group_summaries_task(tenant_id: str):
-    """Reaggregate finding group summaries for all providers' latest completed scans."""
-    latest_scan_ids = list(
-        Scan.objects.filter(tenant_id=tenant_id, state=StateChoices.COMPLETED)
-        .order_by("provider_id", "-completed_at", "-inserted_at")
-        .distinct("provider_id")
-        .values_list("id", flat=True)
-    )
-    if latest_scan_ids:
-        logger.info(
-            "Reaggregating finding group summaries for %d scans: %s",
-            len(latest_scan_ids),
-            latest_scan_ids,
-        )
-        group(
-            aggregate_finding_group_summaries_task.si(
-                tenant_id=tenant_id, scan_id=str(scan_id)
-            )
-            for scan_id in latest_scan_ids
-        ).apply_async()
-    return {"scans_reaggregated": len(latest_scan_ids)}
-
-
@shared_task(base=RLSTask, name="lighthouse-connection-check")
@set_tenant
 def check_lighthouse_connection_task(lighthouse_config_id: str, tenant_id: str = None):
@@ -169,27 +169,35 @@ class TestAggregateRequirementStatistics:
        assert result["check_1"]["passed"] == 1
        assert result["check_1"]["total"] == 1

-    def test_skips_aggregation_for_deleted_provider(
-        self, tenants_fixture, scans_fixture
-    ):
-        """Verify aggregation returns empty when the scan's provider is soft-deleted."""
+    def test_excludes_findings_without_resources(self, tenants_fixture, scans_fixture):
+        """Verify findings without resources are excluded from aggregation."""
        tenant = tenants_fixture[0]
        scan = scans_fixture[0]

+        # Finding WITH resource → should be counted
        self._create_finding_with_resource(
            tenant, scan, "finding-1", "check_1", StatusChoices.PASS
        )

-        # Soft-delete the provider
-        provider = scan.provider
-        provider.is_deleted = True
-        provider.save(update_fields=["is_deleted"])
+        # Finding WITHOUT resource → should be EXCLUDED
+        Finding.objects.create(
+            tenant_id=tenant.id,
+            scan=scan,
+            uid="finding-2",
+            check_id="check_1",
+            status=StatusChoices.FAIL,
+            severity=Severity.high,
+            impact=Severity.high,
+            check_metadata={},
+            raw_result={},
+        )

        result = _aggregate_requirement_statistics_from_database(
            str(tenant.id), str(scan.id)
        )

-        assert result == {}
+        assert result["check_1"]["passed"] == 1
+        assert result["check_1"]["total"] == 1

    def test_multiple_resources_no_double_count(self, tenants_fixture, scans_fixture):
        """Verify a finding with multiple resources is only counted once."""
@@ -1411,9 +1411,7 @@ class TestProcessFindingMicroBatch:
        assert created_finding.status == StatusChoices.PASS
        assert created_finding.delta == Finding.DeltaChoices.NEW
        assert created_finding.muted is False
-        expected_metadata = {**finding.metadata, "compliance": finding.compliance}
-        assert created_finding.check_metadata == expected_metadata
-        assert created_finding.check_metadata["compliance"] == finding.compliance
+        assert created_finding.check_metadata == finding.metadata
        assert created_finding.resource_regions == [finding.region]
        assert created_finding.resource_services == [finding.service_name]
        assert created_finding.resource_types == [finding.resource_type]
@@ -20,7 +20,6 @@ from tasks.tasks import (
    generate_outputs_task,
    perform_attack_paths_scan_task,
    perform_scheduled_scan_task,
-    reaggregate_all_finding_group_summaries_task,
    refresh_lighthouse_provider_models_task,
    s3_integration_task,
    security_hub_integration_task,
@@ -335,6 +334,172 @@ class TestGenerateOutputs:
                output_location="s3://bucket/zipped.zip"
            )

+    @patch("tasks.tasks._upload_to_s3")
+    @patch("tasks.tasks._compress_output_files")
+    @patch("tasks.tasks.get_compliance_frameworks")
+    @patch("tasks.tasks.Compliance.get_bulk")
+    @patch("tasks.tasks.initialize_prowler_provider")
+    @patch("tasks.tasks.Provider.objects.get")
+    @patch("tasks.tasks.ScanSummary.objects.filter")
+    @patch("tasks.tasks.Finding.all_objects.filter")
+    def test_generate_outputs_accepts_legacy_persisted_check_metadata(
+        self,
+        mock_finding_filter,
+        mock_scan_summary_filter,
+        mock_provider_get,
+        mock_initialize_provider,
+        mock_compliance_get_bulk,
+        mock_get_available_frameworks,
+        mock_compress,
+        mock_upload,
+    ):
+        mock_scan_summary_filter.return_value.exists.return_value = True
+
+        mock_provider = MagicMock()
+        mock_provider.uid = "azure-subscription-123"
+        mock_provider.provider = "azure"
+        mock_provider_get.return_value = mock_provider
+
+        prowler_provider = MagicMock()
+        prowler_provider.type = "azure"
+        prowler_provider.identity.identity_type = "mock_identity_type"
+        prowler_provider.identity.identity_id = "mock_identity_id"
+        prowler_provider.identity.subscriptions = {
+            "legacy-subscription": "legacy-sub-id"
+        }
+        prowler_provider.identity.tenant_ids = ["test-ing-432a-a828-d9c965196f87"]
+        prowler_provider.identity.tenant_domain = "mock_tenant_domain"
+        prowler_provider.region_config.name = "AzureCloud"
+        mock_initialize_provider.return_value = prowler_provider
+
+        mock_compliance_get_bulk.return_value = {}
+        mock_get_available_frameworks.return_value = []
+
+        resource = MagicMock()
+        resource.uid = (
+            "/subscriptions/legacy-sub-id/providers/Microsoft.Authorization/"
+            "policyAssignments/legacy"
+        )
+        resource.name = "legacy-policy"
+        resource.region = "global"
+        resource.metadata = "{}"
+        resource.details = ""
+        resource.tags.all.return_value = [MagicMock(key="env", value="prod")]
+
+        dummy_finding = MagicMock()
+        dummy_finding.uid = "finding-uid-legacy"
+        dummy_finding.status = "FAIL"
+        dummy_finding.status_extended = "Legacy metadata finding"
+        dummy_finding.muted = False
+        dummy_finding.compliance = {}
+        dummy_finding.raw_result = {}
+        dummy_finding.check_id = (
+            "entra_conditional_access_policy_require_mfa_for_management_api"
+        )
+        dummy_finding.check_metadata = {
+            "provider": "azure",
+            "checkid": "entra_conditional_access_policy_require_mfa_for_management_api",
+            "checktitle": "Ensure Multifactor Authentication is Required for Windows Azure Service Management API",
+            "checktype": [],
+            "servicename": "entra",
+            "subservicename": "",
+            "severity": "medium",
+            "resourcetype": "#microsoft.graph.conditionalAccess",
+            "resourcegroup": "IAM",
+            "description": "Legacy description",
+            "risk": "Legacy risk",
+            "relatedurl": "https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-azure-management",
+            "additionalurls": [
+                "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps"
+            ],
+            "remediation": {
+                "code": {
+                    "cli": "",
+                    "other": "",
+                    "nativeiac": "",
+                    "terraform": "",
+                },
+                "recommendation": {
+                    "text": "Legacy remediation",
+                    "url": "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps",
+                },
+            },
+            "resourceidtemplate": "",
+            "categories": [],
+            "dependson": [],
+            "relatedto": [],
+            "notes": "Legacy notes",
+        }
+        dummy_finding.resources.first.return_value = resource
+
+        mock_finding_filter.return_value.order_by.return_value.iterator.return_value = [
+            dummy_finding
+        ]
+
+        writer_instances = []
+
+        def writer_factory(*args, **kwargs):
+            writer = MagicMock()
+            writer._data = []
+            writer.transform = MagicMock()
+            writer.batch_write_data_to_file = MagicMock()
+            writer.findings = kwargs["findings"]
+            writer_instances.append(writer)
+            return writer
+
+        with (
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value={"some": "stats"},
+            ),
+            patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": writer_factory,
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=(
+                    "/tmp/test/out-dir",
+                    "/tmp/test/comp-dir",
+                ),
+            ),
+            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
+            patch("tasks.tasks.rmtree"),
+        ):
+            mock_compress.return_value = "/tmp/zipped.zip"
+            mock_upload.return_value = "s3://bucket/zipped.zip"
+
+            result = generate_outputs_task(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": True}
+            assert len(writer_instances) == 1
+
+            transformed_finding = writer_instances[0].findings[0]
+            assert transformed_finding.metadata.CheckTitle.startswith("Ensure")
+            assert (
+                transformed_finding.metadata.RelatedUrl
+                == "https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-azure-management"
+            )
+            assert (
+                transformed_finding.metadata.Remediation.Recommendation.Url
+                == "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-cloud-apps"
+            )
+            assert transformed_finding.metadata.Severity.value == "medium"
+
+            mock_scan_update.return_value.update.assert_called_once_with(
+                output_location="s3://bucket/zipped.zip"
+            )
+
    def test_generate_outputs_fails_upload(self):
        with (
            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
@@ -2352,47 +2517,3 @@ class TestPerformScheduledScanTask:
            ).count()
            == 1
        )
-
-
-@pytest.mark.django_db
-class TestReaggregateAllFindingGroupSummaries:
-    def setup_method(self):
-        self.tenant_id = str(uuid.uuid4())
-
-    @patch("tasks.tasks.group")
-    @patch("tasks.tasks.aggregate_finding_group_summaries_task")
-    @patch("tasks.tasks.Scan.objects.filter")
-    def test_dispatches_subtasks_for_each_provider(
-        self, mock_scan_filter, mock_agg_task, mock_group
-    ):
-        scan_id_1 = uuid.uuid4()
-        scan_id_2 = uuid.uuid4()
-        mock_group_result = MagicMock()
-        mock_group.side_effect = lambda gen: (list(gen), mock_group_result)[1]
-
-        mock_scan_filter.return_value.order_by.return_value.distinct.return_value.values_list.return_value = [
-            scan_id_1,
-            scan_id_2,
-        ]
-
-        result = reaggregate_all_finding_group_summaries_task(tenant_id=self.tenant_id)
-
-        assert result == {"scans_reaggregated": 2}
-        assert mock_agg_task.si.call_count == 2
-        mock_agg_task.si.assert_any_call(
-            tenant_id=self.tenant_id, scan_id=str(scan_id_1)
-        )
-        mock_agg_task.si.assert_any_call(
-            tenant_id=self.tenant_id, scan_id=str(scan_id_2)
-        )
-        mock_group_result.apply_async.assert_called_once()
-
-    @patch("tasks.tasks.group")
-    @patch("tasks.tasks.Scan.objects.filter")
-    def test_no_completed_scans_skips_dispatch(self, mock_scan_filter, mock_group):
-        mock_scan_filter.return_value.order_by.return_value.distinct.return_value.values_list.return_value = []
-
-        result = reaggregate_all_finding_group_summaries_task(tenant_id=self.tenant_id)
-
-        assert result == {"scans_reaggregated": 0}
-        mock_group.assert_not_called()
@@ -304,13 +304,6 @@
            "pages": [
              "user-guide/compliance/tutorials/threatscore"
            ]
-          },
-          {
-            "group": "Cookbooks",
-            "pages": [
-              "user-guide/cookbooks/kubernetes-in-cluster",
-              "user-guide/cookbooks/cicd-pipeline"
-            ]
          }
        ]
      },
@@ -121,8 +121,8 @@ To update the environment file:
 Edit the `.env` file and change version values:

 ```env
-PROWLER_UI_VERSION="5.22.0"
-PROWLER_API_VERSION="5.22.0"
+PROWLER_UI_VERSION="5.21.0"
+PROWLER_API_VERSION="5.21.0"
 ```

 <Note>
@@ -1,243 +0,0 @@
---
-title: 'Run Prowler in CI/CD and Send Findings to Prowler Cloud'
---
-
-This cookbook demonstrates how to integrate Prowler into CI/CD pipelines so that security scans run automatically and findings are sent to Prowler Cloud via [Import Findings](/user-guide/tutorials/prowler-app-import-findings). Examples cover GitHub Actions and GitLab CI.
-
-## Prerequisites
-
-* A **Prowler Cloud** account with an active subscription (see [Prowler Cloud Pricing](https://prowler.com/pricing))
-* A Prowler Cloud **API key** with the **Manage Ingestions** permission (see [API Keys](/user-guide/tutorials/prowler-app-api-keys))
-* Cloud provider credentials configured in the CI/CD environment (e.g., AWS credentials for scanning AWS accounts)
-* Access to configure pipeline workflows and secrets in the CI/CD platform
-
-## Key Concepts
-
-Prowler CLI provides the `--push-to-cloud` flag, which uploads scan results directly to Prowler Cloud after a scan completes. Combined with the `PROWLER_CLOUD_API_KEY` environment variable, this enables fully automated ingestion without manual file uploads.
-
-For full details on the flag and API, refer to the [Import Findings](/user-guide/tutorials/prowler-app-import-findings) documentation.
-
-<Note>
-The examples in this guide use AWS as the target provider, but the same approach applies to any provider supported by Prowler (Azure, GCP, Kubernetes, and others). Replace `prowler aws` with the desired provider command (e.g., `prowler gcp`, `prowler azure`) and configure the corresponding credentials in the CI/CD environment.
-</Note>
-
-## GitHub Actions
-
-### Store Secrets
-
-Before creating the workflow, add the following secrets to the repository (under "Settings" > "Secrets and variables" > "Actions"):
-
-* `PROWLER_CLOUD_API_KEY` — the Prowler Cloud API key
-* Cloud provider credentials (e.g., `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`, or configure OIDC-based role assumption)
-
-### Workflow: Scheduled AWS Scan
-
-This workflow runs Prowler against an AWS account on a daily schedule and on every push to the `main` branch:
-
-```yaml
-name: Prowler Security Scan
-
-on:
-  schedule:
-    - cron: "0 3 * * *"  # Daily at 03:00 UTC
-  push:
-    branches: [main]
-  workflow_dispatch:  # Allow manual triggers
-
-permissions:
-  id-token: write   # Required for OIDC
-  contents: read
-
-jobs:
-  prowler-scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::123456789012:role/ProwlerScanRole
-          aws-region: us-east-1
-
-      - name: Install Prowler
-        run: pip install prowler
-
-      - name: Run Prowler Scan
-        env:
-          PROWLER_CLOUD_API_KEY: ${{ secrets.PROWLER_CLOUD_API_KEY }}
-        run: |
-          prowler aws --push-to-cloud
-```
-
-<Note>
-Replace `123456789012` with the actual AWS account ID and `ProwlerScanRole` with the IAM role name. For IAM role setup, refer to the [AWS authentication guide](/user-guide/providers/aws/authentication).
-</Note>
-
-### Workflow: Scan Specific Services on Pull Request
-
-To run targeted scans on pull requests without blocking the merge pipeline, use `continue-on-error`:
-
-```yaml
-name: Prowler PR Check
-
-on:
-  pull_request:
-    branches: [main]
-
-jobs:
-  prowler-scan:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::123456789012:role/ProwlerScanRole
-          aws-region: us-east-1
-
-      - name: Install Prowler
-        run: pip install prowler
-
-      - name: Run Prowler Scan
-        env:
-          PROWLER_CLOUD_API_KEY: ${{ secrets.PROWLER_CLOUD_API_KEY }}
-        run: |
-          prowler aws --services s3,iam,ec2 --push-to-cloud
-```
-
-<Tip>
-Limiting the scan to specific services with `--services` reduces execution time, making it practical for pull request checks.
-</Tip>
-
-## GitLab CI
-
-### Store Variables
-
-Add the following CI/CD variables in the GitLab project (under "Settings" > "CI/CD" > "Variables"):
-
-* `PROWLER_CLOUD_API_KEY` — mark as **masked** and **protected**
-* Cloud provider credentials as needed
-
-### Pipeline: Scheduled AWS Scan
-
-Add the following to `.gitlab-ci.yml`:
-
-```yaml
-prowler-scan:
-  image: python:3.12-slim
-  stage: test
-  script:
-    - pip install prowler
-    - prowler aws --push-to-cloud
-  variables:
-    PROWLER_CLOUD_API_KEY: $PROWLER_CLOUD_API_KEY
-    AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
-    AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
-    AWS_DEFAULT_REGION: "us-east-1"
-  rules:
-    - if: $CI_PIPELINE_SOURCE == "schedule"
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-      when: manual
-```
-
-To run the scan on a schedule, create a **Pipeline Schedule** in GitLab (under "Build" > "Pipeline Schedules") with the desired cron expression.
-
-### Pipeline: Multi-Provider Scan
-
-To scan multiple cloud providers in parallel:
-
-```yaml
-stages:
-  - security
-
-.prowler-base:
-  image: python:3.12-slim
-  stage: security
-  before_script:
-    - pip install prowler
-  rules:
-    - if: $CI_PIPELINE_SOURCE == "schedule"
-
-prowler-aws:
-  extends: .prowler-base
-  script:
-    - prowler aws --push-to-cloud
-  variables:
-    PROWLER_CLOUD_API_KEY: $PROWLER_CLOUD_API_KEY
-    AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
-    AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
-
-prowler-gcp:
-  extends: .prowler-base
-  script:
-    - prowler gcp --push-to-cloud
-  variables:
-    PROWLER_CLOUD_API_KEY: $PROWLER_CLOUD_API_KEY
-    GOOGLE_APPLICATION_CREDENTIALS: $GCP_SERVICE_ACCOUNT_KEY
-```
-
-## Tips and Best Practices
-
-### When to Run Scans
-
-* **Scheduled scans** (daily or weekly) provide continuous monitoring and are ideal for baseline security assessments
-* **On-merge scans** catch configuration changes introduced by new code
-* **Pull request scans** provide early feedback but should target specific services to keep execution times reasonable
-
-### Handling Scan Failures
-
-By default, Prowler exits with a non-zero code when it finds failing checks. This causes the CI/CD job to fail. To prevent scan results from blocking the pipeline:
-
-* **GitHub Actions**: Add `continue-on-error: true` to the job
-* **GitLab CI**: Add `allow_failure: true` to the job
-
-<Note>
-Ingestion failures (e.g., network issues reaching Prowler Cloud) do not affect the Prowler exit code. The scan completes normally and only a warning is emitted. See [Import Findings troubleshooting](/user-guide/tutorials/prowler-app-import-findings#troubleshooting) for details.
-</Note>
-
-### Caching Prowler Installation
-
-For faster pipeline runs, cache the Prowler installation:
-
-**GitHub Actions:**
-```yaml
- name: Cache pip packages
-  uses: actions/cache@v4
-  with:
-    path: ~/.cache/pip
-    key: ${{ runner.os }}-pip-prowler
-    restore-keys: ${{ runner.os }}-pip-
-
- name: Install Prowler
-  run: pip install prowler
-```
-
-**GitLab CI:**
-```yaml
-prowler-scan:
-  cache:
-    paths:
-      - .cache/pip
-  variables:
-    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
-```
-
-### Output Formats
-
-To generate additional report formats alongside the cloud upload:
-
-```bash
-prowler aws --push-to-cloud -M csv,html -o /tmp/prowler-reports
-```
-
-This produces CSV and HTML files locally while also pushing OCSF findings to Prowler Cloud. The local files can be stored as CI/CD artifacts for archival purposes.
-
-### Scanning Multiple AWS Accounts
-
-To scan multiple accounts sequentially in a single job, use [role assumption](/user-guide/providers/aws/role-assumption):
-
-```bash
-prowler aws -R arn:aws:iam::111111111111:role/ProwlerScanRole --push-to-cloud
-prowler aws -R arn:aws:iam::222222222222:role/ProwlerScanRole --push-to-cloud
-```
-
-Each scan run creates a separate ingestion job in Prowler Cloud.
@@ -1,207 +0,0 @@
---
-title: 'Run Kubernetes In-Cluster and Send Findings to Prowler Cloud'
---
-
-This cookbook walks through deploying Prowler inside a Kubernetes cluster on a recurring schedule and automatically sending findings to Prowler Cloud via [Import Findings](/user-guide/tutorials/prowler-app-import-findings). By the end, security scan results from the cluster appear in Prowler Cloud without any manual file uploads.
-
-## Prerequisites
-
-* A **Prowler Cloud** account with an active subscription (see [Prowler Cloud Pricing](https://prowler.com/pricing))
-* A Prowler Cloud **API key** with the **Manage Ingestions** permission (see [API Keys](/user-guide/tutorials/prowler-app-api-keys))
-* Access to a Kubernetes cluster with `kubectl` configured
-* Permissions to create ServiceAccounts, Roles, RoleBindings, Secrets, and CronJobs in the cluster
-
-## Step 1: Create the ServiceAccount and RBAC Resources
-
-Prowler needs a ServiceAccount with read access to cluster resources. Apply the manifests from the [`kubernetes` directory](https://github.com/prowler-cloud/prowler/tree/master/kubernetes) of the Prowler repository:
-
-```console
-kubectl apply -f kubernetes/prowler-sa.yaml
-kubectl apply -f kubernetes/prowler-role.yaml
-kubectl apply -f kubernetes/prowler-rolebinding.yaml
-```
-
-This creates:
-
-* A `prowler-sa` ServiceAccount in the `prowler-ns` namespace
-* A ClusterRole with the read permissions Prowler requires
-* A ClusterRoleBinding linking the ServiceAccount to the role
-
-For more details on these resources, refer to [Getting Started with Kubernetes](/user-guide/providers/kubernetes/getting-started-k8s).
-
-## Step 2: Store the Prowler Cloud API Key as a Secret
-
-Create a Kubernetes Secret to hold the API key securely:
-
-```console
-kubectl create secret generic prowler-cloud-api-key \
-  --from-literal=api-key=pk_your_api_key_here \
-  --namespace prowler-ns
-```
-
-Replace `pk_your_api_key_here` with the actual API key from Prowler Cloud.
-
-<Warning>
-Avoid embedding the API key directly in the CronJob manifest. Using a Kubernetes Secret keeps credentials out of version control and pod specs.
-</Warning>
-
-## Step 3: Create the CronJob Manifest
-
-The CronJob runs Prowler on a schedule, scanning the cluster and pushing findings to Prowler Cloud with the `--push-to-cloud` flag.
-
-Create a file named `prowler-cronjob.yaml`:
-
-```yaml
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: prowler-k8s-scan
-  namespace: prowler-ns
-spec:
-  schedule: "0 2 * * *"  # Runs daily at 02:00 UTC
-  concurrencyPolicy: Forbid
-  jobTemplate:
-    spec:
-      backoffLimit: 1
-      template:
-        metadata:
-          labels:
-            app: prowler
-        spec:
-          serviceAccountName: prowler-sa
-          containers:
-          - name: prowler
-            image: prowlercloud/prowler:stable
-            args:
-              - "kubernetes"
-              - "--push-to-cloud"
-            env:
-              - name: PROWLER_CLOUD_API_KEY
-                valueFrom:
-                  secretKeyRef:
-                    name: prowler-cloud-api-key
-                    key: api-key
-              - name: CLUSTER_NAME
-                value: "my-cluster"
-            imagePullPolicy: Always
-            volumeMounts:
-              - name: var-lib-cni
-                mountPath: /var/lib/cni
-                readOnly: true
-              - name: var-lib-etcd
-                mountPath: /var/lib/etcd
-                readOnly: true
-              - name: var-lib-kubelet
-                mountPath: /var/lib/kubelet
-                readOnly: true
-              - name: etc-kubernetes
-                mountPath: /etc/kubernetes
-                readOnly: true
-          hostPID: true
-          restartPolicy: Never
-          volumes:
-            - name: var-lib-cni
-              hostPath:
-                path: /var/lib/cni
-            - name: var-lib-etcd
-              hostPath:
-                path: /var/lib/etcd
-            - name: var-lib-kubelet
-              hostPath:
-                path: /var/lib/kubelet
-            - name: etc-kubernetes
-              hostPath:
-                path: /etc/kubernetes
-```
-
-<Note>
-Replace `my-cluster` with a meaningful name for the cluster. This value appears in Prowler Cloud reports and helps identify the source of findings. See the `--cluster-name` flag documentation in [Getting Started with Kubernetes](/user-guide/providers/kubernetes/getting-started-k8s) for more details.
-</Note>
-
-### Customizing the Schedule
-
-The `schedule` field uses standard cron syntax. Common examples:
-
-* `"0 2 * * *"` — daily at 02:00 UTC
-* `"0 */6 * * *"` — every 6 hours
-* `"0 2 * * 1"` — weekly on Mondays at 02:00 UTC
-
-### Scanning Specific Namespaces
-
-To limit the scan to specific namespaces, add the `--namespace` flag to the `args` array:
-
-```yaml
-args:
-  - "kubernetes"
-  - "--push-to-cloud"
-  - "--namespace"
-  - "production,staging"
-```
-
-## Step 4: Deploy and Verify
-
-Apply the CronJob to the cluster:
-
-```console
-kubectl apply -f prowler-cronjob.yaml
-```
-
-To trigger an immediate test run without waiting for the schedule:
-
-```console
-kubectl create job prowler-test-run --from=cronjob/prowler-k8s-scan -n prowler-ns
-```
-
-Monitor the job execution:
-
-```console
-kubectl get pods -n prowler-ns -l app=prowler --watch
-```
-
-Check the logs to confirm findings were pushed successfully:
-
-```console
-kubectl logs -n prowler-ns -l app=prowler --tail=50
-```
-
-A successful upload produces output similar to:
-
-```
-Pushing findings to Prowler Cloud, please wait...
-
-Findings successfully pushed to Prowler Cloud. Ingestion job: fa8bc8c5-4925-46a0-9fe0-f6575905e094
-See more details here: https://cloud.prowler.com/scans
-```
-
-## Step 5: View Findings in Prowler Cloud
-
-Once the job completes and findings are pushed:
-
-1. Navigate to [Prowler Cloud](https://cloud.prowler.com/)
-2. Open the "Scans" section to verify the ingestion job status
-3. Browse findings under the Kubernetes provider
-
-For details on the ingestion workflow and status tracking, refer to the [Import Findings](/user-guide/tutorials/prowler-app-import-findings) documentation.
-
-## Tips and Troubleshooting
-
-* **Resource limits**: For large clusters, consider setting `resources.requests` and `resources.limits` on the container to prevent the scan from consuming excessive cluster resources.
-* **Network policies**: Ensure the Prowler pod can reach `api.prowler.com` over HTTPS (port 443). Adjust NetworkPolicies or egress rules if needed.
-* **Job history**: Kubernetes retains completed and failed jobs by default. Set `successfulJobsHistoryLimit` and `failedJobsHistoryLimit` in the CronJob spec to control cleanup:
-
-  ```yaml
-  spec:
-    successfulJobsHistoryLimit: 3
-    failedJobsHistoryLimit: 1
-  ```
-
-* **API key rotation**: When rotating the API key, update the Secret and restart any running jobs:
-
-  ```console
-  kubectl delete secret prowler-cloud-api-key -n prowler-ns
-  kubectl create secret generic prowler-cloud-api-key \
-    --from-literal=api-key=pk_new_api_key_here \
-    --namespace prowler-ns
-  ```
-
-* **Failed uploads**: If the push to Prowler Cloud fails, the scan still completes and findings are saved locally in the container. Check the [Import Findings troubleshooting section](/user-guide/tutorials/prowler-app-import-findings#troubleshooting) for common error messages.
@@ -2,13 +2,9 @@
 title: 'Google Workspace Authentication in Prowler'
 ---

-import { VersionBadge } from "/snippets/version-badge.mdx"
-
-<VersionBadge version="5.19.0" />
-
 Prowler for Google Workspace uses a **Service Account with Domain-Wide Delegation** to authenticate to the Google Workspace Admin SDK. This allows Prowler to read directory data on behalf of a super administrator without requiring an interactive login.

-## Required Open Authorization (OAuth) Scopes
+## Required OAuth Scopes

 Prowler requests the following read-only OAuth 2.0 scopes from the Google Workspace Admin SDK:

@@ -24,16 +20,16 @@ The delegated user must be a **super administrator** in your Google Workspace or

 ## Setup Steps

-### Step 1: Create a Google Cloud Platform (GCP) Project (if Needed)
+### Step 1: Create a GCP Project (if needed)

-If no GCP project exists, create one at [https://console.cloud.google.com](https://console.cloud.google.com).
+If you don't have a GCP project, create one at [https://console.cloud.google.com](https://console.cloud.google.com).

 The project is only used to host the Service Account — it does not need to have any Google Workspace data in it.

 ### Step 2: Enable the Admin SDK API

-1. Navigate to the [Google Cloud Console](https://console.cloud.google.com)
-2. Select the target project
+1. Go to the [Google Cloud Console](https://console.cloud.google.com)
+2. Select your project
 3. Navigate to **APIs & Services → Library**
 4. Search for **Admin SDK API**
 5. Click **Enable**
@@ -52,8 +48,8 @@ The Service Account does not need any GCP IAM roles. Its access to Google Worksp

 ### Step 4: Generate a JSON Key

-1. Click the newly created Service Account
-2. Navigate to the **Keys** tab
+1. Click on the Service Account you just created
+2. Go to the **Keys** tab
 3. Click **Add Key → Create new key**
 4. Select **JSON** format
 5. Click **Create** — the key file will download automatically
@@ -65,7 +61,7 @@ This JSON key grants access to your Google Workspace organization. Never commit

 ### Step 5: Configure Domain-Wide Delegation in Google Workspace

-1. Navigate to the [Google Workspace Admin Console](https://admin.google.com)
+1. Go to the [Google Workspace Admin Console](https://admin.google.com)
 2. Navigate to **Security → Access and data control → API controls**
 3. Click **Manage Domain Wide Delegation**
 4. Click **Add new**
@@ -82,26 +78,23 @@ https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.google
 Domain-Wide Delegation must be configured by a Google Workspace **super administrator**. It may take a few minutes to propagate after saving.
 </Note>

-### Step 6: Provide Credentials to Prowler
+### Step 6: Store Credentials Securely

- **Prowler Cloud:** Paste the Service Account JSON content and enter the delegated user email in the credentials form when configuring the Google Workspace provider.
- **Prowler CLI:** Export the credentials as environment variables:
+Set your credentials as environment variables:

-```console
+```bash
 export GOOGLEWORKSPACE_CREDENTIALS_FILE="/path/to/googleworkspace-sa.json"
 export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
-prowler googleworkspace
 ```

-Alternatively, to pass credentials as a string (e.g., in CI/CD pipelines):
+Alternatively, if you need to pass credentials as a string (e.g., in CI/CD pipelines):

-```console
+```bash
 export GOOGLEWORKSPACE_CREDENTIALS_CONTENT=$(cat /path/to/googleworkspace-sa.json)
 export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
-prowler googleworkspace
 ```

-## How Prowler Resolves Credentials
+## Credential Lookup Order

 Prowler resolves credentials in the following order:

@@ -154,7 +147,7 @@ The Service Account cannot impersonate the delegated user. This usually means Do
 - All three required OAuth scopes are included
 - The delegated user is a super administrator

-### Permission Denied on Admin SDK Calls
+### Permission Denied on Admin SDK calls

 If Prowler connects but returns empty results or permission errors for specific API calls:

@@ -1,131 +1,100 @@
 ---
-title: 'Getting Started With Google Workspace on Prowler'
+title: 'Getting Started with Google Workspace'
 ---

-import { VersionBadge } from "/snippets/version-badge.mdx"
-
-Prowler for Google Workspace audits the organization's Google Workspace environment for security misconfigurations, including super administrator account hygiene, domain settings, and more.
-
-## Prerequisites
-
-Set up authentication for Google Workspace with the [Google Workspace Authentication](/user-guide/providers/googleworkspace/authentication) guide before starting either path:
-
- **Service Account:** Create a Service Account in a GCP project with Domain-Wide Delegation enabled.
- **OAuth Scopes:** Authorize the required read-only OAuth scopes in the Google Workspace Admin Console.
- **Customer ID:** Identify the Google Workspace Customer ID to use as the provider identifier.
- **Delegated User:** Have the email of a super administrator to use as the delegated user.
-
-<CardGroup cols={2}>
-  <Card title="Prowler Cloud" icon="cloud" href="#prowler-cloud">
-    Onboard Google Workspace using Prowler Cloud
-  </Card>
-  <Card title="Prowler CLI" icon="terminal" href="#prowler-cli">
-    Onboard Google Workspace using Prowler CLI
-  </Card>
-</CardGroup>
-
-## Prowler Cloud
-
-<VersionBadge version="5.21.0" />
-
-### Step 1: Locate the Customer ID
-
-1. Log into the [Google Workspace Admin Console](https://admin.google.com).
-2. Navigate to "Account" > "Account Settings".
-3. Find the **Customer ID** on the Account Settings page.
-
-    ![Google Workspace Customer ID](/images/providers/googleworkspace-customer-id.png)
-
-<Note>
-The Customer ID starts with the letter "C" followed by alphanumeric characters (e.g., `C0xxxxxxx`). This value acts as the unique identifier for the Google Workspace account in Prowler Cloud.
-</Note>
-
-### Step 2: Open Prowler Cloud
-
-1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](/user-guide/tutorials/prowler-app).
-2. Navigate to "Configuration" > "Cloud Providers".
-
-    ![Cloud Providers Page](/images/prowler-app/cloud-providers-page.png)
-
-3. Click "Add Cloud Provider".
-
-    ![Add a Cloud Provider](/images/prowler-app/add-cloud-provider.png)
-
-4. Select "Google Workspace".
-
-    ![Select Google Workspace](/images/providers/select-googleworkspace-prowler-cloud.png)
-
-### Step 3: Provide Credentials
-
-1. Enter the **Customer ID** and an optional alias, then click "Next".
-
-    ![Google Workspace Customer ID Form](/images/providers/googleworkspace-customer-id-form.png)
-
-2. Paste the **Service Account JSON** credentials content.
-3. Enter the "Delegated User Email" (a super administrator in the Google Workspace organization).
-
-    ![Google Workspace Credentials Form](/images/providers/googleworkspace-credentials-form.png)
-
-<Note>
-The Service Account JSON is the full content of the key file downloaded when creating the Service Account. Paste the entire JSON object, not just the file path. For setup instructions, see the [Authentication guide](/user-guide/providers/googleworkspace/authentication).
-</Note>
-
-### Step 4: Check Connection
-
-1. Click "Check Connection" to verify that the credentials and Domain-Wide Delegation are configured correctly.
-2. Prowler will test the Service Account impersonation and Admin SDK access.
-
-    ![Check Connection](/images/providers/googleworkspace-check-connection.png)
-
-<Note>
-If the connection test fails, verify that Domain-Wide Delegation is properly configured and that all three OAuth scopes are authorized. It may take a few minutes for delegation changes to propagate. See the [Troubleshooting](/user-guide/providers/googleworkspace/authentication#troubleshooting) section for common errors.
-</Note>
-
-### Step 5: Launch the Scan
-
-1. Review the summary.
-2. Click "Launch Scan" to start auditing Google Workspace.
-
-    ![Launch Scan](/images/providers/googleworkspace-launch-scan.png)
-
---
-
-## Prowler CLI
+import { VersionBadge } from "/snippets/version-badge.mdx";

 <VersionBadge version="5.19.0" />

+Prowler for Google Workspace allows you to audit your organization's Google Workspace environment for security misconfigurations, including super administrator account hygiene, domain settings, and more.
+
+## Prerequisites
+
+Before running Prowler with the Google Workspace provider, ensure you have:
+
+1. A Google Workspace account with super administrator privileges
+2. A Google Cloud Platform (GCP) project to host the Service Account
+3. Authentication configured (see [Authentication](/user-guide/providers/googleworkspace/authentication)):
+   - A **Service Account JSON key** from a GCP project with Domain-Wide Delegation enabled
+
+## Quick Start
+
 ### Step 1: Set Up Authentication

-Set your Service Account credentials and delegated user email following the [Google Workspace Authentication](/user-guide/providers/googleworkspace/authentication) guide:
+Set your Service Account credentials file path and delegated user email as environment variables:

-```console
+```bash
 export GOOGLEWORKSPACE_CREDENTIALS_FILE="/path/to/service-account-key.json"
 export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
 ```

-Alternatively, pass the credentials content directly as a JSON string:
+### Step 2: Run Prowler

-```console
-export GOOGLEWORKSPACE_CREDENTIALS_CONTENT='{"type": "service_account", ...}'
-export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
-```
-
-### Step 2: Run the First Scan
-
-Run a baseline scan after credentials are configured:
-
-```console
+```bash
 prowler googleworkspace
 ```

-Prowler authenticates as the delegated user and runs all available security checks against the Google Workspace organization.
+Prowler will authenticate as the delegated user and run all available security checks against your Google Workspace organization.

-### Step 3: Use a Custom Configuration (Optional)
+## Authentication
+
+Prowler uses a **Service Account with Domain-Wide Delegation** to authenticate to Google Workspace. This requires:
+
+- A Service Account created in a GCP project
+- The Admin SDK API enabled in that project
+- Domain-Wide Delegation configured in the Google Workspace Admin Console
+- A super admin user email to impersonate
+
+### Using Environment Variables (Recommended)
+
+```bash
+export GOOGLEWORKSPACE_CREDENTIALS_FILE="/path/to/service-account-key.json"
+export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
+prowler googleworkspace
+```
+
+Alternatively, pass the credentials content directly as a JSON string:
+
+```bash
+export GOOGLEWORKSPACE_CREDENTIALS_CONTENT='{"type": "service_account", ...}'
+export GOOGLEWORKSPACE_DELEGATED_USER="admin@yourdomain.com"
+prowler googleworkspace
+```
+
+<Note>
+The delegated user must be a super admin email in your Google Workspace organization. The service account credentials must be provided via environment variables (`GOOGLEWORKSPACE_CREDENTIALS_FILE` or `GOOGLEWORKSPACE_CREDENTIALS_CONTENT`).
+</Note>
+
+## Understanding the Output
+
+When Prowler runs successfully, it will display the credentials being used:
+
+```
+Using the Google Workspace credentials below:
+┌─────────────────────────────────────────────────────────┐
+│ Google Workspace Domain: yourdomain.com                 │
+│ Customer ID: C0xxxxxxx                                  │
+│ Delegated User: admin@yourdomain.com                    │
+│ Authentication Method: Service Account with Domain-Wide  │
+│ Delegation                                              │
+└─────────────────────────────────────────────────────────┘
+```
+
+Findings are reported per check. For example, the `directory_super_admin_count` check verifies the number of super administrators is within a recommended range (2–4):
+
+- **PASS** — 2 to 4 super administrators found
+- **FAIL** — 0 or 1 (single point of failure) or 5+ (excessive privilege exposure)
+
+Output files are saved in the configured output directory (default: `output/`) in CSV, JSON-OCSF, and HTML formats.
+
+## Configuration

 Prowler uses a configuration file to customize provider behavior. To use a custom configuration:

-```console
+```bash
 prowler googleworkspace --config-file /path/to/config.yaml
 ```

---
+## Next Steps
+
+- [Authentication](/user-guide/providers/googleworkspace/authentication) — Detailed guide on setting up a Service Account and Domain-Wide Delegation
@@ -164,7 +164,3 @@ env:
 ```

 </Tip>
-
-<Tip>
-To set up a production-ready CronJob that runs Prowler on a schedule and sends findings to Prowler Cloud, see the [Run Kubernetes In-Cluster and Send Findings to Prowler Cloud](/user-guide/cookbooks/kubernetes-in-cluster) cookbook.
-</Tip>
@@ -47,9 +47,6 @@ When using service principal authentication, add these **Application Permissions
 - `SecurityIdentitiesSensors.Read.All`: Required for `defenderidentity_health_issues_no_open` check.
 - `SharePointTenantSettings.Read.All`: Required for SharePoint service.
 - `ThreatHunting.Read.All`: Required for Defender XDR checks (`defenderxdr_endpoint_privileged_user_exposed_credentials`, `defenderxdr_critical_asset_management_pending_approvals`).
- `DeviceManagementServiceConfig.Read.All`: Required for Intune device management settings used by `entra_conditional_access_policy_mdm_compliant_device_required` check.
- `DeviceManagementConfiguration.Read.All`: Required for Intune device compliance policies used by `entra_conditional_access_policy_mdm_compliant_device_required` check.
- `DeviceManagementManagedDevices.Read.All`: Required for Intune managed devices used by `entra_conditional_access_policy_mdm_compliant_device_required` check.

 **External API Permissions:**

@@ -202,135 +202,15 @@ To expand the graph for detailed exploration, click the fullscreen icon in the g
  width="700"
 />

-## Using Attack Paths with the MCP Server and Lighthouse AI
+## Using Attack Paths with the MCP Server

 Attack Paths capabilities are also available through the [Prowler MCP Server](/getting-started/products/prowler-mcp), enabling interaction with Attack Paths data via AI assistants like Claude Desktop, Cursor, and other MCP clients.

-[Prowler Lighthouse AI](/getting-started/products/prowler-lighthouse-ai) also supports Attack Paths queries, allowing you to analyze privilege escalation chains and security misconfigurations directly from the chat interface.
-
 The following MCP tools are available for Attack Paths:

 - **`prowler_app_list_attack_paths_scans`** - List and filter Attack Paths scans
 - **`prowler_app_list_attack_paths_queries`** - Discover available queries for a completed scan
 - **`prowler_app_run_attack_paths_query`** - Execute a query and retrieve graph results with nodes and relationships
- **`prowler_app_get_attack_paths_cartography_schema`** - Retrieve the Cartography graph schema for custom openCypher queries
-
-### Example Questions
-
-Ask through the MCP Server or Lighthouse AI:
-
- "Find EC2 instances exposed to the internet with access to sensitive S3 buckets"
- "Are there any IAM roles that can escalate their own privileges?"
- "Show me all internet-facing resources with open security groups"
- "Which principals can create Lambda functions with privileged roles?"
- "List all RDS instances with storage encryption disabled"
- "Find S3 buckets that allow anonymous access"
- "Are there any CloudFormation stacks that could be hijacked for privilege escalation?"
- "Show me all roles that can be assumed for lateral movement"
-
-### Supported Queries
-
-Attack Paths currently supports the following built-in queries for AWS:
-
-#### Custom Attack Path Queries
-
-| Query | Description |
-|---|---|
-| **Internet-Exposed EC2 with Sensitive S3 Access** | Find SSH-exposed EC2 instances that can assume roles to read tagged sensitive S3 buckets |
-
-#### Basic Resource Queries
-
-| Query | Description |
-|---|---|
-| **RDS Instances Inventory** | List all provisioned RDS database instances in the account |
-| **Unencrypted RDS Instances** | Find RDS instances with storage encryption disabled |
-| **S3 Buckets with Anonymous Access** | Find S3 buckets that allow anonymous access |
-| **IAM Statements Allowing All Actions** | Find IAM policy statements that allow all actions via wildcard (\*) |
-| **IAM Statements Allowing Policy Deletion** | Find IAM policy statements that allow iam:DeletePolicy |
-| **IAM Statements Allowing Create Actions** | Find IAM policy statements that allow any create action |
-
-#### Network Exposure Queries
-
-| Query | Description |
-|---|---|
-| **Internet-Exposed EC2 Instances** | Find EC2 instances flagged as exposed to the internet |
-| **Open Security Groups on Internet-Facing Resources** | Find internet-facing resources with security groups allowing inbound from 0.0.0.0/0 |
-| **Internet-Exposed Classic Load Balancers** | Find Classic Load Balancers exposed to the internet with their listeners |
-| **Internet-Exposed ALB/NLB Load Balancers** | Find ELBv2 (ALB/NLB) load balancers exposed to the internet with their listeners |
-| **Resource Lookup by Public IP** | Find the AWS resource associated with a given public IP address |
-
-#### Privilege Escalation Queries
-
-These queries are based on research from [pathfinding.cloud](https://pathfinding.cloud) by Datadog.
-
-| Query | Description |
-|---|---|
-| **App Runner Service Creation with Privileged Role (APPRUNNER-001)** | Create an App Runner service with a privileged IAM role to gain its permissions |
-| **App Runner Service Update for Role Access (APPRUNNER-002)** | Update an existing App Runner service to leverage its already-attached privileged role |
-| **Bedrock Code Interpreter with Privileged Role (BEDROCK-001)** | Create a Bedrock AgentCore Code Interpreter with a privileged role attached |
-| **Bedrock Code Interpreter Session Hijacking (BEDROCK-002)** | Start a session on an existing Bedrock code interpreter to exfiltrate its privileged role credentials |
-| **CloudFormation Stack Creation with Privileged Role (CLOUDFORMATION-001)** | Create a CloudFormation stack with a privileged role to provision arbitrary AWS resources |
-| **CloudFormation Stack Update for Role Access (CLOUDFORMATION-002)** | Update an existing CloudFormation stack to leverage its already-attached privileged service role |
-| **CloudFormation StackSet Creation with Privileged Role (CLOUDFORMATION-003)** | Create a CloudFormation StackSet with a privileged execution role to provision arbitrary resources across accounts |
-| **CloudFormation StackSet Update with Privileged Role (CLOUDFORMATION-004)** | Update an existing CloudFormation StackSet to inject malicious resources using a privileged execution role |
-| **CloudFormation Change Set Privilege Escalation (CLOUDFORMATION-005)** | Create and execute a change set on an existing stack to leverage its privileged service role |
-| **CodeBuild Project Creation with Privileged Role (CODEBUILD-001)** | Create a CodeBuild project with a privileged role to execute arbitrary code via a malicious buildspec |
-| **CodeBuild Buildspec Override for Role Access (CODEBUILD-002)** | Start a build on an existing CodeBuild project with a buildspec override to execute code with its privileged role |
-| **CodeBuild Batch Buildspec Override for Role Access (CODEBUILD-003)** | Start a batch build on an existing CodeBuild project with a buildspec override to execute code with its privileged role |
-| **CodeBuild Batch Project Creation with Privileged Role (CODEBUILD-004)** | Create a CodeBuild project configured for batch builds with a privileged role to execute arbitrary code via a malicious buildspec |
-| **Data Pipeline Creation with Privileged Role (DATAPIPELINE-001)** | Create a Data Pipeline with a privileged role to execute arbitrary commands on provisioned infrastructure |
-| **EC2 Instance Launch with Privileged Role (EC2-001)** | Launch EC2 instances with privileged IAM roles to gain their permissions via IMDS |
-| **EC2 Role Hijacking via UserData Injection (EC2-002)** | Inject malicious scripts into EC2 instance userData to gain the attached role's permissions |
-| **Spot Instance Launch with Privileged Role (EC2-003)** | Launch EC2 Spot Instances with privileged IAM roles to gain their permissions via IMDS |
-| **Launch Template Poisoning for Role Access (EC2-004)** | Inject malicious userData into launch templates that reference privileged roles, no PassRole needed |
-| **EC2 Instance Connect SSH Access for Role Credentials (EC2INSTANCECONNECT-003)** | Push a temporary SSH key to an EC2 instance via Instance Connect to access its attached role credentials through IMDS |
-| **ECS Service Creation with Privileged Role (ECS-001 - New Cluster)** | Create an ECS cluster and service with a privileged Fargate task role to execute arbitrary code |
-| **ECS Task Execution with Privileged Role (ECS-002 - New Cluster)** | Create an ECS cluster and run a one-off Fargate task with a privileged role to execute arbitrary code |
-| **ECS Service Creation with Privileged Role (ECS-003 - Existing Cluster)** | Deploy a Fargate service with a privileged role on an existing ECS cluster |
-| **ECS Task Execution with Privileged Role (ECS-004 - Existing Cluster)** | Run a one-off Fargate task with a privileged role on an existing ECS cluster |
-| **ECS Task Start with Privileged Role on EC2 (ECS-005 - Existing Cluster)** | Register a task definition with a privileged role and start it on an EC2 container instance to execute arbitrary code |
-| **ECS Exec Container Hijacking for Role Credentials (ECS-006)** | Shell into a running ECS container via ECS Exec to steal the attached task role's credentials |
-| **Glue Dev Endpoint with Privileged Role (GLUE-001)** | Create a Glue development endpoint with a privileged role attached to gain its permissions |
-| **Glue Dev Endpoint SSH Hijacking via Update (GLUE-002)** | Update an existing Glue development endpoint to inject an SSH public key and access its attached role credentials |
-| **Glue Job Creation with Privileged Role (GLUE-003)** | Create a Glue job with a privileged role and start it to execute arbitrary code with that role's permissions |
-| **Glue Job Creation with Scheduled Trigger and Privileged Role (GLUE-004)** | Create a Glue job with a privileged role and a scheduled trigger to persistently execute arbitrary code |
-| **Glue Job Hijacking via Update with Privileged Role (GLUE-005)** | Update an existing Glue job to attach a privileged role and inject malicious code, then start it to gain that role's permissions |
-| **Glue Job Hijacking with Scheduled Trigger and Privileged Role (GLUE-006)** | Update an existing Glue job to attach a privileged role and inject malicious code, then create a scheduled trigger for persistent automated execution |
-| **Policy Version Override for Self-Escalation (IAM-001)** | Create a new version of an attached policy with administrative permissions, instantly escalating the principal's own privileges |
-| **Access Key Creation for Lateral Movement (IAM-002)** | Create access keys for other IAM users to gain their permissions and move laterally across the account |
-| **Access Key Rotation Attack for Lateral Movement (IAM-003)** | Delete and recreate access keys for other IAM users to bypass the two-key limit and gain their permissions |
-| **Console Login Profile Creation for Lateral Movement (IAM-004)** | Create console login profiles for other IAM users to access the AWS Console with their permissions |
-| **Inline Policy Injection for Self-Escalation (IAM-005)** | Attach an inline policy with administrative permissions to your own role, instantly escalating privileges |
-| **Console Password Override for Lateral Movement (IAM-006)** | Change the console password of other IAM users to log in as them and gain their permissions |
-| **Inline Policy Injection on User for Self-Escalation (IAM-007)** | Attach an inline policy with administrative permissions to your own IAM user, instantly escalating privileges |
-| **Managed Policy Attachment on User for Self-Escalation (IAM-008)** | Attach existing managed policies with administrative permissions to your own IAM user, instantly escalating privileges |
-| **Managed Policy Attachment on Role for Self-Escalation (IAM-009)** | Attach existing managed policies with administrative permissions to your own IAM role, instantly escalating privileges |
-| **Managed Policy Attachment on Group for Self-Escalation (IAM-010)** | Attach existing managed policies with administrative permissions to a group you belong to, escalating privileges for all group members |
-| **Inline Policy Injection on Group for Self-Escalation (IAM-011)** | Attach an inline policy with administrative permissions to a group you belong to, escalating privileges for all group members |
-| **Trust Policy Hijacking for Role Assumption (IAM-012)** | Modify a role's trust policy to allow yourself to assume it, gaining the role's permissions |
-| **Group Membership Hijacking for Privilege Escalation (IAM-013)** | Add yourself to a privileged IAM group to inherit its permissions, gaining access to all policies attached to the group |
-| **Managed Policy Attachment with Role Assumption for Lateral Movement (IAM-014)** | Attach administrative managed policies to another role you can assume, then assume it to gain elevated privileges |
-| **Managed Policy Attachment with Access Key Creation for Lateral Movement (IAM-015)** | Attach administrative managed policies to another IAM user and create access keys for them to gain programmatic access with elevated privileges |
-| **Policy Version Override with Role Assumption for Lateral Movement (IAM-016)** | Create a new version of a customer-managed policy attached to another role with administrative permissions, then assume that role to gain elevated access |
-| **Inline Policy Injection with Role Assumption for Lateral Movement (IAM-017)** | Attach an inline policy with administrative permissions to another role you can assume, then assume it to gain elevated privileges |
-| **Inline Policy Injection with Access Key Creation for Lateral Movement (IAM-018)** | Attach an inline policy with administrative permissions to another IAM user and create access keys for them to gain programmatic access with elevated privileges |
-| **Managed Policy Attachment with Trust Policy Hijacking for Privilege Escalation (IAM-019)** | Attach administrative managed policies to a role and modify its trust policy to allow yourself to assume it, gaining elevated privileges without prior assume-role access |
-| **Policy Version Override with Trust Policy Hijacking for Privilege Escalation (IAM-020)** | Create a new version of a customer-managed policy attached to a role with administrative permissions and modify its trust policy to assume it, without prior assume-role access |
-| **Inline Policy Injection with Trust Policy Hijacking for Privilege Escalation (IAM-021)** | Add an inline policy with administrative permissions to a role and modify its trust policy to allow yourself to assume it, gaining elevated privileges without prior assume-role access |
-| **Lambda Function Creation with Privileged Role (LAMBDA-001)** | Create a Lambda function with a privileged IAM role and invoke it to execute code with that role's permissions |
-| **Lambda Function Creation with Event Source Trigger (LAMBDA-002)** | Create a Lambda function with a privileged IAM role and an event source mapping to trigger it automatically, executing code with the role's permissions |
-| **Lambda Function Code Injection (LAMBDA-003)** | Modify the code of an existing Lambda function to execute arbitrary commands with the function's execution role permissions |
-| **Lambda Function Code Injection with Direct Invocation (LAMBDA-004)** | Modify the code of an existing Lambda function and invoke it directly to execute arbitrary commands with the function's execution role permissions |
-| **Lambda Function Code Injection with Resource Policy Grant (LAMBDA-005)** | Modify the code of an existing Lambda function and grant yourself invocation permission via its resource-based policy to execute code with the function's execution role |
-| **Lambda Function Creation with Resource Policy Invocation (LAMBDA-006)** | Create a Lambda function with a privileged IAM role and grant yourself invocation permission via its resource-based policy to execute code with the role's permissions |
-| **SageMaker Notebook Creation with Privileged Role (SAGEMAKER-001)** | Create a SageMaker notebook instance with a privileged IAM role to execute arbitrary code with the role's permissions via the Jupyter environment |
-| **SageMaker Training Job Creation with Privileged Role (SAGEMAKER-002)** | Create a SageMaker training job with a privileged IAM role to execute arbitrary container code with the role's permissions |
-| **SageMaker Processing Job Creation with Privileged Role (SAGEMAKER-003)** | Create a SageMaker processing job with a privileged IAM role to execute arbitrary container code with the role's permissions |
-| **SageMaker Presigned Notebook URL for Privilege Escalation (SAGEMAKER-004)** | Generate a presigned URL to access an existing SageMaker notebook instance and execute code with its execution role's permissions |
-| **SageMaker Notebook Lifecycle Config Injection (SAGEMAKER-005)** | Inject a malicious lifecycle configuration into an existing SageMaker notebook to execute code with the notebook's execution role during startup |
-| **SSM Session Access for EC2 Role Credentials (SSM-001)** | Start an SSM session on an EC2 instance to access its attached role credentials through IMDS |
-| **SSM Send Command for EC2 Role Credentials (SSM-002)** | Execute commands on an EC2 instance via SSM Run Command to access its attached role credentials through IMDS |
-| **Role Assumption for Privilege Escalation (STS-001)** | Assume IAM roles with elevated permissions by exploiting bidirectional trust between the starting principal and the target role |

 These tools enable workflows such as:
 - Asking an AI assistant to identify privilege escalation paths in a specific AWS account
@@ -1,7 +1,7 @@
 # =============================================================================
 # Build stage - Install dependencies and build the application
 # =============================================================================
-FROM ghcr.io/astral-sh/uv:python3.13-alpine@sha256:8f53782bb232ab0b5558f3071e86e2bbfde884e18815f2b19cc57f2d336e9ee2 AS builder
+FROM ghcr.io/astral-sh/uv:python3.13-alpine AS builder

 WORKDIR /app

@@ -25,7 +25,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 # =============================================================================
 # Final stage - Minimal runtime environment
 # =============================================================================
-FROM python:3.13-alpine@sha256:bb1f2fdb1065c85468775c9d680dcd344f6442a2d1181ef7916b60a623f11d40
+FROM python:3.13-alpine

 LABEL maintainer="https://github.com/prowler-cloud"

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.1.2 and should not be changed by hand.

 [[package]]
 name = "about-time"
@@ -808,7 +808,7 @@ description = "Timeout context manager for asyncio programs"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
-markers = "python_version == \"3.10\""
+markers = "python_version <= \"3.10\""
 files = [
    {file = "async_timeout-5.0.1-py3-none-any.whl", hash = "sha256:39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"},
    {file = "async_timeout-5.0.1.tar.gz", hash = "sha256:d9321a7a3d5a6a5e187e824d2fa0793ce379a202935782d555d6e9d2735677d3"},
@@ -1544,7 +1544,10 @@ files = [
 [package.dependencies]
 jmespath = ">=0.7.1,<2.0.0"
 python-dateutil = ">=2.1,<3.0.0"
-urllib3 = {version = ">=1.25.4,<2.2.0 || >2.2.0,<3", markers = "python_version >= \"3.10\""}
+urllib3 = [
+    {version = ">=1.25.4,<2.2.0 || >2.2.0,<3", markers = "python_version >= \"3.10\""},
+    {version = ">=1.25.4,<1.27", markers = "python_version < \"3.10\""},
+]

 [package.extras]
 crt = ["awscrt (==0.27.6)"]
@@ -1824,6 +1827,22 @@ files = [
    {file = "circuitbreaker-2.1.3.tar.gz", hash = "sha256:1a4baee510f7bea3c91b194dcce7c07805fe96c4423ed5594b75af438531d084"},
 ]

+[[package]]
+name = "click"
+version = "8.1.8"
+description = "Composable command line interface toolkit"
+optional = false
+python-versions = ">=3.7"
+groups = ["main", "dev"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "click-8.1.8-py3-none-any.whl", hash = "sha256:63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2"},
+    {file = "click-8.1.8.tar.gz", hash = "sha256:ed53c9d8990d83c2a27deae68e4ee337473f6330c040a31d4225c9574d16096a"},
+]
+
+[package.dependencies]
+colorama = {version = "*", markers = "platform_system == \"Windows\""}
+
 [[package]]
 name = "click"
 version = "8.2.1"
@@ -1831,6 +1850,7 @@ description = "Composable command line interface toolkit"
 optional = false
 python-versions = ">=3.10"
 groups = ["main", "dev"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "click-8.2.1-py3-none-any.whl", hash = "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b"},
    {file = "click-8.2.1.tar.gz", hash = "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202"},
@@ -1888,7 +1908,6 @@ files = [
    {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]
-markers = {dev = "platform_system == \"Windows\" or sys_platform == \"win32\""}

 [[package]]
 name = "contextlib2"
@@ -2236,6 +2255,33 @@ docs = ["myst-parser (==0.18.0)", "sphinx (==5.1.1)"]
 ssh = ["paramiko (>=2.4.3)"]
 websockets = ["websocket-client (>=1.3.0)"]

+[[package]]
+name = "dogpile-cache"
+version = "1.4.1"
+description = "A caching front-end based on the Dogpile lock."
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "dogpile_cache-1.4.1-py3-none-any.whl", hash = "sha256:99130ce990800c8d89c26a5a8d9923cbe1b78c8a9972c2aaa0abf3d2ef2984ad"},
+    {file = "dogpile_cache-1.4.1.tar.gz", hash = "sha256:e25c60e677a5e28ff86124765fbf18c53257bcd7830749cd5ba350ace2a12989"},
+]
+
+[package.dependencies]
+decorator = ">=4.0.0"
+stevedore = ">=3.0.0"
+typing_extensions = {version = ">=4.0.1", markers = "python_version < \"3.11\""}
+
+[package.extras]
+bmemcached = ["python-binary-memcached"]
+memcached = ["python-memcached"]
+pifpaf = ["pifpaf (>=3.2.0)"]
+pylibmc = ["pylibmc"]
+pymemcache = ["pymemcache"]
+redis = ["redis"]
+valkey = ["valkey"]
+
 [[package]]
 name = "dogpile-cache"
 version = "1.5.0"
@@ -2243,6 +2289,7 @@ description = "A caching front-end based on the Dogpile lock."
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "dogpile_cache-1.5.0-py3-none-any.whl", hash = "sha256:dc7b47d37844db15e8fdc0243c1b58857a2ddc52a5118237a97127bac200e18d"},
    {file = "dogpile_cache-1.5.0.tar.gz", hash = "sha256:849c5573c9a38f155cd4173103c702b637ede0361c12e864876877d0cd125eec"},
@@ -2367,7 +2414,7 @@ description = "Backport of PEP 654 (exception groups)"
 optional = false
 python-versions = ">=3.7"
 groups = ["main", "dev"]
-markers = "python_version == \"3.10\""
+markers = "python_version <= \"3.10\""
 files = [
    {file = "exceptiongroup-1.3.0-py3-none-any.whl", hash = "sha256:4d111e6e0c13d0644cad6ddaa7ed0261a0b36971f6d23e7ec9b4b9097da78a10"},
    {file = "exceptiongroup-1.3.0.tar.gz", hash = "sha256:b241f5885f560bc56a59ee63ca4c6a8bfa46ae4ad651af316d4e81817bb9fd88"},
@@ -2394,6 +2441,19 @@ files = [
 [package.extras]
 testing = ["hatch", "pre-commit", "pytest", "tox"]

+[[package]]
+name = "filelock"
+version = "3.19.1"
+description = "A platform independent file lock."
+optional = false
+python-versions = ">=3.9"
+groups = ["main", "dev"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "filelock-3.19.1-py3-none-any.whl", hash = "sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d"},
+    {file = "filelock-3.19.1.tar.gz", hash = "sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58"},
+]
+
 [[package]]
 name = "filelock"
 version = "3.20.3"
@@ -2401,6 +2461,7 @@ description = "A platform independent file lock."
 optional = false
 python-versions = ">=3.10"
 groups = ["main", "dev"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "filelock-3.20.3-py3-none-any.whl", hash = "sha256:4b0dda527ee31078689fc205ec4f1c1bf7d56cf88b6dc9426c4f230e46c2dce1"},
    {file = "filelock-3.20.3.tar.gz", hash = "sha256:18c57ee915c7ec61cff0ecf7f0f869936c7c30191bb0cf406f1341778d0834e1"},
@@ -2438,6 +2499,7 @@ files = [
 [package.dependencies]
 blinker = ">=1.9.0"
 click = ">=8.1.3"
+importlib-metadata = {version = ">=3.6.0", markers = "python_version < \"3.10\""}
 itsdangerous = ">=2.2.0"
 jinja2 = ">=3.1.2"
 markupsafe = ">=2.1.1"
@@ -2709,6 +2771,9 @@ files = [
    {file = "graphql_core-3.2.6.tar.gz", hash = "sha256:c08eec22f9e40f0bd61d805907e3b3b1b9a320bc606e23dc145eebca07c8fbab"},
 ]

+[package.dependencies]
+typing-extensions = {version = ">=4,<5", markers = "python_version < \"3.10\""}
+
 [[package]]
 name = "h11"
 version = "0.16.0"
@@ -2872,11 +2937,12 @@ version = "8.7.0"
 description = "Read metadata from Python packages"
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
+groups = ["main", "dev"]
 files = [
    {file = "importlib_metadata-8.7.0-py3-none-any.whl", hash = "sha256:e5dd1551894c77868a30651cef00984d50e1002d06942a7101d34870c5f02afd"},
    {file = "importlib_metadata-8.7.0.tar.gz", hash = "sha256:d13b81ad223b890aa16c5471f2ac3056cf76c5f10f82d6f9292f0b415f389000"},
 ]
+markers = {dev = "python_version < \"3.10\""}

 [package.dependencies]
 zipp = ">=3.20"
@@ -3071,7 +3137,7 @@ files = [

 [package.dependencies]
 attrs = ">=22.2.0"
-jsonschema-specifications = ">=2023.3.6"
+jsonschema-specifications = ">=2023.03.6"
 referencing = ">=0.28.4"
 rpds-py = ">=0.7.1"

@@ -3112,6 +3178,34 @@ files = [
 [package.dependencies]
 referencing = ">=0.31.0"

+[[package]]
+name = "keystoneauth1"
+version = "5.11.1"
+description = "Authentication Library for OpenStack Identity"
+optional = false
+python-versions = ">=3.9"
+groups = ["main"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "keystoneauth1-5.11.1-py3-none-any.whl", hash = "sha256:4525adf03b6e591f4b9b8a72c3b14f6510a04816dd5a7aca6ebaa6dfc90b69e6"},
+    {file = "keystoneauth1-5.11.1.tar.gz", hash = "sha256:806f12c49b7f4b2cad3f5a460f7bdd81e4247c81b6042596a7fea8575f6591f3"},
+]
+
+[package.dependencies]
+iso8601 = ">=2.0.0"
+os-service-types = ">=1.2.0"
+pbr = ">=2.0.0"
+requests = ">=2.14.2"
+stevedore = ">=1.20.0"
+typing-extensions = ">=4.12"
+
+[package.extras]
+betamax = ["PyYAML (>=3.13)", "betamax (>=0.7.0)", "fixtures (>=3.0.0)"]
+kerberos = ["requests-kerberos (>=0.8.0)"]
+oauth1 = ["oauthlib (>=0.6.2)"]
+saml2 = ["lxml (>=4.2.0)"]
+test = ["PyYAML (>=3.12)", "bandit (>=1.7.6,<1.8.0)", "betamax (>=0.7.0)", "coverage (>=4.0)", "fixtures (>=3.0.0)", "flake8-docstrings (>=1.7.0,<1.8.0)", "flake8-import-order (>=0.18.2,<0.19.0)", "hacking (>=6.1.0,<6.2.0)", "lxml (>=4.2.0)", "oauthlib (>=0.6.2)", "oslo.config (>=5.2.0)", "oslo.utils (>=3.33.0)", "oslotest (>=3.2.0)", "requests-kerberos (>=0.8.0)", "requests-mock (>=1.2.0)", "stestr (>=1.0.0)", "testresources (>=2.0.0)", "testtools (>=2.2.0)"]
+
 [[package]]
 name = "keystoneauth1"
 version = "5.13.0"
@@ -3119,6 +3213,7 @@ description = "Authentication Library for OpenStack Identity"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "keystoneauth1-5.13.0-py3-none-any.whl", hash = "sha256:5ab81412eb0923ceb9c602cc3decce514b399523cb83d16b409ed3b0f9b03d41"},
    {file = "keystoneauth1-5.13.0.tar.gz", hash = "sha256:57c9ca407207899b50d8ff1ca8abb4a4e7427461bfc1877eb8519c3989ce63ec"},
@@ -3151,7 +3246,7 @@ files = [
 ]

 [package.dependencies]
-certifi = ">=14.5.14"
+certifi = ">=14.05.14"
 durationpy = ">=0.7"
 google-auth = ">=1.0.1"
 oauthlib = ">=3.2.2"
@@ -3264,18 +3359,21 @@ tests = ["psutil", "pytest (!=3.3.0)", "pytest-cov"]

 [[package]]
 name = "markdown"
-version = "3.10.2"
+version = "3.9"
 description = "Python implementation of John Gruber's Markdown."
 optional = false
-python-versions = ">=3.10"
+python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "markdown-3.10.2-py3-none-any.whl", hash = "sha256:e91464b71ae3ee7afd3017d9f358ef0baf158fd9a298db92f1d4761133824c36"},
-    {file = "markdown-3.10.2.tar.gz", hash = "sha256:994d51325d25ad8aa7ce4ebaec003febcce822c3f8c911e3b17c52f7f589f950"},
+    {file = "markdown-3.9-py3-none-any.whl", hash = "sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280"},
+    {file = "markdown-3.9.tar.gz", hash = "sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a"},
 ]

+[package.dependencies]
+importlib-metadata = {version = ">=4.4", markers = "python_version < \"3.10\""}
+
 [package.extras]
-docs = ["mdx_gh_links (>=0.2)", "mkdocs (>=1.6)", "mkdocs-gen-files", "mkdocs-literate-nav", "mkdocs-nature (>=0.6)", "mkdocs-section-index", "mkdocstrings[python] (>=0.28.3)"]
+docs = ["mdx_gh_links (>=0.2)", "mkdocs (>=1.6)", "mkdocs-gen-files", "mkdocs-literate-nav", "mkdocs-nature (>=0.6)", "mkdocs-section-index", "mkdocstrings[python]"]
 testing = ["coverage", "pyyaml"]

 [[package]]
@@ -3919,6 +4017,26 @@ files = [
    {file = "nest_asyncio-1.6.0.tar.gz", hash = "sha256:6f172d5449aca15afd6c646851f4e31e02c598d553a667e38cafa997cfec55fe"},
 ]

+[[package]]
+name = "networkx"
+version = "3.2.1"
+description = "Python package for creating and manipulating graphs and networks"
+optional = false
+python-versions = ">=3.9"
+groups = ["dev"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "networkx-3.2.1-py3-none-any.whl", hash = "sha256:f18c69adc97877c42332c170849c96cefa91881c99a7cb3e95b7c659ebdc1ec2"},
+    {file = "networkx-3.2.1.tar.gz", hash = "sha256:9f1bb5cf3409bf324e0a722c20bdb4c20ee39bf1c30ce8ae499c8502b0b5e0c6"},
+]
+
+[package.extras]
+default = ["matplotlib (>=3.5)", "numpy (>=1.22)", "pandas (>=1.4)", "scipy (>=1.9,!=1.11.0,!=1.11.1)"]
+developer = ["changelist (==0.4)", "mypy (>=1.1)", "pre-commit (>=3.2)", "rtoml"]
+doc = ["nb2plots (>=0.7)", "nbconvert (<7.9)", "numpydoc (>=1.6)", "pillow (>=9.4)", "pydata-sphinx-theme (>=0.14)", "sphinx (>=7)", "sphinx-gallery (>=0.14)", "texext (>=0.6.7)"]
+extra = ["lxml (>=4.6)", "pydot (>=1.4.2)", "pygraphviz (>=1.11)", "sympy (>=1.10)"]
+test = ["pytest (>=7.2)", "pytest-cov (>=4.0)"]
+
 [[package]]
 name = "networkx"
 version = "3.4.2"
@@ -4206,6 +4324,22 @@ files = [
 opentelemetry-api = "1.35.0"
 typing-extensions = ">=4.5.0"

+[[package]]
+name = "os-service-types"
+version = "1.7.0"
+description = "Python library for consuming OpenStack sevice-types-authority data"
+optional = false
+python-versions = "*"
+groups = ["main"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "os-service-types-1.7.0.tar.gz", hash = "sha256:31800299a82239363995b91f1ebf9106ac7758542a1e4ef6dc737a5932878c6c"},
+    {file = "os_service_types-1.7.0-py2.py3-none-any.whl", hash = "sha256:0505c72205690910077fb72b88f2a1f07533c8d39f2fe75b29583481764965d6"},
+]
+
+[package.dependencies]
+pbr = ">=2.0.0,<2.1.0 || >2.1.0"
+
 [[package]]
 name = "os-service-types"
 version = "1.8.2"
@@ -4213,6 +4347,7 @@ description = "Python library for consuming OpenStack sevice-types-authority dat
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "os_service_types-1.8.2-py3-none-any.whl", hash = "sha256:f78890d71814deffabf0ed4358288ec2ced579bc4d0bb87a79ae806cbb4deb6e"},
    {file = "os_service_types-1.8.2.tar.gz", hash = "sha256:ab7648d7232849943196e1bb00a30e2e25e600fa3b57bb241d15b7f521b5b575"},
@@ -4721,7 +4856,7 @@ description = "C parser in Python"
 optional = false
 python-versions = ">=3.8"
 groups = ["main", "dev"]
-markers = "platform_python_implementation != \"PyPy\" and implementation_name != \"PyPy\""
+markers = "implementation_name != \"PyPy\" and platform_python_implementation != \"PyPy\""
 files = [
    {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
    {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
@@ -4963,7 +5098,7 @@ files = [
 ]

 [package.dependencies]
-astroid = ">=3.3.8,<=3.4.0.dev0"
+astroid = ">=3.3.8,<=3.4.0-dev0"
 colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""}
 dill = [
    {version = ">=0.2", markers = "python_version < \"3.11\""},
@@ -4975,6 +5110,7 @@ mccabe = ">=0.6,<0.8"
 platformdirs = ">=2.2.0"
 tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
 tomlkit = ">=0.10.1"
+typing-extensions = {version = ">=3.10.0", markers = "python_version < \"3.10\""}

 [package.extras]
 spelling = ["pyenchant (>=3.2,<4.0)"]
@@ -5130,6 +5266,7 @@ files = [
 ]

 [package.dependencies]
+importlib-metadata = {version = ">=3.6", markers = "python_version < \"3.10\""}
 pytest = "*"

 [[package]]
@@ -5808,10 +5945,10 @@ files = [
 ]

 [package.dependencies]
-botocore = ">=1.37.4,<2.0a0"
+botocore = ">=1.37.4,<2.0a.0"

 [package.extras]
-crt = ["botocore[crt] (>=1.37.4,<2.0a0)"]
+crt = ["botocore[crt] (>=1.37.4,<2.0a.0)"]

 [[package]]
 name = "safety"
@@ -6080,7 +6217,7 @@ description = "A lil' TOML parser"
 optional = false
 python-versions = ">=3.8"
 groups = ["dev"]
-markers = "python_version == \"3.10\""
+markers = "python_version <= \"3.10\""
 files = [
    {file = "tomli-2.2.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249"},
    {file = "tomli-2.2.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6"},
@@ -6237,6 +6374,24 @@ files = [
    {file = "uritemplate-4.2.0.tar.gz", hash = "sha256:480c2ed180878955863323eea31b0ede668795de182617fef9c6ca09e6ec9d0e"},
 ]

+[[package]]
+name = "urllib3"
+version = "1.26.20"
+description = "HTTP library with thread-safe connection pooling, file post, and more."
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7"
+groups = ["main", "dev"]
+markers = "python_version < \"3.10\""
+files = [
+    {file = "urllib3-1.26.20-py2.py3-none-any.whl", hash = "sha256:0ed14ccfbf1c30a9072c7ca157e4319b70d65f623e91e7b32fadb2853431016e"},
+    {file = "urllib3-1.26.20.tar.gz", hash = "sha256:40c2dc0c681e47eb8f90e7e27bf6ff7df2e677421fd46756da1161c39ca70d32"},
+]
+
+[package.extras]
+brotli = ["brotli (==1.0.9) ; os_name != \"nt\" and python_version < \"3\" and platform_python_implementation == \"CPython\"", "brotli (>=1.0.9) ; python_version >= \"3\" and platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; (os_name != \"nt\" or python_version >= \"3\") and platform_python_implementation != \"CPython\"", "brotlipy (>=0.6.0) ; os_name == \"nt\" and python_version < \"3\""]
+secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress ; python_version == \"2.7\"", "pyOpenSSL (>=0.14)", "urllib3-secure-extra"]
+socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]
+
 [[package]]
 name = "urllib3"
 version = "2.6.3"
@@ -6244,6 +6399,7 @@ description = "HTTP library with thread-safe connection pooling, file post, and
 optional = false
 python-versions = ">=3.9"
 groups = ["main", "dev"]
+markers = "python_version >= \"3.10\""
 files = [
    {file = "urllib3-2.6.3-py3-none-any.whl", hash = "sha256:bf272323e553dfb2e87d9bfd225ca7b0f467b919d7bbd355436d3fd37cb0acd4"},
    {file = "urllib3-2.6.3.tar.gz", hash = "sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed"},
@@ -6576,11 +6732,12 @@ version = "3.23.0"
 description = "Backport of pathlib-compatible object wrapper for zip files"
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
+groups = ["main", "dev"]
 files = [
    {file = "zipp-3.23.0-py3-none-any.whl", hash = "sha256:071652d6115ed432f5ce1d34c336c0adfd6a884660d1e9712a256d3d3bd4b14e"},
    {file = "zipp-3.23.0.tar.gz", hash = "sha256:a07157588a12518c9d4034df3fbbee09c814741a33ff63c05fa29d26a2404166"},
 ]
+markers = {dev = "python_version < \"3.10\""}

 [package.extras]
 check = ["pytest-checkdocs (>=2.4)", "pytest-ruff (>=0.2.1) ; sys_platform != \"cygwin\""]
@@ -6728,5 +6885,5 @@ files = [

 [metadata]
 lock-version = "2.1"
-python-versions = ">=3.10,<3.13"
-content-hash = "65f1f9833d61f90f1f89ed70b3677f76c0693bae275dd39699df01c05050bbe6"
+python-versions = ">3.9.1,<3.13"
+content-hash = "fa67f98ae1b75ec5a54d1d6a1c33c5412d888ec60cf35fc407606dc48329c0bf"
@@ -2,44 +2,6 @@

 All notable changes to the **Prowler SDK** are documented in this file.

-## [5.23.0] (Prowler UNRELEASED)
-
-### 🚀 Added
-
- `apikeys_api_restricted_with_gemini_api` and `gemini_api_disabled`checks for GCP provider [(#10280)](https://github.com/prowler-cloud/prowler/pull/10280)
- `cloudfront_distributions_logging_enabled` detects Standard Logging v2 via CloudWatch Log Delivery [(#10090)](https://github.com/prowler-cloud/prowler/pull/10090)
- `glue_etl_jobs_no_secrets_in_arguments` check for plaintext secrets in AWS Glue ETL job arguments [(#10368)](https://github.com/prowler-cloud/prowler/pull/10368)
- `awslambda_function_no_dead_letter_queue`, `awslambda_function_using_cross_account_layers`, and `awslambda_function_env_vars_not_encrypted_with_cmk` checks for AWS Lambda [(#10381)](https://github.com/prowler-cloud/prowler/pull/10381)
- `entra_conditional_access_policy_mdm_compliant_device_required` check for M365 provider [(#10220)](https://github.com/prowler-cloud/prowler/pull/10220)
- `ec2_securitygroup_allow_ingress_from_internet_to_any_port_from_ip` check for AWS provider using `ipaddress.is_global` for accurate public IP detection [(#10335)](https://github.com/prowler-cloud/prowler/pull/10335)
-
-### 🔄 Changed
-
- Minimum Python version from 3.9 to 3.10 and updated classifiers to reflect supported versions (3.10, 3.11, 3.12) [(#10464)](https://github.com/prowler-cloud/prowler/pull/10464)
-
---
-
-## [5.22.1] (Prowler UNRELEASED)
-
-### 🐞 Fixed
-
- AWS global services (CloudFront, Route53, Shield, FMS) now use the partition's global region instead of the profile's default region [(#10458)](https://github.com/prowler-cloud/prowler/issues/10458)
- Oracle Cloud `events_rule_idp_group_mapping_changes` now recognizes the CIS 3.1 `add/remove` event names to avoid false positives [(#10416)](https://github.com/prowler-cloud/prowler/pull/10416)
- Oracle Cloud password policy checks now exclude immutable system-managed policies (`SimplePasswordPolicy`, `StandardPasswordPolicy`) to avoid false positives [(#10453)](https://github.com/prowler-cloud/prowler/pull/10453)
- Oracle Cloud `kms_key_rotation_enabled` now checks current key version age to avoid false positives on vaults without auto-rotation support [(#10450)](https://github.com/prowler-cloud/prowler/pull/10450)
-
---
-
-## [5.22.0] (Prowler v5.22.0)
-
-### 🐞 Fixed
-
- Azure MySQL flexible server checks now compare configuration values case-insensitively to avoid false negatives when Azure returns lowercase values [(#10396)](https://github.com/prowler-cloud/prowler/pull/10396)
- Azure `vm_backup_enabled` and `vm_sufficient_daily_backup_retention_period` checks now compare VM names case-insensitively to avoid false negatives when Azure stores backup item names in a different case [(#10395)](https://github.com/prowler-cloud/prowler/pull/10395)
- `entra_non_privileged_user_has_mfa` skips disabled users to avoid false positives [(#10426)](https://github.com/prowler-cloud/prowler/pull/10426)
-
---
-
 ## [5.21.0] (Prowler v5.21.0)

 ### 🚀 Added
@@ -136,9 +136,7 @@
          "ComplementaryCriteria": "Cloud service customers ensure through suitable controls that the guidelines and requirements for compliance with the contractual agreements with the cloud service provider (i.e., responsibilities, cooperation obligations and interfaces for reporting security incidents) are adequately defined, documented and set up."
        }
      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
+      "Checks": []
    },
    {
      "Id": "OIS-03.02B",
@@ -7232,9 +7230,7 @@
          "ComplementaryCriteria": ""
        }
      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
+      "Checks": []
    },
    {
      "Id": "SSO-01.02AC",
@@ -7262,9 +7258,7 @@
          "ComplementaryCriteria": ""
        }
      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
+      "Checks": []
    },
    {
      "Id": "SSO-02.02B",
@@ -248,8 +248,7 @@
        "compute_public_address_shodan",
        "cloudsql_instance_automated_backups",
        "iam_sa_user_managed_key_rotate_90_days",
-        "iam_service_account_unused",
-        "gemini_api_disabled"
+        "iam_service_account_unused"
      ]
    },
    {
@@ -51,8 +51,7 @@
        "iam_no_service_roles_at_project_level",
        "bigquery_dataset_public_access",
        "bigquery_dataset_cmek_encryption",
-        "kms_key_rotation_enabled",
-        "gemini_api_disabled"
+        "kms_key_rotation_enabled"
      ]
    },
    {
@@ -204,36 +203,6 @@
        "cloudstorage_bucket_object_versioning"
      ]
    },
-    {
-      "Id": "164_308_b_1",
-      "Name": "164.308(b)(1) Business associate contracts and other arrangements",
-      "Description": "A covered entity may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with § 164.314(a), that the business associate will appropriately safeguard the information. A covered entity is not required to obtain such satisfactory assurances from a business associate that is a subcontractor.",
-      "Attributes": [
-        {
-          "ItemId": "164_308_b_1",
-          "Section": "164.308 Administrative Safeguards",
-          "Service": "gcp"
-        }
-      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
-    },
-    {
-      "Id": "164_308_b_2",
-      "Name": "164.308(b)(2)",
-      "Description": "A business associate may permit a business associate that is a subcontractor to create, receive, maintain, or transmit electronic protected health information on its behalf only if the business associate obtains satisfactory assurances, in accordance with § 164.314(a), that the subcontractor will appropriately safeguard the information.",
-      "Attributes": [
-        {
-          "ItemId": "164_308_b_2",
-          "Section": "164.308 Administrative Safeguards",
-          "Service": "gcp"
-        }
-      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
-    },
    {
      "Id": "164_310_a_1",
      "Name": "164.310(a)(1) Facility access controls",
@@ -295,8 +295,7 @@
        }
      ],
      "Checks": [
-        "iam_cloud_asset_inventory_enabled",
-        "gemini_api_disabled"
+        "iam_cloud_asset_inventory_enabled"
      ]
    },
    {
@@ -326,8 +325,7 @@
        }
      ],
      "Checks": [
-        "iam_cloud_asset_inventory_enabled",
-        "gemini_api_disabled"
+        "iam_cloud_asset_inventory_enabled"
      ]
    },
    {
@@ -342,9 +340,7 @@
          "Check_Summary": "The organisation should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery."
        }
      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
+      "Checks": []
    },
    {
      "Id": "A.5.23",
@@ -358,9 +354,7 @@
          "Check_Summary": "Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organisation’s information security requirements."
        }
      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
+      "Checks": []
    },
    {
      "Id": "A.5.24",
@@ -148,8 +148,7 @@
        "iam_sa_user_managed_key_rotate_90_days",
        "iam_service_account_unused",
        "apikeys_key_rotated_in_90_days",
-        "apikeys_api_restrictions_configured",
-        "apikeys_api_restricted_with_gemini_api"
+        "apikeys_api_restrictions_configured"
      ],
      "Attributes": [
        {
@@ -1128,9 +1127,7 @@
        "iam_role_kms_enforce_separation_of_duties",
        "iam_role_sa_enforce_separation_of_duties",
        "iam_sa_no_administrative_privileges",
-        "iam_sa_no_user_managed_keys",
-        "apikeys_api_restricted_with_gemini_api",
-        "gemini_api_disabled"
+        "iam_sa_no_user_managed_keys"
      ],
      "Attributes": [
        {
@@ -1706,8 +1703,7 @@
        "cloudsql_instance_ssl_connections",
        "dataproc_encrypted_with_cmks_disabled",
        "dns_rsasha1_in_use_to_key_sign_in_dnssec",
-        "dns_rsasha1_in_use_to_zone_sign_in_dnssec",
-        "apikeys_api_restricted_with_gemini_api"
+        "dns_rsasha1_in_use_to_zone_sign_in_dnssec"
      ],
      "Attributes": [
        {
@@ -20225,48 +20225,6 @@
        }
      ]
    },
-    {
-      "Id": "12.8.3.1",
-      "Description": "Checks that the Gemini API (a.k.a. Generative Language API) is disabled since it is out of scope of GCP's PCI DSS conformance.",
-      "Name": "Gemini API",
-      "Checks": [
-        "gemini_api_disabled"
-      ],
-      "Attributes": [
-        {
-          "Section": "12.8.3: Risk to information assets associated with third-party service provider (TPSP) relationships is managed.",
-          "Service": "Gemini API"
-        }
-      ]
-    },
-    {
-      "Id": "12.8.4.1",
-      "Description": "Checks that the Gemini API (a.k.a. Generative Language API) is disabled since it is out of scope of GCP's PCI DSS conformance.",
-      "Name": "Gemini API",
-      "Checks": [
-        "gemini_api_disabled"
-      ],
-      "Attributes": [
-        {
-          "Section": "12.8.4: Risk to information assets associated with third-party service provider (TPSP) relationships is managed.",
-          "Service": "Gemini API"
-        }
-      ]
-    },
-    {
-      "Id": "12.9.1.1",
-      "Description": "Checks that the Gemini API (a.k.a. Generative Language API) is disabled since it is out of scope of GCP's PCI DSS conformance.",
-      "Name": "Gemini API",
-      "Checks": [
-        "gemini_api_disabled"
-      ],
-      "Attributes": [
-        {
-          "Section": "12.9.1: Third-party service providers (TPSPs) support their customers’ PCI DSS compliance.",
-          "Service": "Gemini API"
-        }
-      ]
-    },
    {
      "Id": "A1.1.2.1",
      "Description": "Checks if a backup vault has an attached IAM policy that prevents deletion of backup recovery points. The rule is NON_COMPLIANT if the Backup Vault does not have IAM policies or has policies lacking a suitable 'Deny' statement for deleting backups.",
@@ -78,13 +78,12 @@
        {
          "ItemId": "cc_3_2",
          "Section": "CC3.0 - Common Criteria Related to Risk Assessment",
-          "Service": "gcp",
+          "Service": "gcr",
          "Type": "automated"
        }
      ],
      "Checks": [
-        "gcr_container_scanning_enabled",
-        "gemini_api_disabled"
+        "gcr_container_scanning_enabled"
      ]
    },
    {
@@ -283,13 +282,12 @@
        {
          "ItemId": "cc_7_1",
          "Section": "CC7.0 - System Operations",
-          "Service": "gcp",
+          "Service": "iam",
          "Type": "automated"
        }
      ],
      "Checks": [
-        "iam_cloud_asset_inventory_enabled",
-        "gemini_api_disabled"
+        "iam_cloud_asset_inventory_enabled"
      ]
    },
    {
@@ -422,22 +420,6 @@
        "iam_cloud_asset_inventory_enabled"
      ]
    },
-    {
-      "Id": "cc_9_2",
-      "Name": "CC9.2 The entity assesses and manages risks associated with vendors and business partners",
-      "Description": "Establishes Requirements for Vendor and Business Partner Engagements—The entity establishes specific requirements for a vendor and business partner engagement that includes (1) scope of services and product specifications, (2) roles and responsibilities, (3) compliance requirements, and (4) service levels. Assesses Vendor and Business Partner Risks—The entity assesses, on a periodic basis, the risks that vendors and business partners (and those entities' vendors and business partners) represent to the achievement of the entity's objectives. Assigns Responsibility and Accountability for Managing Vendors and Business Partners—The entity assigns responsibility and accountability for the management of risks associated with vendors and business partners. Establishes Communication Protocols for Vendors and Business Partners—The entity establishes communication and resolution protocols for service or product issues related to vendors and business partners. Establishes Exception Handling Procedures From Vendors and Business Partners —The entity establishes exception handling procedures for service or product issues related to vendors and business partners. Assesses Vendor and Business Partner Performance—The entity periodically assesses the performance of vendors and business partners. Implements Procedures for Addressing Issues Identified During Vendor and Business Partner Assessments—The entity implements procedures for addressing issues identified with vendor and business partner relationships. Implements Procedures for Terminating Vendor and Business Partner Relationships — The entity implements procedures for terminating vendor and business partner relationships. Obtains Confidentiality Commitments from Vendors and Business Partners—The entity obtains confidentiality commitments that are consistent with the entity's confidentiality commitments and requirements from vendors and business partners who have access to confidential information. Assesses Compliance With Confidentiality Commitments of Vendors and Business Partners — On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity's confidentiality commitments and requirements. Obtains Privacy Commitments from Vendors and Business Partners—The entity obtains privacy commitments, consistent with the entity's privacy commitments and requirements, from vendors and business partners who have access to personal information. Assesses Compliance with Privacy Commitments of Vendors and Business Partners— On a periodic and as-needed basis, the entity assesses compliance by vendors and business partners with the entity's privacy commitments and requirements and takes corrective action as necessary.",
-      "Attributes": [
-        {
-          "ItemId": "cc_9_2",
-          "Section": "CC9.0 - Risk Mitigation",
-          "Service": "gcp",
-          "Type": "automated"
-        }
-      ],
-      "Checks": [
-        "gemini_api_disabled"
-      ]
-    },
    {
      "Id": "cc_a_1_1",
      "Name": "A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives",
@@ -593,4 +575,4 @@
      ]
    }
  ]
-}
+}
@@ -662,8 +662,8 @@
          "Description": "It is recommended to setup an Event Rule and Notification that gets triggered when Identity Provider Group Mappings are created, updated or deleted. Event Rules are compartment scoped and will detect events in child compartments. It is recommended to create the Event rule at the root compartment level.",
          "RationaleStatement": "IAM Policies govern access to all resources within an OCI Tenancy. IAM Policies use OCI Groups for assigning the privileges. Identity Provider Groups could be mapped to OCI Groups to assign privileges to federated users in OCI. Monitoring and alerting on changes to Identity Provider Group mappings will help in identifying changes to the security posture.",
          "ImpactStatement": "There is no performance impact when enabling the above described features but depending on the amount of notifications sent per month there may be a cost associated.",
-          "RemediationProcedure": "**From Console:**1. Go to the `Events Service` page: [https://cloud.oracle.com/events/rules](https://cloud.oracle.com/events/rules)2. Select the `compartment` that should host the rule3. Click `Create Rule`4. Provide a `Display Name` and `Description`5. Create a Rule Condition by selecting `Identity` in the Service Name Drop-down and selecting `Idp Group Mapping – Add`, `Idp Group Mapping – Remove` and `Idp Group Mapping – Update`6. In the `Actions` section select `Notifications` as Action Type7. Select the `Compartment` that hosts the Topic to be used.8. Select the `Topic` to be used9. Optionally add Tags to the Rule10. Click `Create Rule`**From CLI:**1. Find the `topic-id` of the topic the Event Rule should use for sending notifications by using the topic `name` and `Compartment OCID````oci ons topic list --compartment-id <compartment-ocid> --all --query data [?name=='<topic-name>'].{name:name,topic_id:\\topic-id\\} --output table```2. Create a JSON file to be used when creating the Event Rule. Replace topic id, display name, description and compartment OCID.```{ actions: { actions: [ { actionType: ONS, isEnabled: true, topicId: <topic-id> }] }, condition:{\\eventType\\:[\\com.oraclecloud.identitycontrolplane.addidpgroupmapping\\,\\com.oraclecloud.identitycontrolplane.removeidpgroupmapping\\,\\com.oraclecloud.identitycontrolplane.updateidpgroupmapping\\],\\data\\:{}}, displayName: <display-name>, description: <description>, isEnabled: true, compartmentId: <compartment-ocid>}```3. Create the actual event rule```oci events rule create --from-json file://event_rule.json```4. Note in the JSON returned that it lists the parameters specified in the JSON file provided and that there is an OCID provided for the Event Rule",
-          "AuditProcedure": "**From Console:**1. Go to the Events Service page: [https://cloud.oracle.com/events/rules](https://cloud.oracle.com/events/rules)2. Select the `Compartment` that hosts the rules3. Find and click the `Rule` that handles `Idp Group Mapping` Changes (if any)4. Ensure the `Rule` is `ACTIVE`5. Click the `Edit Rule` button and verify that the `RuleConditions` section contains a condition for the Service `Identity` and Event Types: `Idp Group Mapping – Add`, `Idp Group Mapping – Remove` and `Idp Group Mapping – Update`6. Verify that in the `Actions` section the Action Type contains: `Notifications` and that a valid `Topic` is referenced.**From CLI:** 1. Find the OCID of the specific Event Rule based on Display Name and Compartment OCID```oci events rule list --compartment-id <compartment-ocid> --query data [?\\display-name\\=='<displa-name>'].{id:id} --output table```2. List the details of a specific Event Rule based on the OCID of the rule.```oci events rule get --rule-id <rule-id>```3. In the JSON output locate the Conditions key value pair and verify that the following Conditions are present:```com.oraclecloud.identitycontrolplane.addidpgroupmappingcom.oraclecloud.identitycontrolplane.removeidpgroupmappingcom.oraclecloud.identitycontrolplane.updateidpgroupmapping```4. Verify the value of the `is-enabled` attribute is `true`5. In the JSON output verify that `actionType` is `ONS` and locate the `topic-id`6. Verify the correct topic is used by checking the topic name```oci ons topic get --topic-id <topic-id> --query data.{name:name} --output table```",
+          "RemediationProcedure": "**From Console:**1. Go to the `Events Service` page: [https://cloud.oracle.com/events/rules](https://cloud.oracle.com/events/rules)2. Select the `compartment` that should host the rule3. Click `Create Rule`4. Provide a `Display Name` and `Description`5. Create a Rule Condition by selecting `Identity` in the Service Name Drop-down and selecting `Idp Group Mapping – Create`, `Idp Group Mapping – Delete` and `Idp Group Mapping – Update`6. In the `Actions` section select `Notifications` as Action Type7. Select the `Compartment` that hosts the Topic to be used.8. Select the `Topic` to be used9. Optionally add Tags to the Rule10. Click `Create Rule`**From CLI:**1. Find the `topic-id` of the topic the Event Rule should use for sending notifications by using the topic `name` and `Compartment OCID````oci ons topic list --compartment-id <compartment-ocid> --all --query data [?name=='<topic-name>'].{name:name,topic_id:\\topic-id\\} --output table```2. Create a JSON file to be used when creating the Event Rule. Replace topic id, display name, description and compartment OCID.```{ actions: { actions: [ { actionType: ONS, isEnabled: true, topicId: <topic-id> }] }, condition:{\\eventType\\:[\\com.oraclecloud.identitycontrolplane.addidpgroupmapping\\,\\com.oraclecloud.identitycontrolplane.removeidpgroupmapping\\,\\com.oraclecloud.identitycontrolplane.updateidpgroupmapping\\],\\data\\:{}}, displayName: <display-name>, description: <description>, isEnabled: true, compartmentId: <compartment-ocid>}```3. Create the actual event rule```oci events rule create --from-json file://event_rule.json```4. Note in the JSON returned that it lists the parameters specified in the JSON file provided and that there is an OCID provided for the Event Rule",
+          "AuditProcedure": "**From Console:**1. Go to the Events Service page: [https://cloud.oracle.com/events/rules](https://cloud.oracle.com/events/rules)2. Select the `Compartment` that hosts the rules3. Find and click the `Rule` that handles `Idp Group Mapping` Changes (if any)4. Ensure the `Rule` is `ACTIVE`5. Click the `Edit Rule` button and verify that the `RuleConditions` section contains a condition for the Service `Identity` and Event Types: `Idp Group Mapping – Create`, `Idp Group Mapping – Delete` and `Idp Group Mapping – Update`6. Verify that in the `Actions` section the Action Type contains: `Notifications` and that a valid `Topic` is referenced.**From CLI:** 1. Find the OCID of the specific Event Rule based on Display Name and Compartment OCID```oci events rule list --compartment-id <compartment-ocid> --query data [?\\display-name\\=='<displa-name>'].{id:id} --output table```2. List the details of a specific Event Rule based on the OCID of the rule.```oci events rule get --rule-id <rule-id>```3. In the JSON output locate the Conditions key value pair and verify that the following Conditions are present:```com.oraclecloud.identitycontrolplane.addidpgroupmappingcom.oraclecloud.identitycontrolplane.removeidpgroupmappingcom.oraclecloud.identitycontrolplane.updateidpgroupmapping```4. Verify the value of the `is-enabled` attribute is `true`5. In the JSON output verify that `actionType` is `ONS` and locate the `topic-id`6. Verify the correct topic is used by checking the topic name```oci ons topic get --topic-id <topic-id> --query data.{name:name} --output table```",
          "AdditionalInformation": "'- The same Notification topic can be reused by many Event Rules.- The generated notification will include an eventID that can be used when querying the Audit Logs in case further investigation is required.",
          "References": ""
        }
@@ -38,7 +38,7 @@ class _MutableTimestamp:

 timestamp = _MutableTimestamp(datetime.today())
 timestamp_utc = _MutableTimestamp(datetime.now(timezone.utc))
-prowler_version = "5.23.0"
+prowler_version = "5.22.0"
 html_logo_url = "https://github.com/prowler-cloud/prowler/"
 square_logo_img = "https://raw.githubusercontent.com/prowler-cloud/prowler/dc7d2d5aeb92fdf12e8604f42ef6472cd3e8e889/docs/img/prowler-logo-black.png"
 aws_logo = "https://user-images.githubusercontent.com/38561120/235953920-3e3fba08-0795-41dc-b480-9bea57db9f2e.png"
@@ -12,6 +12,7 @@ from prowler.lib.check.models import (
    Code,
    Recommendation,
    Remediation,
+    Severity,
 )
 from prowler.lib.logger import logger
 from prowler.lib.outputs.common import Status, fill_common_finding_data
@@ -536,48 +537,74 @@ class Finding(BaseModel):
            finding.zone_name = getattr(resource, "zone_name", resource.name)
            finding.account_id = getattr(finding, "account_id", "")

-        finding.check_metadata = CheckMetadata(
-            Provider=finding.check_metadata["provider"],
-            CheckID=finding.check_metadata["checkid"],
-            CheckTitle=finding.check_metadata["checktitle"],
-            CheckType=finding.check_metadata["checktype"],
-            ServiceName=finding.check_metadata["servicename"],
-            SubServiceName=finding.check_metadata["subservicename"],
-            Severity=finding.check_metadata["severity"],
-            ResourceType=finding.check_metadata["resourcetype"],
-            Description=finding.check_metadata["description"],
-            Risk=finding.check_metadata["risk"],
-            RelatedUrl=finding.check_metadata["relatedurl"],
-            Remediation=Remediation(
-                Recommendation=Recommendation(
-                    Text=finding.check_metadata["remediation"]["recommendation"][
-                        "text"
-                    ],
-                    Url=finding.check_metadata["remediation"]["recommendation"]["url"],
-                ),
-                Code=Code(
-                    NativeIaC=finding.check_metadata["remediation"]["code"][
-                        "nativeiac"
-                    ],
-                    Terraform=finding.check_metadata["remediation"]["code"][
-                        "terraform"
-                    ],
-                    CLI=finding.check_metadata["remediation"]["code"]["cli"],
-                    Other=finding.check_metadata["remediation"]["code"]["other"],
-                ),
-            ),
-            ResourceIdTemplate=finding.check_metadata["resourceidtemplate"],
-            Categories=finding.check_metadata["categories"],
-            DependsOn=finding.check_metadata["dependson"],
-            RelatedTo=finding.check_metadata["relatedto"],
-            Notes=finding.check_metadata["notes"],
-        )
+        metadata_kwargs = cls._get_api_check_metadata_kwargs(finding.check_metadata)
+        try:
+            finding.check_metadata = CheckMetadata(**metadata_kwargs)
+        except ValidationError as validation_error:
+            check_id = metadata_kwargs.get("CheckID", getattr(finding, "check_id", ""))
+            logger.warning(
+                "Legacy persisted check metadata failed validation during API finding transformation "
+                f"for {check_id}. Falling back to compatibility mode. Errors: {validation_error.errors()}"
+            )
+            finding.check_metadata = cls._construct_legacy_check_metadata(
+                metadata_kwargs
+            )
        finding.resource_tags = unroll_tags(
            [{"key": tag.key, "value": tag.value} for tag in resource.tags.all()]
        )

        return cls.generate_output(provider, finding, SimpleNamespace())

+    @staticmethod
+    def _get_api_check_metadata_kwargs(check_metadata: dict) -> dict:
+        remediation = check_metadata["remediation"]
+        remediation_code = remediation["code"]
+        remediation_recommendation = remediation["recommendation"]
+
+        return {
+            "Provider": check_metadata["provider"],
+            "CheckID": check_metadata["checkid"],
+            "CheckTitle": check_metadata["checktitle"],
+            "CheckType": check_metadata["checktype"],
+            "CheckAliases": check_metadata.get("checkaliases", []),
+            "ServiceName": check_metadata["servicename"],
+            "SubServiceName": check_metadata["subservicename"],
+            "Severity": check_metadata["severity"],
+            "ResourceType": check_metadata["resourcetype"],
+            "ResourceGroup": check_metadata.get("resourcegroup", ""),
+            "Description": check_metadata["description"],
+            "Risk": check_metadata["risk"],
+            "RelatedUrl": check_metadata["relatedurl"],
+            "Remediation": Remediation(
+                Recommendation=Recommendation(
+                    Text=remediation_recommendation["text"],
+                    Url=remediation_recommendation["url"],
+                ),
+                Code=Code(
+                    NativeIaC=remediation_code["nativeiac"],
+                    Terraform=remediation_code["terraform"],
+                    CLI=remediation_code["cli"],
+                    Other=remediation_code["other"],
+                ),
+            ),
+            "ResourceIdTemplate": check_metadata["resourceidtemplate"],
+            "AdditionalURLs": check_metadata.get("additionalurls", []),
+            "Categories": check_metadata["categories"],
+            "DependsOn": check_metadata["dependson"],
+            "RelatedTo": check_metadata["relatedto"],
+            "Notes": check_metadata["notes"],
+            "Compliance": check_metadata.get("compliance", []),
+        }
+
+    @staticmethod
+    def _construct_legacy_check_metadata(metadata_kwargs: dict) -> CheckMetadata:
+        severity = metadata_kwargs["Severity"]
+        if not isinstance(severity, Severity):
+            severity = Severity(severity)
+
+        legacy_metadata_kwargs = {**metadata_kwargs, "Severity": severity}
+        return CheckMetadata.construct(**legacy_metadata_kwargs)
+
    def _transform_findings_stats(scan_summaries: list[dict]) -> dict:
        """
        Aggregate and transform scan summary data into findings statistics.
@@ -942,23 +942,20 @@ class AwsProvider(Provider):
            )
            raise error

-    def get_default_region(self, service: str, global_service: bool = False) -> str:
-        """get_default_region returns the default region based on the profile and audited service regions.
-
-        For global services (CloudFront, Route53, Shield, FMS) the partition's
-        global region is always returned, ignoring profile and audited regions.
+    def get_default_region(self, service: str) -> str:
+        """get_default_region returns the default region based on the profile and audited service regions

        Args:
            - service: The AWS service name
-            - global_service: If True, return the partition's global region directly

        Returns:
            - str: The default region for the given service
+
+        Example:
+            service = "ec2"
+            default_region = get_default_region(service)
        """
        try:
-            if global_service:
-                return self.get_global_region()
-
            service_regions = AwsProvider.get_available_aws_service_regions(
                service, self._identity.partition, self._identity.audited_regions
            )
@@ -1587,7 +1587,6 @@
          "ap-northeast-1",
          "ap-south-1",
          "ap-southeast-2",
-          "ca-central-1",
          "eu-central-1",
          "eu-west-1",
          "eu-west-2",
@@ -1671,8 +1670,20 @@
    "budgets": {
      "regions": {
        "aws": [
+          "ap-northeast-1",
+          "ap-northeast-2",
+          "ap-south-1",
+          "ap-southeast-1",
+          "ap-southeast-2",
          "ca-central-1",
+          "eu-central-1",
+          "eu-west-1",
+          "eu-west-2",
+          "eu-west-3",
+          "sa-east-1",
          "us-east-1",
+          "us-east-2",
+          "us-west-1",
          "us-west-2"
        ],
        "aws-cn": [
@@ -3428,6 +3439,7 @@
    "datazone": {
      "regions": {
        "aws": [
+          "af-south-1",
          "ap-east-1",
          "ap-northeast-1",
          "ap-northeast-2",
@@ -3440,6 +3452,7 @@
          "eu-central-1",
          "eu-central-2",
          "eu-north-1",
+          "eu-south-2",
          "eu-west-1",
          "eu-west-2",
          "eu-west-3",
@@ -6985,7 +6998,6 @@
        "aws": [
          "af-south-1",
          "ap-east-1",
-          "ap-east-2",
          "ap-northeast-1",
          "ap-northeast-2",
          "ap-northeast-3",
@@ -7010,7 +7022,6 @@
          "il-central-1",
          "me-central-1",
          "me-south-1",
-          "mx-central-1",
          "sa-east-1",
          "us-east-1",
          "us-east-2",
@@ -7684,7 +7695,6 @@
          "ap-southeast-1",
          "ap-southeast-2",
          "ap-southeast-4",
-          "ap-southeast-5",
          "ca-central-1",
          "eu-central-1",
          "eu-north-1",
@@ -7922,7 +7932,6 @@
        "aws": [
          "ap-southeast-2",
          "eu-west-1",
-          "eu-west-2",
          "us-east-1",
          "us-west-2"
        ],
@@ -8246,7 +8255,6 @@
          "ap-east-1",
          "ap-northeast-1",
          "ap-northeast-2",
-          "ap-northeast-3",
          "ap-south-1",
          "ap-southeast-1",
          "ap-southeast-2",
@@ -8262,7 +8270,6 @@
          "sa-east-1",
          "us-east-1",
          "us-east-2",
-          "us-west-1",
          "us-west-2"
        ],
        "aws-cn": [],
@@ -9870,7 +9877,6 @@
          "eu-west-1",
          "eu-west-2",
          "il-central-1",
-          "sa-east-1",
          "us-east-1",
          "us-east-2",
          "us-west-1",
@@ -61,9 +61,7 @@ class AWSService:
        # Get a single region and client if the service needs it (e.g. AWS Global Service)
        # We cannot include this within an else because some services needs both the regional_clients
        # and a single client like S3
-        self.region = provider.get_default_region(
-            self.service, global_service=global_service
-        )
+        self.region = provider.get_default_region(self.service)
        self.client = self.session.client(self.service, self.region)

        # Thread pool for __threading_call__
--- a/Show More
+++ b/Show More