docs: add AWS Orgs tip in bulk provisioning tutorial

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -8,7 +8,7 @@ body:
     attributes:
       label: Feature search
       options:
-        - label: I have searched the existing issues and this feature has not been requested yet or is already in our [Public Roadmap](https://roadmap.prowler.com/roadmap)
+        - label: I have searched the existing issues and this feature has not been requested yet
           required: true
   - type: dropdown
     id: component

.github/workflows/find-secrets.yml

@@ -1,33 +1,19 @@
 name: 'Tools: TruffleHog'
 
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+on: pull_request
 
 jobs:
-  scan-secrets:
+  trufflehog:
     runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
-
-      - name: Scan for secrets with TruffleHog
-        uses: trufflesecurity/trufflehog@ad6fc8fb446b8fafbf7ea8193d2d6bfd42f45690 # v3.90.11
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@466da5b0bb161144f6afca9afe5d57975828c410 # v3.90.8
         with:
-          extra_args: '--results=verified,unknown'
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --only-verified

.github/workflows/labeler.yml

@@ -1,29 +1,17 @@
-name: 'Tools: PR Labeler'
+name: Prowler - PR Labeler
 
 on:
-  pull_request_target:
-    branches:
-      - 'master'
-      - 'v5.*'
-    types:
-      - 'opened'
-      - 'reopened'
-      - 'synchronize'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    pull_request_target:
+      branches:
+        - "master"
+        - "v3"
+        - "v4.*"
 
 jobs:
   labeler:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
     permissions:
       contents: read
       pull-requests: write
-
+    runs-on: ubuntu-latest
     steps:
-      - name: Apply labels to PR
-        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
-        with:
-          sync-labels: true
+    - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1

.github/workflows/mcp-container-build-push.yml

@@ -3,13 +3,21 @@ name: 'MCP: Container Build and Push'
 on:
   push:
     branches:
-      - 'master'
+      - "master"
     paths:
-      - 'mcp_server/**'
-      - '.github/workflows/mcp-container-build-push.yml'
+      - "mcp_server/**"
+      - ".github/workflows/mcp-container-build-push.yml"
+
+  # Uncomment to test this workflow on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "mcp_server/**"
+  #     - ".github/workflows/mcp-container-build-push.yml"
+
   release:
-    types:
-      - 'published'
+    types: [published]
 
 permissions:
   contents: read
@@ -33,7 +41,6 @@ jobs:
   setup:
     if: github.repository == 'prowler-cloud/prowler'
     runs-on: ubuntu-latest
-    timeout-minutes: 5
     outputs:
       short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
     steps:
@@ -44,12 +51,8 @@ jobs:
   container-build-push:
     needs: setup
     runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Login to DockerHub
@@ -61,7 +64,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
-      - name: Build and push MCP container (latest)
+      - name: Build and push container (latest)
         if: github.event_name == 'push'
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
@@ -80,7 +83,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Build and push MCP container (release)
+      - name: Build and push container (release)
         if: github.event_name == 'release'
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
@@ -100,7 +103,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Trigger MCP deployment
+      - name: Trigger deployment
         if: github.event_name == 'push'
         uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
         with:

.github/workflows/pr-check-changelog.yml

@@ -1,103 +0,0 @@
-name: 'Tools: Check Changelog'
-
-on:
-  pull_request:
-    types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
-      - 'labeled'
-      - 'unlabeled'
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  check-changelog:
-    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    env:
-      MONITORED_FOLDERS: 'api ui prowler mcp_server'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          fetch-depth: 0
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            ui/**
-            prowler/**
-            mcp_server/**
-
-      - name: Check for folder changes and changelog presence
-        id: check-folders
-        run: |
-          missing_changelogs=""
-
-          # Check api folder
-          if [[ "${{ steps.changed-files.outputs.any_changed }}" == "true" ]]; then
-            for folder in $MONITORED_FOLDERS; do
-              # Get files changed in this folder
-              changed_in_folder=$(echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "^${folder}/" || true)
-
-              if [ -n "$changed_in_folder" ]; then
-                echo "Detected changes in ${folder}/"
-
-                # Check if CHANGELOG.md was updated
-                if ! echo "$changed_in_folder" | grep -q "^${folder}/CHANGELOG.md$"; then
-                  echo "No changelog update found for ${folder}/"
-                  missing_changelogs="${missing_changelogs}- \`${folder}\`"$'\n'
-                fi
-              fi
-            done
-          fi
-
-          {
-            echo "missing_changelogs<<EOF"
-            echo -e "${missing_changelogs}"
-            echo "EOF"
-          } >> $GITHUB_OUTPUT
-
-      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        id: find-comment
-        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- changelog-check -->'
-
-      - name: Update PR comment with changelog status
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          edit-mode: replace
-          body: |
-            <!-- changelog-check -->
-            ${{ steps.check-folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
-
-            {0}
-
-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check-folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated.' }}
-
-      - name: Fail if changelog is missing
-        if: steps.check-folders.outputs.missing_changelogs != ''
-        run: |
-          echo "::error::Missing changelog updates in some folders"
-          exit 1

.github/workflows/pr-conflict-checker.yml

@@ -1,40 +1,42 @@
-name: 'Tools: PR Conflict Checker'
+name: Prowler - PR Conflict Checker
 
 on:
-  pull_request_target:
+  pull_request:
     types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
+      - opened
+      - synchronize
+      - reopened
     branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+      - "master"
+      - "v5.*"
+  # Leaving this commented until we find a way to run it for forks but in Prowler's context
+  # pull_request_target:
+  #   types:
+  #     - opened
+  #     - synchronize
+  #     - reopened
+  #   branches:
+  #     - "master"
+  #     - "v5.*"
 
 jobs:
-  check-conflicts:
+  conflict-checker:
     runs-on: ubuntu-latest
-    timeout-minutes: 15
     permissions:
       contents: read
       pull-requests: write
       issues: write
 
     steps:
-      - name: Checkout PR head
+      - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
 
       - name: Get changed files
         id: changed-files
         uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
         with:
-          files: '**'
+          files: |
+            **
 
       - name: Check for conflict markers
         id: conflict-check
@@ -49,10 +51,10 @@ jobs:
             if [ -f "$file" ]; then
               echo "Checking file: $file"
 
-              # Look for conflict markers (more precise regex)
-              if grep -qE '^(<<<<<<<|=======|>>>>>>>)' "$file" 2>/dev/null; then
+              # Look for conflict markers
+              if grep -l "^<<<<<<<\|^=======\|^>>>>>>>" "$file" 2>/dev/null; then
                 echo "Conflict markers found in: $file"
-                CONFLICT_FILES="${CONFLICT_FILES}- \`${file}\`"$'\n'
+                CONFLICT_FILES="$CONFLICT_FILES$file "
                 HAS_CONFLICTS=true
               fi
             fi
@@ -60,64 +62,114 @@ jobs:
 
           if [ "$HAS_CONFLICTS" = true ]; then
             echo "has_conflicts=true" >> $GITHUB_OUTPUT
-            {
-              echo "conflict_files<<EOF"
-              echo "$CONFLICT_FILES"
-              echo "EOF"
-            } >> $GITHUB_OUTPUT
-            echo "Conflict markers detected"
+            echo "conflict_files=$CONFLICT_FILES" >> $GITHUB_OUTPUT
+            echo "Conflict markers detected in files: $CONFLICT_FILES"
           else
             echo "has_conflicts=false" >> $GITHUB_OUTPUT
             echo "No conflict markers found in changed files"
           fi
 
-      - name: Manage conflict label
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          HAS_CONFLICTS: ${{ steps.conflict-check.outputs.has_conflicts }}
-        run: |
-          LABEL_NAME="has-conflicts"
+      - name: Add conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
 
-          # Add or remove label based on conflict status
-          if [ "$HAS_CONFLICTS" = "true" ]; then
-            echo "Adding conflict label to PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --add-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          else
-            echo "Removing conflict label from PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --remove-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          fi
+            const hasConflictLabel = labels.some(label => label.name === 'has-conflicts');
 
-      - name: Find existing comment
+            if (!hasConflictLabel) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: ['has-conflicts']
+              });
+              console.log('Added has-conflicts label');
+            } else {
+              console.log('has-conflicts label already exists');
+            }
+
+      - name: Remove conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            try {
+              await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                name: 'has-conflicts'
+              });
+              console.log('Removed has-conflicts label');
+            } catch (error) {
+              if (error.status === 404) {
+                console.log('has-conflicts label was not present');
+              } else {
+                throw error;
+              }
+            }
+
+      - name: Find existing conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
         uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
         id: find-comment
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
-          body-includes: '<!-- conflict-checker-comment -->'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'
 
-      - name: Create or update comment
+      - name: Create or update conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
         uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
         with:
           comment-id: ${{ steps.find-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}
           edit-mode: replace
           body: |
-            <!-- conflict-checker-comment -->
-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && '⚠️ **Conflict Markers Detected**' || '✅ **Conflict Markers Resolved**' }}
+            ⚠️ **Conflict Markers Detected**
 
-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && format('This pull request contains unresolved conflict markers in the following files:
-
-            {0}
+            This pull request contains unresolved conflict markers in the following files:
+            ```
+            ${{ steps.conflict-check.outputs.conflict_files }}
+            ```
 
             Please resolve these conflicts by:
             1. Locating the conflict markers: `<<<<<<<`, `=======`, and `>>>>>>>`
             2. Manually editing the files to resolve the conflicts
             3. Removing all conflict markers
-            4. Committing and pushing the changes', steps.conflict-check.outputs.conflict_files) || 'All conflict markers have been successfully resolved in this pull request.' }}
+            4. Committing and pushing the changes
+
+      - name: Find existing conflict comment when resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
+        id: find-resolved-comment
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'
+
+      - name: Update comment when conflicts resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false' && steps.find-resolved-comment.outputs.comment-id != ''
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          comment-id: ${{ steps.find-resolved-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          edit-mode: replace
+          body: |
+            ✅ **Conflict Markers Resolved**
+
+            All conflict markers have been successfully resolved in this pull request.
 
       - name: Fail workflow if conflicts detected
         if: steps.conflict-check.outputs.has_conflicts == 'true'
         run: |
-          echo "::error::Workflow failed due to conflict markers detected in the PR"
+          echo "::error::Workflow failed due to conflict markers in files: ${{ steps.conflict-check.outputs.conflict_files }}"
           exit 1

.github/workflows/prowler-release-preparation.yml

@@ -1,6 +1,6 @@
-name: 'Tools: Prepare Release'
+name: Prowler - Release Preparation
 
-run-name: 'Prepare Release for Prowler ${{ inputs.prowler_version }}'
+run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}
 
 on:
   workflow_dispatch:
@@ -10,23 +10,18 @@ on:
         required: true
         type: string
 
-concurrency:
-  group: ${{ github.workflow }}-${{ inputs.prowler_version }}
-  cancel-in-progress: false
-
 env:
-  PROWLER_VERSION: ${{ inputs.prowler_version }}
+  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}
 
 jobs:
   prepare-release:
-    if: github.event_name == 'workflow_dispatch' && github.repository == 'prowler-cloud/prowler'
+    if: github.repository == 'prowler-cloud/prowler'
     runs-on: ubuntu-latest
-    timeout-minutes: 30
     permissions:
       contents: write
       pull-requests: write
     steps:
-    - name: Checkout repository
+    - name: Checkout code
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         fetch-depth: 0
@@ -39,15 +34,15 @@ jobs:
 
     - name: Install Poetry
       run: |
-        python3 -m pip install --user poetry==2.1.1
+        python3 -m pip install --user poetry
         echo "$HOME/.local/bin" >> $GITHUB_PATH
 
     - name: Configure Git
       run: |
-        git config --global user.name 'prowler-bot'
-        git config --global user.email '179230569+prowler-bot@users.noreply.github.com'
+        git config --global user.name "prowler-bot"
+        git config --global user.email "179230569+prowler-bot@users.noreply.github.com"
 
-    - name: Parse version and read changelogs
+    - name: Parse version and determine branch
       run: |
         # Validate version format (reusing pattern from sdk-bump-version.yml)
         if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
@@ -124,7 +119,7 @@ jobs:
           exit 1
         fi
 
-    - name: Extract and combine changelog entries
+    - name: Extract changelog entries
       run: |
         set -e
 
@@ -250,7 +245,7 @@ jobs:
         echo "Combined changelog preview:"
         cat combined_changelog.md
 
-    - name: Checkout release branch for patch release
+    - name: Checkout existing branch for patch release
       if: ${{ env.PATCH_VERSION != '0' }}
       run: |
         echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
@@ -265,7 +260,7 @@ jobs:
           exit 1
         fi
 
-    - name: Verify SDK version in pyproject.toml
+    - name: Verify version in pyproject.toml
       run: |
         CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
         PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
@@ -275,7 +270,7 @@ jobs:
         fi
         echo "✓ pyproject.toml version: $CURRENT_VERSION"
 
-    - name: Verify SDK version in prowler/config/config.py
+    - name: Verify version in prowler/config/config.py
       run: |
         CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
         PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
@@ -285,7 +280,7 @@ jobs:
         fi
         echo "✓ prowler/config/config.py version: $CURRENT_VERSION"
 
-    - name: Verify API version in api/pyproject.toml
+    - name: Verify version in api/pyproject.toml
       if: ${{ env.HAS_API_CHANGES == 'true' }}
       run: |
         CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
@@ -296,7 +291,7 @@ jobs:
         fi
         echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"
 
-    - name: Verify API prowler dependency in api/pyproject.toml
+    - name: Verify prowler dependency in api/pyproject.toml
       if: ${{ env.PATCH_VERSION != '0' && env.HAS_API_CHANGES == 'true' }}
       run: |
         CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
@@ -307,7 +302,7 @@ jobs:
         fi
         echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
 
-    - name: Verify API version in api/src/backend/api/v1/views.py
+    - name: Verify version in api/src/backend/api/v1/views.py
       if: ${{ env.HAS_API_CHANGES == 'true' }}
       run: |
         CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
@@ -318,7 +313,7 @@ jobs:
         fi
         echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
 
-    - name: Checkout release branch for minor release
+    - name: Checkout existing release branch for minor release
       if: ${{ env.PATCH_VERSION == '0' }}
       run: |
         echo "Minor release detected (patch = 0), checking out existing branch $BRANCH_NAME..."
@@ -330,7 +325,7 @@ jobs:
           exit 1
         fi
 
-    - name: Update API prowler dependency for minor release
+    - name: Prepare prowler dependency update for minor release
       if: ${{ env.PATCH_VERSION == '0' }}
       run: |
         CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
@@ -367,7 +362,7 @@ jobs:
 
         echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"
 
-    - name: Create PR for API dependency update
+    - name: Create Pull Request against release branch
       if: ${{ env.PATCH_VERSION == '0' }}
       uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
       with:

.github/workflows/pull-request-check-changelog.yml

@@ -0,0 +1,77 @@
+name: Prowler - Check Changelog
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+jobs:
+  check-changelog:
+    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    env:
+      MONITORED_FOLDERS: "api ui prowler mcp_server"
+
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Get list of changed files
+        id: changed_files
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt
+          cat changed_files.txt
+
+      - name: Check for folder changes and changelog presence
+        id: check_folders
+        run: |
+          missing_changelogs=""
+
+          for folder in $MONITORED_FOLDERS; do
+            if grep -q "^${folder}/" changed_files.txt; then
+              echo "Detected changes in ${folder}/"
+              if ! grep -q "^${folder}/CHANGELOG.md$" changed_files.txt; then
+                echo "No changelog update found for ${folder}/"
+                missing_changelogs="${missing_changelogs}- \`${folder}\`\n"
+              fi
+            fi
+          done
+
+          echo "missing_changelogs<<EOF" >> $GITHUB_OUTPUT
+          echo -e "${missing_changelogs}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Find existing changelog comment
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        id: find_comment
+        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad #v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '<!-- changelog-check -->'
+
+      - name: Update PR comment with changelog status
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.find_comment.outputs.comment-id }}
+          edit-mode: replace
+          body: |
+            <!-- changelog-check -->
+            ${{ steps.check_folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
+
+            {0}
+
+            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check_folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉' }}
+
+      - name: Fail if changelog is missing
+        if: steps.check_folders.outputs.missing_changelogs != ''
+        run: |
+          echo "ERROR: Missing changelog updates in some folders."
+          exit 1

.github/workflows/pull-request-merged.yml

@@ -1,31 +1,27 @@
-name: 'Tools: PR Merged'
+name: Prowler - Merged Pull Request
 
 on:
   pull_request_target:
-    branches:
-      - 'master'
-    types:
-      - 'closed'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: false
+    branches: ['master']
+    types: ['closed']
 
 jobs:
   trigger-cloud-pull-request:
+    name: Trigger Cloud Pull Request
     if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
     runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
     steps:
-      - name: Calculate short commit SHA
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+
+      - name: Set short git commit SHA
         id: vars
         run: |
-          SHORT_SHA="${{ github.event.pull_request.merge_commit_sha }}"
-          echo "SHORT_SHA=${SHORT_SHA::7}" >> $GITHUB_ENV
+          shortSha=$(git rev-parse --short ${{ github.event.pull_request.merge_commit_sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
 
-      - name: Trigger Cloud repository pull request
+      - name: Trigger pull request
         uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
         with:
           token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -35,12 +31,8 @@ jobs:
             {
               "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
               "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-              "PROWLER_PR_NUMBER": "${{ github.event.pull_request.number }}",
               "PROWLER_PR_TITLE": ${{ toJson(github.event.pull_request.title) }},
               "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
               "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }},
-              "PROWLER_PR_MERGED_BY": "${{ github.event.pull_request.merged_by.login }}",
-              "PROWLER_PR_BASE_BRANCH": "${{ github.event.pull_request.base.ref }}",
-              "PROWLER_PR_HEAD_BRANCH": "${{ github.event.pull_request.head.ref }}"
+              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }}
             }

.gitignore

@@ -83,6 +83,3 @@ CLAUDE.md
 # MCP Server
 mcp_server/prowler_mcp_server/prowler_app/server.py
 mcp_server/prowler_mcp_server/prowler_app/utils/schema.yaml
-
-# Compliance report
-*.pdf

Makefile

@@ -46,14 +46,6 @@ help:     ## Show this help.
 	@echo "Prowler Makefile"
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-##@ Build no cache
-build-no-cache-dev: 
-	docker compose -f docker-compose-dev.yml build --no-cache api-dev worker-dev worker-beat
-
 ##@ Development Environment
 run-api-dev: ## Start development environment with API, PostgreSQL, Valkey, and workers 
-	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat
-
-##@ Development Environment
-build-and-run-api-dev: build-no-cache-dev run-api-dev
-
+	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat --build

api/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to the **Prowler API** are documented in this file.
 
-## [1.14.0] (Prowler 5.13.0)
+## [1.14.0] (Prowler UNRELEASED)
 
 ### Added
 - Default JWT keys are generated and stored if they are missing from configuration [(#8655)](https://github.com/prowler-cloud/prowler/pull/8655)
@@ -12,7 +12,6 @@ All notable changes to the **Prowler API** are documented in this file.
 - API Key support [(#8805)](https://github.com/prowler-cloud/prowler/pull/8805)
 - SAML role mapping protection for single-admin tenants to prevent accidental lockout [(#8882)](https://github.com/prowler-cloud/prowler/pull/8882)
 - Support for `passed_findings` and `total_findings` fields in compliance requirement overview for accurate Prowler ThreatScore calculation [(#8582)](https://github.com/prowler-cloud/prowler/pull/8582)
-- PDF reporting for Prowler ThreatScore [(#8867)](https://github.com/prowler-cloud/prowler/pull/8867)
 - Database read replica support [(#8869)](https://github.com/prowler-cloud/prowler/pull/8869)
 - Support Common Cloud Controls for AWS, Azure and GCP [(#8000)](https://github.com/prowler-cloud/prowler/pull/8000)
 - Add `provider_id__in` filter support to findings and findings severity overview endpoints [(#8951)](https://github.com/prowler-cloud/prowler/pull/8951)

api/poetry.lock

@@ -1256,98 +1256,6 @@ files = [
     {file = "contextlib2-21.6.0.tar.gz", hash = "sha256:ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869"},
 ]
 
-[[package]]
-name = "contourpy"
-version = "1.3.3"
-description = "Python library for calculating contours of 2D quadrilateral grids"
-optional = false
-python-versions = ">=3.11"
-groups = ["main"]
-files = [
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:709a48ef9a690e1343202916450bc48b9e51c049b089c7f79a267b46cffcdaa1"},
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:23416f38bfd74d5d28ab8429cc4d63fa67d5068bd711a85edb1c3fb0c3e2f381"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:929ddf8c4c7f348e4c0a5a3a714b5c8542ffaa8c22954862a46ca1813b667ee7"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:9e999574eddae35f1312c2b4b717b7885d4edd6cb46700e04f7f02db454e67c1"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:0bf67e0e3f482cb69779dd3061b534eb35ac9b17f163d851e2a547d56dba0a3a"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:51e79c1f7470158e838808d4a996fa9bac72c498e93d8ebe5119bc1e6becb0db"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:598c3aaece21c503615fd59c92a3598b428b2f01bfb4b8ca9c4edeecc2438620"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:322ab1c99b008dad206d406bb61d014cf0174df491ae9d9d0fac6a6fda4f977f"},
-    {file = "contourpy-1.3.3-cp311-cp311-win32.whl", hash = "sha256:fd907ae12cd483cd83e414b12941c632a969171bf90fc937d0c9f268a31cafff"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_amd64.whl", hash = "sha256:3519428f6be58431c56581f1694ba8e50626f2dd550af225f82fb5f5814d2a42"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_arm64.whl", hash = "sha256:15ff10bfada4bf92ec8b31c62bf7c1834c244019b4a33095a68000d7075df470"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b08a32ea2f8e42cf1d4be3169a98dd4be32bafe4f22b6c4cb4ba810fa9e5d2cb"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:556dba8fb6f5d8742f2923fe9457dbdd51e1049c4a43fd3986a0b14a1d815fc6"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92d9abc807cf7d0e047b95ca5d957cf4792fcd04e920ca70d48add15c1a90ea7"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:b2e8faa0ed68cb29af51edd8e24798bb661eac3bd9f65420c1887b6ca89987c8"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:626d60935cf668e70a5ce6ff184fd713e9683fb458898e4249b63be9e28286ea"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4d00e655fcef08aba35ec9610536bfe90267d7ab5ba944f7032549c55a146da1"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:451e71b5a7d597379ef572de31eeb909a87246974d960049a9848c3bc6c41bf7"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:459c1f020cd59fcfe6650180678a9993932d80d44ccde1fa1868977438f0b411"},
-    {file = "contourpy-1.3.3-cp312-cp312-win32.whl", hash = "sha256:023b44101dfe49d7d53932be418477dba359649246075c996866106da069af69"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_amd64.whl", hash = "sha256:8153b8bfc11e1e4d75bcb0bff1db232f9e10b274e0929de9d608027e0d34ff8b"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_arm64.whl", hash = "sha256:07ce5ed73ecdc4a03ffe3e1b3e3c1166db35ae7584be76f65dbbe28a7791b0cc"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:177fb367556747a686509d6fef71d221a4b198a3905fe824430e5ea0fda54eb5"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d002b6f00d73d69333dac9d0b8d5e84d9724ff9ef044fd63c5986e62b7c9e1b1"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:348ac1f5d4f1d66d3322420f01d42e43122f43616e0f194fc1c9f5d830c5b286"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:655456777ff65c2c548b7c454af9c6f33f16c8884f11083244b5819cc214f1b5"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:644a6853d15b2512d67881586bd03f462c7ab755db95f16f14d7e238f2852c67"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4debd64f124ca62069f313a9cb86656ff087786016d76927ae2cf37846b006c9"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:a15459b0f4615b00bbd1e91f1b9e19b7e63aea7483d03d804186f278c0af2659"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ca0fdcd73925568ca027e0b17ab07aad764be4706d0a925b89227e447d9737b7"},
-    {file = "contourpy-1.3.3-cp313-cp313-win32.whl", hash = "sha256:b20c7c9a3bf701366556e1b1984ed2d0cedf999903c51311417cf5f591d8c78d"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_amd64.whl", hash = "sha256:1cadd8b8969f060ba45ed7c1b714fe69185812ab43bd6b86a9123fe8f99c3263"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_arm64.whl", hash = "sha256:fd914713266421b7536de2bfa8181aa8c699432b6763a0ea64195ebe28bff6a9"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:88df9880d507169449d434c293467418b9f6cbe82edd19284aa0409e7fdb933d"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:d06bb1f751ba5d417047db62bca3c8fde202b8c11fb50742ab3ab962c81e8216"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e4e6b05a45525357e382909a4c1600444e2a45b4795163d3b22669285591c1ae"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ab3074b48c4e2cf1a960e6bbeb7f04566bf36b1861d5c9d4d8ac04b82e38ba20"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:6c3d53c796f8647d6deb1abe867daeb66dcc8a97e8455efa729516b997b8ed99"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:50ed930df7289ff2a8d7afeb9603f8289e5704755c7e5c3bbd929c90c817164b"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:4feffb6537d64b84877da813a5c30f1422ea5739566abf0bd18065ac040e120a"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2b7e9480ffe2b0cd2e787e4df64270e3a0440d9db8dc823312e2c940c167df7e"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win32.whl", hash = "sha256:283edd842a01e3dcd435b1c5116798d661378d83d36d337b8dde1d16a5fc9ba3"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_amd64.whl", hash = "sha256:87acf5963fc2b34825e5b6b048f40e3635dd547f590b04d2ab317c2619ef7ae8"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_arm64.whl", hash = "sha256:3c30273eb2a55024ff31ba7d052dde990d7d8e5450f4bbb6e913558b3d6c2301"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:fde6c716d51c04b1c25d0b90364d0be954624a0ee9d60e23e850e8d48353d07a"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:cbedb772ed74ff5be440fa8eee9bd49f64f6e3fc09436d9c7d8f1c287b121d77"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:22e9b1bd7a9b1d652cd77388465dc358dafcd2e217d35552424aa4f996f524f5"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a22738912262aa3e254e4f3cb079a95a67132fc5a063890e224393596902f5a4"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:afe5a512f31ee6bd7d0dda52ec9864c984ca3d66664444f2d72e0dc4eb832e36"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f64836de09927cba6f79dcd00fdd7d5329f3fccc633468507079c829ca4db4e3"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:1fd43c3be4c8e5fd6e4f2baeae35ae18176cf2e5cced681cca908addf1cdd53b"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:6afc576f7b33cf00996e5c1102dc2a8f7cc89e39c0b55df93a0b78c1bd992b36"},
-    {file = "contourpy-1.3.3-cp314-cp314-win32.whl", hash = "sha256:66c8a43a4f7b8df8b71ee1840e4211a3c8d93b214b213f590e18a1beca458f7d"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_amd64.whl", hash = "sha256:cf9022ef053f2694e31d630feaacb21ea24224be1c3ad0520b13d844274614fd"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_arm64.whl", hash = "sha256:95b181891b4c71de4bb404c6621e7e2390745f887f2a026b2d99e92c17892339"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:33c82d0138c0a062380332c861387650c82e4cf1747aaa6938b9b6516762e772"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:ea37e7b45949df430fe649e5de8351c423430046a2af20b1c1961cae3afcda77"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d304906ecc71672e9c89e87c4675dc5c2645e1f4269a5063b99b0bb29f232d13"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ca658cd1a680a5c9ea96dc61cdbae1e85c8f25849843aa799dfd3cb370ad4fbe"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:ab2fd90904c503739a75b7c8c5c01160130ba67944a7b77bbf36ef8054576e7f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b7301b89040075c30e5768810bc96a8e8d78085b47d8be6e4c3f5a0b4ed478a0"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:2a2a8b627d5cc6b7c41a4beff6c5ad5eb848c88255fda4a8745f7e901b32d8e4"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:fd6ec6be509c787f1caf6b247f0b1ca598bef13f4ddeaa126b7658215529ba0f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win32.whl", hash = "sha256:e74a9a0f5e3fff48fb5a7f2fd2b9b70a3fe014a67522f79b7cca4c0c7e43c9ae"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_amd64.whl", hash = "sha256:13b68d6a62db8eafaebb8039218921399baf6e47bf85006fd8529f2a08ef33fc"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_arm64.whl", hash = "sha256:b7448cb5a725bb1e35ce88771b86fba35ef418952474492cf7c764059933ff8b"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:cd5dfcaeb10f7b7f9dc8941717c6c2ade08f587be2226222c12b25f0483ed497"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:0c1fc238306b35f246d61a1d416a627348b5cf0648648a031e14bb8705fcdfe8"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:70f9aad7de812d6541d29d2bbf8feb22ff7e1c299523db288004e3157ff4674e"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5ed3657edf08512fc3fe81b510e35c2012fbd3081d2e26160f27ca28affec989"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:3d1a3799d62d45c18bafd41c5fa05120b96a28079f2393af559b843d1a966a77"},
-    {file = "contourpy-1.3.3.tar.gz", hash = "sha256:083e12155b210502d0bca491432bb04d56dc3432f95a979b429f2848c3dbe880"},
-]
-
-[package.dependencies]
-numpy = ">=1.25"
-
-[package.extras]
-bokeh = ["bokeh", "selenium"]
-docs = ["furo", "sphinx (>=7.2)", "sphinx-copybutton"]
-mypy = ["bokeh", "contourpy[bokeh,docs]", "docutils-stubs", "mypy (==1.17.0)", "types-Pillow"]
-test = ["Pillow", "contourpy[test-no-images]", "matplotlib"]
-test-no-images = ["pytest", "pytest-cov", "pytest-rerunfailures", "pytest-xdist", "wurlitzer"]
-
 [[package]]
 name = "coverage"
 version = "7.5.4"
@@ -1482,22 +1390,6 @@ ssh = ["bcrypt (>=3.1.5)"]
 test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
-[[package]]
-name = "cycler"
-version = "0.12.1"
-description = "Composable style cycles"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "cycler-0.12.1-py3-none-any.whl", hash = "sha256:85cef7cff222d8644161529808465972e51340599459b8ac3ccbac5a854e0d30"},
-    {file = "cycler-0.12.1.tar.gz", hash = "sha256:88bb128f02ba341da8ef447245a9e138fae777f6a23943da4540077d3601eb1c"},
-]
-
-[package.extras]
-docs = ["ipython", "matplotlib", "numpydoc", "sphinx"]
-tests = ["pytest", "pytest-cov", "pytest-xdist"]
-
 [[package]]
 name = "dash"
 version = "3.1.1"
@@ -2228,87 +2120,6 @@ werkzeug = ">=3.1.0"
 async = ["asgiref (>=3.2)"]
 dotenv = ["python-dotenv"]
 
-[[package]]
-name = "fonttools"
-version = "4.60.1"
-description = "Tools to manipulate font files"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:9a52f254ce051e196b8fe2af4634c2d2f02c981756c6464dc192f1b6050b4e28"},
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:c7420a2696a44650120cdd269a5d2e56a477e2bfa9d95e86229059beb1c19e15"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee0c0b3b35b34f782afc673d503167157094a16f442ace7c6c5e0ca80b08f50c"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:282dafa55f9659e8999110bd8ed422ebe1c8aecd0dc396550b038e6c9a08b8ea"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:4ba4bd646e86de16160f0fb72e31c3b9b7d0721c3e5b26b9fa2fc931dfdb2652"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0b0835ed15dd5b40d726bb61c846a688f5b4ce2208ec68779bc81860adb5851a"},
-    {file = "fonttools-4.60.1-cp310-cp310-win32.whl", hash = "sha256:1525796c3ffe27bb6268ed2a1bb0dcf214d561dfaf04728abf01489eb5339dce"},
-    {file = "fonttools-4.60.1-cp310-cp310-win_amd64.whl", hash = "sha256:268ecda8ca6cb5c4f044b1fb9b3b376e8cd1b361cef275082429dc4174907038"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:7b4c32e232a71f63a5d00259ca3d88345ce2a43295bb049d21061f338124246f"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3630e86c484263eaac71d117085d509cbcf7b18f677906824e4bace598fb70d2"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5c1015318e4fec75dd4943ad5f6a206d9727adf97410d58b7e32ab644a807914"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e6c58beb17380f7c2ea181ea11e7db8c0ceb474c9dd45f48e71e2cb577d146a1"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec3681a0cb34c255d76dd9d865a55f260164adb9fa02628415cdc2d43ee2c05d"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f4b5c37a5f40e4d733d3bbaaef082149bee5a5ea3156a785ff64d949bd1353fa"},
-    {file = "fonttools-4.60.1-cp311-cp311-win32.whl", hash = "sha256:398447f3d8c0c786cbf1209711e79080a40761eb44b27cdafffb48f52bcec258"},
-    {file = "fonttools-4.60.1-cp311-cp311-win_amd64.whl", hash = "sha256:d066ea419f719ed87bc2c99a4a4bfd77c2e5949cb724588b9dd58f3fd90b92bf"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:7b0c6d57ab00dae9529f3faf187f2254ea0aa1e04215cf2f1a8ec277c96661bc"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:839565cbf14645952d933853e8ade66a463684ed6ed6c9345d0faf1f0e868877"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:8177ec9676ea6e1793c8a084a90b65a9f778771998eb919d05db6d4b1c0b114c"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:996a4d1834524adbb423385d5a629b868ef9d774670856c63c9a0408a3063401"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a46b2f450bc79e06ef3b6394f0c68660529ed51692606ad7f953fc2e448bc903"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6ec722ee589e89a89f5b7574f5c45604030aa6ae24cb2c751e2707193b466fed"},
-    {file = "fonttools-4.60.1-cp312-cp312-win32.whl", hash = "sha256:b2cf105cee600d2de04ca3cfa1f74f1127f8455b71dbad02b9da6ec266e116d6"},
-    {file = "fonttools-4.60.1-cp312-cp312-win_amd64.whl", hash = "sha256:992775c9fbe2cf794786fa0ffca7f09f564ba3499b8fe9f2f80bd7197db60383"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:6f68576bb4bbf6060c7ab047b1574a1ebe5c50a17de62830079967b211059ebb"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:eedacb5c5d22b7097482fa834bda0dafa3d914a4e829ec83cdea2a01f8c813c4"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:b33a7884fabd72bdf5f910d0cf46be50dce86a0362a65cfc746a4168c67eb96c"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:2409d5fb7b55fd70f715e6d34e7a6e4f7511b8ad29a49d6df225ee76da76dd77"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c8651e0d4b3bdeda6602b85fdc2abbefc1b41e573ecb37b6779c4ca50753a199"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:145daa14bf24824b677b9357c5e44fd8895c2a8f53596e1b9ea3496081dc692c"},
-    {file = "fonttools-4.60.1-cp313-cp313-win32.whl", hash = "sha256:2299df884c11162617a66b7c316957d74a18e3758c0274762d2cc87df7bc0272"},
-    {file = "fonttools-4.60.1-cp313-cp313-win_amd64.whl", hash = "sha256:a3db56f153bd4c5c2b619ab02c5db5192e222150ce5a1bc10f16164714bc39ac"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:a884aef09d45ba1206712c7dbda5829562d3fea7726935d3289d343232ecb0d3"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8a44788d9d91df72d1a5eac49b31aeb887a5f4aab761b4cffc4196c74907ea85"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e852d9dda9f93ad3651ae1e3bb770eac544ec93c3807888798eccddf84596537"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:154cb6ee417e417bf5f7c42fe25858c9140c26f647c7347c06f0cc2d47eff003"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:5664fd1a9ea7f244487ac8f10340c4e37664675e8667d6fee420766e0fb3cf08"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:583b7f8e3c49486e4d489ad1deacfb8d5be54a8ef34d6df824f6a171f8511d99"},
-    {file = "fonttools-4.60.1-cp314-cp314-win32.whl", hash = "sha256:66929e2ea2810c6533a5184f938502cfdaea4bc3efb7130d8cc02e1c1b4108d6"},
-    {file = "fonttools-4.60.1-cp314-cp314-win_amd64.whl", hash = "sha256:f3d5be054c461d6a2268831f04091dc82753176f6ea06dc6047a5e168265a987"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:b6379e7546ba4ae4b18f8ae2b9bc5960936007a1c0e30b342f662577e8bc3299"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:9d0ced62b59e0430b3690dbc5373df1c2aa7585e9a8ce38eff87f0fd993c5b01"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:875cb7764708b3132637f6c5fb385b16eeba0f7ac9fa45a69d35e09b47045801"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a184b2ea57b13680ab6d5fbde99ccef152c95c06746cb7718c583abd8f945ccc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:026290e4ec76583881763fac284aca67365e0be9f13a7fb137257096114cb3bc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:f0e8817c7d1a0c2eedebf57ef9a9896f3ea23324769a9a2061a80fe8852705ed"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win32.whl", hash = "sha256:1410155d0e764a4615774e5c2c6fc516259fe3eca5882f034eb9bfdbee056259"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win_amd64.whl", hash = "sha256:022beaea4b73a70295b688f817ddc24ed3e3418b5036ffcd5658141184ef0d0c"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:122e1a8ada290423c493491d002f622b1992b1ab0b488c68e31c413390dc7eb2"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a140761c4ff63d0cb9256ac752f230460ee225ccef4ad8f68affc723c88e2036"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0eae96373e4b7c9e45d099d7a523444e3554360927225c1cdae221a58a45b856"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:596ecaca36367027d525b3b426d8a8208169d09edcf8c7506aceb3a38bfb55c7"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2ee06fc57512144d8b0445194c2da9f190f61ad51e230f14836286470c99f854"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b42d86938e8dda1cd9a1a87a6d82f1818eaf933348429653559a458d027446da"},
-    {file = "fonttools-4.60.1-cp39-cp39-win32.whl", hash = "sha256:8b4eb332f9501cb1cd3d4d099374a1e1306783ff95489a1026bde9eb02ccc34a"},
-    {file = "fonttools-4.60.1-cp39-cp39-win_amd64.whl", hash = "sha256:7473a8ed9ed09aeaa191301244a5a9dbe46fe0bf54f9d6cd21d83044c3321217"},
-    {file = "fonttools-4.60.1-py3-none-any.whl", hash = "sha256:906306ac7afe2156fcf0042173d6ebbb05416af70f6b370967b47f8f00103bbb"},
-    {file = "fonttools-4.60.1.tar.gz", hash = "sha256:ef00af0439ebfee806b25f24c8f92109157ff3fac5731dc7867957812e87b8d9"},
-]
-
-[package.extras]
-all = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "lxml (>=4.0)", "lz4 (>=1.7.4.2)", "matplotlib", "munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\"", "skia-pathops (>=0.5.0)", "sympy", "uharfbuzz (>=0.23.0)", "unicodedata2 (>=15.1.0) ; python_version <= \"3.12\"", "xattr ; sys_platform == \"darwin\"", "zopfli (>=0.1.4)"]
-graphite = ["lz4 (>=1.7.4.2)"]
-interpolatable = ["munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\""]
-lxml = ["lxml (>=4.0)"]
-pathops = ["skia-pathops (>=0.5.0)"]
-plot = ["matplotlib"]
-repacker = ["uharfbuzz (>=0.23.0)"]
-symfont = ["sympy"]
-type1 = ["xattr ; sys_platform == \"darwin\""]
-unicode = ["unicodedata2 (>=15.1.0) ; python_version <= \"3.12\""]
-woff = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "zopfli (>=0.1.4)"]
-
 [[package]]
 name = "freezegun"
 version = "1.5.1"
@@ -2976,117 +2787,6 @@ files = [
 [package.dependencies]
 referencing = ">=0.31.0"
 
-[[package]]
-name = "kiwisolver"
-version = "1.4.9"
-description = "A fast implementation of the Cassowary constraint solver"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:b4b4d74bda2b8ebf4da5bd42af11d02d04428b2c32846e4c2c93219df8a7987b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:fb3b8132019ea572f4611d770991000d7f58127560c4889729248eb5852a102f"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:84fd60810829c27ae375114cd379da1fa65e6918e1da405f356a775d49a62bcf"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b78efa4c6e804ecdf727e580dbb9cba85624d2e1c6b5cb059c66290063bd99a9"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d4efec7bcf21671db6a3294ff301d2fc861c31faa3c8740d1a94689234d1b415"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:90f47e70293fc3688b71271100a1a5453aa9944a81d27ff779c108372cf5567b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:8fdca1def57a2e88ef339de1737a1449d6dbf5fab184c54a1fca01d541317154"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9cf554f21be770f5111a1690d42313e140355e687e05cf82cb23d0a721a64a48"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fc1795ac5cd0510207482c3d1d3ed781143383b8cfd36f5c645f3897ce066220"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:ccd09f20ccdbbd341b21a67ab50a119b64a403b09288c27481575105283c1586"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:540c7c72324d864406a009d72f5d6856f49693db95d1fbb46cf86febef873634"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_amd64.whl", hash = "sha256:ede8c6d533bc6601a47ad4046080d36b8fc99f81e6f1c17b0ac3c2dc91ac7611"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_arm64.whl", hash = "sha256:7b4da0d01ac866a57dd61ac258c5607b4cd677f63abaec7b148354d2b2cdd536"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:eb14a5da6dc7642b0f3a18f13654847cd8b7a2550e2645a5bda677862b03ba16"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:39a219e1c81ae3b103643d2aedb90f1ef22650deb266ff12a19e7773f3e5f089"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2405a7d98604b87f3fc28b1716783534b1b4b8510d8142adca34ee0bc3c87543"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:dc1ae486f9abcef254b5618dfb4113dd49f94c68e3e027d03cf0143f3f772b61"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8a1f570ce4d62d718dce3f179ee78dac3b545ac16c0c04bb363b7607a949c0d1"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:cb27e7b78d716c591e88e0a09a2139c6577865d7f2e152488c2cc6257f460872"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:15163165efc2f627eb9687ea5f3a28137217d217ac4024893d753f46bce9de26"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:bdee92c56a71d2b24c33a7d4c2856bd6419d017e08caa7802d2963870e315028"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:412f287c55a6f54b0650bd9b6dce5aceddb95864a1a90c87af16979d37c89771"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:2c93f00dcba2eea70af2be5f11a830a742fe6b579a1d4e00f47760ef13be247a"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f117e1a089d9411663a3207ba874f31be9ac8eaa5b533787024dc07aeb74f464"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_amd64.whl", hash = "sha256:be6a04e6c79819c9a8c2373317d19a96048e5a3f90bec587787e86a1153883c2"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_arm64.whl", hash = "sha256:0ae37737256ba2de764ddc12aed4956460277f00c4996d51a197e72f62f5eec7"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:ac5a486ac389dddcc5bef4f365b6ae3ffff2c433324fb38dd35e3fab7c957999"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:f2ba92255faa7309d06fe44c3a4a97efe1c8d640c2a79a5ef728b685762a6fd2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:4a2899935e724dd1074cb568ce7ac0dce28b2cd6ab539c8e001a8578eb106d14"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f6008a4919fdbc0b0097089f67a1eb55d950ed7e90ce2cc3e640abadd2757a04"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:67bb8b474b4181770f926f7b7d2f8c0248cbcb78b660fdd41a47054b28d2a752"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:2327a4a30d3ee07d2fbe2e7933e8a37c591663b96ce42a00bc67461a87d7df77"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:7a08b491ec91b1d5053ac177afe5290adacf1f0f6307d771ccac5de30592d198"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d8fc5c867c22b828001b6a38d2eaeb88160bf5783c6cb4a5e440efc981ce286d"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:3b3115b2581ea35bb6d1f24a4c90af37e5d9b49dcff267eeed14c3893c5b86ab"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:858e4c22fb075920b96a291928cb7dea5644e94c0ee4fcd5af7e865655e4ccf2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ed0fecd28cc62c54b262e3736f8bb2512d8dcfdc2bcf08be5f47f96bf405b145"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_amd64.whl", hash = "sha256:f68208a520c3d86ea51acf688a3e3002615a7f0238002cccc17affecc86a8a54"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_arm64.whl", hash = "sha256:2c1a4f57df73965f3f14df20b80ee29e6a7930a57d2d9e8491a25f676e197c60"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:a5d0432ccf1c7ab14f9949eec60c5d1f924f17c037e9f8b33352fa05799359b8"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efb3a45b35622bb6c16dbfab491a8f5a391fe0e9d45ef32f4df85658232ca0e2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1a12cf6398e8a0a001a059747a1cbf24705e18fe413bc22de7b3d15c67cffe3f"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b67e6efbf68e077dd71d1a6b37e43e1a99d0bff1a3d51867d45ee8908b931098"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5656aa670507437af0207645273ccdfee4f14bacd7f7c67a4306d0dcaeaf6eed"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:bfc08add558155345129c7803b3671cf195e6a56e7a12f3dde7c57d9b417f525"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:40092754720b174e6ccf9e845d0d8c7d8e12c3d71e7fc35f55f3813e96376f78"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:497d05f29a1300d14e02e6441cf0f5ee81c1ff5a304b0d9fb77423974684e08b"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:bdd1a81a1860476eb41ac4bc1e07b3f07259e6d55bbf739b79c8aaedcf512799"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:e6b93f13371d341afee3be9f7c5964e3fe61d5fa30f6a30eb49856935dfe4fc3"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d75aa530ccfaa593da12834b86a0724f58bff12706659baa9227c2ccaa06264c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_amd64.whl", hash = "sha256:dd0a578400839256df88c16abddf9ba14813ec5f21362e1fe65022e00c883d4d"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_arm64.whl", hash = "sha256:d4188e73af84ca82468f09cadc5ac4db578109e52acb4518d8154698d3a87ca2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:5a0f2724dfd4e3b3ac5a82436a8e6fd16baa7d507117e4279b660fe8ca38a3a1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:1b11d6a633e4ed84fc0ddafd4ebfd8ea49b3f25082c04ad12b8315c11d504dc1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61874cdb0a36016354853593cffc38e56fc9ca5aa97d2c05d3dcf6922cd55a11"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:60c439763a969a6af93b4881db0eed8fadf93ee98e18cbc35bc8da868d0c4f0c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92a2f997387a1b79a75e7803aa7ded2cfbe2823852ccf1ba3bcf613b62ae3197"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a31d512c812daea6d8b3be3b2bfcbeb091dbb09177706569bcfc6240dcf8b41c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:52a15b0f35dad39862d376df10c5230155243a2c1a436e39eb55623ccbd68185"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a30fd6fdef1430fd9e1ba7b3398b5ee4e2887783917a687d86ba69985fb08748"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_ppc64le.whl", hash = "sha256:cc9617b46837c6468197b5945e196ee9ca43057bb7d9d1ae688101e4e1dddf64"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_s390x.whl", hash = "sha256:0ab74e19f6a2b027ea4f845a78827969af45ce790e6cb3e1ebab71bdf9f215ff"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:dba5ee5d3981160c28d5490f0d1b7ed730c22470ff7f6cc26cfcfaacb9896a07"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-win_arm64.whl", hash = "sha256:0749fd8f4218ad2e851e11cc4dc05c7cbc0cbc4267bdfdb31782e65aace4ee9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:9928fe1eb816d11ae170885a74d074f57af3a0d65777ca47e9aeb854a1fba386"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d0005b053977e7b43388ddec89fa567f43d4f6d5c2c0affe57de5ebf290dc552"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:2635d352d67458b66fd0667c14cb1d4145e9560d503219034a18a87e971ce4f3"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:767c23ad1c58c9e827b649a9ab7809fd5fd9db266a9cf02b0e926ddc2c680d58"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:72d0eb9fba308b8311685c2268cf7d0a0639a6cd027d8128659f72bdd8a024b4"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f68e4f3eeca8fb22cc3d731f9715a13b652795ef657a13df1ad0c7dc0e9731df"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d84cd4061ae292d8ac367b2c3fa3aad11cb8625a95d135fe93f286f914f3f5a6"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:a60ea74330b91bd22a29638940d115df9dc00af5035a9a2a6ad9399ffb4ceca5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:ce6a3a4e106cf35c2d9c4fa17c05ce0b180db622736845d4315519397a77beaf"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:77937e5e2a38a7b48eef0585114fe7930346993a88060d0bf886086d2aa49ef5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:24c175051354f4a28c5d6a31c93906dc653e2bf234e8a4bbfb964892078898ce"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_amd64.whl", hash = "sha256:0763515d4df10edf6d06a3c19734e2566368980d21ebec439f33f9eb936c07b7"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_arm64.whl", hash = "sha256:0e4e2bf29574a6a7b7f6cb5fa69293b9f96c928949ac4a53ba3f525dffb87f9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:d976bbb382b202f71c67f77b0ac11244021cfa3f7dfd9e562eefcea2df711548"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:2489e4e5d7ef9a1c300a5e0196e43d9c739f066ef23270607d45aba368b91f2d"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:e2ea9f7ab7fbf18fffb1b5434ce7c69a07582f7acc7717720f1d69f3e806f90c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b34e51affded8faee0dfdb705416153819d8ea9250bbbf7ea1b249bdeb5f1122"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d8aacd3d4b33b772542b2e01beb50187536967b514b00003bdda7589722d2a64"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:7cf974dd4e35fa315563ac99d6287a1024e4dc2077b8a7d7cd3d2fb65d283134"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:85bd218b5ecfbee8c8a82e121802dcb519a86044c9c3b2e4aef02fa05c6da370"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:0856e241c2d3df4efef7c04a1e46b1936b6120c9bcf36dd216e3acd84bc4fb21"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_ppc64le.whl", hash = "sha256:9af39d6551f97d31a4deebeac6f45b156f9755ddc59c07b402c148f5dbb6482a"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_s390x.whl", hash = "sha256:bb4ae2b57fc1d8cbd1cf7b1d9913803681ffa903e7488012be5b76dedf49297f"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:aedff62918805fb62d43a4aa2ecd4482c380dc76cd31bd7c8878588a61bd0369"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_amd64.whl", hash = "sha256:1fa333e8b2ce4d9660f2cda9c0e1b6bafcfb2457a9d259faa82289e73ec24891"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_arm64.whl", hash = "sha256:4a48a2ce79d65d363597ef7b567ce3d14d68783d2b2263d98db3d9477805ba32"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:4d1d9e582ad4d63062d34077a9a1e9f3c34088a2ec5135b1f7190c07cf366527"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:deed0c7258ceb4c44ad5ec7d9918f9f14fd05b2be86378d86cf50e63d1e7b771"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:0a590506f303f512dff6b7f75fd2fd18e16943efee932008fe7140e5fa91d80e"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e09c2279a4d01f099f52d5c4b3d9e208e91edcbd1a175c9662a8b16e000fece9"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c9e7cdf45d594ee04d5be1b24dd9d49f3d1590959b2271fb30b5ca2b262c00fb"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:720e05574713db64c356e86732c0f3c5252818d05f9df320f0ad8380641acea5"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:17680d737d5335b552994a2008fab4c851bcd7de33094a82067ef3a576ff02fa"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:85b5352f94e490c028926ea567fc569c52ec79ce131dadb968d3853e809518c2"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:464415881e4801295659462c49461a24fb107c140de781d55518c4b80cb6790f"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:fb940820c63a9590d31d88b815e7a3aa5915cad3ce735ab45f0c730b39547de1"},
-    {file = "kiwisolver-1.4.9.tar.gz", hash = "sha256:c3b22c26c6fd6811b0ae8363b95ca8ce4ea3c202d3d0975b2914310ceb1bcc4d"},
-]
-
 [[package]]
 name = "kombu"
 version = "5.5.4"
@@ -3437,85 +3137,6 @@ dev = ["marshmallow[tests]", "pre-commit (>=3.5,<5.0)", "tox"]
 docs = ["autodocsumm (==0.2.14)", "furo (==2024.8.6)", "sphinx (==8.1.3)", "sphinx-copybutton (==0.5.2)", "sphinx-issues (==5.0.0)", "sphinxext-opengraph (==0.9.1)"]
 tests = ["pytest", "simplejson"]
 
-[[package]]
-name = "matplotlib"
-version = "3.10.6"
-description = "Python plotting package"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:bc7316c306d97463a9866b89d5cc217824e799fa0de346c8f68f4f3d27c8693d"},
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d00932b0d160ef03f59f9c0e16d1e3ac89646f7785165ce6ad40c842db16cc2e"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8fa4c43d6bfdbfec09c733bca8667de11bfa4970e8324c471f3a3632a0301c15"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ea117a9c1627acaa04dbf36265691921b999cbf515a015298e54e1a12c3af837"},
-    {file = "matplotlib-3.10.6-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:08fc803293b4e1694ee325896030de97f74c141ccff0be886bb5915269247676"},
-    {file = "matplotlib-3.10.6-cp310-cp310-win_amd64.whl", hash = "sha256:2adf92d9b7527fbfb8818e050260f0ebaa460f79d61546374ce73506c9421d09"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:905b60d1cb0ee604ce65b297b61cf8be9f4e6cfecf95a3fe1c388b5266bc8f4f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7bac38d816637343e53d7185d0c66677ff30ffb131044a81898b5792c956ba76"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:942a8de2b5bfff1de31d95722f702e2966b8a7e31f4e68f7cd963c7cd8861cf6"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a3276c85370bc0dfca051ec65c5817d1e0f8f5ce1b7787528ec8ed2d524bbc2f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9df5851b219225731f564e4b9e7f2ac1e13c9e6481f941b5631a0f8e2d9387ce"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_amd64.whl", hash = "sha256:abb5d9478625dd9c9eb51a06d39aae71eda749ae9b3138afb23eb38824026c7e"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_arm64.whl", hash = "sha256:886f989ccfae63659183173bb3fced7fd65e9eb793c3cc21c273add368536951"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:31ca662df6a80bd426f871105fdd69db7543e28e73a9f2afe80de7e531eb2347"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1678bb61d897bb4ac4757b5ecfb02bfb3fddf7f808000fb81e09c510712fda75"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:56cd2d20842f58c03d2d6e6c1f1cf5548ad6f66b91e1e48f814e4fb5abd1cb95"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:662df55604a2f9a45435566d6e2660e41efe83cd94f4288dfbf1e6d1eae4b0bb"},
-    {file = "matplotlib-3.10.6-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:08f141d55148cd1fc870c3387d70ca4df16dee10e909b3b038782bd4bda6ea07"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_amd64.whl", hash = "sha256:590f5925c2d650b5c9d813c5b3b5fc53f2929c3f8ef463e4ecfa7e052044fb2b"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_arm64.whl", hash = "sha256:f44c8d264a71609c79a78d50349e724f5d5fc3684ead7c2a473665ee63d868aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:819e409653c1106c8deaf62e6de6b8611449c2cd9939acb0d7d4e57a3d95cc7a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:59c8ac8382fefb9cb71308dde16a7c487432f5255d8f1fd32473523abecfecdf"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:84e82d9e0fd70c70bc55739defbd8055c54300750cbacf4740c9673a24d6933a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:25f7a3eb42d6c1c56e89eacd495661fc815ffc08d9da750bca766771c0fd9110"},
-    {file = "matplotlib-3.10.6-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f9c862d91ec0b7842920a4cfdaaec29662195301914ea54c33e01f1a28d014b2"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_amd64.whl", hash = "sha256:1b53bd6337eba483e2e7d29c5ab10eee644bc3a2491ec67cc55f7b44583ffb18"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_arm64.whl", hash = "sha256:cbd5eb50b7058b2892ce45c2f4e92557f395c9991f5c886d1bb74a1582e70fd6"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:acc86dd6e0e695c095001a7fccff158c49e45e0758fdf5dcdbb0103318b59c9f"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:e228cd2ffb8f88b7d0b29e37f68ca9aaf83e33821f24a5ccc4f082dd8396bc27"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:658bc91894adeab669cf4bb4a186d049948262987e80f0857216387d7435d833"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8913b7474f6dd83ac444c9459c91f7f0f2859e839f41d642691b104e0af056aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:091cea22e059b89f6d7d1a18e2c33a7376c26eee60e401d92a4d6726c4e12706"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_amd64.whl", hash = "sha256:491e25e02a23d7207629d942c666924a6b61e007a48177fdd231a0097b7f507e"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_arm64.whl", hash = "sha256:3d80d60d4e54cda462e2cd9a086d85cd9f20943ead92f575ce86885a43a565d5"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:70aaf890ce1d0efd482df969b28a5b30ea0b891224bb315810a3940f67182899"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:1565aae810ab79cb72e402b22facfa6501365e73ebab70a0fdfb98488d2c3c0c"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f3b23315a01981689aa4e1a179dbf6ef9fbd17143c3eea77548c2ecfb0499438"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:30fdd37edf41a4e6785f9b37969de57aea770696cb637d9946eb37470c94a453"},
-    {file = "matplotlib-3.10.6-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:bc31e693da1c08012c764b053e702c1855378e04102238e6a5ee6a7117c53a47"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_amd64.whl", hash = "sha256:05be9bdaa8b242bc6ff96330d18c52f1fc59c6fb3a4dd411d953d67e7e1baf98"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_arm64.whl", hash = "sha256:f56a0d1ab05d34c628592435781d185cd99630bdfd76822cd686fb5a0aecd43a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:94f0b4cacb23763b64b5dace50d5b7bfe98710fed5f0cef5c08135a03399d98b"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:cc332891306b9fb39462673d8225d1b824c89783fee82840a709f96714f17a5c"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee1d607b3fb1590deb04b69f02ea1d53ed0b0bf75b2b1a5745f269afcbd3cdd3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:376a624a218116461696b27b2bbf7a8945053e6d799f6502fc03226d077807bf"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:83847b47f6524c34b4f2d3ce726bb0541c48c8e7692729865c3df75bfa0f495a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c7e0518e0d223683532a07f4b512e2e0729b62674f1b3a1a69869f98e6b1c7e3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_arm64.whl", hash = "sha256:4dd83e029f5b4801eeb87c64efd80e732452781c16a9cf7415b7b63ec8f374d7"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:13fcd07ccf17e354398358e0307a1f53f5325dca22982556ddb9c52837b5af41"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:470fc846d59d1406e34fa4c32ba371039cd12c2fe86801159a965956f2575bd1"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f7173f8551b88f4ef810a94adae3128c2530e0d07529f7141be7f8d8c365f051"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:f2d684c3204fa62421bbf770ddfebc6b50130f9cad65531eeba19236d73bb488"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:6f4a69196e663a41d12a728fab8751177215357906436804217d6d9cf0d4d6cf"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:4d6ca6ef03dfd269f4ead566ec6f3fb9becf8dab146fb999022ed85ee9f6b3eb"},
-    {file = "matplotlib-3.10.6.tar.gz", hash = "sha256:ec01b645840dd1996df21ee37f208cd8ba57644779fa20464010638013d3203c"},
-]
-
-[package.dependencies]
-contourpy = ">=1.0.1"
-cycler = ">=0.10"
-fonttools = ">=4.22.0"
-kiwisolver = ">=1.3.1"
-numpy = ">=1.23"
-packaging = ">=20.0"
-pillow = ">=8"
-pyparsing = ">=2.3.1"
-python-dateutil = ">=2.7"
-
-[package.extras]
-dev = ["meson-python (>=0.13.1,<0.17.0)", "pybind11 (>=2.13.2,!=2.13.3)", "setuptools (>=64)", "setuptools_scm (>=7)"]
-
 [[package]]
 name = "mccabe"
 version = "0.7.0"
@@ -4236,131 +3857,6 @@ files = [
 [package.dependencies]
 setuptools = "*"
 
-[[package]]
-name = "pillow"
-version = "11.3.0"
-description = "Python Imaging Library (Fork)"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "pillow-11.3.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860"},
-    {file = "pillow-11.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e"},
-    {file = "pillow-11.3.0-cp310-cp310-win32.whl", hash = "sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6"},
-    {file = "pillow-11.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f"},
-    {file = "pillow-11.3.0-cp310-cp310-win_arm64.whl", hash = "sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94"},
-    {file = "pillow-11.3.0-cp311-cp311-win32.whl", hash = "sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0"},
-    {file = "pillow-11.3.0-cp311-cp311-win_amd64.whl", hash = "sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac"},
-    {file = "pillow-11.3.0-cp311-cp311-win_arm64.whl", hash = "sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d"},
-    {file = "pillow-11.3.0-cp312-cp312-win32.whl", hash = "sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149"},
-    {file = "pillow-11.3.0-cp312-cp312-win_amd64.whl", hash = "sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d"},
-    {file = "pillow-11.3.0-cp312-cp312-win_arm64.whl", hash = "sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b"},
-    {file = "pillow-11.3.0-cp313-cp313-win32.whl", hash = "sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3"},
-    {file = "pillow-11.3.0-cp313-cp313-win_amd64.whl", hash = "sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51"},
-    {file = "pillow-11.3.0-cp313-cp313-win_arm64.whl", hash = "sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c"},
-    {file = "pillow-11.3.0-cp313-cp313t-win32.whl", hash = "sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_arm64.whl", hash = "sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a"},
-    {file = "pillow-11.3.0-cp314-cp314-win32.whl", hash = "sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214"},
-    {file = "pillow-11.3.0-cp314-cp314-win_amd64.whl", hash = "sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635"},
-    {file = "pillow-11.3.0-cp314-cp314-win_arm64.whl", hash = "sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b"},
-    {file = "pillow-11.3.0-cp314-cp314t-win32.whl", hash = "sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_arm64.whl", hash = "sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d"},
-    {file = "pillow-11.3.0-cp39-cp39-win32.whl", hash = "sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71"},
-    {file = "pillow-11.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada"},
-    {file = "pillow-11.3.0-cp39-cp39-win_arm64.whl", hash = "sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8"},
-    {file = "pillow-11.3.0.tar.gz", hash = "sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523"},
-]
-
-[package.extras]
-docs = ["furo", "olefile", "sphinx (>=8.2)", "sphinx-autobuild", "sphinx-copybutton", "sphinx-inline-tabs", "sphinxext-opengraph"]
-fpx = ["olefile"]
-mic = ["olefile"]
-test-arrow = ["pyarrow"]
-tests = ["check-manifest", "coverage (>=7.4.2)", "defusedxml", "markdown2", "olefile", "packaging", "pyroma", "pytest", "pytest-cov", "pytest-timeout", "pytest-xdist", "trove-classifiers (>=2024.10.12)"]
-typing = ["typing-extensions ; python_version < \"3.10\""]
-xmp = ["defusedxml"]
-
 [[package]]
 name = "platformdirs"
 version = "4.3.8"
@@ -5520,29 +5016,6 @@ attrs = ">=22.2.0"
 rpds-py = ">=0.7.0"
 typing-extensions = {version = ">=4.4.0", markers = "python_version < \"3.13\""}
 
-[[package]]
-name = "reportlab"
-version = "4.4.4"
-description = "The Reportlab Toolkit"
-optional = false
-python-versions = "<4,>=3.9"
-groups = ["main"]
-files = [
-    {file = "reportlab-4.4.4-py3-none-any.whl", hash = "sha256:299b3b0534e7202bb94ed2ddcd7179b818dcda7de9d8518a57c85a58a1ebaadb"},
-    {file = "reportlab-4.4.4.tar.gz", hash = "sha256:cb2f658b7f4a15be2cc68f7203aa67faef67213edd4f2d4bdd3eb20dab75a80d"},
-]
-
-[package.dependencies]
-charset-normalizer = "*"
-pillow = ">=9.0.0"
-
-[package.extras]
-accel = ["rl_accel (>=0.9.0,<1.1)"]
-bidi = ["rlbidi"]
-pycairo = ["freetype-py (>=2.3.0,<2.4)", "rlPyCairo (>=0.2.0,<1)"]
-renderpm = ["rl_renderPM (>=4.0.3,<4.1)"]
-shaping = ["uharfbuzz"]
-
 [[package]]
 name = "requests"
 version = "2.32.5"
@@ -6786,4 +6259,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "3c9164d668d37d6373eb5200bbe768232ead934d9312b9c68046b1df922789f3"
+content-hash = "03442fd4673006c5a74374f90f53621fd1c9d117279fe6cc0355ef833eb7f9bb"

api/pyproject.toml

@@ -33,9 +33,7 @@ dependencies = [
   "xmlsec==1.3.14",
   "h2 (==4.3.0)",
   "markdown (>=3.9,<4.0)",
-  "drf-simple-apikey (==2.2.1)",
-  "matplotlib (>=3.10.6,<4.0.0)",
-  "reportlab (>=4.4.4,<5.0.0)"
+  "drf-simple-apikey (==2.2.1)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"

api/src/backend/api/migrations/0048_api_key.py

@@ -24,7 +24,7 @@ class Migration(migrations.Migration):
                 (
                     "name",
                     models.CharField(
-                        max_length=100,
+                        max_length=255,
                         validators=[django.core.validators.MinLengthValidator(3)],
                     ),
                 ),

api/src/backend/api/tests/test_views.py

@@ -2689,55 +2689,6 @@ class TestScanViewSet:
             == "There is a problem with credentials."
         )
 
-    @patch("api.v1.views.ScanViewSet._get_task_status")
-    @patch("api.v1.views.get_s3_client")
-    @patch("api.v1.views.env.str")
-    def test_threatscore_s3_wildcard(
-        self,
-        mock_env_str,
-        mock_get_s3_client,
-        mock_get_task_status,
-        authenticated_client,
-        scans_fixture,
-    ):
-        """
-        When the threatscore endpoint is called with an S3 output_location,
-        the view should list objects in S3 using wildcard pattern matching,
-        retrieve the matching PDF file, and return it with HTTP 200 and proper headers.
-        """
-        scan = scans_fixture[0]
-        scan.state = StateChoices.COMPLETED
-        bucket = "test-bucket"
-        zip_key = "tenant-id/scan-id/prowler-output-foo.zip"
-        scan.output_location = f"s3://{bucket}/{zip_key}"
-        scan.save()
-
-        pdf_key = os.path.join(
-            os.path.dirname(zip_key),
-            "threatscore",
-            "prowler-output-123_threatscore_report.pdf",
-        )
-
-        mock_s3_client = Mock()
-        mock_s3_client.list_objects_v2.return_value = {"Contents": [{"Key": pdf_key}]}
-        mock_s3_client.get_object.return_value = {"Body": io.BytesIO(b"pdf-bytes")}
-
-        mock_env_str.return_value = bucket
-        mock_get_s3_client.return_value = mock_s3_client
-        mock_get_task_status.return_value = None
-
-        url = reverse("scan-threatscore", kwargs={"pk": scan.id})
-        response = authenticated_client.get(url)
-
-        assert response.status_code == status.HTTP_200_OK
-        assert response["Content-Type"] == "application/pdf"
-        assert response["Content-Disposition"].endswith(
-            '"prowler-output-123_threatscore_report.pdf"'
-        )
-        assert response.content == b"pdf-bytes"
-        mock_s3_client.list_objects_v2.assert_called_once()
-        mock_s3_client.get_object.assert_called_once_with(Bucket=bucket, Key=pdf_key)
-
     def test_report_s3_success(self, authenticated_client, scans_fixture, monkeypatch):
         """
         When output_location is an S3 URL and the S3 client returns the file successfully,

api/src/backend/api/v1/views.py

@@ -1,4 +1,3 @@
-import fnmatch
 import glob
 import logging
 import os
@@ -1594,25 +1593,6 @@ class ProviderViewSet(BaseRLSViewSet):
         },
         request=None,
     ),
-    threatscore=extend_schema(
-        tags=["Scan"],
-        summary="Retrieve threatscore report",
-        description="Download a specific threatscore report (e.g., 'prowler_threatscore_aws') as a PDF file.",
-        request=None,
-        responses={
-            200: OpenApiResponse(
-                description="PDF file containing the threatscore report"
-            ),
-            202: OpenApiResponse(description="The task is in progress"),
-            401: OpenApiResponse(
-                description="API key missing or user not Authenticated"
-            ),
-            403: OpenApiResponse(description="There is a problem with credentials"),
-            404: OpenApiResponse(
-                description="The scan has no threatscore reports, or the threatscore report generation task has not started yet"
-            ),
-        },
-    ),
 )
 @method_decorator(CACHE_DECORATOR, name="list")
 @method_decorator(CACHE_DECORATOR, name="retrieve")
@@ -1669,9 +1649,6 @@ class ScanViewSet(BaseRLSViewSet):
             if hasattr(self, "response_serializer_class"):
                 return self.response_serializer_class
             return ScanComplianceReportSerializer
-        elif self.action == "threatscore":
-            if hasattr(self, "response_serializer_class"):
-                return self.response_serializer_class
         return super().get_serializer_class()
 
     def partial_update(self, request, *args, **kwargs):
@@ -1776,18 +1753,7 @@ class ScanViewSet(BaseRLSViewSet):
                         status=status.HTTP_502_BAD_GATEWAY,
                     )
                 contents = resp.get("Contents", [])
-                keys = []
-                for obj in contents:
-                    key = obj["Key"]
-                    key_basename = os.path.basename(key)
-                    if any(ch in suffix for ch in ("*", "?", "[")):
-                        if fnmatch.fnmatch(key_basename, suffix):
-                            keys.append(key)
-                    elif key_basename == suffix:
-                        keys.append(key)
-                    elif key.endswith(suffix):
-                        # Backward compatibility if suffix already includes directories
-                        keys.append(key)
+                keys = [obj["Key"] for obj in contents if obj["Key"].endswith(suffix)]
                 if not keys:
                     return Response(
                         {
@@ -1914,45 +1880,6 @@ class ScanViewSet(BaseRLSViewSet):
         content, filename = loader
         return self._serve_file(content, filename, "text/csv")
 
-    @action(
-        detail=True,
-        methods=["get"],
-        url_name="threatscore",
-    )
-    def threatscore(self, request, pk=None):
-        scan = self.get_object()
-        running_resp = self._get_task_status(scan)
-        if running_resp:
-            return running_resp
-
-        if not scan.output_location:
-            return Response(
-                {
-                    "detail": "The scan has no reports, or the threatscore report generation task has not started yet."
-                },
-                status=status.HTTP_404_NOT_FOUND,
-            )
-
-        if scan.output_location.startswith("s3://"):
-            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
-            prefix = os.path.join(
-                os.path.dirname(key_prefix),
-                "threatscore",
-                "*_threatscore_report.pdf",
-            )
-            loader = self._load_file(prefix, s3=True, bucket=bucket, list_objects=True)
-        else:
-            base = os.path.dirname(scan.output_location)
-            pattern = os.path.join(base, "threatscore", "*_threatscore_report.pdf")
-            loader = self._load_file(pattern, s3=False)
-
-        if isinstance(loader, Response):
-            return loader
-
-        content, filename = loader
-        return self._serve_file(content, filename, "application/pdf")
-
     def create(self, request, *args, **kwargs):
         input_serializer = self.get_serializer(data=request.data)
         input_serializer.is_valid(raise_exception=True)

api/src/backend/tasks/jobs/export.py

@@ -20,10 +20,10 @@ from prowler.lib.outputs.asff.asff import ASFF
 from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
     AWSWellArchitected,
 )
-from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
 from prowler.lib.outputs.compliance.ccc.ccc_aws import CCC_AWS
 from prowler.lib.outputs.compliance.ccc.ccc_azure import CCC_Azure
 from prowler.lib.outputs.compliance.ccc.ccc_gcp import CCC_GCP
+from prowler.lib.outputs.compliance.c5.c5_aws import AWSC5
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
@@ -183,21 +183,18 @@ def get_s3_client():
     return s3_client
 
 
-def _upload_to_s3(
-    tenant_id: str, scan_id: str, local_path: str, relative_key: str
-) -> str | None:
+def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str | None:
     """
-    Upload a local artifact to an S3 bucket under the tenant/scan prefix.
-
+    Upload the specified ZIP file to an S3 bucket.
+    If the S3 bucket environment variables are not configured,
+    the function returns None without performing an upload.
     Args:
-        tenant_id (str): The tenant identifier used as the first segment of the S3 key.
-        scan_id (str): The scan identifier used as the second segment of the S3 key.
-        local_path (str): Filesystem path to the artifact to upload.
-        relative_key (str): Object key relative to `<tenant_id>/<scan_id>/`.
-
+        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
+        zip_path (str): The local file system path to the ZIP file to be uploaded.
+        scan_id (str): The scan identifier, used as part of the S3 key prefix.
     Returns:
-        str | None: S3 URI of the uploaded artifact, or None if the upload is skipped.
-
+        str: The S3 URI of the uploaded file (e.g., "s3://<bucket>/<key>") if successful.
+        None: If the required environment variables for the S3 bucket are not set.
     Raises:
         botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
     """
@@ -205,26 +202,34 @@ def _upload_to_s3(
     if not bucket:
         return
 
-    if not relative_key:
-        return
-
-    if not os.path.isfile(local_path):
-        return
-
     try:
         s3 = get_s3_client()
 
-        s3_key = f"{tenant_id}/{scan_id}/{relative_key}"
-        s3.upload_file(Filename=local_path, Bucket=bucket, Key=s3_key)
+        # Upload the ZIP file (outputs) to the S3 bucket
+        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
+        s3.upload_file(
+            Filename=zip_path,
+            Bucket=bucket,
+            Key=zip_key,
+        )
 
-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{s3_key}"
+        # Upload the compliance directory to the S3 bucket
+        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
+        for filename in os.listdir(compliance_dir):
+            local_path = os.path.join(compliance_dir, filename)
+            if not os.path.isfile(local_path):
+                continue
+            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
+            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
+
+        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
     except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
         logger.error(f"S3 upload failed: {str(e)}")
 
 
 def _generate_output_directory(
     output_directory, prowler_provider: object, tenant_id: str, scan_id: str
-) -> tuple[str, str, str]:
+) -> tuple[str, str]:
     """
     Generate a file system path for the output directory of a prowler scan.
 
@@ -251,7 +256,6 @@ def _generate_output_directory(
         >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
         '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
         '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
-        '/tmp/tenant-1234/aws/scan-5678/threatscore/prowler-output-2023-02-15T12:34:56'
     """
     # Sanitize the prowler provider name to ensure it is a valid directory name
     prowler_provider_sanitized = re.sub(r"[^\w\-]", "-", prowler_provider)
@@ -272,10 +276,4 @@ def _generate_output_directory(
     )
     os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)
 
-    threatscore_path = (
-        f"{output_directory}/{tenant_id}/{scan_id}/threatscore/prowler-output-"
-        f"{prowler_provider_sanitized}-{timestamp}"
-    )
-    os.makedirs("/".join(threatscore_path.split("/")[:-1]), exist_ok=True)
-
-    return path, compliance_path, threatscore_path
+    return path, compliance_path

api/src/backend/tasks/tasks.py

@@ -1,4 +1,3 @@
-import os
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from shutil import rmtree
@@ -27,7 +26,6 @@ from tasks.jobs.integrations import (
     upload_s3_integration,
     upload_security_hub_integration,
 )
-from tasks.jobs.report import generate_threatscore_report_job
 from tasks.jobs.scan import (
     aggregate_findings,
     create_compliance_requirements,
@@ -66,15 +64,10 @@ def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str)
         generate_outputs_task.si(
             scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
         ),
-        group(
-            generate_threatscore_report_task.si(
-                tenant_id=tenant_id, scan_id=scan_id, provider_id=provider_id
-            ),
-            check_integrations_task.si(
-                tenant_id=tenant_id,
-                provider_id=provider_id,
-                scan_id=scan_id,
-            ),
+        check_integrations_task.si(
+            tenant_id=tenant_id,
+            provider_id=provider_id,
+            scan_id=scan_id,
         ),
     ).apply_async()
 
@@ -311,7 +304,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
 
     frameworks_bulk = Compliance.get_bulk(provider_type)
     frameworks_avail = get_compliance_frameworks(provider_type)
-    out_dir, comp_dir, _ = _generate_output_directory(
+    out_dir, comp_dir = _generate_output_directory(
         DJANGO_TMP_OUTPUT_DIRECTORY, provider_uid, tenant_id, scan_id
     )
 
@@ -414,24 +407,7 @@ def generate_outputs_task(scan_id: str, provider_id: str, tenant_id: str):
                 writer._data.clear()
 
     compressed = _compress_output_files(out_dir)
-
-    upload_uri = _upload_to_s3(
-        tenant_id,
-        scan_id,
-        compressed,
-        os.path.basename(compressed),
-    )
-
-    compliance_dir_path = Path(comp_dir).parent
-    if compliance_dir_path.exists():
-        for artifact_path in sorted(compliance_dir_path.iterdir()):
-            if artifact_path.is_file():
-                _upload_to_s3(
-                    tenant_id,
-                    scan_id,
-                    str(artifact_path),
-                    f"compliance/{artifact_path.name}",
-                )
+    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)
 
     # S3 integrations (need output_directory)
     with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
@@ -641,21 +617,3 @@ def jira_integration_task(
     return send_findings_to_jira(
         tenant_id, integration_id, project_key, issue_type, finding_ids
     )
-
-
-@shared_task(
-    base=RLSTask,
-    name="scan-threatscore-report",
-    queue="scan-reports",
-)
-def generate_threatscore_report_task(tenant_id: str, scan_id: str, provider_id: str):
-    """
-    Task to generate a threatscore report for a given scan.
-    Args:
-        tenant_id (str): The tenant identifier.
-        scan_id (str): The scan identifier.
-        provider_id (str): The provider identifier.
-    """
-    return generate_threatscore_report_job(
-        tenant_id=tenant_id, scan_id=scan_id, provider_id=provider_id
-    )

api/src/backend/tasks/tests/test_export.py

@@ -72,26 +72,17 @@ class TestOutputs:
         client_mock = MagicMock()
         mock_get_client.return_value = client_mock
 
-        result = _upload_to_s3(
-            "tenant-id",
-            "scan-id",
-            str(zip_path),
-            "outputs.zip",
-        )
+        result = _upload_to_s3("tenant-id", str(zip_path), "scan-id")
 
         expected_uri = "s3://test-bucket/tenant-id/scan-id/outputs.zip"
         assert result == expected_uri
-        client_mock.upload_file.assert_called_once_with(
-            Filename=str(zip_path),
-            Bucket="test-bucket",
-            Key="tenant-id/scan-id/outputs.zip",
-        )
+        assert client_mock.upload_file.call_count == 2
 
     @patch("tasks.jobs.export.get_s3_client")
     @patch("tasks.jobs.export.base")
     def test_upload_to_s3_missing_bucket(self, mock_base, mock_get_client):
         mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = ""
-        result = _upload_to_s3("tenant", "scan", "/tmp/fake.zip", "fake.zip")
+        result = _upload_to_s3("tenant", "/tmp/fake.zip", "scan")
         assert result is None
 
     @patch("tasks.jobs.export.get_s3_client")
@@ -110,15 +101,11 @@ class TestOutputs:
         client_mock = MagicMock()
         mock_get_client.return_value = client_mock
 
-        result = _upload_to_s3(
-            "tenant",
-            "scan",
-            str(compliance_dir / "subdir"),
-            "compliance/subdir",
-        )
+        result = _upload_to_s3("tenant", str(zip_path), "scan")
 
-        assert result is None
-        client_mock.upload_file.assert_not_called()
+        expected_uri = "s3://test-bucket/tenant/scan/results.zip"
+        assert result == expected_uri
+        client_mock.upload_file.assert_called_once()
 
     @patch(
         "tasks.jobs.export.get_s3_client",
@@ -139,12 +126,7 @@ class TestOutputs:
         compliance_dir.mkdir()
         (compliance_dir / "report.csv").write_text("csv")
 
-        _upload_to_s3(
-            "tenant",
-            "scan",
-            str(zip_path),
-            "zipfile.zip",
-        )
+        _upload_to_s3("tenant", str(zip_path), "scan")
         mock_logger.assert_called()
 
     @patch("tasks.jobs.export.rls_transaction")
@@ -168,17 +150,15 @@ class TestOutputs:
         provider = "aws"
         expected_timestamp = "20230615103045"
 
-        path, compliance, threatscore = _generate_output_directory(
+        path, compliance = _generate_output_directory(
             base_dir, provider, tenant_id, scan_id
         )
 
         assert os.path.isdir(os.path.dirname(path))
         assert os.path.isdir(os.path.dirname(compliance))
-        assert os.path.isdir(os.path.dirname(threatscore))
 
         assert path.endswith(f"{provider}-{expected_timestamp}")
         assert compliance.endswith(f"{provider}-{expected_timestamp}")
-        assert threatscore.endswith(f"{provider}-{expected_timestamp}")
 
     @patch("tasks.jobs.export.rls_transaction")
     @patch("tasks.jobs.export.Scan")
@@ -201,14 +181,12 @@ class TestOutputs:
         provider = "aws/test@check"
         expected_timestamp = "20230615103045"
 
-        path, compliance, threatscore = _generate_output_directory(
+        path, compliance = _generate_output_directory(
             base_dir, provider, tenant_id, scan_id
         )
 
         assert os.path.isdir(os.path.dirname(path))
         assert os.path.isdir(os.path.dirname(compliance))
-        assert os.path.isdir(os.path.dirname(threatscore))
 
         assert path.endswith(f"aws-test-check-{expected_timestamp}")
         assert compliance.endswith(f"aws-test-check-{expected_timestamp}")
-        assert threatscore.endswith(f"aws-test-check-{expected_timestamp}")

api/src/backend/tasks/tests/test_report.py

@@ -1,963 +0,0 @@
-import uuid
-from pathlib import Path
-from unittest.mock import MagicMock, patch
-
-import matplotlib
-import pytest
-from tasks.jobs.report import (
-    _aggregate_requirement_statistics_from_database,
-    _calculate_requirements_data_from_statistics,
-    _load_findings_for_requirement_checks,
-    generate_threatscore_report,
-    generate_threatscore_report_job,
-)
-from tasks.tasks import generate_threatscore_report_task
-
-from api.models import Finding, StatusChoices
-from prowler.lib.check.models import Severity
-
-matplotlib.use("Agg")  # Use non-interactive backend for tests
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReport:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-
-    def test_no_findings_returns_early(self):
-        with patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter:
-            mock_filter.return_value.exists.return_value = False
-
-            result = generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            assert result == {"upload": False}
-            mock_filter.assert_called_once_with(scan_id=self.scan_id)
-
-    @patch("tasks.jobs.report.rmtree")
-    @patch("tasks.jobs.report._upload_to_s3")
-    @patch("tasks.jobs.report.generate_threatscore_report")
-    @patch("tasks.jobs.report._generate_output_directory")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.ScanSummary.objects.filter")
-    def test_generate_threatscore_report_happy_path(
-        self,
-        mock_scan_summary_filter,
-        mock_provider_get,
-        mock_generate_output_directory,
-        mock_generate_report,
-        mock_upload,
-        mock_rmtree,
-    ):
-        mock_scan_summary_filter.return_value.exists.return_value = True
-
-        mock_provider = MagicMock()
-        mock_provider.uid = "provider-uid"
-        mock_provider.provider = "aws"
-        mock_provider_get.return_value = mock_provider
-
-        mock_generate_output_directory.return_value = (
-            "/tmp/output",
-            "/tmp/compressed",
-            "/tmp/threatscore_path",
-        )
-
-        mock_upload.return_value = "s3://bucket/threatscore_report.pdf"
-
-        result = generate_threatscore_report_job(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"upload": True}
-        mock_generate_report.assert_called_once_with(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            compliance_id="prowler_threatscore_aws",
-            output_path="/tmp/threatscore_path_threatscore_report.pdf",
-            provider_id=self.provider_id,
-            only_failed=True,
-            min_risk_level=4,
-        )
-        mock_upload.assert_called_once_with(
-            self.tenant_id,
-            self.scan_id,
-            "/tmp/threatscore_path_threatscore_report.pdf",
-            "threatscore/threatscore_path_threatscore_report.pdf",
-        )
-        mock_rmtree.assert_called_once_with(
-            Path("/tmp/threatscore_path_threatscore_report.pdf").parent,
-            ignore_errors=True,
-        )
-
-    def test_generate_threatscore_report_fails_upload(self):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report"),
-            patch("tasks.jobs.report._upload_to_s3", return_value=None),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            # Mock provider
-            mock_provider = MagicMock()
-            mock_provider.uid = "aws-provider-uid"
-            mock_provider.provider = "aws"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            result = generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            assert result == {"upload": False}
-
-    def test_generate_threatscore_report_logs_rmtree_exception(self, caplog):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report"),
-            patch(
-                "tasks.jobs.report._upload_to_s3", return_value="s3://bucket/report.pdf"
-            ),
-            patch(
-                "tasks.jobs.report.rmtree", side_effect=Exception("Test deletion error")
-            ),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            # Mock provider
-            mock_provider = MagicMock()
-            mock_provider.uid = "aws-provider-uid"
-            mock_provider.provider = "aws"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            with caplog.at_level("ERROR"):
-                generate_threatscore_report_job(
-                    tenant_id=self.tenant_id,
-                    scan_id=self.scan_id,
-                    provider_id=self.provider_id,
-                )
-                assert "Error deleting output files" in caplog.text
-
-    def test_generate_threatscore_report_azure_provider(self):
-        with (
-            patch("tasks.jobs.report.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.jobs.report.Provider.objects.get") as mock_provider_get,
-            patch("tasks.jobs.report._generate_output_directory") as mock_gen_dir,
-            patch("tasks.jobs.report.generate_threatscore_report") as mock_generate,
-            patch(
-                "tasks.jobs.report._upload_to_s3", return_value="s3://bucket/report.pdf"
-            ),
-            patch("tasks.jobs.report.rmtree"),
-        ):
-            mock_filter.return_value.exists.return_value = True
-
-            mock_provider = MagicMock()
-            mock_provider.uid = "azure-provider-uid"
-            mock_provider.provider = "azure"
-            mock_provider_get.return_value = mock_provider
-
-            mock_gen_dir.return_value = (
-                "/tmp/output",
-                "/tmp/compressed",
-                "/tmp/threatscore_path",
-            )
-
-            generate_threatscore_report_job(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )
-
-            mock_generate.assert_called_once_with(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                compliance_id="prowler_threatscore_azure",
-                output_path="/tmp/threatscore_path_threatscore_report.pdf",
-                provider_id=self.provider_id,
-                only_failed=True,
-                min_risk_level=4,
-            )
-
-
-@pytest.mark.django_db
-class TestAggregateRequirementStatistics:
-    """Test suite for _aggregate_requirement_statistics_from_database function."""
-
-    def test_aggregates_findings_correctly(self, tenants_fixture, scans_fixture):
-        """Verify correct pass/total counts per check are aggregated from database."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create findings with different check_ids and statuses
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-1",
-            check_id="check_1",
-            status=StatusChoices.PASS,
-            severity=Severity.high,
-            impact=Severity.high,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-2",
-            check_id="check_1",
-            status=StatusChoices.FAIL,
-            severity=Severity.high,
-            impact=Severity.high,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-3",
-            check_id="check_2",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {
-            "check_1": {"passed": 1, "total": 2},
-            "check_2": {"passed": 1, "total": 1},
-        }
-
-    def test_handles_empty_scan(self, tenants_fixture, scans_fixture):
-        """Return empty dict when no findings exist for the scan."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {}
-
-    def test_multiple_findings_same_check(self, tenants_fixture, scans_fixture):
-        """Aggregate multiple findings for same check_id correctly."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create 5 findings for same check, 3 passed
-        for i in range(3):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-pass-{i}",
-                check_id="check_same",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        for i in range(2):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-fail-{i}",
-                check_id="check_same",
-                status=StatusChoices.FAIL,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {"check_same": {"passed": 3, "total": 5}}
-
-    def test_only_failed_findings(self, tenants_fixture, scans_fixture):
-        """Correctly count when all findings are FAIL status."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail-1",
-            check_id="check_fail",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail-2",
-            check_id="check_fail",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        assert result == {"check_fail": {"passed": 0, "total": 2}}
-
-    def test_mixed_statuses(self, tenants_fixture, scans_fixture):
-        """Test with PASS, FAIL, and MANUAL statuses mixed."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-pass",
-            check_id="check_mixed",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-fail",
-            check_id="check_mixed",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-manual",
-            check_id="check_mixed",
-            status=StatusChoices.MANUAL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        result = _aggregate_requirement_statistics_from_database(
-            str(tenant.id), str(scan.id)
-        )
-
-        # Only PASS status is counted as passed
-        assert result == {"check_mixed": {"passed": 1, "total": 3}}
-
-
-@pytest.mark.django_db
-class TestLoadFindingsForChecks:
-    """Test suite for _load_findings_for_requirement_checks function."""
-
-    def test_loads_only_requested_checks(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Verify only findings for specified check_ids are loaded."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        providers_fixture[0]
-
-        # Create findings with different check_ids
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-1",
-            check_id="check_requested",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-2",
-            check_id="check_not_requested",
-            status=StatusChoices.FAIL,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_requested"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_requested"], mock_provider
-            )
-
-            # Only one finding should be loaded
-            assert "check_requested" in result
-            assert "check_not_requested" not in result
-            assert len(result["check_requested"]) == 1
-            assert mock_transform.call_count == 1
-
-    def test_empty_check_ids_returns_empty(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Return empty dict when check_ids list is empty."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        mock_provider = MagicMock()
-
-        result = _load_findings_for_requirement_checks(
-            str(tenant.id), str(scan.id), [], mock_provider
-        )
-
-        assert result == {}
-
-    def test_groups_by_check_id(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Multiple findings for same check are grouped correctly."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create multiple findings for same check
-        for i in range(3):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-{i}",
-                check_id="check_group",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_group"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_group"], mock_provider
-            )
-
-            assert len(result["check_group"]) == 3
-
-    def test_transforms_to_finding_output(
-        self, tenants_fixture, scans_fixture, providers_fixture
-    ):
-        """Findings are transformed using FindingOutput.transform_api_finding."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        Finding.objects.create(
-            tenant_id=tenant.id,
-            scan=scan,
-            uid="finding-transform",
-            check_id="check_transform",
-            status=StatusChoices.PASS,
-            severity=Severity.medium,
-            impact=Severity.medium,
-            check_metadata={},
-            raw_result={},
-        )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_transform"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_transform"], mock_provider
-            )
-
-            # Verify transform was called
-            mock_transform.assert_called_once()
-            # Verify the transformed output is in the result
-            assert result["check_transform"][0] == mock_finding_output
-
-    def test_batched_iteration(self, tenants_fixture, scans_fixture, providers_fixture):
-        """Works correctly with multiple batches of findings."""
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Create enough findings to ensure batching (assuming batch size > 1)
-        for i in range(10):
-            Finding.objects.create(
-                tenant_id=tenant.id,
-                scan=scan,
-                uid=f"finding-batch-{i}",
-                check_id="check_batch",
-                status=StatusChoices.PASS,
-                severity=Severity.medium,
-                impact=Severity.medium,
-                check_metadata={},
-                raw_result={},
-            )
-
-        mock_provider = MagicMock()
-
-        with patch(
-            "tasks.jobs.report.FindingOutput.transform_api_finding"
-        ) as mock_transform:
-            mock_finding_output = MagicMock()
-            mock_finding_output.check_id = "check_batch"
-            mock_transform.return_value = mock_finding_output
-
-            result = _load_findings_for_requirement_checks(
-                str(tenant.id), str(scan.id), ["check_batch"], mock_provider
-            )
-
-            # All 10 findings should be loaded regardless of batching
-            assert len(result["check_batch"]) == 10
-            assert mock_transform.call_count == 10
-
-
-@pytest.mark.django_db
-class TestCalculateRequirementsData:
-    """Test suite for _calculate_requirements_data_from_statistics function."""
-
-    def test_requirement_status_all_pass(self):
-        """Status is PASS when all findings for requirement checks pass."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_1"
-        mock_requirement.Description = "Test requirement"
-        mock_requirement.Checks = ["check_1", "check_2"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_1": {"passed": 5, "total": 5},
-            "check_2": {"passed": 3, "total": 3},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.PASS
-        assert requirements_list[0]["attributes"]["passed_findings"] == 8
-        assert requirements_list[0]["attributes"]["total_findings"] == 8
-
-    def test_requirement_status_some_fail(self):
-        """Status is FAIL when some findings fail."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_2"
-        mock_requirement.Description = "Test requirement with failures"
-        mock_requirement.Checks = ["check_3"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_3": {"passed": 2, "total": 5},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.FAIL
-        assert requirements_list[0]["attributes"]["passed_findings"] == 2
-        assert requirements_list[0]["attributes"]["total_findings"] == 5
-
-    def test_requirement_status_no_findings(self):
-        """Status is MANUAL when no findings exist for requirement."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_3"
-        mock_requirement.Description = "Manual requirement"
-        mock_requirement.Checks = ["check_nonexistent"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {}
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.MANUAL
-        assert requirements_list[0]["attributes"]["passed_findings"] == 0
-        assert requirements_list[0]["attributes"]["total_findings"] == 0
-
-    def test_aggregates_multiple_checks(self):
-        """Correctly sum stats across multiple checks in requirement."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_4"
-        mock_requirement.Description = "Multi-check requirement"
-        mock_requirement.Checks = ["check_a", "check_b", "check_c"]
-        mock_requirement.Attributes = [MagicMock()]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {
-            "check_a": {"passed": 10, "total": 15},
-            "check_b": {"passed": 5, "total": 10},
-            "check_c": {"passed": 0, "total": 5},
-        }
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        assert len(requirements_list) == 1
-        # 10 + 5 + 0 = 15 passed
-        assert requirements_list[0]["attributes"]["passed_findings"] == 15
-        # 15 + 10 + 5 = 30 total
-        assert requirements_list[0]["attributes"]["total_findings"] == 30
-        # Not all passed, so should be FAIL
-        assert requirements_list[0]["attributes"]["status"] == StatusChoices.FAIL
-
-    def test_returns_correct_structure(self):
-        """Verify tuple structure and dict keys are correct."""
-        mock_compliance = MagicMock()
-        mock_compliance.Framework = "TestFramework"
-        mock_compliance.Version = "1.0"
-
-        mock_attribute = MagicMock()
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_5"
-        mock_requirement.Description = "Structure test"
-        mock_requirement.Checks = ["check_struct"]
-        mock_requirement.Attributes = [mock_attribute]
-
-        mock_compliance.Requirements = [mock_requirement]
-
-        requirement_statistics = {"check_struct": {"passed": 1, "total": 1}}
-
-        attributes_by_id, requirements_list = (
-            _calculate_requirements_data_from_statistics(
-                mock_compliance, requirement_statistics
-            )
-        )
-
-        # Verify attributes_by_id structure
-        assert "req_5" in attributes_by_id
-        assert "attributes" in attributes_by_id["req_5"]
-        assert "description" in attributes_by_id["req_5"]
-        assert "req_attributes" in attributes_by_id["req_5"]["attributes"]
-        assert "checks" in attributes_by_id["req_5"]["attributes"]
-
-        # Verify requirements_list structure
-        assert len(requirements_list) == 1
-        req = requirements_list[0]
-        assert "id" in req
-        assert "attributes" in req
-        assert "framework" in req["attributes"]
-        assert "version" in req["attributes"]
-        assert "status" in req["attributes"]
-        assert "description" in req["attributes"]
-        assert "passed_findings" in req["attributes"]
-        assert "total_findings" in req["attributes"]
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReportFunction:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-        self.compliance_id = "prowler_threatscore_aws"
-        self.output_path = "/tmp/test_threatscore_report.pdf"
-
-    @patch("tasks.jobs.report.initialize_prowler_provider")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.Compliance.get_bulk")
-    @patch("tasks.jobs.report._aggregate_requirement_statistics_from_database")
-    @patch("tasks.jobs.report._calculate_requirements_data_from_statistics")
-    @patch("tasks.jobs.report._load_findings_for_requirement_checks")
-    @patch("tasks.jobs.report.SimpleDocTemplate")
-    @patch("tasks.jobs.report.Image")
-    @patch("tasks.jobs.report.Spacer")
-    @patch("tasks.jobs.report.Paragraph")
-    @patch("tasks.jobs.report.PageBreak")
-    @patch("tasks.jobs.report.Table")
-    @patch("tasks.jobs.report.TableStyle")
-    @patch("tasks.jobs.report.plt.subplots")
-    @patch("tasks.jobs.report.plt.savefig")
-    @patch("tasks.jobs.report.io.BytesIO")
-    def test_generate_threatscore_report_success(
-        self,
-        mock_bytesio,
-        mock_savefig,
-        mock_subplots,
-        mock_table_style,
-        mock_table,
-        mock_page_break,
-        mock_paragraph,
-        mock_spacer,
-        mock_image,
-        mock_doc_template,
-        mock_load_findings,
-        mock_calculate_requirements,
-        mock_aggregate_statistics,
-        mock_compliance_get_bulk,
-        mock_provider_get,
-        mock_initialize_provider,
-    ):
-        """Test the updated generate_threatscore_report using new memory-efficient architecture."""
-        mock_provider = MagicMock()
-        mock_provider.provider = "aws"
-        mock_provider_get.return_value = mock_provider
-
-        prowler_provider = MagicMock()
-        mock_initialize_provider.return_value = prowler_provider
-
-        # Mock compliance object with requirements
-        mock_compliance_obj = MagicMock()
-        mock_compliance_obj.Framework = "ProwlerThreatScore"
-        mock_compliance_obj.Version = "1.0"
-        mock_compliance_obj.Description = "Test Description"
-
-        # Configure requirement with properly set numeric attributes for chart generation
-        mock_requirement = MagicMock()
-        mock_requirement.Id = "req_1"
-        mock_requirement.Description = "Test requirement"
-        mock_requirement.Checks = ["check_1"]
-
-        # Create a properly configured attribute mock with numeric values
-        mock_requirement_attr = MagicMock()
-        mock_requirement_attr.Section = "1. IAM"
-        mock_requirement_attr.SubSection = "1.1 Identity"
-        mock_requirement_attr.Title = "Test Requirement Title"
-        mock_requirement_attr.LevelOfRisk = 3
-        mock_requirement_attr.Weight = 100
-        mock_requirement_attr.AttributeDescription = "Test requirement description"
-        mock_requirement_attr.AdditionalInformation = "Additional test information"
-
-        mock_requirement.Attributes = [mock_requirement_attr]
-        mock_compliance_obj.Requirements = [mock_requirement]
-
-        mock_compliance_get_bulk.return_value = {
-            self.compliance_id: mock_compliance_obj
-        }
-
-        # Mock the aggregated statistics from database
-        mock_aggregate_statistics.return_value = {"check_1": {"passed": 5, "total": 10}}
-
-        # Mock the calculated requirements data with properly configured attributes
-        mock_attributes_by_id = {
-            "req_1": {
-                "attributes": {
-                    "req_attributes": [mock_requirement_attr],
-                    "checks": ["check_1"],
-                },
-                "description": "Test requirement",
-            }
-        }
-        mock_requirements_list = [
-            {
-                "id": "req_1",
-                "attributes": {
-                    "framework": "ProwlerThreatScore",
-                    "version": "1.0",
-                    "status": StatusChoices.FAIL,
-                    "description": "Test requirement",
-                    "passed_findings": 5,
-                    "total_findings": 10,
-                },
-            }
-        ]
-        mock_calculate_requirements.return_value = (
-            mock_attributes_by_id,
-            mock_requirements_list,
-        )
-
-        # Mock the on-demand loaded findings
-        mock_finding_output = MagicMock()
-        mock_finding_output.check_id = "check_1"
-        mock_finding_output.status = "FAIL"
-        mock_finding_output.metadata = MagicMock()
-        mock_finding_output.metadata.CheckTitle = "Test Check"
-        mock_finding_output.metadata.Severity = "HIGH"
-        mock_finding_output.resource_name = "test-resource"
-        mock_finding_output.region = "us-east-1"
-
-        mock_load_findings.return_value = {"check_1": [mock_finding_output]}
-
-        # Mock PDF generation components
-        mock_doc = MagicMock()
-        mock_doc_template.return_value = mock_doc
-
-        mock_fig, mock_ax = MagicMock(), MagicMock()
-        mock_subplots.return_value = (mock_fig, mock_ax)
-        mock_buffer = MagicMock()
-        mock_bytesio.return_value = mock_buffer
-
-        mock_image.return_value = MagicMock()
-        mock_spacer.return_value = MagicMock()
-        mock_paragraph.return_value = MagicMock()
-        mock_page_break.return_value = MagicMock()
-        mock_table.return_value = MagicMock()
-        mock_table_style.return_value = MagicMock()
-
-        # Execute the function
-        generate_threatscore_report(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            compliance_id=self.compliance_id,
-            output_path=self.output_path,
-            provider_id=self.provider_id,
-            only_failed=True,
-            min_risk_level=4,
-        )
-
-        # Verify the new workflow was followed
-        mock_provider_get.assert_called_once_with(id=self.provider_id)
-        mock_initialize_provider.assert_called_once_with(mock_provider)
-        mock_compliance_get_bulk.assert_called_once_with("aws")
-
-        # Verify the new functions were called in correct order with correct parameters
-        mock_aggregate_statistics.assert_called_once_with(self.tenant_id, self.scan_id)
-        mock_calculate_requirements.assert_called_once_with(
-            mock_compliance_obj, {"check_1": {"passed": 5, "total": 10}}
-        )
-        mock_load_findings.assert_called_once_with(
-            self.tenant_id, self.scan_id, ["check_1"], prowler_provider
-        )
-
-        # Verify PDF was built
-        mock_doc_template.assert_called_once()
-        mock_doc.build.assert_called_once()
-
-    @patch("tasks.jobs.report.initialize_prowler_provider")
-    @patch("tasks.jobs.report.Provider.objects.get")
-    @patch("tasks.jobs.report.Compliance.get_bulk")
-    @patch("tasks.jobs.report.Finding.all_objects.filter")
-    def test_generate_threatscore_report_exception_handling(
-        self,
-        mock_finding_filter,
-        mock_compliance_get_bulk,
-        mock_provider_get,
-        mock_initialize_provider,
-    ):
-        mock_provider_get.side_effect = Exception("Provider not found")
-
-        with pytest.raises(Exception, match="Provider not found"):
-            generate_threatscore_report(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                compliance_id=self.compliance_id,
-                output_path=self.output_path,
-                provider_id=self.provider_id,
-                only_failed=True,
-                min_risk_level=4,
-            )
-
-
-@pytest.mark.django_db
-class TestGenerateThreatscoreReportTask:
-    def setup_method(self):
-        self.scan_id = str(uuid.uuid4())
-        self.provider_id = str(uuid.uuid4())
-        self.tenant_id = str(uuid.uuid4())
-
-    @patch("tasks.tasks.generate_threatscore_report_job")
-    def test_generate_threatscore_report_task_calls_job(self, mock_generate_job):
-        mock_generate_job.return_value = {"upload": True}
-
-        result = generate_threatscore_report_task(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-        assert result == {"upload": True}
-        mock_generate_job.assert_called_once_with(
-            tenant_id=self.tenant_id,
-            scan_id=self.scan_id,
-            provider_id=self.provider_id,
-        )
-
-    @patch("tasks.tasks.generate_threatscore_report_job")
-    def test_generate_threatscore_report_task_handles_job_exception(
-        self, mock_generate_job
-    ):
-        mock_generate_job.side_effect = Exception("Job failed")
-
-        with pytest.raises(Exception, match="Job failed"):
-            generate_threatscore_report_task(
-                tenant_id=self.tenant_id,
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-            )

api/src/backend/tasks/tests/test_tasks.py

@@ -98,11 +98,7 @@ class TestGenerateOutputs:
             ),
             patch(
                 "tasks.tasks._generate_output_directory",
-                return_value=(
-                    "/tmp/test/out-dir",
-                    "/tmp/test/comp-dir",
-                    "/tmp/test/threat-dir",
-                ),
+                return_value=("out-dir", "comp-dir"),
             ),
             patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
             patch("tasks.tasks.rmtree"),
@@ -130,8 +126,7 @@ class TestGenerateOutputs:
             patch("tasks.tasks.get_compliance_frameworks"),
             patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
             patch(
-                "tasks.tasks._generate_output_directory",
-                return_value=("/tmp/test/out", "/tmp/test/comp", "/tmp/test/threat"),
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
             ),
             patch("tasks.tasks.FindingOutput._transform_findings_stats"),
             patch("tasks.tasks.FindingOutput.transform_api_finding"),
@@ -173,35 +168,15 @@ class TestGenerateOutputs:
         mock_finding_output = MagicMock()
         mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
 
-        html_writer_mock = MagicMock()
-        html_writer_mock._data = []
-        html_writer_mock.close_file = False
-        html_writer_mock.transform = MagicMock()
-        html_writer_mock.batch_write_data_to_file = MagicMock()
-
-        compliance_writer_mock = MagicMock()
-        compliance_writer_mock._data = []
-        compliance_writer_mock.close_file = False
-        compliance_writer_mock.transform = MagicMock()
-        compliance_writer_mock.batch_write_data_to_file = MagicMock()
-
-        # Create a mock class that returns our mock instance when called
-        mock_compliance_class = MagicMock(return_value=compliance_writer_mock)
-
-        mock_provider = MagicMock()
-        mock_provider.provider = "aws"
-        mock_provider.uid = "test-provider-uid"
-
         with (
             patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.tasks.Provider.objects.get", return_value=mock_provider),
+            patch("tasks.tasks.Provider.objects.get"),
             patch("tasks.tasks.initialize_prowler_provider"),
             patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
             patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
             patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
             patch(
-                "tasks.tasks._generate_output_directory",
-                return_value=("/tmp/test/out", "/tmp/test/comp", "/tmp/test/threat"),
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
             ),
             patch(
                 "tasks.tasks.FindingOutput._transform_findings_stats",
@@ -215,20 +190,6 @@ class TestGenerateOutputs:
             patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/f.zip"),
             patch("tasks.tasks.Scan.all_objects.filter"),
             patch("tasks.tasks.rmtree"),
-            patch(
-                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
-                {
-                    "html": {
-                        "class": lambda *args, **kwargs: html_writer_mock,
-                        "suffix": ".html",
-                        "kwargs": {},
-                    }
-                },
-            ),
-            patch(
-                "tasks.tasks.COMPLIANCE_CLASS_MAP",
-                {"aws": [(lambda x: True, mock_compliance_class)]},
-            ),
         ):
             mock_filter.return_value.exists.return_value = True
             mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -236,12 +197,29 @@ class TestGenerateOutputs:
                 True,
             ]
 
-            generate_outputs_task(
-                scan_id=self.scan_id,
-                provider_id=self.provider_id,
-                tenant_id=self.tenant_id,
-            )
-            html_writer_mock.batch_write_data_to_file.assert_called_once()
+            html_writer_mock = MagicMock()
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "html": {
+                            "class": lambda *args, **kwargs: html_writer_mock,
+                            "suffix": ".html",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                generate_outputs_task(
+                    scan_id=self.scan_id,
+                    provider_id=self.provider_id,
+                    tenant_id=self.tenant_id,
+                )
+                html_writer_mock.batch_write_data_to_file.assert_called_once()
 
     def test_transform_called_only_on_second_batch(self):
         raw1 = MagicMock()
@@ -278,11 +256,7 @@ class TestGenerateOutputs:
             ),
             patch(
                 "tasks.tasks._generate_output_directory",
-                return_value=(
-                    "/tmp/test/outdir",
-                    "/tmp/test/compdir",
-                    "/tmp/test/threatdir",
-                ),
+                return_value=("outdir", "compdir"),
             ),
             patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
             patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
@@ -329,14 +303,12 @@ class TestGenerateOutputs:
             def __init__(self, *args, **kwargs):
                 self.transform_calls = []
                 self._data = []
-                self.close_file = False
                 writer_instances.append(self)
 
             def transform(self, fos, comp_obj, name):
                 self.transform_calls.append((fos, comp_obj, name))
 
             def batch_write_data_to_file(self):
-                # Mock implementation - do nothing
                 pass
 
         two_batches = [
@@ -357,11 +329,7 @@ class TestGenerateOutputs:
             patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
             patch(
                 "tasks.tasks._generate_output_directory",
-                return_value=(
-                    "/tmp/test/outdir",
-                    "/tmp/test/compdir",
-                    "/tmp/test/threatdir",
-                ),
+                return_value=("outdir", "compdir"),
             ),
             patch("tasks.tasks.FindingOutput._transform_findings_stats"),
             patch(
@@ -400,35 +368,15 @@ class TestGenerateOutputs:
         mock_finding_output = MagicMock()
         mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
 
-        json_writer_mock = MagicMock()
-        json_writer_mock._data = []
-        json_writer_mock.close_file = False
-        json_writer_mock.transform = MagicMock()
-        json_writer_mock.batch_write_data_to_file = MagicMock()
-
-        compliance_writer_mock = MagicMock()
-        compliance_writer_mock._data = []
-        compliance_writer_mock.close_file = False
-        compliance_writer_mock.transform = MagicMock()
-        compliance_writer_mock.batch_write_data_to_file = MagicMock()
-
-        # Create a mock class that returns our mock instance when called
-        mock_compliance_class = MagicMock(return_value=compliance_writer_mock)
-
-        mock_provider = MagicMock()
-        mock_provider.provider = "aws"
-        mock_provider.uid = "test-provider-uid"
-
         with (
             patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
-            patch("tasks.tasks.Provider.objects.get", return_value=mock_provider),
+            patch("tasks.tasks.Provider.objects.get"),
             patch("tasks.tasks.initialize_prowler_provider"),
             patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
             patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
             patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
             patch(
-                "tasks.tasks._generate_output_directory",
-                return_value=("/tmp/test/out", "/tmp/test/comp", "/tmp/test/threat"),
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
             ),
             patch(
                 "tasks.tasks.FindingOutput._transform_findings_stats",
@@ -442,20 +390,6 @@ class TestGenerateOutputs:
             patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/file.zip"),
             patch("tasks.tasks.Scan.all_objects.filter"),
             patch("tasks.tasks.rmtree", side_effect=Exception("Test deletion error")),
-            patch(
-                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
-                {
-                    "json": {
-                        "class": lambda *args, **kwargs: json_writer_mock,
-                        "suffix": ".json",
-                        "kwargs": {},
-                    }
-                },
-            ),
-            patch(
-                "tasks.tasks.COMPLIANCE_CLASS_MAP",
-                {"aws": [(lambda x: True, mock_compliance_class)]},
-            ),
         ):
             mock_filter.return_value.exists.return_value = True
             mock_findings.return_value.order_by.return_value.iterator.return_value = [
@@ -463,13 +397,29 @@ class TestGenerateOutputs:
                 True,
             ]
 
-            with caplog.at_level("ERROR"):
-                generate_outputs_task(
-                    scan_id=self.scan_id,
-                    provider_id=self.provider_id,
-                    tenant_id=self.tenant_id,
-                )
-                assert "Error deleting output files" in caplog.text
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "json": {
+                            "class": lambda *args, **kwargs: MagicMock(),
+                            "suffix": ".json",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                with caplog.at_level("ERROR"):
+                    generate_outputs_task(
+                        scan_id=self.scan_id,
+                        provider_id=self.provider_id,
+                        tenant_id=self.tenant_id,
+                    )
+                    assert "Error deleting output files" in caplog.text
 
     @patch("tasks.tasks.rls_transaction")
     @patch("tasks.tasks.Integration.objects.filter")
@@ -485,8 +435,7 @@ class TestGenerateOutputs:
             patch("tasks.tasks.get_compliance_frameworks", return_value=[]),
             patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
             patch(
-                "tasks.tasks._generate_output_directory",
-                return_value=("/tmp/test/out", "/tmp/test/comp", "/tmp/test/threat"),
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
             ),
             patch("tasks.tasks.FindingOutput._transform_findings_stats"),
             patch("tasks.tasks.FindingOutput.transform_api_finding"),
@@ -527,15 +476,8 @@ class TestScanCompleteTasks:
     @patch("tasks.tasks.create_compliance_requirements_task.apply_async")
     @patch("tasks.tasks.perform_scan_summary_task.si")
     @patch("tasks.tasks.generate_outputs_task.si")
-    @patch("tasks.tasks.generate_threatscore_report_task.si")
-    @patch("tasks.tasks.check_integrations_task.si")
     def test_scan_complete_tasks(
-        self,
-        mock_check_integrations_task,
-        mock_threatscore_task,
-        mock_outputs_task,
-        mock_scan_summary_task,
-        mock_compliance_tasks,
+        self, mock_outputs_task, mock_scan_summary_task, mock_compliance_tasks
     ):
         _perform_scan_complete_tasks("tenant-id", "scan-id", "provider-id")
         mock_compliance_tasks.assert_called_once_with(
@@ -550,16 +492,6 @@ class TestScanCompleteTasks:
             provider_id="provider-id",
             tenant_id="tenant-id",
         )
-        mock_threatscore_task.assert_called_once_with(
-            tenant_id="tenant-id",
-            scan_id="scan-id",
-            provider_id="provider-id",
-        )
-        mock_check_integrations_task.assert_called_once_with(
-            tenant_id="tenant-id",
-            provider_id="provider-id",
-            scan_id="scan-id",
-        )
 
 
 @pytest.mark.django_db
@@ -730,7 +662,7 @@ class TestCheckIntegrationsTask:
         mock_initialize_provider.return_value = MagicMock()
         mock_compliance_bulk.return_value = {}
         mock_get_frameworks.return_value = []
-        mock_generate_dir.return_value = ("out-dir", "comp-dir", "threat-dir")
+        mock_generate_dir.return_value = ("out-dir", "comp-dir")
         mock_transform_stats.return_value = {"stats": "data"}
 
         # Mock findings
@@ -855,7 +787,7 @@ class TestCheckIntegrationsTask:
         mock_initialize_provider.return_value = MagicMock()
         mock_compliance_bulk.return_value = {}
         mock_get_frameworks.return_value = []
-        mock_generate_dir.return_value = ("out-dir", "comp-dir", "threat-dir")
+        mock_generate_dir.return_value = ("out-dir", "comp-dir")
         mock_transform_stats.return_value = {"stats": "data"}
 
         # Mock findings
@@ -971,7 +903,7 @@ class TestCheckIntegrationsTask:
         mock_initialize_provider.return_value = MagicMock()
         mock_compliance_bulk.return_value = {}
         mock_get_frameworks.return_value = []
-        mock_generate_dir.return_value = ("out-dir", "comp-dir", "threat-dir")
+        mock_generate_dir.return_value = ("out-dir", "comp-dir")
         mock_transform_stats.return_value = {"stats": "data"}
 
         # Mock findings

dashboard/compliance/cis_alibabacloud.py

@@ -1,75 +0,0 @@
-"""
-CIS Alibaba Cloud Compliance Dashboard
-
-This module generates compliance reports for the CIS Alibaba Cloud Foundations Benchmark.
-"""
-
-import warnings
-
-from dashboard.common_methods import get_section_containers_3_levels
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    """
-    Generate compliance table for CIS Alibaba Cloud framework
-
-    This function processes compliance data and formats it for dashboard display,
-    with sections, subsections, and individual requirements.
-
-    Args:
-        data: DataFrame containing compliance data with columns:
-            - REQUIREMENTS_ID: Requirement identifier (e.g., "2.1", "4.1")
-            - REQUIREMENTS_DESCRIPTION: Description of the requirement
-            - REQUIREMENTS_ATTRIBUTES_SECTION: Main section (e.g., "2. Storage")
-            - REQUIREMENTS_ATTRIBUTES_SUBSECTION: Subsection (e.g., "2.1 ECS Disk Encryption")
-            - CHECKID: Associated Prowler check ID
-            - STATUS: Check status (PASS/FAIL)
-            - REGION: Alibaba Cloud region
-            - ACCOUNTID: Alibaba Cloud account ID
-            - RESOURCEID: Resource identifier
-
-    Returns:
-        Dashboard table with hierarchical compliance structure
-    """
-    # Format requirement descriptions with ID prefix and truncate if too long
-    data["REQUIREMENTS_DESCRIPTION"] = (
-        data["REQUIREMENTS_ID"] + " - " + data["REQUIREMENTS_DESCRIPTION"]
-    )
-
-    data["REQUIREMENTS_DESCRIPTION"] = data["REQUIREMENTS_DESCRIPTION"].apply(
-        lambda x: x[:150] + "..." if len(str(x)) > 150 else x
-    )
-
-    # Truncate section names if too long
-    data["REQUIREMENTS_ATTRIBUTES_SECTION"] = data[
-        "REQUIREMENTS_ATTRIBUTES_SECTION"
-    ].apply(lambda x: x[:80] + "..." if len(str(x)) > 80 else x)
-
-    # Truncate subsection names if too long
-    data["REQUIREMENTS_ATTRIBUTES_SUBSECTION"] = data[
-        "REQUIREMENTS_ATTRIBUTES_SUBSECTION"
-    ].apply(lambda x: x[:150] + "..." if len(str(x)) > 150 else x)
-
-    # Select relevant columns for display
-    display_data = data[
-        [
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ]
-
-    # Generate hierarchical table with 3 levels (Section > Subsection > Requirement)
-    return get_section_containers_3_levels(
-        display_data,
-        "REQUIREMENTS_ATTRIBUTES_SECTION",
-        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
-        "REQUIREMENTS_DESCRIPTION",
-    )

docs/developer-guide/services.mdx

@@ -5,7 +5,8 @@ title: 'Prowler Services'
 Here you can find how to create a new service, or to complement an existing one, for a [Prowler Provider](/developer-guide/provider).
 
 <Note>
-First ensure that the provider you want to add the service is already created. It can be checked [here](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers). If the provider is not present, please refer to the [Provider](./provider.md) documentation to create it from scratch.
+First ensure that the provider you want to add the service is already created. It can be checked [here](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers). If the provider is not present, please refer to the [Provider](/developer-guide/provider) documentation to create it from scratch.
+
 </Note>
 ## Introduction
 
@@ -200,11 +201,11 @@ class <Item>(BaseModel):
 
 #### Service Attributes
 
-_Optimized Data Storage with Python Dictionaries_
+*Optimized Data Storage with Python Dictionaries*
 
 Each group of resources within a service should be structured as a Python [dictionary](https://docs.python.org/3/tutorial/datastructures.html#dictionaries) to enable efficient lookups. The dictionary lookup operation has [O(1) complexity](https://en.wikipedia.org/wiki/Big_O_notation#Orders_of_common_functions), and lookups are constantly executed.
 
-_Assigning Unique Identifiers_
+*Assigning Unique Identifiers*
 
 Each dictionary key must be a unique ID to identify the resource in a univocal way.
 
@@ -240,301 +241,6 @@ Provider-Specific Permissions Documentation:
 - [M365](/user-guide/providers/microsoft365/authentication#required-permissions)
 - [GitHub](/user-guide/providers/github/authentication)
 
-## Service Architecture and Cross-Service Communication
-
-### Core Principle: Service Isolation with Client Communication
-
-Each service must contain **ONLY** the information unique to that specific service. When a check requires information from multiple services, it must use the **client objects** of other services rather than directly accessing their data structures.
-
-This architecture ensures:
-
-- **Loose coupling** between services
-- **Clear separation of concerns**
-- **Maintainable and testable code**
-- **Consistent data access patterns**
-
-### Cross-Service Communication Pattern
-
-Instead of services directly accessing each other's internal data, checks should import and use client objects:
-
-**❌ INCORRECT - Direct data access:**
-
-```python
-# DON'T DO THIS
-from prowler.providers.aws.services.cloudtrail.cloudtrail_service import cloudtrail_service
-from prowler.providers.aws.services.s3.s3_service import s3_service
-
-class cloudtrail_bucket_requires_mfa_delete(Check):
-    def execute(self):
-        # WRONG: Directly accessing service data
-        for trail in cloudtrail_service.trails.values():
-            for bucket in s3_service.buckets.values():
-                # Direct access violates separation of concerns
-```
-
-**✅ CORRECT - Client-based communication:**
-
-```python
-# DO THIS INSTEAD
-from prowler.providers.aws.services.cloudtrail.cloudtrail_client import cloudtrail_client
-from prowler.providers.aws.services.s3.s3_client import s3_client
-
-class cloudtrail_bucket_requires_mfa_delete(Check):
-    def execute(self):
-        # CORRECT: Using client objects for cross-service communication
-        for trail in cloudtrail_client.trails.values():
-            trail_bucket = trail.s3_bucket
-            for bucket in s3_client.buckets.values():
-                if trail_bucket == bucket.name:
-                    # Use bucket properties through s3_client
-                    if bucket.mfa_delete:
-                        # Implementation logic
-```
-
-### Real-World Example: CloudTrail + S3 Integration
-
-This example demonstrates how CloudTrail checks validate S3 bucket configurations:
-
-```python
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.cloudtrail.cloudtrail_client import cloudtrail_client
-from prowler.providers.aws.services.s3.s3_client import s3_client
-
-class cloudtrail_bucket_requires_mfa_delete(Check):
-    def execute(self):
-        findings = []
-        if cloudtrail_client.trails is not None:
-            for trail in cloudtrail_client.trails.values():
-                if trail.is_logging:
-                    trail_bucket_is_in_account = False
-                    trail_bucket = trail.s3_bucket
-
-                    # Cross-service communication: CloudTrail check uses S3 client
-                    for bucket in s3_client.buckets.values():
-                        if trail_bucket == bucket.name:
-                            trail_bucket_is_in_account = True
-                            if bucket.mfa_delete:
-                                report.status = "PASS"
-                                report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) has MFA delete enabled."
-
-                    # Handle cross-account scenarios
-                    if not trail_bucket_is_in_account:
-                        report.status = "MANUAL"
-                        report.status_extended = f"Trail {trail.name} bucket ({trail_bucket}) is a cross-account bucket or out of Prowler's audit scope, please check it manually."
-
-                    findings.append(report)
-        return findings
-```
-
-**Key Benefits:**
-
-- **CloudTrail service** only contains CloudTrail-specific data (trails, configurations)
-- **S3 service** only contains S3-specific data (buckets, policies, ACLs)
-- **Check logic** orchestrates between services using their public client interfaces
-- **Cross-account detection** is handled gracefully when resources span accounts
-
-### Service Consolidation Guidelines
-
-**When to combine services in the same file:**
-
-Implement multiple services as **separate classes in the same file** when two services are **practically the same** or one is a **direct extension** of another.
-
-**Example: S3 and S3Control**
-
-S3Control is an extension of S3 that provides account-level controls and access points. Both are implemented in `s3_service.py`:
-
-```python
-# File: prowler/providers/aws/services/s3/s3_service.py
-
-class S3(AWSService):
-    """Standard S3 service for bucket operations"""
-    def __init__(self, provider):
-        super().__init__(__class__.__name__, provider)
-        self.buckets = {}
-        self.regions_with_buckets = []
-
-        # S3-specific initialization
-        self._list_buckets(provider)
-        self._get_bucket_versioning()
-        # ... other S3-specific operations
-
-class S3Control(AWSService):
-    """S3Control service for account-level and access point operations"""
-    def __init__(self, provider):
-        super().__init__(__class__.__name__, provider)
-        self.account_public_access_block = None
-        self.access_points = {}
-
-        # S3Control-specific initialization
-        self._get_public_access_block()
-        self._list_access_points()
-        # ... other S3Control-specific operations
-```
-
-**Separate client files:**
-
-```python
-# File: prowler/providers/aws/services/s3/s3_client.py
-from prowler.providers.aws.services.s3.s3_service import S3
-s3_client = S3(Provider.get_global_provider())
-
-# File: prowler/providers/aws/services/s3/s3control_client.py
-from prowler.providers.aws.services.s3.s3_service import S3Control
-s3control_client = S3Control(Provider.get_global_provider())
-```
-
-**When NOT to consolidate services:**
-
-Keep services separate when they:
-
-- **Operate on different resource types** (EC2 vs RDS)
-- **Have different authentication mechanisms** (different API endpoints)
-- **Serve different operational domains** (IAM vs CloudTrail)
-- **Have different regional behaviors** (global vs regional services)
-
-### Cross-Service Dependencies Guidelines
-
-**1. Always use client imports:**
-
-```python
-# Correct pattern
-from prowler.providers.aws.services.service_a.service_a_client import service_a_client
-from prowler.providers.aws.services.service_b.service_b_client import service_b_client
-```
-
-**2. Handle missing resources gracefully:**
-
-```python
-# Handle cross-service scenarios
-resource_found_in_account = False
-for external_resource in other_service_client.resources.values():
-    if target_resource_id == external_resource.id:
-        resource_found_in_account = True
-        # Process found resource
-        break
-
-if not resource_found_in_account:
-    # Handle cross-account or missing resource scenarios
-    report.status = "MANUAL"
-    report.status_extended = "Resource is cross-account or out of audit scope"
-```
-
-**3. Document cross-service dependencies:**
-
-```python
-class check_with_dependencies(Check):
-    """
-    Check Description
-
-    Dependencies:
-    - service_a_client: For primary resource information
-    - service_b_client: For related resource validation
-    - service_c_client: For policy analysis
-    """
-```
-
-## Regional Service Implementation
-
-When implementing services for regional providers (like AWS, Azure, GCP), special considerations are needed to handle resource discovery across multiple geographic locations. This section provides a complete guide using AWS as the reference example.
-
-### Regional vs Non-Regional Services
-
-**Regional Services:** Require iteration across multiple geographic locations where resources may exist (e.g., EC2 instances, VPC, RDS databases).
-
-**Non-Regional/Global Services:** Operate at a global or tenant level without regional concepts (e.g., IAM users, Route53 hosted zones).
-
-### AWS Regional Implementation Example
-
-AWS is the perfect example of a regional provider. Here's how Prowler handles AWS's regional architecture:
-
-
-```python
-# File: prowler/providers/aws/services/ec2/ec2_service.py
-class EC2(AWSService):
-    def __init__(self, provider):
-        super().__init__(__class__.__name__, provider)
-        self.instances = {}
-        self.security_groups = {}
-
-        # Regional resource discovery across all AWS regions
-        self.__threading_call__(self._describe_instances)
-        self.__threading_call__(self._describe_security_groups)
-
-    def _describe_instances(self, regional_client):
-        """Discover EC2 instances in a specific region"""
-        try:
-            describe_instances_paginator = regional_client.get_paginator("describe_instances")
-            for page in describe_instances_paginator.paginate():
-                for reservation in page["Reservations"]:
-                    for instance in reservation["Instances"]:
-                        # Each instance includes its region
-                        self.instances[instance["InstanceId"]] = Instance(
-                            id=instance["InstanceId"],
-                            region=regional_client.region,
-                            state=instance["State"]["Name"],
-                            # ... other properties
-                        )
-        except Exception as error:
-            logger.error(f"Failed to describe instances in {regional_client.region}: {error}")
-```
-
-#### Regional Check Execution
-
-```python
-# File: prowler/providers/aws/services/ec2/ec2_instance_public_ip/ec2_instance_public_ip.py
-class ec2_instance_public_ip(Check):
-    def execute(self):
-        findings = []
-
-        # Automatically iterates across ALL AWS regions where instances exist
-        for instance in ec2_client.instances.values():
-            report = Check_Report_AWS(metadata=self.metadata(), resource=instance)
-            report.region = instance.region  # Critical: region attribution
-            report.resource_arn = f"arn:aws:ec2:{instance.region}:{instance.account_id}:instance/{instance.id}"
-
-            if instance.public_ip:
-                report.status = "FAIL"
-                report.status_extended = f"Instance {instance.id} in {instance.region} has public IP {instance.public_ip}"
-            else:
-                report.status = "PASS"
-                report.status_extended = f"Instance {instance.id} in {instance.region} does not have a public IP"
-
-            findings.append(report)
-
-        return findings
-```
-
-#### Key AWS Regional Features
-
-**Region-Specific ARNs:**
-
-```
-arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0
-arn:aws:s3:eu-west-1:123456789012:bucket/my-bucket
-arn:aws:rds:ap-southeast-2:123456789012:db:my-database
-```
-
-**Parallel Processing:**
-
-- Each region processed independently in separate threads
-- Failed regions don't affect other regions
-- User can filter specific regions: `-f us-east-1`
-
-**Global vs Regional Services:**
-
-- **Regional**: EC2, RDS, VPC (require region iteration)
-- **Global**: IAM, Route53, CloudFront (single `us-east-1` call)
-
-This architecture allows Prowler to efficiently scan AWS accounts with resources spread across multiple regions while maintaining performance and error isolation.
-
-### Regional Service Best Practices
-
-1. **Use Threading for Regional Discovery**: Leverage the `__threading_call__` method to parallelize resource discovery across regions
-2. **Store Region Information**: Always include region metadata in resource objects for proper attribution
-3. **Handle Regional Failures Gracefully**: Ensure that failures in one region don't affect others
-4. **Optimize for Performance**: Use paginated calls and efficient data structures for large-scale resource discovery
-5. **Support Region Filtering**: Allow users to limit scans to specific regions for focused audits
-
 ## Best Practices
 
 - When available in the provider, use threading or parallelization utilities for all methods that can be parallelized by to maximize performance and reduce scan time.
@@ -546,5 +252,3 @@ This architecture allows Prowler to efficiently scan AWS accounts with resources
 - Collect and store resource tags and additional attributes to support richer checks and reporting.
 - Leverage shared utility helpers for session setup, identifier parsing, and other cross-cutting concerns to avoid code duplication. This kind of code is typically stored in a `lib` folder in the service folder.
 - Keep code modular, maintainable, and well-documented for ease of extension and troubleshooting.
-- **Each service should contain only information unique to that specific service** - use client objects for cross-service communication.
-- **Handle cross-account and missing resources gracefully** when checks span multiple services.

docs/getting-started/installation/prowler-app.mdx

@@ -25,9 +25,6 @@ Prowler configuration is based in `.env` files. Every version of Prowler can hav
     curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/master/.env
     docker compose up -d
     ```
-
-    > Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
-
   </Tab>
   <Tab title="GitHub">
     _Requirements_:

mcp_server/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to the **Prowler MCP Server** are documented in this file.
 
-## [0.1.0] (Prowler 5.13.0)
+## [0.1.0] (Prowler UNRELEASED)
 
 ### Added
 - Initial release of Prowler MCP Server [(#8695)](https://github.com/prowler-cloud/prowler/pull/8695)

prowler/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to the **Prowler SDK** are documented in this file.
 
-## [v5.13.0] (Prowler v5.13.0)
+## [v5.13.0] (Prowler UNRELEASED)
 
 ### Added
 - Support for AdditionalURLs in outputs [(#8651)](https://github.com/prowler-cloud/prowler/pull/8651)
@@ -17,8 +17,6 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Oracle Cloud provider with CIS 3.0 benchmark [(#8893)](https://github.com/prowler-cloud/prowler/pull/8893)
 - Support for Atlassian Document Format (ADF) in Jira integration [(#8878)](https://github.com/prowler-cloud/prowler/pull/8878)
 - Add Common Cloud Controls for AWS, Azure and GCP [(#8000)](https://github.com/prowler-cloud/prowler/pull/8000)
-- Improve Provider documentation guide [(#8430)](https://github.com/prowler-cloud/prowler/pull/8430)
-- `cloudstorage_bucket_lifecycle_management_enabled` check for GCP provider [(#8936)](https://github.com/prowler-cloud/prowler/pull/8936)
 
 ### Changed
 
@@ -52,8 +50,13 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Prowler ThreatScore scoring calculation CLI [(#8582)](https://github.com/prowler-cloud/prowler/pull/8582)
 - Add missing attributes for Mitre Attack AWS, Azure and GCP [(#8907)](https://github.com/prowler-cloud/prowler/pull/8907)
 - Fix KeyError in CloudSQL and Monitoring services in GCP provider [(#8909)](https://github.com/prowler-cloud/prowler/pull/8909)
-- Fix Value Errors in Entra service for M365 provider [(#8919)](https://github.com/prowler-cloud/prowler/pull/8919)
 - Fix ResourceName in GCP provider [(#8928)](https://github.com/prowler-cloud/prowler/pull/8928)
+
+---
+
+## [v5.12.4] (Prowler UNRELEASED)
+
+### Fixed
 - Fix KeyError in `elb_ssl_listeners_use_acm_certificate` check and handle None cluster version in `eks_cluster_uses_a_supported_version` check [(#8791)](https://github.com/prowler-cloud/prowler/pull/8791)
 - Fix file extension parsing for compliance reports [(#8791)](https://github.com/prowler-cloud/prowler/pull/8791)
 - Added user pagination to Entra and Admincenter services [(#8858)](https://github.com/prowler-cloud/prowler/pull/8858)

prowler/__main__.py

@@ -113,7 +113,6 @@ from prowler.providers.m365.models import M365OutputOptions
 from prowler.providers.mongodbatlas.models import MongoDBAtlasOutputOptions
 from prowler.providers.nhn.models import NHNOutputOptions
 from prowler.providers.oraclecloud.models import OCIOutputOptions
-from prowler.providers.alibabacloud.models import AlibabaCloudOutputOptions
 
 
 def prowler():
@@ -337,10 +336,6 @@ def prowler():
         output_options = OCIOutputOptions(
             args, bulk_checks_metadata, global_provider.identity
         )
-    elif provider == "alibabacloud":
-        output_options = AlibabaCloudOutputOptions(
-            args, bulk_checks_metadata, global_provider.identity
-        )
 
     # Run the quick inventory for the provider if available
     if hasattr(args, "quick_inventory") and args.quick_inventory:

prowler/compliance/alibabacloud/cis_1.0_alibabacloud.json

@@ -1,56 +0,0 @@
-{
-  "Framework": "CIS",
-  "Provider": "alibabacloud",
-  "Version": "1.0",
-  "Description": "CIS Alibaba Cloud Foundations Benchmark",
-  "Requirements": [
-    {
-      "Id": "2.1",
-      "Description": "Ensure that encryption is enabled for ECS disks",
-      "Attributes": [
-        {
-          "Section": "2. Storage",
-          "SubSection": "2.1 ECS Disk Encryption",
-          "Profile": "Level 1",
-          "AssessmentStatus": "Automated",
-          "Description": "ECS disk encryption provides an additional layer of security by encrypting data stored on ECS instances. This helps protect sensitive data from unauthorized access if the physical storage media is compromised or if snapshots are inadvertently shared.",
-          "RationaleStatement": "Encrypting data at rest reduces the risk of unauthorized access to sensitive information stored on ECS disks. Without encryption, data stored on disks is vulnerable if an attacker gains physical access to the storage media or if disk snapshots are exposed.",
-          "ImpactStatement": "Enabling encryption may have a minimal performance impact on disk I/O operations. Additionally, encrypted disks cannot be converted to unencrypted disks, so this decision should be made during the initial disk creation or through migration.",
-          "RemediationProcedure": "To enable encryption on new ECS disks:\n1. Create a KMS key in the Alibaba Cloud KMS console\n2. When creating a new ECS disk, enable the 'Encrypted' option\n3. Select the KMS key to use for encryption\n\nFor existing unencrypted disks:\n1. Create a snapshot of the unencrypted disk\n2. Create a new encrypted disk from the snapshot using a KMS key\n3. Detach the old disk and attach the new encrypted disk\n4. Delete the old unencrypted disk and snapshot",
-          "AuditProcedure": "Using the Prowler CLI: prowler alibabacloud --checks ecs_disk_encryption_enabled\n\nUsing the Alibaba Cloud Console:\n1. Log in to the ECS console\n2. Navigate to Storage & Snapshots > Disks\n3. For each disk, check the 'Encrypted' column\n4. Verify that all disks show 'Yes' for encryption",
-          "AdditionalInformation": "References:\n- Alibaba Cloud ECS Disk Encryption: https://www.alibabacloud.com/help/en/ecs/user-guide/encryption-overview\n- Alibaba Cloud KMS: https://www.alibabacloud.com/help/en/kms/",
-          "References": [
-            "https://www.alibabacloud.com/help/en/ecs/user-guide/encryption-overview"
-          ]
-        }
-      ],
-      "Checks": [
-        "ecs_disk_encryption_enabled"
-      ]
-    },
-    {
-      "Id": "4.1",
-      "Description": "Ensure no security groups allow ingress from 0.0.0.0/0 to port 22",
-      "Attributes": [
-        {
-          "Section": "4. Networking",
-          "SubSection": "4.1 Security Groups",
-          "Profile": "Level 1",
-          "AssessmentStatus": "Automated",
-          "Description": "Security groups should restrict SSH access (port 22) to specific trusted IP addresses rather than allowing access from the entire internet (0.0.0.0/0). Unrestricted SSH access increases the attack surface and risk of unauthorized access.",
-          "RationaleStatement": "Allowing unrestricted SSH access from the internet exposes ECS instances to brute force attacks, unauthorized access attempts, and potential compromise. Attackers routinely scan the internet for open SSH ports to exploit weak credentials or known vulnerabilities.",
-          "ImpactStatement": "Restricting SSH access to specific IP addresses or ranges may require maintaining an allowlist of trusted IPs. Organizations should implement bastion hosts, VPN access, or use Alibaba Cloud's Session Manager for secure remote access without exposing SSH ports to the internet.",
-          "RemediationProcedure": "To restrict SSH access:\n1. Identify the trusted IP addresses or ranges that require SSH access\n2. In the ECS console, navigate to Network & Security > Security Groups\n3. Select the security group\n4. Find the rule allowing 0.0.0.0/0 access to port 22\n5. Modify the rule to specify the trusted IP address or range\n6. Consider implementing a bastion host or VPN for centralized access control",
-          "AuditProcedure": "Using the Prowler CLI: prowler alibabacloud --checks ecs_instance_ssh_access_restricted\n\nUsing the Alibaba Cloud Console:\n1. Log in to the ECS console\n2. Navigate to Network & Security > Security Groups\n3. For each security group, review the inbound rules\n4. Verify that no rule allows access from 0.0.0.0/0 to port 22",
-          "AdditionalInformation": "Best practices:\n- Use bastion hosts or jump servers for SSH access\n- Implement VPN or Direct Connect for secure remote access\n- Consider using Alibaba Cloud Session Manager\n- Enable Multi-Factor Authentication (MFA) for SSH access\n- Regularly review and update security group rules\n\nReferences:\n- Alibaba Cloud Security Groups: https://www.alibabacloud.com/help/en/ecs/user-guide/security-groups-overview",
-          "References": [
-            "https://www.alibabacloud.com/help/en/ecs/user-guide/security-groups-overview"
-          ]
-        }
-      ],
-      "Checks": [
-        "ecs_instance_ssh_access_restricted"
-      ]
-    }
-  ]
-}

prowler/lib/check/models.py

@@ -659,33 +659,6 @@ class Check_Report_Kubernetes(Check_Report):
             self.namespace = "cluster-wide"
 
 
-@dataclass
-class Check_Report_AlibabaCloud(Check_Report):
-    """Contains the Alibaba Cloud Check's finding information."""
-
-    resource_name: str
-    resource_id: str
-    resource_arn: str
-    region: str
-    account_uid: str
-
-    def __init__(self, metadata: Dict, resource: Any) -> None:
-        """Initialize the Alibaba Cloud Check's finding information.
-
-        Args:
-            metadata: The metadata of the check.
-            resource: Basic information about the resource.
-        """
-        super().__init__(metadata, resource)
-        self.resource_id = (
-            getattr(resource, "id", None) or getattr(resource, "name", None) or ""
-        )
-        self.resource_name = getattr(resource, "name", "")
-        self.resource_arn = getattr(resource, "arn", "")
-        self.region = getattr(resource, "region", "")
-        self.account_uid = ""
-
-
 @dataclass
 class CheckReportGithub(Check_Report):
     """Contains the GitHub Check's finding information."""

prowler/lib/check/utils.py

@@ -26,7 +26,7 @@ def recover_checks_from_provider(
             # We need to exclude common shared libraries in services
             if (
                 check_module_name.count(".") == 6
-                and ".lib." not in check_module_name  # Exclude .lib. directories, not "lib" substring
+                and "lib" not in check_module_name
                 and (not check_module_name.endswith("_fixer") or include_fixers)
             ):
                 check_path = module_name.module_finder.path

prowler/lib/outputs/finding.py

@@ -337,26 +337,6 @@ class Finding(BaseModel):
                 output_data["resource_uid"] = check_output.resource_id
                 output_data["region"] = check_output.region
 
-            elif provider.type == "alibabacloud":
-                output_data["auth_method"] = (
-                    "STS Token"
-                    if get_nested_attribute(
-                        provider, "session.credentials.security_token"
-                    )
-                    else "AccessKey"
-                )
-                output_data["account_uid"] = get_nested_attribute(
-                    provider, "identity.account_id"
-                )
-                # Use account_name if available, otherwise use account_id
-                account_name = get_nested_attribute(provider, "identity.account_name")
-                if not account_name:
-                    account_name = get_nested_attribute(provider, "identity.account_id")
-                output_data["account_name"] = account_name
-                output_data["resource_name"] = check_output.resource_name
-                output_data["resource_uid"] = check_output.resource_arn
-                output_data["region"] = check_output.region
-
             # check_output Unique ID
             # TODO: move this to a function
             # TODO: in Azure, GCP and K8s there are findings without resource_name

prowler/lib/outputs/html/html.py

@@ -1020,70 +1020,6 @@ class HTML(Output):
             )
             return ""
 
-    @staticmethod
-    def get_alibabacloud_assessment_summary(provider: Provider) -> str:
-        """
-        get_alibabacloud_assessment_summary gets the HTML assessment summary for the Alibaba Cloud provider
-
-        Args:
-            provider (Provider): the Alibaba Cloud provider object
-
-        Returns:
-            str: the HTML assessment summary
-        """
-        try:
-            # Get audited regions from provider, not identity
-            if hasattr(provider, "audited_regions") and provider.audited_regions:
-                if isinstance(provider.audited_regions, list):
-                    audited_regions = ", ".join(provider.audited_regions)
-                else:
-                    audited_regions = str(provider.audited_regions)
-            else:
-                audited_regions = "All Regions"
-
-            auth_method = (
-                "STS Token"
-                if provider.session.credentials.security_token
-                else "AccessKey"
-            )
-
-            return f"""
-                <div class="col-md-2">
-                    <div class="card">
-                        <div class="card-header">
-                            Alibaba Cloud Assessment Summary
-                        </div>
-                        <ul class="list-group list-group-flush">
-                            <li class="list-group-item">
-                                <b>Account ID:</b> {provider.identity.account_id}
-                            </li>
-                            <li class="list-group-item">
-                                <b>Audited Regions:</b> {audited_regions}
-                            </li>
-                        </ul>
-                    </div>
-                </div>
-                <div class="col-md-4">
-                <div class="card">
-                    <div class="card-header">
-                        Alibaba Cloud Credentials
-                    </div>
-                    <ul class="list-group list-group-flush">
-                        <li class="list-group-item">
-                            <b>Authentication Method:</b> {auth_method}
-                        </li>
-                        <li class="list-group-item">
-                            <b>Account ARN:</b> {provider.identity.account_arn}
-                        </li>
-                    </ul>
-                </div>
-            </div>"""
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}] -- {error}"
-            )
-            return ""
-
     @staticmethod
     def get_assessment_summary(provider: Provider) -> str:
         """

prowler/lib/outputs/summary_table.py

@@ -74,9 +74,6 @@ def display_summary_table(
                 if provider.identity.tenancy_name != "unknown"
                 else provider.identity.tenancy_id
             )
-        elif provider.type == "alibabacloud":
-            entity_type = "Account"
-            audited_entities = provider.identity.account_id
 
         # Check if there are findings and that they are not all MANUAL
         if findings and not all(finding.status == "MANUAL" for finding in findings):

prowler/providers/alibabacloud/alibabacloud_provider.py

@@ -1,506 +0,0 @@
-"""
-Alibaba Cloud Provider
-
-This module implements the Alibaba Cloud provider for Prowler security auditing.
-"""
-
-import sys
-from typing import Optional
-
-from colorama import Fore, Style
-
-from prowler.config.config import (
-    get_default_mute_file_path,
-    load_and_validate_config_file,
-)
-from prowler.lib.logger import logger
-from prowler.lib.utils.utils import print_boxes
-from prowler.providers.alibabacloud.config import (
-    ALIBABACLOUD_REGIONS,
-    ALIBABACLOUD_RAM_SESSION_NAME,
-)
-from prowler.providers.alibabacloud.exceptions.exceptions import (
-    AlibabaCloudAccountNotFoundError,
-    AlibabaCloudAssumeRoleError,
-    AlibabaCloudAuthenticationError,
-    AlibabaCloudNoCredentialsError,
-    AlibabaCloudSetUpSessionError,
-)
-from prowler.providers.alibabacloud.lib.mutelist.mutelist import AlibabaCloudMutelist
-from prowler.providers.alibabacloud.models import (
-    AlibabaCloudAssumeRoleInfo,
-    AlibabaCloudCredentials,
-    AlibabaCloudIdentityInfo,
-    AlibabaCloudSession,
-)
-from prowler.providers.common.models import Audit_Metadata, Connection
-from prowler.providers.common.provider import Provider
-
-
-class AlibabacloudProvider(Provider):
-    """
-    AlibabacloudProvider class implements the Alibaba Cloud provider for Prowler
-
-    This class handles:
-    - Authentication with Alibaba Cloud using AccessKey credentials or STS tokens
-    - RAM role assumption for cross-account auditing
-    - Region management and filtering
-    - Resource discovery and auditing
-    - Mutelist management for finding suppression
-
-    Attributes:
-        _type: Provider type identifier ("alibabacloud")
-        _identity: Alibaba Cloud account identity information
-        _session: Alibaba Cloud session with credentials
-        _regions: List of regions to audit
-        _mutelist: Mutelist for finding suppression
-        _audit_config: Audit configuration dictionary
-        _fixer_config: Fixer configuration dictionary
-        audit_metadata: Audit execution metadata
-    """
-
-    _type: str = "alibabacloud"
-    _identity: AlibabaCloudIdentityInfo
-    _session: AlibabaCloudSession
-    _regions: list = []
-    _mutelist: AlibabaCloudMutelist
-    _audit_config: dict
-    _fixer_config: dict
-    audit_metadata: Audit_Metadata
-
-    def __init__(
-        self,
-        access_key_id: str = None,
-        access_key_secret: str = None,
-        security_token: str = None,
-        region_ids: list = None,
-        filter_regions: list = None,
-        ram_role_arn: str = None,
-        ram_session_name: str = None,
-        ram_session_duration: int = 3600,
-        ram_external_id: str = None,
-        config_path: str = None,
-        config_content: dict = None,
-        fixer_config: dict = {},
-        mutelist_path: str = None,
-        mutelist_content: dict = None,
-        resource_tags: list[str] = [],
-        resource_ids: list[str] = [],
-    ):
-        """
-        Initialize Alibaba Cloud provider
-
-        Args:
-            access_key_id: Alibaba Cloud AccessKey ID
-            access_key_secret: Alibaba Cloud AccessKey Secret
-            security_token: STS security token for temporary credentials
-            region_ids: List of region IDs to audit
-            filter_regions: List of region IDs to exclude from audit
-            ram_role_arn: RAM role ARN to assume
-            ram_session_name: Session name for RAM role assumption
-            ram_session_duration: Session duration in seconds (900-43200)
-            ram_external_id: External ID for RAM role assumption
-            config_path: Path to audit configuration file
-            config_content: Configuration content dictionary
-            fixer_config: Fixer configuration dictionary
-            mutelist_path: Path to mutelist file
-            mutelist_content: Mutelist content dictionary
-            resource_tags: List of resource tags to filter (key=value format)
-            resource_ids: List of specific resource IDs to audit
-        """
-        logger.info("Initializing Alibaba Cloud provider...")
-
-        # Validate and load configuration
-        self._audit_config = load_and_validate_config_file(
-            self._type, config_path
-        )
-        if self._audit_config is None:
-            self._audit_config = {}
-
-        # Override with config_content if provided
-        if config_content:
-            self._audit_config.update(config_content)
-
-        self._fixer_config = fixer_config
-
-        # Setup session and authenticate
-        try:
-            self._session = self.setup_session(
-                access_key_id,
-                access_key_secret,
-                security_token,
-                ram_role_arn,
-                ram_session_name or ALIBABACLOUD_RAM_SESSION_NAME,
-                ram_session_duration,
-                ram_external_id,
-            )
-        except Exception as error:
-            logger.critical(f"Failed to set up Alibaba Cloud session: {error}")
-            raise AlibabaCloudSetUpSessionError(str(error))
-
-        # Get account identity
-        try:
-            self._identity = self._set_identity()
-        except Exception as error:
-            logger.critical(
-                f"Failed to retrieve Alibaba Cloud account identity: {error}"
-            )
-            raise AlibabaCloudAccountNotFoundError(str(error))
-
-        # Setup regions
-        self._regions = self._setup_regions(region_ids, filter_regions)
-
-        # Setup mutelist
-        self._mutelist = self._setup_mutelist(mutelist_path, mutelist_content)
-
-        # Set audit metadata
-        self.audit_metadata = Audit_Metadata(
-            services_scanned=0,
-            expected_checks=[],
-            completed_checks=0,
-            audit_progress=0,
-        )
-
-        # Set as global provider
-        Provider.set_global_provider(self)
-
-        logger.info(
-            f"Alibaba Cloud provider initialized for account {self._identity.account_id}"
-        )
-
-    @property
-    def type(self) -> str:
-        """Return provider type"""
-        return self._type
-
-    @property
-    def identity(self) -> AlibabaCloudIdentityInfo:
-        """Return provider identity"""
-        return self._identity
-
-    @property
-    def session(self) -> AlibabaCloudSession:
-        """Return provider session"""
-        return self._session
-
-    @property
-    def audit_config(self) -> dict:
-        """Return audit configuration"""
-        return self._audit_config
-
-    @property
-    def fixer_config(self) -> dict:
-        """Return fixer configuration"""
-        return self._fixer_config
-
-    @property
-    def mutelist(self) -> AlibabaCloudMutelist:
-        """Return mutelist"""
-        return self._mutelist
-
-    def setup_session(
-        self,
-        access_key_id: str,
-        access_key_secret: str,
-        security_token: str = None,
-        ram_role_arn: str = None,
-        ram_session_name: str = ALIBABACLOUD_RAM_SESSION_NAME,
-        ram_session_duration: int = 3600,
-        ram_external_id: str = None,
-    ) -> AlibabaCloudSession:
-        """
-        Setup Alibaba Cloud session with authentication
-
-        Args:
-            access_key_id: AccessKey ID
-            access_key_secret: AccessKey Secret
-            security_token: STS security token (optional)
-            ram_role_arn: RAM role to assume (optional)
-            ram_session_name: Session name for role assumption
-            ram_session_duration: Session duration in seconds
-            ram_external_id: External ID for role assumption
-
-        Returns:
-            AlibabaCloudSession: Configured session object
-
-        Raises:
-            AlibabaCloudNoCredentialsError: If credentials are missing
-            AlibabaCloudAuthenticationError: If authentication fails
-            AlibabaCloudAssumeRoleError: If role assumption fails
-        """
-        # Validate credentials
-        if not access_key_id or not access_key_secret:
-            logger.critical("Alibaba Cloud credentials are required")
-            raise AlibabaCloudNoCredentialsError()
-
-        try:
-            # Create credentials object
-            credentials = AlibabaCloudCredentials(
-                access_key_id=access_key_id,
-                access_key_secret=access_key_secret,
-                security_token=security_token,
-            )
-
-            # If RAM role is specified, assume the role
-            if ram_role_arn:
-                logger.info(f"Assuming RAM role: {ram_role_arn}")
-                credentials = self._assume_role(
-                    credentials,
-                    ram_role_arn,
-                    ram_session_name,
-                    ram_session_duration,
-                    ram_external_id,
-                )
-
-            # Create session
-            session = AlibabaCloudSession(
-                credentials=credentials,
-                region_id="cn-hangzhou",  # Default region for global APIs
-            )
-
-            logger.info("Alibaba Cloud session established successfully")
-            return session
-
-        except Exception as error:
-            logger.critical(f"Authentication failed: {error}")
-            raise AlibabaCloudAuthenticationError(str(error))
-
-    def _assume_role(
-        self,
-        credentials: AlibabaCloudCredentials,
-        role_arn: str,
-        session_name: str,
-        session_duration: int,
-        external_id: str = None,
-    ) -> AlibabaCloudCredentials:
-        """
-        Assume a RAM role and return temporary credentials
-
-        Args:
-            credentials: Current credentials
-            role_arn: RAM role ARN to assume
-            session_name: Session name
-            session_duration: Session duration in seconds
-            external_id: External ID (optional)
-
-        Returns:
-            AlibabaCloudCredentials: Temporary credentials from STS
-
-        Raises:
-            AlibabaCloudAssumeRoleError: If role assumption fails
-        """
-        try:
-            # Note: In a real implementation, this would use Alibaba Cloud STS SDK
-            # to call AssumeRole API and get temporary credentials
-            # For now, we'll return the original credentials as a placeholder
-
-            logger.warning(
-                "RAM role assumption not yet fully implemented - using provided credentials"
-            )
-
-            # TODO: Implement actual STS AssumeRole call
-            # from alibabacloud_sts20150401.client import Client as StsClient
-            # from alibabacloud_sts20150401.models import AssumeRoleRequest
-            #
-            # sts_client = StsClient(config)
-            # request = AssumeRoleRequest(
-            #     role_arn=role_arn,
-            #     role_session_name=session_name,
-            #     duration_seconds=session_duration,
-            #     external_id=external_id
-            # )
-            # response = sts_client.assume_role(request)
-            #
-            # return AlibabaCloudCredentials(
-            #     access_key_id=response.body.credentials.access_key_id,
-            #     access_key_secret=response.body.credentials.access_key_secret,
-            #     security_token=response.body.credentials.security_token,
-            #     expiration=response.body.credentials.expiration,
-            # )
-
-            return credentials
-
-        except Exception as error:
-            logger.critical(f"Failed to assume RAM role {role_arn}: {error}")
-            raise AlibabaCloudAssumeRoleError(role_arn, str(error))
-
-    def _set_identity(self) -> AlibabaCloudIdentityInfo:
-        """
-        Retrieve Alibaba Cloud account identity information
-
-        Returns:
-            AlibabaCloudIdentityInfo: Account identity details
-
-        Raises:
-            AlibabaCloudAccountNotFoundError: If identity cannot be retrieved
-        """
-        try:
-            logger.info("Retrieving Alibaba Cloud account identity...")
-
-            # Derive account ID from AccessKey ID
-            # Alibaba Cloud AccessKey IDs follow the format: LTAI{account_id_hash}...
-            # For a more accurate implementation, you would call STS GetCallerIdentity API
-            # For now, we'll use the AccessKey ID as a unique identifier
-
-            access_key_id = self._session.credentials.access_key_id
-
-            # Simple implementation: Use the first 12 characters of AccessKey ID as account identifier
-            # In production, you should call:
-            # from alibabacloud_sts20150401.client import Client as StsClient
-            # sts_client = StsClient(config)
-            # response = sts_client.get_caller_identity()
-            # account_id = response.body.account_id
-
-            # For now, create a unique identifier from the AccessKey
-            account_id = access_key_id[:20] if access_key_id else "unknown"
-            account_arn = f"acs:ram::{account_id}:root"
-
-            identity = AlibabaCloudIdentityInfo(
-                account_id=account_id,
-                account_arn=account_arn,
-            )
-
-            logger.info(f"Account ID: {identity.account_id}")
-            return identity
-
-        except Exception as error:
-            logger.critical(f"Failed to get account identity: {error}")
-            raise AlibabaCloudAccountNotFoundError(str(error))
-
-    def _setup_regions(
-        self, region_ids: list = None, filter_regions: list = None
-    ) -> list:
-        """
-        Setup regions to audit
-
-        Args:
-            region_ids: Specific regions to audit (None = all regions)
-            filter_regions: Regions to exclude from audit
-
-        Returns:
-            list: Final list of regions to audit
-        """
-        # Start with specified regions or all regions
-        if region_ids:
-            regions = [r for r in region_ids if r in ALIBABACLOUD_REGIONS]
-            logger.info(f"Auditing specified regions: {', '.join(regions)}")
-        else:
-            regions = ALIBABACLOUD_REGIONS.copy()
-            logger.info("Auditing all Alibaba Cloud regions")
-
-        # Apply filters
-        if filter_regions:
-            regions = [r for r in regions if r not in filter_regions]
-            logger.info(f"Excluded regions: {', '.join(filter_regions)}")
-
-        logger.info(f"Total regions to audit: {len(regions)}")
-        return regions
-
-    def _setup_mutelist(
-        self, mutelist_path: str = None, mutelist_content: dict = None
-    ) -> AlibabaCloudMutelist:
-        """
-        Setup mutelist for finding suppression
-
-        Args:
-            mutelist_path: Path to mutelist file
-            mutelist_content: Mutelist content dictionary
-
-        Returns:
-            AlibabaCloudMutelist: Configured mutelist instance
-        """
-        try:
-            # Use default path if not provided
-            if not mutelist_path and not mutelist_content:
-                mutelist_path = get_default_mute_file_path(self._type)
-
-            mutelist = AlibabaCloudMutelist(
-                mutelist_path=mutelist_path,
-                mutelist_content=mutelist_content,
-                provider=self._type,
-                identity=self._identity,
-            )
-
-            logger.info("Mutelist loaded successfully")
-            return mutelist
-
-        except Exception as error:
-            logger.warning(f"Error loading mutelist: {error}")
-            # Return empty mutelist on error
-            return AlibabaCloudMutelist()
-
-    def print_credentials(self) -> None:
-        """
-        Display Alibaba Cloud credentials and configuration in CLI
-
-        This method prints the current provider configuration including:
-        - Account ID
-        - Regions being audited
-        - Authentication method
-        """
-        # Account information
-        report_lines = []
-        report_lines.append(
-            f"{Fore.CYAN}Account ID:{Style.RESET_ALL} {self._identity.account_id}"
-        )
-
-        if self._identity.user_name:
-            report_lines.append(
-                f"{Fore.CYAN}User:{Style.RESET_ALL} {self._identity.user_name}"
-            )
-
-        # Regions
-        region_count = len(self._regions)
-        regions_display = (
-            ", ".join(self._regions[:5])
-            + (f" ... (+{region_count - 5} more)" if region_count > 5 else "")
-        )
-        report_lines.append(
-            f"{Fore.CYAN}Regions ({region_count}):{Style.RESET_ALL} {regions_display}"
-        )
-
-        # Authentication method
-        auth_method = (
-            "STS Token" if self._session.credentials.security_token else "AccessKey"
-        )
-        report_lines.append(
-            f"{Fore.CYAN}Authentication:{Style.RESET_ALL} {auth_method}"
-        )
-
-        # Print formatted box
-        print_boxes(report_lines, "Alibaba Cloud Provider Configuration")
-
-    def test_connection(self) -> Connection:
-        """
-        Test connection to Alibaba Cloud
-
-        Returns:
-            Connection: Connection test result with status and error (if any)
-        """
-        try:
-            logger.info("Testing connection to Alibaba Cloud...")
-
-            # TODO: Implement actual connection test with a simple API call
-            # For example, call DescribeRegions or GetCallerIdentity
-            # from alibabacloud_ecs20140526.client import Client as EcsClient
-            #
-            # ecs_client = EcsClient(config)
-            # ecs_client.describe_regions()
-
-            logger.info("Connection test successful")
-            return Connection(is_connected=True)
-
-        except Exception as error:
-            logger.error(f"Connection test failed: {error}")
-            return Connection(is_connected=False, error=str(error))
-
-    def validate_arguments(self) -> None:
-        """
-        Validate provider arguments
-
-        This method is called after initialization to ensure all arguments
-        and configurations are valid.
-        """
-        # Validation is handled in the CLI arguments parser
-        # This method can be used for additional runtime validations
-        pass

prowler/providers/alibabacloud/config.py

@@ -1,45 +0,0 @@
-"""
-Alibaba Cloud Provider Configuration
-
-This module contains configuration constants for the Alibaba Cloud provider.
-"""
-
-# Default Alibaba Cloud regions
-ALIBABACLOUD_REGIONS = [
-    "cn-hangzhou",      # China (Hangzhou)
-    "cn-shanghai",      # China (Shanghai)
-    "cn-qingdao",       # China (Qingdao)
-    "cn-beijing",       # China (Beijing)
-    "cn-zhangjiakou",   # China (Zhangjiakou)
-    "cn-huhehaote",     # China (Hohhot)
-    "cn-wulanchabu",    # China (Ulanqab)
-    "cn-shenzhen",      # China (Shenzhen)
-    "cn-heyuan",        # China (Heyuan)
-    "cn-guangzhou",     # China (Guangzhou)
-    "cn-chengdu",       # China (Chengdu)
-    "cn-hongkong",      # China (Hong Kong)
-    "ap-northeast-1",   # Japan (Tokyo)
-    "ap-southeast-1",   # Singapore
-    "ap-southeast-2",   # Australia (Sydney)
-    "ap-southeast-3",   # Malaysia (Kuala Lumpur)
-    "ap-southeast-5",   # Indonesia (Jakarta)
-    "ap-southeast-6",   # Philippines (Manila)
-    "ap-southeast-7",   # Thailand (Bangkok)
-    "ap-south-1",       # India (Mumbai)
-    "us-west-1",        # US (Silicon Valley)
-    "us-east-1",        # US (Virginia)
-    "eu-west-1",        # UK (London)
-    "eu-central-1",     # Germany (Frankfurt)
-    "me-east-1",        # UAE (Dubai)
-]
-
-# Alibaba Cloud SDK configuration
-ALIBABACLOUD_SDK_USER_AGENT = "Prowler"
-ALIBABACLOUD_SDK_MAX_RETRIES = 3
-ALIBABACLOUD_SDK_TIMEOUT = 30  # seconds
-
-# Alibaba Cloud ARN format
-ALIBABACLOUD_ARN_FORMAT = "acs:{service}:{region}:{account_id}:{resource}"
-
-# Default RAM role session name
-ALIBABACLOUD_RAM_SESSION_NAME = "ProwlerSession"

prowler/providers/alibabacloud/exceptions/exceptions.py

@@ -1,90 +0,0 @@
-"""
-Alibaba Cloud Provider Exceptions
-
-This module contains exception classes for the Alibaba Cloud provider.
-"""
-
-
-class AlibabaCloudException(Exception):
-    """Base exception for Alibaba Cloud provider errors"""
-    pass
-
-
-class AlibabaCloudAuthenticationError(AlibabaCloudException):
-    """
-    AlibabaCloudAuthenticationError is raised when authentication fails
-
-    This can occur due to:
-    - Invalid AccessKey credentials
-    - Expired STS tokens
-    - Insufficient permissions
-    """
-    def __init__(self, message="Authentication to Alibaba Cloud failed"):
-        super().__init__(message)
-
-
-class AlibabaCloudSetUpSessionError(AlibabaCloudException):
-    """
-    AlibabaCloudSetUpSessionError is raised when session setup fails
-    """
-    def __init__(self, message="Failed to set up Alibaba Cloud session"):
-        super().__init__(message)
-
-
-class AlibabaCloudAPIError(AlibabaCloudException):
-    """
-    AlibabaCloudAPIError is raised when an API call fails
-    """
-    def __init__(self, service: str, operation: str, error: str):
-        message = f"Alibaba Cloud API Error - Service: {service}, Operation: {operation}, Error: {error}"
-        super().__init__(message)
-
-
-class AlibabaCloudNoCredentialsError(AlibabaCloudException):
-    """
-    AlibabaCloudNoCredentialsError is raised when no credentials are found
-    """
-    def __init__(self, message="No Alibaba Cloud credentials found"):
-        super().__init__(message)
-
-
-class AlibabaCloudInvalidRegionError(AlibabaCloudException):
-    """
-    AlibabaCloudInvalidRegionError is raised when an invalid region is specified
-    """
-    def __init__(self, region: str):
-        message = f"Invalid Alibaba Cloud region: {region}"
-        super().__init__(message)
-
-
-class AlibabaCloudAssumeRoleError(AlibabaCloudException):
-    """
-    AlibabaCloudAssumeRoleError is raised when assuming a RAM role fails
-    """
-    def __init__(self, role_arn: str, error: str):
-        message = f"Failed to assume RAM role {role_arn}: {error}"
-        super().__init__(message)
-
-
-class AlibabaCloudInvalidAccessKeyError(AlibabaCloudException):
-    """
-    AlibabaCloudInvalidAccessKeyError is raised when AccessKey credentials are invalid
-    """
-    def __init__(self, message="Invalid Alibaba Cloud AccessKey credentials"):
-        super().__init__(message)
-
-
-class AlibabaCloudAccountNotFoundError(AlibabaCloudException):
-    """
-    AlibabaCloudAccountNotFoundError is raised when account information cannot be retrieved
-    """
-    def __init__(self, message="Unable to retrieve Alibaba Cloud account information"):
-        super().__init__(message)
-
-
-class AlibabaCloudConfigValidationError(AlibabaCloudException):
-    """
-    AlibabaCloudConfigValidationError is raised when configuration validation fails
-    """
-    def __init__(self, message="Alibaba Cloud configuration validation failed"):
-        super().__init__(message)

prowler/providers/alibabacloud/lib/arguments/arguments.py

@@ -1,203 +0,0 @@
-"""
-Alibaba Cloud Provider CLI Arguments
-
-This module defines the command-line interface arguments for the Alibaba Cloud provider.
-"""
-
-import os
-from argparse import ArgumentTypeError, Namespace
-
-from prowler.providers.alibabacloud.config import ALIBABACLOUD_REGIONS
-
-
-def init_parser(self):
-    """
-    Initialize Alibaba Cloud provider CLI argument parser
-
-    This function creates the argument parser for Alibaba Cloud provider and defines
-    all the command-line arguments that can be used when auditing Alibaba Cloud.
-
-    Args:
-        self: The ProwlerArgumentParser instance
-    """
-    # Create Alibaba Cloud subparser
-    alibabacloud_parser = self.subparsers.add_parser(
-        "alibabacloud",
-        parents=[self.common_providers_parser],
-        help="Alibaba Cloud Provider",
-    )
-
-    # Authentication group
-    alibabacloud_auth = alibabacloud_parser.add_argument_group(
-        "Alibaba Cloud Authentication"
-    )
-
-    alibabacloud_auth.add_argument(
-        "--access-key-id",
-        nargs="?",
-        default=os.environ.get("ALIBABA_CLOUD_ACCESS_KEY_ID"),
-        help="Alibaba Cloud AccessKey ID (also reads from ALIBABA_CLOUD_ACCESS_KEY_ID environment variable)",
-    )
-
-    alibabacloud_auth.add_argument(
-        "--access-key-secret",
-        nargs="?",
-        default=os.environ.get("ALIBABA_CLOUD_ACCESS_KEY_SECRET"),
-        help="Alibaba Cloud AccessKey Secret (also reads from ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variable)",
-    )
-
-    alibabacloud_auth.add_argument(
-        "--security-token",
-        nargs="?",
-        default=os.environ.get("ALIBABA_CLOUD_SECURITY_TOKEN"),
-        help="Alibaba Cloud STS Security Token for temporary credentials (also reads from ALIBABA_CLOUD_SECURITY_TOKEN environment variable)",
-    )
-
-    # RAM Role assumption group
-    alibabacloud_role = alibabacloud_parser.add_argument_group(
-        "Alibaba Cloud RAM Role Assumption"
-    )
-
-    alibabacloud_role.add_argument(
-        "--ram-role-arn",
-        nargs="?",
-        default=None,
-        help="RAM Role ARN to assume for the audit (format: acs:ram::account-id:role/role-name)",
-    )
-
-    alibabacloud_role.add_argument(
-        "--ram-session-name",
-        nargs="?",
-        default="ProwlerAuditSession",
-        help="Session name for RAM role assumption (default: ProwlerAuditSession)",
-    )
-
-    alibabacloud_role.add_argument(
-        "--ram-session-duration",
-        nargs="?",
-        type=int,
-        default=3600,
-        help="Session duration in seconds for RAM role assumption (900-43200, default: 3600)",
-    )
-
-    alibabacloud_role.add_argument(
-        "--ram-external-id",
-        nargs="?",
-        default=None,
-        help="External ID for RAM role assumption (optional)",
-    )
-
-    # Regions group
-    alibabacloud_regions = alibabacloud_parser.add_argument_group(
-        "Alibaba Cloud Regions"
-    )
-
-    alibabacloud_regions.add_argument(
-        "--region-id",
-        "--region-ids",
-        nargs="+",
-        default=[],
-        dest="region_ids",
-        help=f"Alibaba Cloud Region IDs to audit (space-separated). Available regions: {', '.join(ALIBABACLOUD_REGIONS[:10])}... (default: all regions)",
-    )
-
-    alibabacloud_regions.add_argument(
-        "--filter-region",
-        "--filter-regions",
-        nargs="+",
-        default=[],
-        dest="filter_regions",
-        help="Alibaba Cloud Region IDs to exclude from the audit (space-separated)",
-    )
-
-    # Resource filtering group
-    alibabacloud_resources = alibabacloud_parser.add_argument_group(
-        "Alibaba Cloud Resource Filtering"
-    )
-
-    alibabacloud_resources.add_argument(
-        "--resource-tags",
-        nargs="+",
-        default=[],
-        help="Filter resources by tags (format: key=value)",
-    )
-
-    alibabacloud_resources.add_argument(
-        "--resource-ids",
-        nargs="+",
-        default=[],
-        help="Specific resource IDs to audit (space-separated)",
-    )
-
-
-def validate_arguments(arguments: Namespace) -> tuple[bool, str]:
-    """
-    Validate Alibaba Cloud provider arguments
-
-    This function validates the command-line arguments provided for the Alibaba Cloud provider.
-    It checks for required credentials, validates region specifications, and ensures
-    configuration coherence.
-
-    Args:
-        arguments: Parsed command-line arguments
-
-    Returns:
-        tuple: (is_valid: bool, error_message: str)
-               - is_valid: True if arguments are valid, False otherwise
-               - error_message: Error description if invalid, empty string if valid
-    """
-    # Check for required credentials
-    if not arguments.access_key_id or not arguments.access_key_secret:
-        return (
-            False,
-            "Alibaba Cloud AccessKey credentials are required. "
-            "Provide --access-key-id and --access-key-secret, "
-            "or set ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables.",
-        )
-
-    # Validate RAM role session duration
-    if arguments.ram_role_arn:
-        if not (900 <= arguments.ram_session_duration <= 43200):
-            return (
-                False,
-                f"RAM role session duration must be between 900 and 43200 seconds. "
-                f"Provided: {arguments.ram_session_duration}",
-            )
-
-    # Validate region IDs
-    if arguments.region_ids:
-        invalid_regions = [
-            region for region in arguments.region_ids
-            if region not in ALIBABACLOUD_REGIONS
-        ]
-        if invalid_regions:
-            return (
-                False,
-                f"Invalid Alibaba Cloud region(s): {', '.join(invalid_regions)}. "
-                f"Valid regions are: {', '.join(ALIBABACLOUD_REGIONS)}",
-            )
-
-    # Validate filter regions
-    if arguments.filter_regions:
-        invalid_filter_regions = [
-            region for region in arguments.filter_regions
-            if region not in ALIBABACLOUD_REGIONS
-        ]
-        if invalid_filter_regions:
-            return (
-                False,
-                f"Invalid Alibaba Cloud filter region(s): {', '.join(invalid_filter_regions)}. "
-                f"Valid regions are: {', '.join(ALIBABACLOUD_REGIONS)}",
-            )
-
-    # Validate resource tags format
-    if arguments.resource_tags:
-        for tag in arguments.resource_tags:
-            if "=" not in tag:
-                return (
-                    False,
-                    f"Invalid resource tag format: '{tag}'. Expected format: key=value",
-                )
-
-    # All validations passed
-    return (True, "")

prowler/providers/alibabacloud/lib/check/check_utils.py

@@ -1,13 +0,0 @@
-"""Utility classes for Alibaba Cloud checks"""
-
-from dataclasses import dataclass
-
-
-@dataclass
-class GenericAlibabaCloudResource:
-    """Generic resource for checks that don't have a specific resource type"""
-
-    id: str
-    name: str
-    arn: str
-    region: str

prowler/providers/alibabacloud/lib/mutelist/mutelist.py

@@ -1,82 +0,0 @@
-"""
-Alibaba Cloud Provider Mutelist
-
-This module implements the mutelist functionality for suppressing findings
-in Alibaba Cloud audits.
-"""
-
-from prowler.lib.mutelist.mutelist import Mutelist
-
-
-class AlibabaCloudMutelist(Mutelist):
-    """
-    AlibabaCloudMutelist handles finding suppression for Alibaba Cloud resources
-
-    This class extends the base Mutelist class to provide Alibaba Cloud-specific
-    mutelist functionality, allowing users to suppress specific findings based on
-    resource identifiers, regions, checks, or other criteria.
-
-    Example mutelist entry:
-    {
-        "Accounts": ["1234567890"],
-        "Checks": {
-            "ecs_*": {
-                "Regions": ["cn-hangzhou", "cn-shanghai"],
-                "Resources": ["i-abc123", "i-def456"]
-            }
-        }
-    }
-    """
-
-    def __init__(
-        self,
-        mutelist_path: str = None,
-        mutelist_content: dict = None,
-        provider: str = "alibabacloud",
-        identity: dict = None,
-    ):
-        """
-        Initialize Alibaba Cloud mutelist
-
-        Args:
-            mutelist_path: Path to the mutelist file (YAML or JSON)
-            mutelist_content: Mutelist content as a dictionary
-            provider: Provider name (default: "alibabacloud")
-            identity: Alibaba Cloud identity information
-        """
-        super().__init__(
-            mutelist_path=mutelist_path,
-            mutelist_content=mutelist_content,
-        )
-        self.identity = identity
-        self.provider = provider
-
-    def is_finding_muted(
-        self,
-        finding,
-        account_id: str = None,
-        region: str = None,
-        check_id: str = None,
-        resource_id: str = None,
-    ) -> bool:
-        """
-        Check if a finding should be muted based on mutelist rules
-
-        Args:
-            finding: The finding object to check
-            account_id: Alibaba Cloud account ID
-            region: Alibaba Cloud region ID
-            check_id: Check identifier
-            resource_id: Resource identifier
-
-        Returns:
-            bool: True if the finding is muted, False otherwise
-        """
-        # Use the parent class implementation which handles the core logic
-        return super().is_muted(
-            account_uid=account_id or getattr(finding, "account_uid", None),
-            region=region or getattr(finding, "region", None),
-            check_id=check_id or getattr(finding, "check_metadata", {}).get("CheckID"),
-            resource_id=resource_id or getattr(finding, "resource_uid", None),
-            finding_tags=getattr(finding, "resource_tags", []),
-        )

prowler/providers/alibabacloud/lib/service/service.py

@@ -1,146 +0,0 @@
-"""
-Alibaba Cloud Service Base Class
-
-This module provides the base class for all Alibaba Cloud service implementations.
-"""
-
-import threading
-
-from prowler.lib.logger import logger
-
-
-class AlibabaCloudService:
-    """
-    Base class for Alibaba Cloud service implementations
-
-    This class provides common functionality for all Alibaba Cloud services, including:
-    - Regional client management
-    - Multi-threading support for API calls
-    - Error handling patterns
-    - Resource auditing metadata
-
-    Attributes:
-        provider: The Alibaba Cloud provider instance
-        service: Service name (e.g., "ecs", "oss", "ram")
-        account_id: Alibaba Cloud account ID
-        regions: List of regions to audit
-        audit_config: Audit configuration dictionary
-        regional_clients: Dictionary of regional SDK clients
-    """
-
-    def __init__(self, service: str, provider):
-        """
-        Initialize the Alibaba Cloud service
-
-        Args:
-            service: Service identifier (e.g., "ecs", "oss")
-            provider: AlibabaCloudProvider instance
-        """
-        self.provider = provider
-        self.service = service
-        self.account_id = provider.identity.account_id
-        self.regions = provider._regions
-        self.audit_config = provider.audit_config
-        self.regional_clients = {}
-
-        logger.info(f"Initializing Alibaba Cloud {service.upper()} service")
-
-    def __threading_call__(self, call, iterator):
-        """
-        Execute function calls in parallel using threading
-
-        This method is used to parallelize API calls across regions or resources
-        to improve audit performance.
-
-        Args:
-            call: Function to execute
-            iterator: Iterable of arguments to pass to the function
-
-        Example:
-            self.__threading_call__(self._describe_instances, self.regions)
-        """
-        threads = []
-        for item in iterator:
-            thread = threading.Thread(target=call, args=(item,))
-            threads.append(thread)
-            thread.start()
-
-        # Wait for all threads to complete
-        for thread in threads:
-            thread.join()
-
-    def _create_regional_client(self, region: str, _endpoint_override: str = None):
-        """
-        Create a regional Alibaba Cloud SDK client
-
-        This method should be overridden by service implementations to create
-        service-specific clients.
-
-        Args:
-            region: Region identifier
-            _endpoint_override: Optional endpoint override URL (unused in base)
-
-        Returns:
-            SDK client instance for the specified region
-        """
-        raise NotImplementedError(
-            f"Service {self.service} must implement _create_regional_client()"
-        )
-
-    def _list_resources(self):
-        """
-        List all resources for this service
-
-        This method should be overridden by service implementations to list
-        service-specific resources.
-        """
-        raise NotImplementedError(
-            f"Service {self.service} must implement _list_resources()"
-        )
-
-    def _get_resource_details(self, resource):
-        """
-        Get detailed information about a resource
-
-        This method can be overridden by service implementations to fetch
-        additional resource details.
-
-        Args:
-            resource: Resource identifier or object
-        """
-
-    def _handle_api_error(self, error: Exception, operation: str, region: str = None):
-        """
-        Handle Alibaba Cloud API errors with consistent logging
-
-        Args:
-            error: The exception that occurred
-            operation: The API operation that failed
-            region: The region where the error occurred (if applicable)
-        """
-        region_info = f" in region {region}" if region else ""
-        logger.warning(
-            f"{self.service.upper()} {operation} failed{region_info}: {str(error)}"
-        )
-
-    def generate_resource_arn(
-        self, resource_type: str, resource_id: str, region: str = ""
-    ) -> str:
-        """
-        Generate Alibaba Cloud Resource Name (ARN) in ACS format
-
-        Format: acs:{service}:{region}:{account-id}:{resource-type}/{resource-id}
-
-        Args:
-            resource_type: Type of resource (e.g., "instance", "bucket")
-            resource_id: Resource identifier
-            region: Region identifier (optional for global resources)
-
-        Returns:
-            str: Formatted ARN string
-
-        Example:
-            arn = self.generate_resource_arn("instance", "i-abc123", "cn-hangzhou")
-            # Returns: "acs:ecs:cn-hangzhou:123456789:instance/i-abc123"
-        """
-        return f"acs:{self.service}:{region}:{self.account_id}:{resource_type}/{resource_id}"

prowler/providers/alibabacloud/models.py

@@ -1,129 +0,0 @@
-"""
-Alibaba Cloud Provider Models
-
-This module contains data models for the Alibaba Cloud provider.
-"""
-
-from argparse import Namespace
-from dataclasses import dataclass
-from typing import Optional
-
-from prowler.providers.common.models import ProviderOutputOptions
-
-
-@dataclass
-class AlibabaCloudIdentityInfo:
-    """
-    AlibabaCloudIdentityInfo contains the Alibaba Cloud identity information
-
-    Attributes:
-        account_id: Alibaba Cloud account ID
-        account_arn: Alibaba Cloud account ARN
-        user_id: RAM user ID (optional)
-        user_name: RAM user name (optional)
-        account_name: Account alias/name (optional)
-    """
-    account_id: str
-    account_arn: str
-    user_id: Optional[str] = None
-    user_name: Optional[str] = None
-    account_name: Optional[str] = None
-
-
-@dataclass
-class AlibabaCloudRegion:
-    """
-    AlibabaCloudRegion contains region information
-
-    Attributes:
-        region_id: Region identifier (e.g., "cn-hangzhou")
-        local_name: Localized region name
-        region_endpoint: Region endpoint URL
-    """
-    region_id: str
-    local_name: str
-    region_endpoint: Optional[str] = None
-
-
-@dataclass
-class AlibabaCloudCredentials:
-    """
-    AlibabaCloudCredentials contains authentication credentials
-
-    Attributes:
-        access_key_id: AccessKey ID
-        access_key_secret: AccessKey Secret
-        security_token: STS security token (optional)
-        expiration: Token expiration timestamp (optional)
-    """
-    access_key_id: str
-    access_key_secret: str
-    security_token: Optional[str] = None
-    expiration: Optional[str] = None
-
-
-@dataclass
-class AlibabaCloudAssumeRoleInfo:
-    """
-    AlibabaCloudAssumeRoleInfo contains RAM role assumption information
-
-    Attributes:
-        role_arn: RAM role ARN to assume
-        role_session_name: Session name for the assumed role
-        external_id: External ID for role assumption (optional)
-        session_duration: Duration in seconds (900-43200, default 3600)
-    """
-    role_arn: str
-    role_session_name: str
-    external_id: Optional[str] = None
-    session_duration: int = 3600
-
-
-@dataclass
-class AlibabaCloudSession:
-    """
-    AlibabaCloudSession contains the session configuration
-
-    Attributes:
-        credentials: Alibaba Cloud credentials
-        region_id: Default region for the session
-    """
-    credentials: AlibabaCloudCredentials
-    region_id: str = "cn-hangzhou"
-
-
-class AlibabaCloudOutputOptions(ProviderOutputOptions):
-    """
-    AlibabaCloudOutputOptions contains the output configuration for Alibaba Cloud
-
-    This class extends ProviderOutputOptions to provide Alibaba Cloud-specific
-    output filename generation based on the account ID.
-    """
-
-    def __init__(self, arguments: Namespace, bulk_checks_metadata: dict, identity: AlibabaCloudIdentityInfo):
-        """
-        Initialize Alibaba Cloud output options
-
-        Args:
-            arguments: Command-line arguments
-            bulk_checks_metadata: Metadata for all checks
-            identity: Alibaba Cloud identity information
-        """
-        # Call parent class init
-        super().__init__(arguments, bulk_checks_metadata)
-
-        # Import here to avoid circular dependency
-        from prowler.config.config import output_file_timestamp
-
-        # Check if custom output filename was provided
-        if (
-            not hasattr(arguments, "output_filename")
-            or arguments.output_filename is None
-        ):
-            # Use account ID for output filename
-            account_identifier = identity.account_id
-            self.output_filename = (
-                f"prowler-output-{account_identifier}-{output_file_timestamp}"
-            )
-        else:
-            self.output_filename = arguments.output_filename

prowler/providers/alibabacloud/services/ack/__init__.py

@@ -1 +0,0 @@
-"""Alibaba Cloud ACK (Container Service for Kubernetes) module"""

prowler/providers/alibabacloud/services/ack/ack_client.py

@@ -1,6 +0,0 @@
-"""Alibaba Cloud ACK Client Singleton"""
-
-from prowler.providers.alibabacloud.services.ack.ack_service import ACK
-from prowler.providers.common.provider import Provider
-
-ack_client = ACK(Provider.get_global_provider())

prowler/providers/alibabacloud/services/ack/ack_cluster_audit_log/__init__.py

@@ -1 +0,0 @@
-"""ACK Audit Logging Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_audit_log/ack_cluster_audit_log.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_audit_log",
-  "CheckTitle": "Check ACK Audit Logging",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Audit Logging.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_audit_log/ack_cluster_audit_log.py

@@ -1,20 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_audit_log(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = f"ACK cluster {cluster.cluster_name} does not have audit logging enabled."
-            if cluster.audit_log_enabled:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ACK cluster {cluster.cluster_name} has audit logging enabled."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_encryption/__init__.py

@@ -1 +0,0 @@
-"""ACK Encryption Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_encryption/ack_cluster_encryption.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_encryption",
-  "CheckTitle": "Check ACK Encryption",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "high",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Encryption.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_encryption/ack_cluster_encryption.py

@@ -1,22 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_encryption(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ACK cluster {cluster.cluster_name} does not have encryption enabled."
-            )
-            if cluster.encryption_enabled:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ACK cluster {cluster.cluster_name} has encryption enabled."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_network_policy/__init__.py

@@ -1 +0,0 @@
-"""ACK Network Policy Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_network_policy/ack_cluster_network_policy.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_network_policy",
-  "CheckTitle": "Check ACK Network Policy",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Network Policy.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_network_policy/ack_cluster_network_policy.py

@@ -1,18 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_network_policy(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = f"ACK cluster {cluster.cluster_name} does not have network policy support enabled."
-            if cluster.network_policy_enabled:
-                report.status = "PASS"
-                report.status_extended = f"ACK cluster {cluster.cluster_name} has network policy support enabled."
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_private_zone/__init__.py

@@ -1 +0,0 @@
-"""ACK Private Zone Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_private_zone/ack_cluster_private_zone.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_private_zone",
-  "CheckTitle": "Check ACK Private Zone",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "low",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Private Zone.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_private_zone/ack_cluster_private_zone.py

@@ -1,22 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_private_zone(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ACK cluster {cluster.cluster_name} does not have PrivateZone enabled."
-            )
-            if cluster.private_zone_enabled:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ACK cluster {cluster.cluster_name} has PrivateZone enabled."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_public_access/__init__.py

@@ -1 +0,0 @@
-"""ACK Public Access Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_public_access/ack_cluster_public_access.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_public_access",
-  "CheckTitle": "Check ACK Public Access",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "high",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Public Access.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_public_access/ack_cluster_public_access.py

@@ -1,20 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_public_access(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ACK cluster {cluster.cluster_name} API server is publicly accessible."
-            )
-            if not cluster.public_access:
-                report.status = "PASS"
-                report.status_extended = f"ACK cluster {cluster.cluster_name} API server is not publicly accessible."
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_rbac/__init__.py

@@ -1 +0,0 @@
-"""ACK RBAC Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_rbac/ack_cluster_rbac.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_rbac",
-  "CheckTitle": "Check ACK RBAC",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK RBAC.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_rbac/ack_cluster_rbac.py

@@ -1,22 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_rbac(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ACK cluster {cluster.cluster_name} does not have RBAC enabled."
-            )
-            if cluster.rbac_enabled:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ACK cluster {cluster.cluster_name} has RBAC enabled."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_security_group/__init__.py

@@ -1 +0,0 @@
-"""ACK Security Group Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_security_group/ack_cluster_security_group.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_security_group",
-  "CheckTitle": "Check ACK Security Group",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK Security Group.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_security_group/ack_cluster_security_group.py

@@ -1,18 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_security_group(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = f"ACK cluster {cluster.cluster_name} does not have a security group configured."
-            if cluster.security_group_id:
-                report.status = "PASS"
-                report.status_extended = f"ACK cluster {cluster.cluster_name} has security group {cluster.security_group_id} configured."
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_cluster_vpc/__init__.py

@@ -1 +0,0 @@
-"""ACK VPC Check"""

prowler/providers/alibabacloud/services/ack/ack_cluster_vpc/ack_cluster_vpc.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ack_cluster_vpc",
-  "CheckTitle": "Check ACK VPC",
-  "CheckType": [],
-  "ServiceName": "ack",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Cluster",
-  "Description": "Checks ACK VPC.",
-  "Risk": "",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "", "Url": ""}},
-  "Categories": [],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ack/ack_cluster_vpc/ack_cluster_vpc.py

@@ -1,20 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ack.ack_client import ack_client
-
-
-class ack_cluster_vpc(Check):
-    def execute(self):
-        findings = []
-        for cluster in ack_client.clusters.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=cluster
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ACK cluster {cluster.cluster_name} is not deployed in a VPC."
-            )
-            if cluster.vpc_id:
-                report.status = "PASS"
-                report.status_extended = f"ACK cluster {cluster.cluster_name} is deployed in VPC {cluster.vpc_id}."
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ack/ack_service.py

@@ -1,194 +0,0 @@
-"""Alibaba Cloud ACK Service"""
-
-from dataclasses import dataclass
-
-from prowler.lib.logger import logger
-from prowler.providers.alibabacloud.lib.service.service import AlibabaCloudService
-
-
-@dataclass
-class Cluster:
-    """ACK Cluster"""
-
-    cluster_id: str
-    cluster_name: str
-    arn: str
-    region: str
-    cluster_type: str = "Kubernetes"
-    state: str = "running"
-    public_access: bool = True  # Will trigger check
-    private_zone_enabled: bool = False
-    network_policy_enabled: bool = False  # Will trigger check
-    rbac_enabled: bool = True
-    encryption_enabled: bool = False  # Will trigger check
-    audit_log_enabled: bool = False  # Will trigger check
-    security_group_id: str = ""
-    vpc_id: str = ""
-    master_url: str = ""
-
-    def __post_init__(self):
-        pass
-
-
-class ACK(AlibabaCloudService):
-    def __init__(self, provider):
-        super().__init__("ack", provider)
-        self.clusters = {}
-        logger.info("Collecting ACK clusters...")
-        self._describe_clusters()
-        logger.info(f"ACK service initialized - Clusters: {len(self.clusters)}")
-
-    def _describe_clusters(self):
-        for region in self.regions:
-            try:
-                from alibabacloud_cs20151215.client import Client as AckClient
-                from alibabacloud_tea_openapi import models as openapi_models
-
-                # Create client configuration
-                config = openapi_models.Config(
-                    access_key_id=self.provider.session.credentials.access_key_id,
-                    access_key_secret=self.provider.session.credentials.access_key_secret,
-                    region_id=region,
-                )
-
-                if self.provider.session.credentials.security_token:
-                    config.security_token = (
-                        self.provider.session.credentials.security_token
-                    )
-
-                # Create ACK client
-                client = AckClient(config)
-
-                # List clusters
-                response = client.describe_clusters_v1()
-
-                # Process clusters
-                if response.body and response.body.clusters:
-                    for cluster_data in response.body.clusters:
-                        cluster_id = cluster_data.cluster_id
-                        arn = self.generate_resource_arn("cluster", cluster_id, region)
-
-                        # Get detailed cluster info
-                        try:
-                            detail_response = client.describe_cluster_detail(cluster_id)
-                            detail = (
-                                detail_response.body
-                                if detail_response.body
-                                else cluster_data
-                            )
-
-                            # Check audit log
-                            audit_log_enabled = False
-                            if hasattr(detail, "parameters") and detail.parameters:
-                                audit_log_enabled = (
-                                    detail.parameters.get("AuditLogEnabled", "false")
-                                    == "true"
-                                )
-
-                            # Check encryption
-                            encryption_enabled = False
-                            if hasattr(detail, "parameters") and detail.parameters:
-                                encryption_enabled = (
-                                    detail.parameters.get("EncryptionEnabled", "false")
-                                    == "true"
-                                )
-
-                            # Check network policy
-                            network_policy_enabled = False
-                            if hasattr(detail, "parameters") and detail.parameters:
-                                network_policy_enabled = (
-                                    detail.parameters.get("NetworkPlugin", "")
-                                    == "terway"
-                                )
-
-                            # Check RBAC
-                            rbac_enabled = (
-                                True  # Default to true for modern ACK clusters
-                            )
-                            if hasattr(detail, "parameters") and detail.parameters:
-                                rbac_enabled = (
-                                    detail.parameters.get("RBACEnabled", "true")
-                                    == "true"
-                                )
-
-                            # Check private zone
-                            private_zone_enabled = False
-                            if hasattr(detail, "private_zone", "false"):
-                                private_zone_enabled = detail.private_zone
-
-                            cluster = Cluster(
-                                cluster_id=cluster_id,
-                                cluster_name=(
-                                    cluster_data.name
-                                    if cluster_data.name
-                                    else cluster_id
-                                ),
-                                arn=arn,
-                                region=region,
-                                cluster_type=(
-                                    cluster_data.cluster_type
-                                    if hasattr(cluster_data, "cluster_type")
-                                    else "Kubernetes"
-                                ),
-                                state=(
-                                    cluster_data.state
-                                    if hasattr(cluster_data, "state")
-                                    else "running"
-                                ),
-                                public_access=(
-                                    hasattr(cluster_data, "public_slb")
-                                    and cluster_data.public_slb
-                                    if hasattr(cluster_data, "public_slb")
-                                    else False
-                                ),
-                                private_zone_enabled=private_zone_enabled,
-                                network_policy_enabled=network_policy_enabled,
-                                rbac_enabled=rbac_enabled,
-                                encryption_enabled=encryption_enabled,
-                                audit_log_enabled=audit_log_enabled,
-                                security_group_id=(
-                                    cluster_data.security_group_id
-                                    if hasattr(cluster_data, "security_group_id")
-                                    else ""
-                                ),
-                                vpc_id=(
-                                    cluster_data.vpc_id
-                                    if hasattr(cluster_data, "vpc_id")
-                                    else ""
-                                ),
-                                master_url=(
-                                    cluster_data.master_url
-                                    if hasattr(cluster_data, "master_url")
-                                    else ""
-                                ),
-                            )
-
-                            self.clusters[arn] = cluster
-                            logger.info(f"Found ACK cluster: {cluster_id} in {region}")
-
-                        except Exception as detail_error:
-                            logger.warning(
-                                f"Could not get details for cluster {cluster_id}: {detail_error}"
-                            )
-                            # Use basic cluster data
-                            cluster = Cluster(
-                                cluster_id=cluster_id,
-                                cluster_name=(
-                                    cluster_data.name
-                                    if cluster_data.name
-                                    else cluster_id
-                                ),
-                                arn=arn,
-                                region=region,
-                                vpc_id=(
-                                    cluster_data.vpc_id
-                                    if hasattr(cluster_data, "vpc_id")
-                                    else ""
-                                ),
-                            )
-                            self.clusters[arn] = cluster
-                else:
-                    logger.info(f"No ACK clusters found in {region}")
-
-            except Exception as error:
-                self._handle_api_error(error, "DescribeClusters", region)

prowler/providers/alibabacloud/services/actiontrail/__init__.py

@@ -1 +0,0 @@
-"""Alibaba Cloud ActionTrail module"""

prowler/providers/alibabacloud/services/actiontrail/actiontrail_client.py

@@ -1,6 +0,0 @@
-"""Alibaba Cloud ActionTrail Client Singleton"""
-
-from prowler.providers.alibabacloud.services.actiontrail.actiontrail_service import ActionTrail
-from prowler.providers.common.provider import Provider
-
-actiontrail_client = ActionTrail(Provider.get_global_provider())

prowler/providers/alibabacloud/services/actiontrail/actiontrail_service.py

@@ -1,148 +0,0 @@
-"""
-Alibaba Cloud ActionTrail Service
-
-This module provides the service class for Alibaba Cloud ActionTrail.
-"""
-
-from dataclasses import dataclass
-
-from prowler.lib.logger import logger
-from prowler.providers.alibabacloud.lib.service.service import AlibabaCloudService
-
-
-@dataclass
-class Trail:
-    """ActionTrail Trail"""
-
-    name: str
-    arn: str
-    region: str
-    status: str = "Disabled"  # Will trigger check
-    oss_bucket_name: str = ""
-    oss_key_prefix: str = ""
-    sls_project_arn: str = ""
-    sls_write_role_arn: str = ""
-    event_rw: str = "Write"  # Should be "All"
-    trail_region: str = "All"
-    is_organization_trail: bool = False
-    mns_topic_arn: str = ""
-
-    def __post_init__(self):
-        pass
-
-
-class ActionTrail(AlibabaCloudService):
-    """
-    Alibaba Cloud ActionTrail service class
-
-    Handles collection of ActionTrail resources including trails and their configurations.
-    """
-
-    def __init__(self, provider):
-        """Initialize ActionTrail service"""
-        super().__init__("actiontrail", provider)
-
-        self.trails = {}
-
-        logger.info("Collecting ActionTrail trails...")
-        self._describe_trails()
-
-        logger.info(f"ActionTrail service initialized - Trails: {len(self.trails)}")
-
-    def _describe_trails(self):
-        """Describe all ActionTrail trails"""
-        # ActionTrail is a global service, but we'll check it once
-        try:
-            from alibabacloud_actiontrail20200706 import models
-            from alibabacloud_actiontrail20200706.client import (
-                Client as ActionTrailClient,
-            )
-            from alibabacloud_tea_openapi import models as openapi_models
-
-            # Create client configuration (use cn-hangzhou as default region)
-            config = openapi_models.Config(
-                access_key_id=self.provider.session.credentials.access_key_id,
-                access_key_secret=self.provider.session.credentials.access_key_secret,
-                region_id="cn-hangzhou",
-            )
-
-            if self.provider.session.credentials.security_token:
-                config.security_token = self.provider.session.credentials.security_token
-
-            # Create ActionTrail client
-            client = ActionTrailClient(config)
-
-            # List trails
-            request = models.ListTrailsRequest()
-            response = client.list_trails(request)
-
-            # Process trails
-            if response.body.trails:
-                for trail_data in response.body.trails:
-                    trail_name = trail_data.name if trail_data.name else "unknown"
-                    arn = self.generate_resource_arn("trail", trail_name, "")
-
-                    # Get trail status
-                    try:
-                        status_request = models.GetTrailStatusRequest(name=trail_name)
-                        status_response = client.get_trail_status(status_request)
-                        status = (
-                            "Enabled" if status_response.body.is_logging else "Disabled"
-                        )
-                    except Exception:
-                        status = "Unknown"
-
-                    trail = Trail(
-                        name=trail_name,
-                        arn=arn,
-                        region="global",
-                        status=status,
-                        oss_bucket_name=(
-                            trail_data.oss_bucket_name
-                            if hasattr(trail_data, "oss_bucket_name")
-                            else ""
-                        ),
-                        oss_key_prefix=(
-                            trail_data.oss_key_prefix
-                            if hasattr(trail_data, "oss_key_prefix")
-                            else ""
-                        ),
-                        sls_project_arn=(
-                            trail_data.sls_project_arn
-                            if hasattr(trail_data, "sls_project_arn")
-                            else ""
-                        ),
-                        sls_write_role_arn=(
-                            trail_data.sls_write_role_arn
-                            if hasattr(trail_data, "sls_write_role_arn")
-                            else ""
-                        ),
-                        event_rw=(
-                            trail_data.event_rw
-                            if hasattr(trail_data, "event_rw")
-                            else "Write"
-                        ),
-                        trail_region=(
-                            trail_data.trail_region
-                            if hasattr(trail_data, "trail_region")
-                            else "All"
-                        ),
-                        is_organization_trail=(
-                            trail_data.is_organization_trail
-                            if hasattr(trail_data, "is_organization_trail")
-                            else False
-                        ),
-                        mns_topic_arn=(
-                            trail_data.mns_topic_arn
-                            if hasattr(trail_data, "mns_topic_arn")
-                            else ""
-                        ),
-                    )
-
-                    self.trails[arn] = trail
-                    logger.info(f"Found ActionTrail trail: {trail_name}")
-            else:
-                logger.info("No ActionTrail trails found")
-
-        except Exception as error:
-            self._handle_api_error(error, "DescribeTrails", "global")

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_enabled/__init__.py

@@ -1 +0,0 @@
-"""ActionTrail Trail Enabled Check"""

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_enabled/actiontrail_trail_enabled.metadata.json

@@ -1,32 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "actiontrail_trail_enabled",
-  "CheckTitle": "Ensure at least one ActionTrail trail is enabled",
-  "CheckType": [],
-  "ServiceName": "actiontrail",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "high",
-  "ResourceType": "Trail",
-  "Description": "Ensures that at least one ActionTrail trail is enabled to log API activity for security auditing. ActionTrail records API calls and events for compliance, security analysis, and troubleshooting.",
-  "Risk": "Without ActionTrail enabled, there is no audit log of API activity, making it impossible to track changes, detect unauthorized access, or investigate security incidents. This can lead to compliance violations and delayed incident response.",
-  "RelatedUrl": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/ActionTrail/trail-enabled.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
-    },
-    "Recommendation": {
-      "Text": "Enable at least one ActionTrail trail. Go to ActionTrail Console and create/enable a trail to log API activity across all regions.",
-      "Url": "https://www.alibabacloud.com/help/en/actiontrail/latest/create-a-trail-to-deliver-events-to-oss"
-    }
-  },
-  "Categories": [
-    "logging"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_enabled/actiontrail_trail_enabled.py

@@ -1,41 +0,0 @@
-from dataclasses import dataclass
-
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.actiontrail.actiontrail_client import (
-    actiontrail_client,
-)
-
-
-@dataclass
-class ActionTrailConfig:
-    id: str
-    name: str
-    arn: str
-    region: str
-
-
-class actiontrail_trail_enabled(Check):
-    def execute(self):
-        findings = []
-        enabled_trails = [
-            trail
-            for trail in actiontrail_client.trails.values()
-            if trail.status == "Enabled"
-        ]
-
-        config = ActionTrailConfig(
-            id="actiontrail-configuration",
-            name="ActionTrail Configuration",
-            arn=f"acs:actiontrail::{actiontrail_client.account_id}:configuration",
-            region="global",
-        )
-
-        report = Check_Report_AlibabaCloud(metadata=self.metadata(), resource=config)
-        report.status = "FAIL"
-        report.status_extended = "No enabled ActionTrail trails found."
-        if len(enabled_trails) > 0:
-            trail_names = [trail.name for trail in enabled_trails]
-            report.status = "PASS"
-            report.status_extended = f"ActionTrail has {len(enabled_trails)} enabled trail(s): {', '.join(trail_names)}."
-        findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_logs_all_events/__init__.py

@@ -1 +0,0 @@
-"""ActionTrail Trail Logs All Events Check"""

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_logs_all_events/actiontrail_trail_logs_all_events.metadata.json

@@ -1,32 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "actiontrail_trail_logs_all_events",
-  "CheckTitle": "Ensure ActionTrail trails log all events (read and write)",
-  "CheckType": [],
-  "ServiceName": "actiontrail",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Trail",
-  "Description": "Ensures that ActionTrail trails are configured to log both read and write events. Logging all events provides complete audit coverage for security analysis and compliance.",
-  "Risk": "Logging only write events means read-only API calls are not recorded, potentially missing important security events such as unauthorized data access attempts or reconnaissance activities.",
-  "RelatedUrl": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/ActionTrail/trail-log-all-events.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
-    },
-    "Recommendation": {
-      "Text": "Update ActionTrail trails to log all events. Go to ActionTrail Console, select the trail, and configure it to log both read and write events.",
-      "Url": "https://www.alibabacloud.com/help/en/actiontrail/latest/create-a-trail-to-deliver-events-to-oss"
-    }
-  },
-  "Categories": [
-    "logging"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/actiontrail/actiontrail_trail_logs_all_events/actiontrail_trail_logs_all_events.py

@@ -1,22 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.actiontrail.actiontrail_client import (
-    actiontrail_client,
-)
-
-
-class actiontrail_trail_logs_all_events(Check):
-    def execute(self):
-        findings = []
-        for trail in actiontrail_client.trails.values():
-            report = Check_Report_AlibabaCloud(metadata=self.metadata(), resource=trail)
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ActionTrail trail {trail.name} only logs {trail.event_rw} events."
-            )
-            if trail.event_rw == "All":
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ActionTrail trail {trail.name} logs all events."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ecs/__init__.py

@@ -1 +0,0 @@
-"""Alibaba Cloud ECS (Elastic Compute Service) module"""

prowler/providers/alibabacloud/services/ecs/ecs_client.py

@@ -1,11 +0,0 @@
-"""
-Alibaba Cloud ECS Client Singleton
-
-This module provides the singleton ECS client instance.
-"""
-
-from prowler.providers.alibabacloud.services.ecs.ecs_service import ECS
-from prowler.providers.common.provider import Provider
-
-# Initialize ECS client singleton
-ecs_client = ECS(Provider.get_global_provider())

prowler/providers/alibabacloud/services/ecs/ecs_disk_encryption_enabled/ecs_disk_encryption_enabled.metadata.json

@@ -1,37 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ecs_disk_encryption_enabled",
-  "CheckTitle": "Ensure ECS Disk Encryption is Enabled",
-  "CheckType": [
-    "Security",
-    "Encryption"
-  ],
-  "ServiceName": "ecs",
-  "SubServiceName": "disk",
-  "ResourceIdTemplate": "arn:acs:ecs:region:account-id:disk/disk-id",
-  "Severity": "medium",
-  "ResourceType": "AlibabaCloud::ECS::Disk",
-  "Description": "Ensure that all ECS disks (system disks and data disks) are encrypted to protect data at rest. Disk encryption provides an additional layer of security by encrypting data stored on ECS instances using Alibaba Cloud KMS.",
-  "Risk": "Unencrypted disks can expose sensitive data if the physical storage media is compromised, if disk snapshots are inadvertently shared, or if unauthorized users gain access to the disk. Without encryption, data at rest is vulnerable to unauthorized access.",
-  "RelatedUrl": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/ECS/disk-encryption.html",
-  "Remediation": {
-    "Code": {
-      "CLI": "# Note: Encryption must be enabled when creating a disk. Existing disks cannot be encrypted in-place.\n# Create a snapshot of the unencrypted disk, then create a new encrypted disk from the snapshot:\naliyun ecs CreateSnapshot --DiskId <disk-id> --SnapshotName encrypted-snapshot\naliyun ecs CreateDisk --SnapshotId <snapshot-id> --Encrypted true --KMSKeyId <kms-key-id>",
-      "NativeIaC": "",
-      "Other": "For existing disks, you must create a snapshot, create a new encrypted disk from the snapshot, detach the old disk, attach the new encrypted disk, and then delete the old disk.",
-      "Terraform": "resource \"alicloud_disk\" \"encrypted_disk\" {\n  disk_name   = \"encrypted-disk\"\n  size        = 100\n  category    = \"cloud_essd\"\n  encrypted   = true\n  kms_key_id  = var.kms_key_id\n  zone_id     = \"cn-hangzhou-h\"\n}"
-    },
-    "Recommendation": {
-      "Text": "Enable disk encryption for all new ECS disks. For existing unencrypted disks, create encrypted copies using snapshots and KMS. Use customer-managed KMS keys for enhanced control over encryption keys. Regularly rotate encryption keys and audit key usage.",
-      "Url": "https://www.alibabacloud.com/help/en/ecs/user-guide/encryption-overview"
-    }
-  },
-  "Categories": [
-    "encryption",
-    "data-protection"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": "ECS disk encryption cannot be enabled on existing disks. You must create new encrypted disks or create encrypted copies from snapshots. Consider enabling default encryption at the account level to ensure all new disks are automatically encrypted.",
-  "Compliance": []
-}

prowler/providers/alibabacloud/services/ecs/ecs_disk_encryption_enabled/ecs_disk_encryption_enabled.py

@@ -1,20 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ecs.ecs_client import ecs_client
-
-
-class ecs_disk_encryption_enabled(Check):
-    def execute(self):
-        findings = []
-        for disk in ecs_client.disks.values():
-            report = Check_Report_AlibabaCloud(metadata=self.metadata(), resource=disk)
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ECS disk {disk.name} ({disk.id}) is not encrypted."
-            )
-            if disk.encrypted:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ECS disk {disk.name} ({disk.id}) is encrypted."
-                )
-            findings.append(report)
-        return findings

prowler/providers/alibabacloud/services/ecs/ecs_instance_public_ip/__init__.py

@@ -1 +0,0 @@
-"""ECS Instance Public IP Check"""

prowler/providers/alibabacloud/services/ecs/ecs_instance_public_ip/ecs_instance_public_ip.metadata.json

@@ -1,19 +0,0 @@
-{
-  "Provider": "alibabacloud",
-  "CheckID": "ecs_instance_public_ip",
-  "CheckTitle": "Ensure ECS instances do not have unnecessary public IPs",
-  "CheckType": [],
-  "ServiceName": "ecs",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "arn",
-  "Severity": "medium",
-  "ResourceType": "Instance",
-  "Description": "Ensures ECS instances do not have unnecessary public IP addresses.",
-  "Risk": "Public IP addresses increase attack surface.",
-  "RelatedUrl": "",
-  "Remediation": {"Code": {"CLI": "", "NativeIaC": "", "Other": "", "Terraform": ""}, "Recommendation": {"Text": "Use EIP or NAT Gateway instead.", "Url": ""}},
-  "Categories": ["internet-exposed"],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": ""
-}

prowler/providers/alibabacloud/services/ecs/ecs_instance_public_ip/ecs_instance_public_ip.py

@@ -1,22 +0,0 @@
-from prowler.lib.check.models import Check, Check_Report_AlibabaCloud
-from prowler.providers.alibabacloud.services.ecs.ecs_client import ecs_client
-
-
-class ecs_instance_public_ip(Check):
-    def execute(self):
-        findings = []
-        for instance in ecs_client.instances.values():
-            report = Check_Report_AlibabaCloud(
-                metadata=self.metadata(), resource=instance
-            )
-            report.status = "FAIL"
-            report.status_extended = (
-                f"ECS instance {instance.name} has public IP {instance.public_ip}."
-            )
-            if not instance.public_ip:
-                report.status = "PASS"
-                report.status_extended = (
-                    f"ECS instance {instance.name} does not have a public IP address."
-                )
-            findings.append(report)
-        return findings