chore(deps): bump https://github.com/astral-sh/ruff-pre-commit

Bumps [https://github.com/astral-sh/ruff-pre-commit](https://github.com/astral-sh/ruff-pre-commit) from v0.15.11 to 0.15.12.
- [Release notes](https://github.com/astral-sh/ruff-pre-commit/releases)
- [Commits](https://github.com/astral-sh/ruff-pre-commit/compare/v0.15.11...v0.15.12)

---
updated-dependencies:
- dependency-name: https://github.com/astral-sh/ruff-pre-commit
  dependency-version: 0.15.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

.pre-commit-config.yaml

@@ -98,7 +98,7 @@ repos:
 
   ## PYTHON — API + MCP Server (ruff)
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.11
+    rev: v0.15.12
     hooks:
       - id: ruff
         name: "API + MCP - ruff check"

Dockerfile

@@ -6,7 +6,7 @@ LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"
 ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
 
-ARG TRIVY_VERSION=0.70.0
+ARG TRIVY_VERSION=0.69.2
 ENV TRIVY_VERSION=${TRIVY_VERSION}
 
 ARG ZIZMOR_VERSION=1.24.1

api/CHANGELOG.md

@@ -8,11 +8,6 @@ All notable changes to the **Prowler API** are documented in this file.
 
 - New `scan-reset-ephemeral-resources` post-scan task zeroes `failed_findings_count` for resources missing from the latest full-scope scan, keeping ephemeral resources from polluting the Resources page sort [(#10929)](https://github.com/prowler-cloud/prowler/pull/10929)
 
-### 🔐 Security
-
-- `trivy` binary in the API image from 0.69.2 to 0.70.0 for CVE-2026-33186
-- `cryptography` from 46.0.6 to 46.0.7 (transitive via prowler SDK) for CVE-2026-39892
-
 ---
 
 ## [1.26.1] (Prowler v5.25.1)

api/Dockerfile

@@ -5,7 +5,7 @@ LABEL maintainer="https://github.com/prowler-cloud/api"
 ARG POWERSHELL_VERSION=7.5.0
 ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
 
-ARG TRIVY_VERSION=0.70.0
+ARG TRIVY_VERSION=0.69.2
 ENV TRIVY_VERSION=${TRIVY_VERSION}
 
 ARG ZIZMOR_VERSION=1.24.1

docs/developer-guide/check-metadata-guidelines.mdx

@@ -215,6 +215,3 @@ Also is important to keep all code examples as short as possible, including the
 | e5                      | M365 and Azure Entra checks enabled by or dependent on an E5 license (e.g., advanced threat protection, audit, DLP, and eDiscovery)                                                                    |
 | privilege-escalation    | Detects IAM policies or permissions that allow identities to elevate their privileges beyond their intended scope, potentially gaining administrator or higher-level access through specific action combinations |
 | ec2-imdsv1              | Identifies EC2 instances using Instance Metadata Service version 1 (IMDSv1), which is vulnerable to SSRF attacks and should be replaced with IMDSv2 for enhanced security                        |
-| vercel-hobby-plan       | Vercel checks whose audited feature is available on the Hobby plan (and therefore also on Pro and Enterprise plans)                                                                                   |
-| vercel-pro-plan         | Vercel checks whose audited feature requires a Pro plan or higher, including features also available on Enterprise or via supported paid add-ons for Pro plans                                        |
-| vercel-enterprise-plan  | Vercel checks whose audited feature requires the Enterprise plan                                                                                                                                    |

docs/developer-guide/checks.mdx

@@ -387,7 +387,7 @@ Provides both code examples and best practice recommendations for addressing the
 
 #### Categories
 
-One or more functional groupings used for execution filtering (e.g., `internet-exposed`). Categories must match the predefined values enforced by `CheckMetadata`; adding a new category requires updating the validator and the metadata documentation.
+One or more functional groupings used for execution filtering (e.g., `internet-exposed`). You can define new categories just by adding to this field.
 
 For the complete list of available categories, see [Categories Guidelines](/developer-guide/check-metadata-guidelines#categories-guidelines).
 

docs/user-guide/providers/vercel/getting-started-vercel.mdx

@@ -160,25 +160,3 @@ Prowler for Vercel includes security checks across the following services:
 | **Project** | Deployment protection, environment variable security, fork protection, and skew protection |
 | **Security** | Web Application Firewall (WAF), rate limiting, IP blocking, and managed rulesets |
 | **Team** | SSO enforcement, directory sync, member access, and invitation hygiene |
-
-## Checks With Explicit Plan-Based Behavior
-
-Prowler currently includes 26 Vercel checks. The 11 checks below have explicit billing-plan handling in the provider metadata or check logic. When the scanned scope reports a billing plan, Prowler adds plan-aware context to findings for these checks. If the API does not expose the required configuration, Prowler may return `MANUAL` and require verification in the Vercel dashboard.
-
-| Check ID | Hobby | Pro | Enterprise | Notes |
-|----------|-------|-----|------------|-------|
-| `project_password_protection_enabled` | Not available | Available as a paid add-on | Available | Checks password protection for deployments |
-| `project_production_deployment_protection_enabled` | Not available | Available with supported paid deployment protection options | Available | Checks protection for production deployments |
-| `project_skew_protection_enabled` | Not available | Available | Available | Checks skew protection during rollouts |
-| `security_custom_rules_configured` | Not available | Available | Available | Returns `MANUAL` when the firewall configuration cannot be assessed from the API |
-| `security_ip_blocking_rules_configured` | Not available | Available | Available | Returns `MANUAL` when the firewall configuration cannot be assessed from the API |
-| `team_saml_sso_enabled` | Not available | Available | Available | Checks team SAML SSO configuration |
-| `team_saml_sso_enforced` | Not available | Available | Available | Checks SAML SSO enforcement for all team members |
-| `team_directory_sync_enabled` | Not available | Not available | Available | Checks SCIM directory sync |
-| `security_managed_rulesets_enabled` | Bot Protection and AI Bots managed rulesets | Bot Protection and AI Bots managed rulesets | All managed rulesets, including OWASP Core Ruleset | Returns `MANUAL` when the firewall configuration cannot be assessed from the API |
-| `security_rate_limiting_configured` | Not available | Available | Available | Returns `MANUAL` when the firewall configuration cannot be assessed from the API |
-| `security_waf_enabled` | Not available | Available | Available | Returns `MANUAL` when the firewall configuration cannot be assessed from the API |
-
-<Note>
-The five firewall-related checks (`security_waf_enabled`, `security_custom_rules_configured`, `security_ip_blocking_rules_configured`, `security_rate_limiting_configured`, and `security_managed_rulesets_enabled`) return `MANUAL` when the firewall configuration endpoint is not accessible from the API. The other 15 current Vercel checks do not currently include plan-specific handling in provider logic, but every Vercel check includes exactly one billing-plan metadata category (`vercel-hobby-plan`, `vercel-pro-plan`, or `vercel-enterprise-plan`) alongside its functional security category.
-</Note>

mcp_server/CHANGELOG.md

@@ -2,14 +2,6 @@
 
 All notable changes to the **Prowler MCP Server** are documented in this file.
 
-## [0.7.0] (Prowler UNRELEASED)
-
-### 🔐 Security
-
-- `cryptography` from 46.0.1 to 47.0.0 (transitive) for CVE-2026-39892 and CVE-2026-26007 / CVE-2026-34073
-
----
-
 ## [0.6.0] (Prowler v5.23.0)
 
 ### 🚀 Added

mcp_server/uv.lock

@@ -204,55 +204,58 @@ wheels = [
 
 [[package]]
 name = "cryptography"
-version = "47.0.0"
+version = "46.0.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "cffi", marker = "platform_python_implementation != 'PyPy'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/ef/b2/7ffa7fe8207a8c42147ffe70c3e360b228160c1d85dc3faff16aaa3244c0/cryptography-47.0.0.tar.gz", hash = "sha256:9f8e55fe4e63613a5e1cc5819030f27b97742d720203a087802ce4ce9ceb52bb", size = 830863, upload-time = "2026-04-24T19:54:57.056Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/a9/62/e3664e6ffd7743e1694b244dde70b43a394f6f7fbcacf7014a8ff5197c73/cryptography-46.0.1.tar.gz", hash = "sha256:ed570874e88f213437f5cf758f9ef26cbfc3f336d889b1e592ee11283bb8d1c7", size = 749198, upload-time = "2025-09-17T00:10:35.797Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/a4/98/40dfe932134bdcae4f6ab5927c87488754bf9eb79297d7e0070b78dd58e9/cryptography-47.0.0-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:160ad728f128972d362e714054f6ba0067cab7fb350c5202a9ae8ae4ce3ef1a0", size = 7912214, upload-time = "2026-04-24T19:53:03.864Z" },
-    { url = "https://files.pythonhosted.org/packages/34/c6/2733531243fba725f58611b918056b277692f1033373dcc8bd01af1c05d4/cryptography-47.0.0-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:b9a8943e359b7615db1a3ba587994618e094ff3d6fa5a390c73d079ce18b3973", size = 4644617, upload-time = "2026-04-24T19:53:06.909Z" },
-    { url = "https://files.pythonhosted.org/packages/00/e3/b27be1a670a9b87f855d211cf0e1174a5d721216b7616bd52d8581d912ed/cryptography-47.0.0-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f5c15764f261394b22aef6b00252f5195f46f2ca300bec57149474e2538b31f8", size = 4668186, upload-time = "2026-04-24T19:53:09.053Z" },
-    { url = "https://files.pythonhosted.org/packages/81/b9/8443cfe5d17d482d348cee7048acf502bb89a51b6382f06240fd290d4ca3/cryptography-47.0.0-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:9c59ab0e0fa3a180a5a9c59f3a5abe3ef90d474bc56d7fadfbe80359491b615b", size = 4651244, upload-time = "2026-04-24T19:53:11.217Z" },
-    { url = "https://files.pythonhosted.org/packages/5d/5e/13ed0cdd0eb88ba159d6dd5ebfece8cb901dbcf1ae5ac4072e28b55d3153/cryptography-47.0.0-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:34b4358b925a5ea3e14384ca781a2c0ef7ac219b57bb9eacc4457078e2b19f92", size = 5252906, upload-time = "2026-04-24T19:53:13.532Z" },
-    { url = "https://files.pythonhosted.org/packages/64/16/ed058e1df0f33d440217cd120d41d5dda9dd215a80b8187f68483185af82/cryptography-47.0.0-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:0024b87d47ae2399165a6bfb20d24888881eeab83ae2566d62467c5ff0030ce7", size = 4701842, upload-time = "2026-04-24T19:53:15.618Z" },
-    { url = "https://files.pythonhosted.org/packages/02/e0/3d30986b30fdbd9e969abbdf8ba00ed0618615144341faeb57f395a084fe/cryptography-47.0.0-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:1e47422b5557bb82d3fff997e8d92cff4e28b9789576984f08c248d2b3535d93", size = 4289313, upload-time = "2026-04-24T19:53:17.755Z" },
-    { url = "https://files.pythonhosted.org/packages/df/fd/32db38e3ad0cb331f0691cb4c7a8a6f176f679124dee746b3af6633db4d9/cryptography-47.0.0-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:6f29f36582e6151d9686235e586dd35bb67491f024767d10b842e520dc6a07ac", size = 4650964, upload-time = "2026-04-24T19:53:20.062Z" },
-    { url = "https://files.pythonhosted.org/packages/86/53/5395d944dfd48cb1f67917f533c609c34347185ef15eb4308024c876f274/cryptography-47.0.0-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:a9b761f012a943b7de0e828843c5688d0de94a0578d44d6c85a1bae32f87791f", size = 5207817, upload-time = "2026-04-24T19:53:22.498Z" },
-    { url = "https://files.pythonhosted.org/packages/34/4f/e5711b28e1901f7d480a2b1b688b645aa4c77c73f10731ed17e7f7db3f0d/cryptography-47.0.0-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:4e1de79e047e25d6e9f8cea71c86b4a53aced64134f0f003bbcbf3655fd172c8", size = 4701544, upload-time = "2026-04-24T19:53:24.356Z" },
-    { url = "https://files.pythonhosted.org/packages/22/22/c8ddc25de3010fc8da447648f5a092c40e7a8fadf01dd6d255d9c0b9373d/cryptography-47.0.0-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ef6b3634087f18d2155b1e8ce264e5345a753da2c5fa9815e7d41315c90f8318", size = 4783536, upload-time = "2026-04-24T19:53:26.665Z" },
-    { url = "https://files.pythonhosted.org/packages/66/b6/d4a68f4ea999c6d89e8498579cba1c5fcba4276284de7773b17e4fa69293/cryptography-47.0.0-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:11dbb9f50a0f1bb9757b3d8c27c1101780efb8f0bdecfb12439c22a74d64c001", size = 4926106, upload-time = "2026-04-24T19:53:28.686Z" },
-    { url = "https://files.pythonhosted.org/packages/54/ed/5f524db1fade9c013aa618e1c99c6ed05e8ffc9ceee6cda22fed22dda3f4/cryptography-47.0.0-cp311-abi3-win32.whl", hash = "sha256:7fda2f02c9015db3f42bb8a22324a454516ed10a8c29ca6ece6cdbb5efe2a203", size = 3258581, upload-time = "2026-04-24T19:53:31.058Z" },
-    { url = "https://files.pythonhosted.org/packages/b2/dc/1b901990b174786569029f67542b3edf72ac068b6c3c8683c17e6a2f5363/cryptography-47.0.0-cp311-abi3-win_amd64.whl", hash = "sha256:f5c3296dab66202f1b18a91fa266be93d6aa0c2806ea3d67762c69f60adc71aa", size = 3775309, upload-time = "2026-04-24T19:53:33.054Z" },
-    { url = "https://files.pythonhosted.org/packages/14/88/7aa18ad9c11bc87689affa5ce4368d884b517502d75739d475fc6f4a03c7/cryptography-47.0.0-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:be12cb6a204f77ed968bcefe68086eb061695b540a3dd05edac507a3111b25f0", size = 7904299, upload-time = "2026-04-24T19:53:35.003Z" },
-    { url = "https://files.pythonhosted.org/packages/07/55/c18f75724544872f234678fdedc871391722cb34a2aee19faa9f63100bb2/cryptography-47.0.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2ebd84adf0728c039a3be2700289378e1c164afc6748df1a5ed456767bef9ba7", size = 4631180, upload-time = "2026-04-24T19:53:37.517Z" },
-    { url = "https://files.pythonhosted.org/packages/ee/65/31a5cc0eaca99cec5bafffe155d407115d96136bb161e8b49e0ef73f09a7/cryptography-47.0.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:7f68d6fbc7fbbcfb0939fea72c3b96a9f9a6edfc0e1b1d29778a2066030418b1", size = 4653529, upload-time = "2026-04-24T19:53:39.775Z" },
-    { url = "https://files.pythonhosted.org/packages/e5/bc/641c0519a495f3bfd0421b48d7cd325c4336578523ccd76ea322b6c29c7a/cryptography-47.0.0-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:6651d32eff255423503aa276739da98c30f26c40cbeffcc6048e0d54ef704c0c", size = 4638570, upload-time = "2026-04-24T19:53:42.129Z" },
-    { url = "https://files.pythonhosted.org/packages/2b/f2/300327b0a47f6dc94dd8b71b57052aefe178bb51745073d73d80604f11ab/cryptography-47.0.0-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:3fb8fa48075fad7193f2e5496135c6a76ac4b2aa5a38433df0a539296b377829", size = 5238019, upload-time = "2026-04-24T19:53:44.577Z" },
-    { url = "https://files.pythonhosted.org/packages/e9/5a/5b5cf994391d4bf9d9c7efd4c66aabe4d95227256627f8fea6cff7dfadbd/cryptography-47.0.0-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:11438c7518132d95f354fa01a4aa2f806d172a061a7bed18cf18cbdacdb204d7", size = 4686832, upload-time = "2026-04-24T19:53:47.015Z" },
-    { url = "https://files.pythonhosted.org/packages/dc/2c/ae950e28fd6475c852fc21a44db3e6b5bcc1261d1e370f2b6e42fa800fef/cryptography-47.0.0-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:8c1a736bbb3288005796c3f7ccb9453360d7fed483b13b9f468aea5171432923", size = 4269301, upload-time = "2026-04-24T19:53:48.97Z" },
-    { url = "https://files.pythonhosted.org/packages/67/fb/6a39782e150ffe5cc1b0018cb6ddc48bf7ca62b498d7539ffc8a758e977d/cryptography-47.0.0-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:f1557695e5c2b86e204f6ce9470497848634100787935ab7adc5397c54abd7ab", size = 4638110, upload-time = "2026-04-24T19:53:51.011Z" },
-    { url = "https://files.pythonhosted.org/packages/8e/d7/0b3c71090a76e5c203164a47688b697635ece006dcd2499ab3a4dbd3f0bd/cryptography-47.0.0-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:f9a034b642b960767fb343766ae5ba6ad653f2e890ddd82955aef288ffea8736", size = 5194988, upload-time = "2026-04-24T19:53:52.962Z" },
-    { url = "https://files.pythonhosted.org/packages/63/33/63a961498a9df51721ab578c5a2622661411fc520e00bd83b0cc64eb20c4/cryptography-47.0.0-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:b1c76fca783aa7698eb21eb14f9c4aa09452248ee54a627d125025a43f83e7a7", size = 4686563, upload-time = "2026-04-24T19:53:55.274Z" },
-    { url = "https://files.pythonhosted.org/packages/b7/bf/5ee5b145248f92250de86145d1c1d6edebbd57a7fe7caa4dedb5d4cf06a1/cryptography-47.0.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:4f7722c97826770bab8ae92959a2e7b20a5e9e9bf4deae68fd86c3ca457bab52", size = 4770094, upload-time = "2026-04-24T19:53:57.753Z" },
-    { url = "https://files.pythonhosted.org/packages/92/43/21d220b2da5d517773894dacdcdb5c682c28d3fffce65548cb06e87d5501/cryptography-47.0.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:09f6d7bf6724f8db8b32f11eccf23efc8e759924bc5603800335cf8859a3ddbd", size = 4913811, upload-time = "2026-04-24T19:54:00.236Z" },
-    { url = "https://files.pythonhosted.org/packages/31/98/dc4ad376ac5f1a1a7d4a83f7b0c6f2bcad36b5d2d8f30aeb482d3a7d9582/cryptography-47.0.0-cp314-cp314t-win32.whl", hash = "sha256:6eebcaf0df1d21ce1f90605c9b432dd2c4f4ab665ac29a40d5e3fc68f51b5e63", size = 3237158, upload-time = "2026-04-24T19:54:02.606Z" },
-    { url = "https://files.pythonhosted.org/packages/bc/da/97f62d18306b5133468bc3f8cc73a3111e8cdc8cf8d3e69474d6e5fd2d1b/cryptography-47.0.0-cp314-cp314t-win_amd64.whl", hash = "sha256:51c9313e90bd1690ec5a75ed047c27c0b8e6c570029712943d6116ef9a90620b", size = 3758706, upload-time = "2026-04-24T19:54:04.433Z" },
-    { url = "https://files.pythonhosted.org/packages/e0/34/a4fae8ae7c3bc227460c9ae43f56abf1b911da0ec29e0ebac53bb0a4b6b7/cryptography-47.0.0-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:14432c8a9bcb37009784f9594a62fae211a2ae9543e96c92b2a8e4c3cd5cd0c4", size = 7904072, upload-time = "2026-04-24T19:54:06.411Z" },
-    { url = "https://files.pythonhosted.org/packages/01/64/d7b1e54fdb69f22d24a64bb3e88dc718b31c7fb10ef0b9691a3cf7eeea6e/cryptography-47.0.0-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:07efe86201817e7d3c18781ca9770bc0db04e1e48c994be384e4602bc38f8f27", size = 4635767, upload-time = "2026-04-24T19:54:08.519Z" },
-    { url = "https://files.pythonhosted.org/packages/8b/7b/cca826391fb2a94efdcdfe4631eb69306ee1cff0b22f664a412c90713877/cryptography-47.0.0-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2b45761c6ec22b7c726d6a829558777e32d0f1c8be7c3f3480f9c912d5ee8a10", size = 4654350, upload-time = "2026-04-24T19:54:10.795Z" },
-    { url = "https://files.pythonhosted.org/packages/4c/65/4b57bcc823f42a991627c51c2f68c9fd6eb1393c1756aac876cba2accae2/cryptography-47.0.0-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:edd4da498015da5b9f26d38d3bfc2e90257bfa9cbed1f6767c282a0025ae649b", size = 4643394, upload-time = "2026-04-24T19:54:13.275Z" },
-    { url = "https://files.pythonhosted.org/packages/f4/c4/2c5fbeea70adbbca2bbae865e1d605d6a4a7f8dbd9d33eaf69645087f06c/cryptography-47.0.0-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:9af828c0d5a65c70ec729cd7495a4bf1a67ecb66417b8f02ff125ab8a6326a74", size = 5225777, upload-time = "2026-04-24T19:54:15.18Z" },
-    { url = "https://files.pythonhosted.org/packages/7e/b8/ac57107ef32749d2b244e36069bb688792a363aaaa3acc9e3cf84c130315/cryptography-47.0.0-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:256d07c78a04d6b276f5df935a9923275f53bd1522f214447fdf365494e2d515", size = 4688771, upload-time = "2026-04-24T19:54:17.835Z" },
-    { url = "https://files.pythonhosted.org/packages/56/fc/9f1de22ff8be99d991f240a46863c52d475404c408886c5a38d2b5c3bb26/cryptography-47.0.0-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:5d0e362ff51041b0c0d219cc7d6924d7b8996f57ce5712bdcef71eb3c65a59cc", size = 4270753, upload-time = "2026-04-24T19:54:19.963Z" },
-    { url = "https://files.pythonhosted.org/packages/00/68/d70c852797aa68e8e48d12e5a87170c43f67bb4a59403627259dd57d15de/cryptography-47.0.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:1581aef4219f7ca2849d0250edaa3866212fb74bf5667284f46aa92f9e65c1ca", size = 4642911, upload-time = "2026-04-24T19:54:21.818Z" },
-    { url = "https://files.pythonhosted.org/packages/a5/51/661cbee74f594c5d97ff82d34f10d5551c085ca4668645f4606ebd22bd5d/cryptography-47.0.0-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:a49a3eb5341b9503fa3000a9a0db033161db90d47285291f53c2a9d2cd1b7f76", size = 5181411, upload-time = "2026-04-24T19:54:24.376Z" },
-    { url = "https://files.pythonhosted.org/packages/94/87/f2b6c374a82cf076cfa1416992ac8e8ec94d79facc37aec87c1a5cb72352/cryptography-47.0.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:2207a498b03275d0051589e326b79d4cf59985c99031b05bb292ac52631c37fe", size = 4688262, upload-time = "2026-04-24T19:54:26.946Z" },
-    { url = "https://files.pythonhosted.org/packages/14/e2/8b7462f4acf21ec509616f0245018bb197194ab0b65c2ea21a0bdd53c0eb/cryptography-47.0.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:7a02675e2fabd0c0fc04c868b8781863cbf1967691543c22f5470500ff840b31", size = 4775506, upload-time = "2026-04-24T19:54:28.926Z" },
-    { url = "https://files.pythonhosted.org/packages/70/75/158e494e4c08dc05e039da5bb48553826bd26c23930cf8d3cd5f21fa8921/cryptography-47.0.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:80887c5cbd1774683cb126f0ab4184567f080071d5acf62205acb354b4b753b7", size = 4912060, upload-time = "2026-04-24T19:54:30.869Z" },
-    { url = "https://files.pythonhosted.org/packages/06/bd/0a9d3edbf5eadbac926d7b9b3cd0c4be584eeeae4a003d24d9eda4affbbd/cryptography-47.0.0-cp38-abi3-win32.whl", hash = "sha256:ed67ea4e0cfb5faa5bc7ecb6e2b8838f3807a03758eec239d6c21c8769355310", size = 3248487, upload-time = "2026-04-24T19:54:33.494Z" },
-    { url = "https://files.pythonhosted.org/packages/60/80/5681af756d0da3a599b7bdb586fac5a1540f1bcefd2717a20e611ddade45/cryptography-47.0.0-cp38-abi3-win_amd64.whl", hash = "sha256:835d2d7f47cdc53b3224e90810fb1d36ca94ea29cc1801fb4c1bc43876735769", size = 3755737, upload-time = "2026-04-24T19:54:35.408Z" },
+    { url = "https://files.pythonhosted.org/packages/4c/8c/44ee01267ec01e26e43ebfdae3f120ec2312aa72fa4c0507ebe41a26739f/cryptography-46.0.1-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:1cd6d50c1a8b79af1a6f703709d8973845f677c8e97b1268f5ff323d38ce8475", size = 7285044, upload-time = "2025-09-17T00:08:36.807Z" },
+    { url = "https://files.pythonhosted.org/packages/22/59/9ae689a25047e0601adfcb159ec4f83c0b4149fdb5c3030cc94cd218141d/cryptography-46.0.1-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0ff483716be32690c14636e54a1f6e2e1b7bf8e22ca50b989f88fa1b2d287080", size = 4308182, upload-time = "2025-09-17T00:08:39.388Z" },
+    { url = "https://files.pythonhosted.org/packages/c4/ee/ca6cc9df7118f2fcd142c76b1da0f14340d77518c05b1ebfbbabca6b9e7d/cryptography-46.0.1-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9873bf7c1f2a6330bdfe8621e7ce64b725784f9f0c3a6a55c3047af5849f920e", size = 4572393, upload-time = "2025-09-17T00:08:41.663Z" },
+    { url = "https://files.pythonhosted.org/packages/7f/a3/0f5296f63815d8e985922b05c31f77ce44787b3127a67c0b7f70f115c45f/cryptography-46.0.1-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:0dfb7c88d4462a0cfdd0d87a3c245a7bc3feb59de101f6ff88194f740f72eda6", size = 4308400, upload-time = "2025-09-17T00:08:43.559Z" },
+    { url = "https://files.pythonhosted.org/packages/5d/8c/74fcda3e4e01be1d32775d5b4dd841acaac3c1b8fa4d0774c7ac8d52463d/cryptography-46.0.1-cp311-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:e22801b61613ebdebf7deb18b507919e107547a1d39a3b57f5f855032dd7cfb8", size = 4015786, upload-time = "2025-09-17T00:08:45.758Z" },
+    { url = "https://files.pythonhosted.org/packages/dc/b8/85d23287baeef273b0834481a3dd55bbed3a53587e3b8d9f0898235b8f91/cryptography-46.0.1-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:757af4f6341ce7a1e47c326ca2a81f41d236070217e5fbbad61bbfe299d55d28", size = 4982606, upload-time = "2025-09-17T00:08:47.602Z" },
+    { url = "https://files.pythonhosted.org/packages/e5/d3/de61ad5b52433b389afca0bc70f02a7a1f074651221f599ce368da0fe437/cryptography-46.0.1-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:f7a24ea78de345cfa7f6a8d3bde8b242c7fac27f2bd78fa23474ca38dfaeeab9", size = 4604234, upload-time = "2025-09-17T00:08:49.879Z" },
+    { url = "https://files.pythonhosted.org/packages/dc/1f/dbd4d6570d84748439237a7478d124ee0134bf166ad129267b7ed8ea6d22/cryptography-46.0.1-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:9e8776dac9e660c22241b6587fae51a67b4b0147daa4d176b172c3ff768ad736", size = 4307669, upload-time = "2025-09-17T00:08:52.321Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/fd/ca0a14ce7f0bfe92fa727aacaf2217eb25eb7e4ed513b14d8e03b26e63ed/cryptography-46.0.1-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:9f40642a140c0c8649987027867242b801486865277cbabc8c6059ddef16dc8b", size = 4947579, upload-time = "2025-09-17T00:08:54.697Z" },
+    { url = "https://files.pythonhosted.org/packages/89/6b/09c30543bb93401f6f88fce556b3bdbb21e55ae14912c04b7bf355f5f96c/cryptography-46.0.1-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:449ef2b321bec7d97ef2c944173275ebdab78f3abdd005400cc409e27cd159ab", size = 4603669, upload-time = "2025-09-17T00:08:57.16Z" },
+    { url = "https://files.pythonhosted.org/packages/23/9a/38cb01cb09ce0adceda9fc627c9cf98eb890fc8d50cacbe79b011df20f8a/cryptography-46.0.1-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2dd339ba3345b908fa3141ddba4025568fa6fd398eabce3ef72a29ac2d73ad75", size = 4435828, upload-time = "2025-09-17T00:08:59.606Z" },
+    { url = "https://files.pythonhosted.org/packages/0f/53/435b5c36a78d06ae0bef96d666209b0ecd8f8181bfe4dda46536705df59e/cryptography-46.0.1-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:7411c910fb2a412053cf33cfad0153ee20d27e256c6c3f14d7d7d1d9fec59fd5", size = 4709553, upload-time = "2025-09-17T00:09:01.832Z" },
+    { url = "https://files.pythonhosted.org/packages/f5/c4/0da6e55595d9b9cd3b6eb5dc22f3a07ded7f116a3ea72629cab595abb804/cryptography-46.0.1-cp311-abi3-win32.whl", hash = "sha256:cbb8e769d4cac884bb28e3ff620ef1001b75588a5c83c9c9f1fdc9afbe7f29b0", size = 3058327, upload-time = "2025-09-17T00:09:03.726Z" },
+    { url = "https://files.pythonhosted.org/packages/95/0f/cd29a35e0d6e78a0ee61793564c8cff0929c38391cb0de27627bdc7525aa/cryptography-46.0.1-cp311-abi3-win_amd64.whl", hash = "sha256:92e8cfe8bd7dd86eac0a677499894862cd5cc2fd74de917daa881d00871ac8e7", size = 3523893, upload-time = "2025-09-17T00:09:06.272Z" },
+    { url = "https://files.pythonhosted.org/packages/f2/dd/eea390f3e78432bc3d2f53952375f8b37cb4d37783e626faa6a51e751719/cryptography-46.0.1-cp311-abi3-win_arm64.whl", hash = "sha256:db5597a4c7353b2e5fb05a8e6cb74b56a4658a2b7bf3cb6b1821ae7e7fd6eaa0", size = 2932145, upload-time = "2025-09-17T00:09:08.568Z" },
+    { url = "https://files.pythonhosted.org/packages/0a/fb/c73588561afcd5e24b089952bd210b14676c0c5bf1213376350ae111945c/cryptography-46.0.1-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:4c49eda9a23019e11d32a0eb51a27b3e7ddedde91e099c0ac6373e3aacc0d2ee", size = 7193928, upload-time = "2025-09-17T00:09:10.595Z" },
+    { url = "https://files.pythonhosted.org/packages/26/34/0ff0bb2d2c79f25a2a63109f3b76b9108a906dd2a2eb5c1d460b9938adbb/cryptography-46.0.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:9babb7818fdd71394e576cf26c5452df77a355eac1a27ddfa24096665a27f8fd", size = 4293515, upload-time = "2025-09-17T00:09:12.861Z" },
+    { url = "https://files.pythonhosted.org/packages/df/b7/d4f848aee24ecd1be01db6c42c4a270069a4f02a105d9c57e143daf6cf0f/cryptography-46.0.1-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9f2c4cc63be3ef43c0221861177cee5d14b505cd4d4599a89e2cd273c4d3542a", size = 4545619, upload-time = "2025-09-17T00:09:15.397Z" },
+    { url = "https://files.pythonhosted.org/packages/44/a5/42fedefc754fd1901e2d95a69815ea4ec8a9eed31f4c4361fcab80288661/cryptography-46.0.1-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:41c281a74df173876da1dc9a9b6953d387f06e3d3ed9284e3baae3ab3f40883a", size = 4299160, upload-time = "2025-09-17T00:09:17.155Z" },
+    { url = "https://files.pythonhosted.org/packages/86/a1/cd21174f56e769c831fbbd6399a1b7519b0ff6280acec1b826d7b072640c/cryptography-46.0.1-cp314-cp314t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:0a17377fa52563d730248ba1f68185461fff36e8bc75d8787a7dd2e20a802b7a", size = 3994491, upload-time = "2025-09-17T00:09:18.971Z" },
+    { url = "https://files.pythonhosted.org/packages/8d/2f/a8cbfa1c029987ddc746fd966711d4fa71efc891d37fbe9f030fe5ab4eec/cryptography-46.0.1-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:0d1922d9280e08cde90b518a10cd66831f632960a8d08cb3418922d83fce6f12", size = 4960157, upload-time = "2025-09-17T00:09:20.923Z" },
+    { url = "https://files.pythonhosted.org/packages/67/ae/63a84e6789e0d5a2502edf06b552bcb0fa9ff16147265d5c44a211942abe/cryptography-46.0.1-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:af84e8e99f1a82cea149e253014ea9dc89f75b82c87bb6c7242203186f465129", size = 4577263, upload-time = "2025-09-17T00:09:23.356Z" },
+    { url = "https://files.pythonhosted.org/packages/ef/8f/1b9fa8e92bd9cbcb3b7e1e593a5232f2c1e6f9bd72b919c1a6b37d315f92/cryptography-46.0.1-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:ef648d2c690703501714588b2ba640facd50fd16548133b11b2859e8655a69da", size = 4298703, upload-time = "2025-09-17T00:09:25.566Z" },
+    { url = "https://files.pythonhosted.org/packages/c3/af/bb95db070e73fea3fae31d8a69ac1463d89d1c084220f549b00dd01094a8/cryptography-46.0.1-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:e94eb5fa32a8a9f9bf991f424f002913e3dd7c699ef552db9b14ba6a76a6313b", size = 4926363, upload-time = "2025-09-17T00:09:27.451Z" },
+    { url = "https://files.pythonhosted.org/packages/f5/3b/d8fb17ffeb3a83157a1cc0aa5c60691d062aceecba09c2e5e77ebfc1870c/cryptography-46.0.1-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:534b96c0831855e29fc3b069b085fd185aa5353033631a585d5cd4dd5d40d657", size = 4576958, upload-time = "2025-09-17T00:09:29.924Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/46/86bc3a05c10c8aa88c8ae7e953a8b4e407c57823ed201dbcba55c4d655f4/cryptography-46.0.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:f9b55038b5c6c47559aa33626d8ecd092f354e23de3c6975e4bb205df128a2a0", size = 4422507, upload-time = "2025-09-17T00:09:32.222Z" },
+    { url = "https://files.pythonhosted.org/packages/a8/4e/387e5a21dfd2b4198e74968a541cfd6128f66f8ec94ed971776e15091ac3/cryptography-46.0.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:ec13b7105117dbc9afd023300fb9954d72ca855c274fe563e72428ece10191c0", size = 4683964, upload-time = "2025-09-17T00:09:34.118Z" },
+    { url = "https://files.pythonhosted.org/packages/25/a3/f9f5907b166adb8f26762071474b38bbfcf89858a5282f032899075a38a1/cryptography-46.0.1-cp314-cp314t-win32.whl", hash = "sha256:504e464944f2c003a0785b81668fe23c06f3b037e9cb9f68a7c672246319f277", size = 3029705, upload-time = "2025-09-17T00:09:36.381Z" },
+    { url = "https://files.pythonhosted.org/packages/12/66/4d3a4f1850db2e71c2b1628d14b70b5e4c1684a1bd462f7fffb93c041c38/cryptography-46.0.1-cp314-cp314t-win_amd64.whl", hash = "sha256:c52fded6383f7e20eaf70a60aeddd796b3677c3ad2922c801be330db62778e05", size = 3502175, upload-time = "2025-09-17T00:09:38.261Z" },
+    { url = "https://files.pythonhosted.org/packages/52/c7/9f10ad91435ef7d0d99a0b93c4360bea3df18050ff5b9038c489c31ac2f5/cryptography-46.0.1-cp314-cp314t-win_arm64.whl", hash = "sha256:9495d78f52c804b5ec8878b5b8c7873aa8e63db9cd9ee387ff2db3fffe4df784", size = 2912354, upload-time = "2025-09-17T00:09:40.078Z" },
+    { url = "https://files.pythonhosted.org/packages/98/e5/fbd632385542a3311915976f88e0dfcf09e62a3fc0aff86fb6762162a24d/cryptography-46.0.1-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:d84c40bdb8674c29fa192373498b6cb1e84f882889d21a471b45d1f868d8d44b", size = 7255677, upload-time = "2025-09-17T00:09:42.407Z" },
+    { url = "https://files.pythonhosted.org/packages/56/3e/13ce6eab9ad6eba1b15a7bd476f005a4c1b3f299f4c2f32b22408b0edccf/cryptography-46.0.1-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:9ed64e5083fa806709e74fc5ea067dfef9090e5b7a2320a49be3c9df3583a2d8", size = 4301110, upload-time = "2025-09-17T00:09:45.614Z" },
+    { url = "https://files.pythonhosted.org/packages/a2/67/65dc233c1ddd688073cf7b136b06ff4b84bf517ba5529607c9d79720fc67/cryptography-46.0.1-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:341fb7a26bc9d6093c1b124b9f13acc283d2d51da440b98b55ab3f79f2522ead", size = 4562369, upload-time = "2025-09-17T00:09:47.601Z" },
+    { url = "https://files.pythonhosted.org/packages/17/db/d64ae4c6f4e98c3dac5bf35dd4d103f4c7c345703e43560113e5e8e31b2b/cryptography-46.0.1-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:6ef1488967e729948d424d09c94753d0167ce59afba8d0f6c07a22b629c557b2", size = 4302126, upload-time = "2025-09-17T00:09:49.335Z" },
+    { url = "https://files.pythonhosted.org/packages/3d/19/5f1eea17d4805ebdc2e685b7b02800c4f63f3dd46cfa8d4c18373fea46c8/cryptography-46.0.1-cp38-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:7823bc7cdf0b747ecfb096d004cc41573c2f5c7e3a29861603a2871b43d3ef32", size = 4009431, upload-time = "2025-09-17T00:09:51.239Z" },
+    { url = "https://files.pythonhosted.org/packages/81/b5/229ba6088fe7abccbfe4c5edb96c7a5ad547fac5fdd0d40aa6ea540b2985/cryptography-46.0.1-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:f736ab8036796f5a119ff8211deda416f8c15ce03776db704a7a4e17381cb2ef", size = 4980739, upload-time = "2025-09-17T00:09:54.181Z" },
+    { url = "https://files.pythonhosted.org/packages/3a/9c/50aa38907b201e74bc43c572f9603fa82b58e831bd13c245613a23cff736/cryptography-46.0.1-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:e46710a240a41d594953012213ea8ca398cd2448fbc5d0f1be8160b5511104a0", size = 4592289, upload-time = "2025-09-17T00:09:56.731Z" },
+    { url = "https://files.pythonhosted.org/packages/5a/33/229858f8a5bb22f82468bb285e9f4c44a31978d5f5830bb4ea1cf8a4e454/cryptography-46.0.1-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:84ef1f145de5aee82ea2447224dc23f065ff4cc5791bb3b506615957a6ba8128", size = 4301815, upload-time = "2025-09-17T00:09:58.548Z" },
+    { url = "https://files.pythonhosted.org/packages/52/cb/b76b2c87fbd6ed4a231884bea3ce073406ba8e2dae9defad910d33cbf408/cryptography-46.0.1-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:9394c7d5a7565ac5f7d9ba38b2617448eba384d7b107b262d63890079fad77ca", size = 4943251, upload-time = "2025-09-17T00:10:00.475Z" },
+    { url = "https://files.pythonhosted.org/packages/94/0f/f66125ecf88e4cb5b8017ff43f3a87ede2d064cb54a1c5893f9da9d65093/cryptography-46.0.1-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:ed957044e368ed295257ae3d212b95456bd9756df490e1ac4538857f67531fcc", size = 4591247, upload-time = "2025-09-17T00:10:02.874Z" },
+    { url = "https://files.pythonhosted.org/packages/f6/22/9f3134ae436b63b463cfdf0ff506a0570da6873adb4bf8c19b8a5b4bac64/cryptography-46.0.1-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:f7de12fa0eee6234de9a9ce0ffcfa6ce97361db7a50b09b65c63ac58e5f22fc7", size = 4428534, upload-time = "2025-09-17T00:10:04.994Z" },
+    { url = "https://files.pythonhosted.org/packages/89/39/e6042bcb2638650b0005c752c38ea830cbfbcbb1830e4d64d530000aa8dc/cryptography-46.0.1-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:7fab1187b6c6b2f11a326f33b036f7168f5b996aedd0c059f9738915e4e8f53a", size = 4699541, upload-time = "2025-09-17T00:10:06.925Z" },
+    { url = "https://files.pythonhosted.org/packages/68/46/753d457492d15458c7b5a653fc9a84a1c9c7a83af6ebdc94c3fc373ca6e8/cryptography-46.0.1-cp38-abi3-win32.whl", hash = "sha256:45f790934ac1018adeba46a0f7289b2b8fe76ba774a88c7f1922213a56c98bc1", size = 3043779, upload-time = "2025-09-17T00:10:08.951Z" },
+    { url = "https://files.pythonhosted.org/packages/2f/50/b6f3b540c2f6ee712feeb5fa780bb11fad76634e71334718568e7695cb55/cryptography-46.0.1-cp38-abi3-win_amd64.whl", hash = "sha256:7176a5ab56fac98d706921f6416a05e5aff7df0e4b91516f450f8627cda22af3", size = 3517226, upload-time = "2025-09-17T00:10:10.769Z" },
+    { url = "https://files.pythonhosted.org/packages/ff/e8/77d17d00981cdd27cc493e81e1749a0b8bbfb843780dbd841e30d7f50743/cryptography-46.0.1-cp38-abi3-win_arm64.whl", hash = "sha256:efc9e51c3e595267ff84adf56e9b357db89ab2279d7e375ffcaf8f678606f3d9", size = 2923149, upload-time = "2025-09-17T00:10:13.236Z" },
 ]
 
 [[package]]

poetry.lock

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.3.4 and should not be changed by hand.
 
 [[package]]
 name = "about-time"
@@ -2029,61 +2029,61 @@ toml = ["tomli ; python_full_version <= \"3.11.0a6\""]
 
 [[package]]
 name = "cryptography"
-version = "46.0.7"
+version = "46.0.6"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = "!=3.9.0,!=3.9.1,>=3.8"
 groups = ["main", "dev"]
 files = [
-    {file = "cryptography-46.0.7-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:ea42cbe97209df307fdc3b155f1b6fa2577c0defa8f1f7d3be7d31d189108ad4"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:b36a4695e29fe69215d75960b22577197aca3f7a25b9cf9d165dcfe9d80bc325"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:5ad9ef796328c5e3c4ceed237a183f5d41d21150f972455a9d926593a1dcb308"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:73510b83623e080a2c35c62c15298096e2a5dc8d51c3b4e1740211839d0dea77"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:cbd5fb06b62bd0721e1170273d3f4d5a277044c47ca27ee257025146c34cbdd1"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:420b1e4109cc95f0e5700eed79908cef9268265c773d3a66f7af1eef53d409ef"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:24402210aa54baae71d99441d15bb5a1919c195398a87b563df84468160a65de"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:8a469028a86f12eb7d2fe97162d0634026d92a21f3ae0ac87ed1c4a447886c83"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:9694078c5d44c157ef3162e3bf3946510b857df5a3955458381d1c7cfc143ddb"},
-    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:42a1e5f98abb6391717978baf9f90dc28a743b7d9be7f0751a6f56a75d14065b"},
-    {file = "cryptography-46.0.7-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:91bbcb08347344f810cbe49065914fe048949648f6bd5c2519f34619142bbe85"},
-    {file = "cryptography-46.0.7-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:5d1c02a14ceb9148cc7816249f64f623fbfee39e8c03b3650d842ad3f34d637e"},
-    {file = "cryptography-46.0.7-cp311-abi3-win32.whl", hash = "sha256:d23c8ca48e44ee015cd0a54aeccdf9f09004eba9fc96f38c911011d9ff1bd457"},
-    {file = "cryptography-46.0.7-cp311-abi3-win_amd64.whl", hash = "sha256:397655da831414d165029da9bc483bed2fe0e75dde6a1523ec2fe63f3c46046b"},
-    {file = "cryptography-46.0.7-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:d151173275e1728cf7839aaa80c34fe550c04ddb27b34f48c232193df8db5842"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:db0f493b9181c7820c8134437eb8b0b4792085d37dbb24da050476ccb664e59c"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ebd6daf519b9f189f85c479427bbd6e9c9037862cf8fe89ee35503bd209ed902"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:b7b412817be92117ec5ed95f880defe9cf18a832e8cafacf0a22337dc1981b4d"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:fbfd0e5f273877695cb93baf14b185f4878128b250cc9f8e617ea0c025dfb022"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:ffca7aa1d00cf7d6469b988c581598f2259e46215e0140af408966a24cf086ce"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:60627cf07e0d9274338521205899337c5d18249db56865f943cbe753aa96f40f"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:80406c3065e2c55d7f49a9550fe0c49b3f12e5bfff5dedb727e319e1afb9bf99"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:c5b1ccd1239f48b7151a65bc6dd54bcfcc15e028c8ac126d3fada09db0e07ef1"},
-    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:d5f7520159cd9c2154eb61eb67548ca05c5774d39e9c2c4339fd793fe7d097b2"},
-    {file = "cryptography-46.0.7-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:fcd8eac50d9138c1d7fc53a653ba60a2bee81a505f9f8850b6b2888555a45d0e"},
-    {file = "cryptography-46.0.7-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:65814c60f8cc400c63131584e3e1fad01235edba2614b61fbfbfa954082db0ee"},
-    {file = "cryptography-46.0.7-cp314-cp314t-win32.whl", hash = "sha256:fdd1736fed309b4300346f88f74cd120c27c56852c3838cab416e7a166f67298"},
-    {file = "cryptography-46.0.7-cp314-cp314t-win_amd64.whl", hash = "sha256:e06acf3c99be55aa3b516397fe42f5855597f430add9c17fa46bf2e0fb34c9bb"},
-    {file = "cryptography-46.0.7-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:462ad5cb1c148a22b2e3bcc5ad52504dff325d17daf5df8d88c17dda1f75f2a4"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:84d4cced91f0f159a7ddacad249cc077e63195c36aac40b4150e7a57e84fffe7"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:128c5edfe5e5938b86b03941e94fac9ee793a94452ad1365c9fc3f4f62216832"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:5e51be372b26ef4ba3de3c167cd3d1022934bc838ae9eaad7e644986d2a3d163"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:cdf1a610ef82abb396451862739e3fc93b071c844399e15b90726ef7470eeaf2"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:1d25aee46d0c6f1a501adcddb2d2fee4b979381346a78558ed13e50aa8a59067"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:cdfbe22376065ffcf8be74dc9a909f032df19bc58a699456a21712d6e5eabfd0"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:abad9dac36cbf55de6eb49badd4016806b3165d396f64925bf2999bcb67837ba"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:935ce7e3cfdb53e3536119a542b839bb94ec1ad081013e9ab9b7cfd478b05006"},
-    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:35719dc79d4730d30f1c2b6474bd6acda36ae2dfae1e3c16f2051f215df33ce0"},
-    {file = "cryptography-46.0.7-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:7bbc6ccf49d05ac8f7d7b5e2e2c33830d4fe2061def88210a126d130d7f71a85"},
-    {file = "cryptography-46.0.7-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a1529d614f44b863a7b480c6d000fe93b59acee9c82ffa027cfadc77521a9f5e"},
-    {file = "cryptography-46.0.7-cp38-abi3-win32.whl", hash = "sha256:f247c8c1a1fb45e12586afbb436ef21ff1e80670b2861a90353d9b025583d246"},
-    {file = "cryptography-46.0.7-cp38-abi3-win_amd64.whl", hash = "sha256:506c4ff91eff4f82bdac7633318a526b1d1309fc07ca76a3ad182cb5b686d6d3"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:fc9ab8856ae6cf7c9358430e49b368f3108f050031442eaeb6b9d87e4dcf4e4f"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:d3b99c535a9de0adced13d159c5a9cf65c325601aa30f4be08afd680643e9c15"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:d02c738dacda7dc2a74d1b2b3177042009d5cab7c7079db74afc19e56ca1b455"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:04959522f938493042d595a736e7dbdff6eb6cc2339c11465b3ff89343b65f65"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:3986ac1dee6def53797289999eabe84798ad7817f3e97779b5061a95b0ee4968"},
-    {file = "cryptography-46.0.7-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:258514877e15963bd43b558917bc9f54cf7cf866c38aa576ebf47a77ddbc43a4"},
-    {file = "cryptography-46.0.7.tar.gz", hash = "sha256:e4cfd68c5f3e0bfdad0d38e023239b96a2fe84146481852dffbcca442c245aa5"},
+    {file = "cryptography-46.0.6-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:64235194bad039a10bb6d2d930ab3323baaec67e2ce36215fd0952fad0930ca8"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:26031f1e5ca62fcb9d1fcb34b2b60b390d1aacaa15dc8b895a9ed00968b97b30"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9a693028b9cbe51b5a1136232ee8f2bc242e4e19d456ded3fa7c86e43c713b4a"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:67177e8a9f421aa2d3a170c3e56eca4e0128883cf52a071a7cbf53297f18b175"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:d9528b535a6c4f8ff37847144b8986a9a143585f0540fbcb1a98115b543aa463"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:22259338084d6ae497a19bae5d4c66b7ca1387d3264d1c2c0e72d9e9b6a77b97"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:760997a4b950ff00d418398ad73fbc91aa2894b5c1db7ccb45b4f68b42a63b3c"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:3dfa6567f2e9e4c5dceb8ccb5a708158a2a871052fa75c8b78cb0977063f1507"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:cdcd3edcbc5d55757e5f5f3d330dd00007ae463a7e7aa5bf132d1f22a4b62b19"},
+    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:d4e4aadb7fc1f88687f47ca20bb7227981b03afaae69287029da08096853b738"},
+    {file = "cryptography-46.0.6-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2b417edbe8877cda9022dde3a008e2deb50be9c407eef034aeeb3a8b11d9db3c"},
+    {file = "cryptography-46.0.6-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:380343e0653b1c9d7e1f55b52aaa2dbb2fdf2730088d48c43ca1c7c0abb7cc2f"},
+    {file = "cryptography-46.0.6-cp311-abi3-win32.whl", hash = "sha256:bcb87663e1f7b075e48c3be3ecb5f0b46c8fc50b50a97cf264e7f60242dca3f2"},
+    {file = "cryptography-46.0.6-cp311-abi3-win_amd64.whl", hash = "sha256:6739d56300662c468fddb0e5e291f9b4d084bead381667b9e654c7dd81705124"},
+    {file = "cryptography-46.0.6-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:2ef9e69886cbb137c2aef9772c2e7138dc581fad4fcbcf13cc181eb5a3ab6275"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7f417f034f91dcec1cb6c5c35b07cdbb2ef262557f701b4ecd803ee8cefed4f4"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d24c13369e856b94892a89ddf70b332e0b70ad4a5c43cf3e9cb71d6d7ffa1f7b"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:aad75154a7ac9039936d50cf431719a2f8d4ed3d3c277ac03f3339ded1a5e707"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:3c21d92ed15e9cfc6eb64c1f5a0326db22ca9c2566ca46d845119b45b4400361"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:4668298aef7cddeaf5c6ecc244c2302a2b8e40f384255505c22875eebb47888b"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:8ce35b77aaf02f3b59c90b2c8a05c73bac12cea5b4e8f3fbece1f5fddea5f0ca"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:c89eb37fae9216985d8734c1afd172ba4927f5a05cfd9bf0e4863c6d5465b013"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:ed418c37d095aeddf5336898a132fba01091f0ac5844e3e8018506f014b6d2c4"},
+    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:69cf0056d6947edc6e6760e5f17afe4bea06b56a9ac8a06de9d2bd6b532d4f3a"},
+    {file = "cryptography-46.0.6-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:8e7304c4f4e9490e11efe56af6713983460ee0780f16c63f219984dab3af9d2d"},
+    {file = "cryptography-46.0.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:b928a3ca837c77a10e81a814a693f2295200adb3352395fad024559b7be7a736"},
+    {file = "cryptography-46.0.6-cp314-cp314t-win32.whl", hash = "sha256:97c8115b27e19e592a05c45d0dd89c57f81f841cc9880e353e0d3bf25b2139ed"},
+    {file = "cryptography-46.0.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c797e2517cb7880f8297e2c0f43bb910e91381339336f75d2c1c2cbf811b70b4"},
+    {file = "cryptography-46.0.6-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:12cae594e9473bca1a7aceb90536060643128bb274fcea0fc459ab90f7d1ae7a"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:639301950939d844a9e1c4464d7e07f902fe9a7f6b215bb0d4f28584729935d8"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ed3775295fb91f70b4027aeba878d79b3e55c0b3e97eaa4de71f8f23a9f2eb77"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8927ccfbe967c7df312ade694f987e7e9e22b2425976ddbf28271d7e58845290"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:b12c6b1e1651e42ab5de8b1e00dc3b6354fdfd778e7fa60541ddacc27cd21410"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:063b67749f338ca9c5a0b7fe438a52c25f9526b851e24e6c9310e7195aad3b4d"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:02fad249cb0e090b574e30b276a3da6a149e04ee2f049725b1f69e7b8351ec70"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:7e6142674f2a9291463e5e150090b95a8519b2fb6e6aaec8917dd8d094ce750d"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:456b3215172aeefb9284550b162801d62f5f264a081049a3e94307fe20792cfa"},
+    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:341359d6c9e68834e204ceaf25936dffeafea3829ab80e9503860dcc4f4dac58"},
+    {file = "cryptography-46.0.6-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9a9c42a2723999a710445bc0d974e345c32adfd8d2fac6d8a251fa829ad31cfb"},
+    {file = "cryptography-46.0.6-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6617f67b1606dfd9fe4dbfa354a9508d4a6d37afe30306fe6c101b7ce3274b72"},
+    {file = "cryptography-46.0.6-cp38-abi3-win32.whl", hash = "sha256:7f6690b6c55e9c5332c0b59b9c8a3fb232ebf059094c17f9019a51e9827df91c"},
+    {file = "cryptography-46.0.6-cp38-abi3-win_amd64.whl", hash = "sha256:79e865c642cfc5c0b3eb12af83c35c5aeff4fa5c672dc28c43721c2c9fdd2f0f"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:2ea0f37e9a9cf0df2952893ad145fd9627d326a59daec9b0802480fa3bcd2ead"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a3e84d5ec9ba01f8fd03802b2147ba77f0c8f2617b2aff254cedd551844209c8"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:12f0fa16cc247b13c43d56d7b35287ff1569b5b1f4c5e87e92cc4fcc00cd10c0"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:50575a76e2951fe7dbd1f56d181f8c5ceeeb075e9ff88e7ad997d2f42af06e7b"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:90e5f0a7b3be5f40c3a0a0eafb32c681d8d2c181fc2a1bdabe9b3f611d9f6b1a"},
+    {file = "cryptography-46.0.6-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:6728c49e3b2c180ef26f8e9f0a883a2c585638db64cf265b49c9ba10652d430e"},
+    {file = "cryptography-46.0.6.tar.gz", hash = "sha256:27550628a518c5c6c903d84f637fbecf287f6cb9ced3804838a1295dc1fd0759"},
 ]
 
 [package.dependencies]
@@ -2097,7 +2097,7 @@ nox = ["nox[uv] (>=2024.4.15)"]
 pep8test = ["check-sdist", "click (>=8.0.1)", "mypy (>=1.14)", "ruff (>=0.11.11)"]
 sdist = ["build (>=1.0.0)"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==46.0.7)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi (>=2024)", "cryptography-vectors (==46.0.6)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]
 
 [[package]]
@@ -6735,4 +6735,4 @@ files = [
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.10,<3.13"
-content-hash = "d7e2ad41783a864bb845f63ccc10c88ae1e4ac36d61993ea106bbb4a5f58a843"
+content-hash = "09ce4507a464b318702ed8c6a738f3bb1bc4cc6ff5a50a9c2884f560af9ab034"

prowler/CHANGELOG.md

@@ -9,8 +9,6 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - `bedrock_guardrails_configured` check for AWS provider [(#10844)](https://github.com/prowler-cloud/prowler/pull/10844)
 - Universal compliance pipeline integrated into the CLI: `--list-compliance` and `--list-compliance-requirements` show universal frameworks, and CSV plus OCSF outputs are generated for any framework declaring a `TableConfig` [(#10301)](https://github.com/prowler-cloud/prowler/pull/10301)
 - ASD Essential Eight Maturity Model compliance framework for AWS (Maturity Level One, Nov 2023) [(#10808)](https://github.com/prowler-cloud/prowler/pull/10808)
-- Update Vercel checks to return personalized finding status extended depending on billing plan and classify them with billing-plan categories [(#10663)](https://github.com/prowler-cloud/prowler/pull/10663)
-- `bedrock_prompt_management_exists` check for AWS provider [(#10878)](https://github.com/prowler-cloud/prowler/pull/10878)
 
 ### 🔄 Changed
 
@@ -24,13 +22,10 @@ All notable changes to the **Prowler SDK** are documented in this file.
 
 - AWS SDK test isolation: autouse `mock_aws` fixture and leak detector in `conftest.py` to prevent tests from hitting real AWS endpoints, with idempotent organization setup for tests calling `set_mocked_aws_provider` multiple times [(#10605)](https://github.com/prowler-cloud/prowler/pull/10605)
 - AWS `boto` user agent extra is now applied to every client [(#10944)](https://github.com/prowler-cloud/prowler/pull/10944)
-- Image provider connection check no longer fails with a misleading `host='https'` resolution error when the registry URL includes an `http://` or `https://` scheme prefix [(#10950)](https://github.com/prowler-cloud/prowler/pull/10950)
 
 ### 🔐 Security
 
 - Parser-mismatch SSRF in image provider registry auth where crafted bearer-token realms and pagination links could force requests to internal addresses and leak credentials cross-origin [(#10945)](https://github.com/prowler-cloud/prowler/pull/10945)
-- `cryptography` from 46.0.6 to 46.0.7 for CVE-2026-39892
-- `trivy` binary in the SDK for CVE-2026-33186 
 
 ---
 

prowler/compliance/aws/kisa_isms_p_2023_aws.json

@@ -2897,7 +2897,6 @@
         "bedrock_guardrails_configured",
         "bedrock_model_invocation_logging_enabled",
         "bedrock_model_invocation_logs_encryption_enabled",
-        "bedrock_prompt_management_exists",
         "cloudformation_stack_outputs_find_secrets",
         "cloudfront_distributions_custom_ssl_certificate",
         "cloudfront_distributions_default_root_object",

prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json

@@ -2901,7 +2901,6 @@
         "bedrock_guardrails_configured",
         "bedrock_model_invocation_logging_enabled",
         "bedrock_model_invocation_logs_encryption_enabled",
-        "bedrock_prompt_management_exists",
         "cloudformation_stack_outputs_find_secrets",
         "cloudfront_distributions_custom_ssl_certificate",
         "cloudfront_distributions_default_root_object",

prowler/lib/check/models.py

@@ -62,9 +62,6 @@ VALID_CATEGORIES = frozenset(
         "e5",
         "privilege-escalation",
         "ec2-imdsv1",
-        "vercel-hobby-plan",
-        "vercel-pro-plan",
-        "vercel-enterprise-plan",
     }
 )
 
@@ -247,15 +244,14 @@ class CheckMetadata(BaseModel):
     # store the compliance later if supplied
     Compliance: Optional[list[Any]] = Field(default_factory=list)
 
-    # TODO: Remove noqa and fix cls vulture errors
     @validator("Categories", each_item=True, pre=True, always=True)
-    def valid_category(cls, value, values):  # noqa: F841
+    def valid_category(cls, value, values):
         if not isinstance(value, str):
             raise ValueError("Categories must be a list of strings")
         value_lower = value.lower()
         if not re.match("^[a-z0-9-]+$", value_lower):
             raise ValueError(
-                f"Invalid category: {value}. Categories can only contain lowercase letters, numbers, and hyphen '-'"
+                f"Invalid category: {value}. Categories can only contain lowercase letters, numbers and hyphen '-'"
             )
         if (
             value_lower not in VALID_CATEGORIES
@@ -283,7 +279,7 @@ class CheckMetadata(BaseModel):
         return resource_type
 
     @validator("ServiceName", pre=True, always=True)
-    def validate_service_name(cls, service_name, values):  # noqa: F841
+    def validate_service_name(cls, service_name, values):
         if not service_name:
             raise ValueError("ServiceName must be a non-empty string")
 
@@ -300,7 +296,7 @@ class CheckMetadata(BaseModel):
         return service_name
 
     @validator("CheckID", pre=True, always=True)
-    def valid_check_id(cls, check_id, values):  # noqa: F841
+    def valid_check_id(cls, check_id, values):
         if not check_id:
             raise ValueError("CheckID must be a non-empty string")
 
@@ -313,7 +309,7 @@ class CheckMetadata(BaseModel):
         return check_id
 
     @validator("CheckTitle", pre=True, always=True)
-    def validate_check_title(cls, check_title, values):  # noqa: F841
+    def validate_check_title(cls, check_title, values):
         if values.get("Provider") not in EXTERNAL_TOOL_PROVIDERS:
             if len(check_title) > 150:
                 raise ValueError(
@@ -326,13 +322,13 @@ class CheckMetadata(BaseModel):
         return check_title
 
     @validator("RelatedUrl", pre=True, always=True)
-    def validate_related_url(cls, related_url, values):  # noqa: F841
+    def validate_related_url(cls, related_url, values):
         if related_url and values.get("Provider") not in EXTERNAL_TOOL_PROVIDERS:
             raise ValueError("RelatedUrl must be empty. This field is deprecated.")
         return related_url
 
     @validator("Remediation")
-    def validate_recommendation_url(cls, remediation, values):  # noqa: F841
+    def validate_recommendation_url(cls, remediation, values):
         if values.get("Provider") not in EXTERNAL_TOOL_PROVIDERS:
             url = remediation.Recommendation.Url
             if url and not url.startswith("https://hub.prowler.com/"):
@@ -342,7 +338,7 @@ class CheckMetadata(BaseModel):
         return remediation
 
     @validator("CheckType", pre=True, always=True)
-    def validate_check_type(cls, check_type, values):  # noqa: F841
+    def validate_check_type(cls, check_type, values):
         provider = values.get("Provider", "").lower()
 
         # Non-AWS providers must have an empty CheckType list
@@ -371,7 +367,7 @@ class CheckMetadata(BaseModel):
         return check_type
 
     @validator("Description", pre=True, always=True)
-    def validate_description(cls, description, values):  # noqa: F841
+    def validate_description(cls, description, values):
         if values.get("Provider") not in EXTERNAL_TOOL_PROVIDERS:
             if len(description) > 400:
                 raise ValueError(
@@ -380,7 +376,7 @@ class CheckMetadata(BaseModel):
         return description
 
     @validator("Risk", pre=True, always=True)
-    def validate_risk(cls, risk, values):  # noqa: F841
+    def validate_risk(cls, risk, values):
         if values.get("Provider") not in EXTERNAL_TOOL_PROVIDERS:
             if len(risk) > 400:
                 raise ValueError(
@@ -389,7 +385,7 @@ class CheckMetadata(BaseModel):
         return risk
 
     @validator("ResourceGroup", pre=True, always=True)
-    def validate_resource_group(cls, resource_group):  # noqa: F841
+    def validate_resource_group(cls, resource_group):
         if resource_group and resource_group not in VALID_RESOURCE_GROUPS:
             raise ValueError(
                 f"Invalid ResourceGroup: '{resource_group}'. Must be one of: {', '.join(sorted(VALID_RESOURCE_GROUPS))} or empty string."
@@ -397,7 +393,7 @@ class CheckMetadata(BaseModel):
         return resource_group
 
     @validator("AdditionalURLs", pre=True, always=True)
-    def validate_additional_urls(cls, additional_urls):  # noqa: F841
+    def validate_additional_urls(cls, additional_urls):
         if not isinstance(additional_urls, list):
             raise ValueError("AdditionalURLs must be a list")
 

prowler/providers/aws/services/bedrock/bedrock_prompt_management_exists/bedrock_prompt_management_exists.metadata.json

@@ -1,39 +0,0 @@
-{
-  "Provider": "aws",
-  "CheckID": "bedrock_prompt_management_exists",
-  "CheckTitle": "Amazon Bedrock Prompt Management prompts exist in the region",
-  "CheckType": [
-    "Software and Configuration Checks/AWS Security Best Practices"
-  ],
-  "ServiceName": "bedrock",
-  "SubServiceName": "",
-  "ResourceIdTemplate": "",
-  "Severity": "low",
-  "ResourceType": "Other",
-  "ResourceGroup": "ai_ml",
-  "Description": "**Bedrock Prompt Management** enables centralized creation, versioning, and governance of prompts used with foundation models.\n\nThis region-level check verifies whether at least one managed prompt exists in each scanned region, used as an adoption signal for Prompt Management. The presence of a prompt does not by itself guarantee that every application prompt is managed.",
-  "Risk": "Without **Prompt Management**, prompts are scattered across applications with no central oversight, versioning, or auditability over instructions sent to foundation models, weakening governance and compliance posture.\n\nManaged prompts are a governance enabler; **prompt injection** defenses are provided by Bedrock **guardrails**, covered by separate checks.",
-  "RelatedUrl": "",
-  "AdditionalURLs": [
-    "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html",
-    "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html"
-  ],
-  "Remediation": {
-    "Code": {
-      "CLI": "aws bedrock-agent create-prompt --name example_prompt --default-variant default --variants '[{\"name\":\"default\",\"templateType\":\"TEXT\",\"templateConfiguration\":{\"text\":{\"text\":\"Your prompt template here.\"}}}]'",
-      "NativeIaC": "",
-      "Other": "1. Open the Amazon Bedrock console\n2. Navigate to Prompt Management\n3. Click Create prompt\n4. Provide a name and configure the prompt template (a prompt can contain at most one variant; additional variants are created via CreatePromptVersion)\n5. Save the prompt",
-      "Terraform": ""
-    },
-    "Recommendation": {
-      "Text": "Adopt **Bedrock Prompt Management** to centralize prompt definitions, enforce versioning, and maintain governance over model interactions.\n\nUse managed prompts with **guardrails** and apply **least privilege** access controls to restrict who can create or modify prompts.",
-      "Url": "https://hub.prowler.com/check/bedrock_prompt_management_exists"
-    }
-  },
-  "Categories": [
-    "gen-ai"
-  ],
-  "DependsOn": [],
-  "RelatedTo": [],
-  "Notes": "Results are generated per scanned region. Regions where `ListPrompts` cannot be queried are omitted from the findings."
-}

prowler/providers/aws/services/bedrock/bedrock_prompt_management_exists/bedrock_prompt_management_exists.py

@@ -1,54 +0,0 @@
-"""Check for region-level Bedrock Prompt Management adoption."""
-
-from prowler.lib.check.models import Check, Check_Report_AWS
-from prowler.providers.aws.services.bedrock.bedrock_agent_client import (
-    bedrock_agent_client,
-)
-
-
-class bedrock_prompt_management_exists(Check):
-    """Check whether Amazon Bedrock Prompt Management prompts exist in the region.
-
-    A region is reported only when ListPrompts succeeded for it; regions where
-    the API call failed (e.g. AccessDenied, unsupported region) are skipped at
-    the service layer and produce no finding.
-
-    - PASS: At least one managed prompt exists in the region (one finding per prompt).
-    - FAIL: No managed prompts exist in the region (one finding per region).
-    """
-
-    def execute(self) -> list[Check_Report_AWS]:
-        """Execute the Bedrock Prompt Management exists check.
-
-        Returns:
-            A list of reports containing the result of the check.
-        """
-        findings = []
-        for region in sorted(bedrock_agent_client.prompt_scanned_regions):
-            regional_prompts = sorted(
-                (
-                    prompt
-                    for prompt in bedrock_agent_client.prompts.values()
-                    if prompt.region == region
-                ),
-                key=lambda prompt: prompt.name,
-            )
-
-            if regional_prompts:
-                for prompt in regional_prompts:
-                    report = Check_Report_AWS(metadata=self.metadata(), resource=prompt)
-                    report.status = "PASS"
-                    report.status_extended = f"Bedrock Prompt Management prompt {prompt.name} exists in region {region}."
-                    findings.append(report)
-            else:
-                report = Check_Report_AWS(metadata=self.metadata(), resource={})
-                report.region = region
-                report.resource_id = "prompt-management"
-                report.resource_arn = f"arn:{bedrock_agent_client.audited_partition}:bedrock:{region}:{bedrock_agent_client.audited_account}:prompt-management"
-                report.status = "FAIL"
-                report.status_extended = (
-                    f"No Bedrock Prompt Management prompts exist in region {region}."
-                )
-                findings.append(report)
-
-        return findings

prowler/providers/aws/services/bedrock/bedrock_service.py

@@ -140,10 +140,7 @@ class BedrockAgent(AWSService):
         # Call AWSService's __init__
         super().__init__("bedrock-agent", provider)
         self.agents = {}
-        self.prompts = {}
-        self.prompt_scanned_regions: set = set()
         self.__threading_call__(self._list_agents)
-        self.__threading_call__(self._list_prompts)
         self.__threading_call__(self._list_tags_for_resource, self.agents.values())
 
     def _list_agents(self, regional_client):
@@ -170,32 +167,7 @@ class BedrockAgent(AWSService):
                 f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )
 
-    def _list_prompts(self, regional_client):
-        """List all prompts in a region.
-
-        Prompt Management is evaluated as a region-level adoption signal, so
-        prompt collection is intentionally not filtered by audit_resources.
-        """
-        logger.info("Bedrock Agent - Listing Prompts...")
-        try:
-            paginator = regional_client.get_paginator("list_prompts")
-            for page in paginator.paginate():
-                for prompt in page.get("promptSummaries", []):
-                    prompt_arn = prompt.get("arn", "")
-                    self.prompts[prompt_arn] = Prompt(
-                        id=prompt.get("id", ""),
-                        name=prompt.get("name", ""),
-                        arn=prompt_arn,
-                        region=regional_client.region,
-                    )
-            self.prompt_scanned_regions.add(regional_client.region)
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-
     def _list_tags_for_resource(self, resource):
-        """List tags for a Bedrock Agent resource."""
         logger.info("Bedrock Agent - Listing Tags for Resource...")
         try:
             agent_tags = (
@@ -218,12 +190,3 @@ class Agent(BaseModel):
     guardrail_id: Optional[str] = None
     region: str
     tags: Optional[list] = []
-
-
-class Prompt(BaseModel):
-    """Model representing a Bedrock Prompt Management prompt."""
-
-    id: str
-    name: str
-    arn: str
-    region: str

prowler/providers/image/image_provider.py

@@ -329,21 +329,12 @@ class ImageProvider(Provider):
         """Image provider doesn't need a session since it uses Trivy directly"""
         return None
 
-    @staticmethod
-    def _strip_scheme(value: str) -> str:
-        """Remove a leading http:// or https:// scheme from a registry input."""
-        for prefix in ("https://", "http://"):
-            if value.lower().startswith(prefix):
-                return value[len(prefix) :]
-        return value
-
     @staticmethod
     def _extract_registry(image: str) -> str | None:
         """Extract registry hostname from an image reference.
 
         Returns None for Docker Hub images (no registry prefix).
         """
-        image = ImageProvider._strip_scheme(image)
         parts = image.split("/")
         if len(parts) >= 2 and ("." in parts[0] or ":" in parts[0]):
             return parts[0]
@@ -357,7 +348,6 @@ class ImageProvider(Provider):
         or "myregistry.com:5000" are registry URLs (dots in host, no slash).
         Image references like "alpine:3.18" or "nginx" are not.
         """
-        image_uid = ImageProvider._strip_scheme(image_uid)
         if "/" not in image_uid:
             host_part = image_uid.split(":")[0]
             if "." in host_part:
@@ -845,9 +835,11 @@ class ImageProvider(Provider):
                     image_ref = f"{repo}:{tag}"
                 else:
                     # OCI registries need the full host/repo:tag reference
-                    registry_host = ImageProvider._strip_scheme(
-                        self.registry.rstrip("/")
-                    )
+                    registry_host = self.registry.rstrip("/")
+                    for prefix in ("https://", "http://"):
+                        if registry_host.startswith(prefix):
+                            registry_host = registry_host[len(prefix) :]
+                            break
                     image_ref = f"{registry_host}/{repo}:{tag}"
                 discovered_images.append(image_ref)
 
@@ -985,8 +977,6 @@ class ImageProvider(Provider):
             if not image:
                 return Connection(is_connected=False, error="Image name is required")
 
-            image = ImageProvider._strip_scheme(image)
-
             # Registry URL (bare hostname) → test via OCI catalog
             if ImageProvider._is_registry_url(image):
                 return ImageProvider._test_registry_connection(

prowler/providers/vercel/lib/billing.py

@@ -1,27 +0,0 @@
-from typing import Optional
-
-
-def extract_billing_plan(data: Optional[dict]) -> Optional[str]:
-    """Return the Vercel billing plan from a user or team payload.
-
-    Vercel's REST API consistently returns the plan identifier at
-    ``data["billing"]["plan"]`` (e.g. ``"hobby"``, ``"pro"``, ``"enterprise"``)
-    on both ``GET /v2/user`` and ``GET /v2/teams`` responses, even though the
-    field is not part of the public OpenAPI schema.
-    """
-    if not isinstance(data, dict):
-        return None
-    billing = data.get("billing")
-    if not isinstance(billing, dict):
-        return None
-    plan = billing.get("plan")
-    return plan.lower() if isinstance(plan, str) else None
-
-
-def plan_reason_suffix(
-    billing_plan: Optional[str], unsupported_plans: set[str], explanation: str
-) -> str:
-    """Return a plan-based explanation suffix only when the plan proves it."""
-    if billing_plan in unsupported_plans:
-        return f" This may be expected because {explanation}"
-    return ""

prowler/providers/vercel/lib/service/service.py

@@ -84,10 +84,10 @@ class VercelService:
                     )
 
                 if response.status_code == 403:
-                    # Endpoint unavailable for this token/scope; let checks handle it gracefully
-                    logger.info(
+                    # Plan limitation or permission error — return None for graceful handling
+                    logger.warning(
                         f"{self.service} - Access denied for {path} (403). "
-                        "This may be caused by plan or permission restrictions."
+                        "This may be a plan limitation."
                     )
                     return None
 

prowler/providers/vercel/models.py

@@ -21,7 +21,6 @@ class VercelTeamInfo(BaseModel):
     id: str
     name: str
     slug: str
-    billing_plan: Optional[str] = None
 
 
 class VercelIdentityInfo(BaseModel):
@@ -30,27 +29,9 @@ class VercelIdentityInfo(BaseModel):
     user_id: Optional[str] = None
     username: Optional[str] = None
     email: Optional[str] = None
-    billing_plan: Optional[str] = None
     team: Optional[VercelTeamInfo] = None
     teams: list[VercelTeamInfo] = Field(default_factory=list)
 
-    def get_billing_plan_for(self, scope_id: Optional[str]) -> Optional[str]:
-        """Return the billing plan for an explicit user or team scope."""
-        if not scope_id:
-            return None
-
-        if self.team and self.team.id == scope_id and self.team.billing_plan:
-            return self.team.billing_plan
-
-        for team in self.teams:
-            if team.id == scope_id:
-                return team.billing_plan
-
-        if self.user_id == scope_id:
-            return self.billing_plan
-
-        return None
-
 
 class VercelOutputOptions(ProviderOutputOptions):
     """Customize output filenames for Vercel scans."""

prowler/providers/vercel/services/authentication/authentication_no_stale_tokens/authentication_no_stale_tokens.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/authentication/authentication_token_not_expired/authentication_token_not_expired.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/deployment/deployment_production_uses_stable_target/deployment_production_uses_stable_target.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/domain/domain_dns_properly_configured/domain_dns_properly_configured.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/domain/domain_ssl_certificate_valid/domain_ssl_certificate_valid.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "encryption",
-    "vercel-hobby-plan"
+    "encryption"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/domain/domain_verified/domain_verified.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/project/project_auto_expose_system_env_disabled/project_auto_expose_system_env_disabled.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/project/project_deployment_protection_enabled/project_deployment_protection_enabled.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-hobby-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/project/project_directory_listing_disabled/project_directory_listing_disabled.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-hobby-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/project/project_environment_no_overly_broad_target/project_environment_no_overly_broad_target.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "secrets",
-    "vercel-hobby-plan"
+    "secrets"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/project/project_environment_no_secrets_in_plain_type/project_environment_no_secrets_in_plain_type.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "secrets",
-    "vercel-hobby-plan"
+    "secrets"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/project/project_environment_production_vars_not_in_preview/project_environment_production_vars_not_in_preview.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "secrets",
-    "vercel-hobby-plan"
+    "secrets"
   ],
   "DependsOn": [],
   "RelatedTo": [

prowler/providers/vercel/services/project/project_git_fork_protection_enabled/project_git_fork_protection_enabled.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-hobby-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/project/project_password_protection_enabled/project_password_protection_enabled.metadata.json

@@ -28,12 +28,11 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "project_deployment_protection_enabled"
   ],
-  "Notes": "Required billing plan: Enterprise, or as a paid add-on for Pro plans."
+  "Notes": ""
 }

prowler/providers/vercel/services/project/project_password_protection_enabled/project_password_protection_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.project.project_client import project_client
 
 
@@ -39,7 +38,6 @@ class project_password_protection_enabled(Check):
                 report.status_extended = (
                     f"Project {project.name} does not have password protection "
                     f"configured for deployments."
-                    f"{plan_reason_suffix(project.billing_plan, {'hobby'}, 'password protection is not available on the Vercel Hobby plan.')}"
                 )
 
             findings.append(report)

prowler/providers/vercel/services/project/project_production_deployment_protection_enabled/project_production_deployment_protection_enabled.metadata.json

@@ -28,12 +28,11 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "project_deployment_protection_enabled"
   ],
-  "Notes": "Protecting production deployments requires Enterprise, or Pro plans with supported paid deployment protection options."
+  "Notes": ""
 }

prowler/providers/vercel/services/project/project_production_deployment_protection_enabled/project_production_deployment_protection_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.project.project_client import project_client
 
 
@@ -39,7 +38,6 @@ class project_production_deployment_protection_enabled(Check):
                 report.status_extended = (
                     f"Project {project.name} does not have deployment protection "
                     f"enabled on production deployments."
-                    f"{plan_reason_suffix(project.billing_plan, {'hobby'}, 'protecting production deployments is not available on the Vercel Hobby plan.')}"
                 )
 
             findings.append(report)

prowler/providers/vercel/services/project/project_service.py

@@ -20,7 +20,6 @@ class Project(VercelService):
         """List all projects, optionally filtered by --project argument."""
         try:
             raw_projects = self._paginate("/v9/projects", "projects")
-            identity = getattr(self.provider, "identity", None)
 
             filter_projects = self.provider.filter_projects
             seen_ids: set[str] = set()
@@ -58,17 +57,10 @@ class Project(VercelService):
                 pwd_protection = proj.get("passwordProtection")
                 security = proj.get("security", {}) or {}
 
-                project_team_id = proj.get("accountId") or self.provider.session.team_id
-
                 self.projects[project_id] = VercelProject(
                     id=project_id,
                     name=project_name,
-                    team_id=project_team_id,
-                    billing_plan=(
-                        identity.get_billing_plan_for(project_team_id)
-                        if identity
-                        else None
-                    ),
+                    team_id=proj.get("accountId") or self.provider.session.team_id,
                     framework=proj.get("framework"),
                     node_version=proj.get("nodeVersion"),
                     auto_expose_system_envs=proj.get("autoExposeSystemEnvs", False),
@@ -168,7 +160,6 @@ class VercelProject(BaseModel):
     id: str
     name: str
     team_id: Optional[str] = None
-    billing_plan: Optional[str] = None
     framework: Optional[str] = None
     node_version: Optional[str] = None
     auto_expose_system_envs: bool = False

prowler/providers/vercel/services/project/project_skew_protection_enabled/project_skew_protection_enabled.metadata.json

@@ -28,10 +28,9 @@
     }
   },
   "Categories": [
-    "resilience",
-    "vercel-pro-plan"
+    "resilience"
   ],
   "DependsOn": [],
   "RelatedTo": [],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/project/project_skew_protection_enabled/project_skew_protection_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.project.project_client import project_client
 
 
@@ -35,7 +34,6 @@ class project_skew_protection_enabled(Check):
                 report.status_extended = (
                     f"Project {project.name} does not have skew protection enabled, "
                     f"which may cause version mismatches during deployments."
-                    f"{plan_reason_suffix(project.billing_plan, {'hobby'}, 'skew protection is not available on the Vercel Hobby plan.')}"
                 )
 
             findings.append(report)

prowler/providers/vercel/services/security/security_custom_rules_configured/security_custom_rules_configured.metadata.json

@@ -28,12 +28,11 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "security_waf_enabled"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/security/security_custom_rules_configured/security_custom_rules_configured.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.security.security_client import security_client
 
 
@@ -25,16 +24,7 @@ class security_custom_rules_configured(Check):
         for config in security_client.firewall_configs.values():
             report = CheckReportVercel(metadata=self.metadata(), resource=config)
 
-            if not config.firewall_config_accessible:
-                report.status = "MANUAL"
-                report.status_extended = (
-                    f"Project {config.project_name} ({config.project_id}) "
-                    f"could not be assessed for custom firewall rules because the "
-                    f"firewall configuration endpoint was not accessible. "
-                    f"Manual verification is required."
-                    f"{plan_reason_suffix(config.billing_plan, {'hobby'}, 'custom firewall rules are not available on the Vercel Hobby plan.')}"
-                )
-            elif config.custom_rules:
+            if config.custom_rules:
                 report.status = "PASS"
                 report.status_extended = (
                     f"Project {config.project_name} ({config.project_id}) "

prowler/providers/vercel/services/security/security_ip_blocking_rules_configured/security_ip_blocking_rules_configured.metadata.json

@@ -28,12 +28,11 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "security_waf_enabled"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/security/security_ip_blocking_rules_configured/security_ip_blocking_rules_configured.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.security.security_client import security_client
 
 
@@ -26,16 +25,7 @@ class security_ip_blocking_rules_configured(Check):
         for config in security_client.firewall_configs.values():
             report = CheckReportVercel(metadata=self.metadata(), resource=config)
 
-            if not config.firewall_config_accessible:
-                report.status = "MANUAL"
-                report.status_extended = (
-                    f"Project {config.project_name} ({config.project_id}) "
-                    f"could not be assessed for IP blocking rules because the "
-                    f"firewall configuration endpoint was not accessible. "
-                    f"Manual verification is required."
-                    f"{plan_reason_suffix(config.billing_plan, {'hobby'}, 'IP blocking rules are not available on the Vercel Hobby plan.')}"
-                )
-            elif config.ip_blocking_rules:
+            if config.ip_blocking_rules:
                 report.status = "PASS"
                 report.status_extended = (
                     f"Project {config.project_name} ({config.project_id}) "

prowler/providers/vercel/services/security/security_managed_rulesets_enabled/security_managed_rulesets_enabled.metadata.json

@@ -9,7 +9,7 @@
   "Severity": "high",
   "ResourceType": "NotDefined",
   "ResourceGroup": "security",
-  "Description": "**Vercel projects** are assessed for **managed WAF ruleset** enablement. Managed rulesets are curated by Vercel and provide protection against known attack patterns including **OWASP Top 10** threats. Availability varies by ruleset, and the check reports MANUAL when the firewall configuration cannot be assessed from the API.",
+  "Description": "**Vercel projects** are assessed for **managed WAF ruleset** enablement. Managed rulesets are curated by Vercel and provide protection against known attack patterns including **OWASP Top 10** threats. This feature requires an Enterprise plan and reports MANUAL status when unavailable.",
   "Risk": "Without **managed rulesets** enabled, the firewall lacks curated protection rules against well-known attack patterns. The application relies solely on custom rules, which may miss **new or evolving threats** that managed rulesets are designed to detect and block automatically.",
   "RelatedUrl": "",
   "AdditionalURLs": [
@@ -19,21 +19,20 @@
     "Code": {
       "CLI": "",
       "NativeIaC": "",
-      "Other": "1. Sign in to the Vercel dashboard\n2. Navigate to the project Settings > Security > Firewall\n3. Enable the managed rulesets that are available for your plan\n4. Review and configure ruleset sensitivity levels\n5. If the API does not expose firewall configuration for the project, verify the rulesets manually in the dashboard",
+      "Other": "1. Sign in to the Vercel dashboard\n2. Navigate to the project Settings > Security > Firewall\n3. Enable managed rulesets from the available options\n4. Review and configure ruleset sensitivity levels\n5. Note: This feature requires an Enterprise plan",
       "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Enable the managed WAF rulesets that are available for your Vercel plan to benefit from curated protection against common attack patterns. If the API does not expose firewall configuration for the project, verify the rulesets manually in the dashboard.",
+      "Text": "Enable managed WAF rulesets to benefit from Vercel-curated protection against common attack patterns. If you are on a plan that does not support managed rulesets, consider upgrading to the Enterprise plan for enhanced security features.",
       "Url": "https://hub.prowler.com/check/security_managed_rulesets_enabled"
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-hobby-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "security_waf_enabled"
   ],
-  "Notes": "Managed ruleset availability varies by ruleset. OWASP Core Ruleset requires Enterprise, while Bot Protection and AI Bots managed rulesets are available on all plans."
+  "Notes": "This check is plan-gated. If the Vercel API returns a 403 for managed rulesets, the check reports MANUAL status indicating that an Enterprise plan is required."
 }

prowler/providers/vercel/services/security/security_managed_rulesets_enabled/security_managed_rulesets_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.security.security_client import security_client
 
 
@@ -18,8 +17,8 @@ class security_managed_rulesets_enabled(Check):
         """Execute the Vercel Managed Rulesets Enabled check.
 
         Iterates over all firewall configurations and checks if managed
-        rulesets are enabled. Reports MANUAL status when the firewall
-        configuration cannot be assessed from the API.
+        rulesets are enabled. Reports MANUAL status when the feature is
+        not available due to plan limitations.
 
         Returns:
             List[CheckReportVercel]: A list of reports for each project.
@@ -28,14 +27,12 @@ class security_managed_rulesets_enabled(Check):
         for config in security_client.firewall_configs.values():
             report = CheckReportVercel(metadata=self.metadata(), resource=config)
 
-            if not config.firewall_config_accessible:
+            if config.managed_rulesets is None:
                 report.status = "MANUAL"
                 report.status_extended = (
                     f"Project {config.project_name} ({config.project_id}) "
-                    f"could not be assessed for managed rulesets because the "
-                    f"firewall configuration endpoint was not accessible. "
-                    f"Manual verification is required."
-                    f"{plan_reason_suffix(config.billing_plan, {'hobby', 'pro'}, 'some managed WAF rulesets, including the OWASP Core Ruleset, are only available on Vercel Enterprise plans.')}"
+                    f"could not be assessed for managed rulesets. "
+                    f"Enterprise plan required to access this feature."
                 )
             elif config.managed_rulesets:
                 report.status = "PASS"

prowler/providers/vercel/services/security/security_rate_limiting_configured/security_rate_limiting_configured.metadata.json

@@ -28,12 +28,11 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "security_waf_enabled"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/security/security_rate_limiting_configured/security_rate_limiting_configured.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.security.security_client import security_client
 
 
@@ -25,16 +24,7 @@ class security_rate_limiting_configured(Check):
         for config in security_client.firewall_configs.values():
             report = CheckReportVercel(metadata=self.metadata(), resource=config)
 
-            if not config.firewall_config_accessible:
-                report.status = "MANUAL"
-                report.status_extended = (
-                    f"Project {config.project_name} ({config.project_id}) "
-                    f"could not be assessed for rate limiting rules because the "
-                    f"firewall configuration endpoint was not accessible. "
-                    f"Manual verification is required."
-                    f"{plan_reason_suffix(config.billing_plan, {'hobby'}, 'rate limiting rules are not available on the Vercel Hobby plan.')}"
-                )
-            elif config.rate_limiting_rules:
+            if config.rate_limiting_rules:
                 report.status = "PASS"
                 report.status_extended = (
                     f"Project {config.project_name} ({config.project_id}) "

prowler/providers/vercel/services/security/security_service.py

@@ -29,13 +29,11 @@ class Security(VercelService):
             data = self._read_firewall_config(project)
 
             if data is None:
-                # Firewall config endpoint unavailable for this project/token
+                # 403 — plan limitation, store with managed_rulesets=None
                 self.firewall_configs[project.id] = VercelFirewallConfig(
                     project_id=project.id,
                     project_name=project.name,
                     team_id=project.team_id,
-                    billing_plan=project.billing_plan,
-                    firewall_config_accessible=False,
                     firewall_enabled=False,
                     managed_rulesets=None,
                     name=project.name,
@@ -51,8 +49,6 @@ class Security(VercelService):
                     project_id=project.id,
                     project_name=project.name,
                     team_id=project.team_id,
-                    billing_plan=project.billing_plan,
-                    firewall_config_accessible=True,
                     firewall_enabled=(
                         fallback_firewall_enabled
                         if fallback_firewall_enabled is not None
@@ -97,8 +93,6 @@ class Security(VercelService):
                 project_id=project.id,
                 project_name=project.name,
                 team_id=project.team_id,
-                billing_plan=project.billing_plan,
-                firewall_config_accessible=True,
                 firewall_enabled=firewall_enabled,
                 managed_rulesets=managed,
                 custom_rules=custom_rules,
@@ -252,10 +246,8 @@ class VercelFirewallConfig(BaseModel):
     project_id: str
     project_name: Optional[str] = None
     team_id: Optional[str] = None
-    billing_plan: Optional[str] = None
-    firewall_config_accessible: bool = True
     firewall_enabled: bool = False
-    managed_rulesets: Optional[dict] = None  # None means config endpoint unavailable
+    managed_rulesets: Optional[dict] = None  # None means plan-gated (403)
     custom_rules: list[dict] = Field(default_factory=list)
     ip_blocking_rules: list[dict] = Field(default_factory=list)
     rate_limiting_rules: list[dict] = Field(default_factory=list)

prowler/providers/vercel/services/security/security_waf_enabled/security_waf_enabled.metadata.json

@@ -28,13 +28,12 @@
     }
   },
   "Categories": [
-    "internet-exposed",
-    "vercel-pro-plan"
+    "internet-exposed"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "security_managed_rulesets_enabled",
     "security_custom_rules_configured"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/security/security_waf_enabled/security_waf_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.security.security_client import security_client
 
 
@@ -25,15 +24,13 @@ class security_waf_enabled(Check):
         for config in security_client.firewall_configs.values():
             report = CheckReportVercel(metadata=self.metadata(), resource=config)
 
-            if not config.firewall_config_accessible:
-                # Firewall config could not be retrieved for this project
+            if config.managed_rulesets is None:
+                # 403 — plan limitation, cannot determine WAF status
                 report.status = "MANUAL"
                 report.status_extended = (
                     f"Project {config.project_name} ({config.project_id}) "
-                    f"could not be checked for WAF status because the firewall "
-                    f"configuration endpoint was not accessible. "
+                    f"could not be checked for WAF status due to plan limitations. "
                     f"Manual verification is required."
-                    f"{plan_reason_suffix(config.billing_plan, {'hobby'}, 'the Web Application Firewall is not available on the Vercel Hobby plan.')}"
                 )
             elif config.firewall_enabled:
                 report.status = "PASS"

prowler/providers/vercel/services/team/team_directory_sync_enabled/team_directory_sync_enabled.metadata.json

@@ -29,12 +29,11 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-enterprise-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "team_saml_sso_enabled"
   ],
-  "Notes": "Required billing plan: Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/team/team_directory_sync_enabled/team_directory_sync_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.team.team_client import team_client
 
 
@@ -41,7 +40,6 @@ class team_directory_sync_enabled(Check):
                 report.status_extended = (
                     f"Team {team.name} does not have directory sync (SCIM) enabled. "
                     f"User provisioning and deprovisioning must be managed manually."
-                    f"{plan_reason_suffix(team.billing_plan, {'hobby', 'pro'}, 'directory sync (SCIM) is only available on Vercel Enterprise plans.')}"
                 )
 
             findings.append(report)

prowler/providers/vercel/services/team/team_member_role_least_privilege/team_member_role_least_privilege.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/team/team_no_stale_invitations/team_no_stale_invitations.metadata.json

@@ -28,8 +28,7 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-hobby-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [],

prowler/providers/vercel/services/team/team_saml_sso_enabled/team_saml_sso_enabled.metadata.json

@@ -29,12 +29,11 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-pro-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "team_saml_sso_enforced"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/team/team_saml_sso_enabled/team_saml_sso_enabled.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.team.team_client import team_client
 
 
@@ -39,7 +38,6 @@ class team_saml_sso_enabled(Check):
                 report.status = "FAIL"
                 report.status_extended = (
                     f"Team {team.name} does not have SAML SSO enabled."
-                    f"{plan_reason_suffix(team.billing_plan, {'hobby'}, 'SAML SSO is not available on the Vercel Hobby plan.')}"
                 )
 
             findings.append(report)

prowler/providers/vercel/services/team/team_saml_sso_enforced/team_saml_sso_enforced.metadata.json

@@ -29,12 +29,11 @@
     }
   },
   "Categories": [
-    "trust-boundaries",
-    "vercel-pro-plan"
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [
     "team_saml_sso_enabled"
   ],
-  "Notes": "Required billing plan: Pro or Enterprise."
+  "Notes": ""
 }

prowler/providers/vercel/services/team/team_saml_sso_enforced/team_saml_sso_enforced.py

@@ -1,7 +1,6 @@
 from typing import List
 
 from prowler.lib.check.models import Check, CheckReportVercel
-from prowler.providers.vercel.lib.billing import plan_reason_suffix
 from prowler.providers.vercel.services.team.team_client import team_client
 
 
@@ -44,7 +43,6 @@ class team_saml_sso_enforced(Check):
                 else:
                     report.status_extended = (
                         f"Team {team.name} does not have SAML SSO enforced."
-                        f"{plan_reason_suffix(team.billing_plan, {'hobby'}, 'SAML SSO is not available on the Vercel Hobby plan.')}"
                     )
 
             findings.append(report)

prowler/providers/vercel/services/team/team_service.py

@@ -4,7 +4,6 @@ from typing import Optional
 from pydantic import BaseModel, Field
 
 from prowler.lib.logger import logger
-from prowler.providers.vercel.lib.billing import extract_billing_plan
 from prowler.providers.vercel.lib.service.service import VercelService
 
 
@@ -68,7 +67,6 @@ class Team(VercelService):
                 id=team_data.get("id", team_id),
                 name=team_data.get("name", ""),
                 slug=team_data.get("slug", ""),
-                billing_plan=extract_billing_plan(team_data),
                 saml=saml_config,
                 directory_sync_enabled=dir_sync,
                 created_at=created_at,
@@ -153,7 +151,6 @@ class VercelTeam(BaseModel):
     id: str
     name: str
     slug: str
-    billing_plan: Optional[str] = None
     saml: Optional[SAMLConfig] = None
     directory_sync_enabled: bool = False
     members: list[VercelTeamMember] = Field(default_factory=list)

prowler/providers/vercel/vercel_provider.py

@@ -20,7 +20,6 @@ from prowler.providers.vercel.exceptions.exceptions import (
     VercelRateLimitError,
     VercelSessionError,
 )
-from prowler.providers.vercel.lib.billing import extract_billing_plan
 from prowler.providers.vercel.lib.mutelist.mutelist import VercelMutelist
 from prowler.providers.vercel.models import (
     VercelIdentityInfo,
@@ -196,7 +195,6 @@ class VercelProvider(Provider):
             user_id = user_data.get("id")
             username = user_data.get("username")
             email = user_data.get("email")
-            billing_plan = extract_billing_plan(user_data)
 
             # Get team info
             team_info = None
@@ -216,7 +214,6 @@ class VercelProvider(Provider):
                         id=team_data.get("id", session.team_id),
                         name=team_data.get("name", ""),
                         slug=team_data.get("slug", ""),
-                        billing_plan=extract_billing_plan(team_data),
                     )
                     all_teams = [team_info]
                 elif team_response.status_code in (404, 403):
@@ -242,7 +239,6 @@ class VercelProvider(Provider):
                                     id=t.get("id", ""),
                                     name=t.get("name", ""),
                                     slug=t.get("slug", ""),
-                                    billing_plan=extract_billing_plan(t),
                                 )
                             )
                         if all_teams:
@@ -257,7 +253,6 @@ class VercelProvider(Provider):
                 user_id=user_id,
                 username=username,
                 email=email,
-                billing_plan=billing_plan,
                 team=team_info,
                 teams=all_teams,
             )

pyproject.toml

@@ -45,7 +45,7 @@ dependencies = [
   "boto3==1.40.61",
   "botocore==1.40.61",
   "colorama==0.4.6",
-  "cryptography==46.0.7",
+  "cryptography==46.0.6",
   "dash==3.1.1",
   "dash-bootstrap-components==2.0.3",
   "defusedxml==0.7.1",

tests/lib/check/models_test.py

@@ -377,50 +377,6 @@ class TestCheckMetadataValidators:
         check_metadata = CheckMetadata(**valid_metadata)
         assert check_metadata.Categories == ["encryption", "logging", "secrets"]
 
-    def test_valid_vercel_plan_categories_success(self):
-        """Test Vercel plan categories are accepted using hyphen-separated names."""
-        valid_metadata = {
-            "Provider": "vercel",
-            "CheckID": "test_check",
-            "CheckTitle": "Test Check",
-            "CheckType": [],
-            "ServiceName": "test",
-            "SubServiceName": "subtest",
-            "ResourceIdTemplate": "template",
-            "Severity": "high",
-            "ResourceType": "TestResource",
-            "Description": "Test description",
-            "Risk": "Test risk",
-            "RelatedUrl": "",
-            "Remediation": {
-                "Code": {
-                    "CLI": "test command",
-                    "NativeIaC": "test native",
-                    "Other": "test other",
-                    "Terraform": "test terraform",
-                },
-                "Recommendation": {
-                    "Text": "test recommendation",
-                    "Url": "https://hub.prowler.com/check/test_check",
-                },
-            },
-            "Categories": [
-                "vercel-hobby-plan",
-                "vercel-pro-plan",
-                "vercel-enterprise-plan",
-            ],
-            "DependsOn": [],
-            "RelatedTo": [],
-            "Notes": "Test notes",
-        }
-
-        check_metadata = CheckMetadata(**valid_metadata)
-        assert check_metadata.Categories == [
-            "vercel-hobby-plan",
-            "vercel-pro-plan",
-            "vercel-enterprise-plan",
-        ]
-
     def test_valid_category_failure_non_string(self):
         """Test valid category validation fails with non-string category"""
         invalid_metadata = {
@@ -498,7 +454,7 @@ class TestCheckMetadataValidators:
         with pytest.raises(ValidationError) as exc_info:
             CheckMetadata(**invalid_metadata)
         assert (
-            "Categories can only contain lowercase letters, numbers, and hyphen '-'"
+            "Categories can only contain lowercase letters, numbers and hyphen"
             in str(exc_info.value)
         )
 

tests/providers/aws/services/bedrock/bedrock_prompt_management_exists/bedrock_prompt_management_exists_test.py

@@ -1,280 +0,0 @@
-from unittest import mock
-
-import botocore
-from botocore.exceptions import ClientError
-from moto import mock_aws
-
-from tests.providers.aws.utils import (
-    AWS_ACCOUNT_NUMBER,
-    AWS_REGION_EU_WEST_1,
-    AWS_REGION_US_EAST_1,
-    set_mocked_aws_provider,
-)
-
-make_api_call = botocore.client.BaseClient._make_api_call
-
-PROMPT_ARN = (
-    f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt/test-prompt-id"
-)
-
-
-def mock_make_api_call_list_prompts_access_denied(self, operation_name, kwarg):
-    """Mock API call where ListPrompts fails with AccessDeniedException."""
-    if operation_name == "ListPrompts":
-        raise ClientError(
-            {
-                "Error": {
-                    "Code": "AccessDeniedException",
-                    "Message": "User is not authorized to perform: bedrock:ListPrompts",
-                }
-            },
-            operation_name,
-        )
-    return make_api_call(self, operation_name, kwarg)
-
-
-def mock_make_api_call_with_prompts(self, operation_name, kwarg):
-    """Mock API call that returns prompts."""
-    if operation_name == "ListPrompts":
-        return {
-            "promptSummaries": [
-                {
-                    "id": "test-prompt-id",
-                    "name": "test-prompt",
-                    "arn": PROMPT_ARN,
-                }
-            ]
-        }
-    return make_api_call(self, operation_name, kwarg)
-
-
-def mock_make_api_call_with_multiple_prompts(self, operation_name, kwarg):
-    """Mock API call that returns multiple prompts."""
-    if operation_name == "ListPrompts":
-        return {
-            "promptSummaries": [
-                {
-                    "id": "test-prompt-id-1",
-                    "name": "test-prompt-1",
-                    "arn": f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt/test-prompt-id-1",
-                },
-                {
-                    "id": "test-prompt-id-2",
-                    "name": "test-prompt-2",
-                    "arn": f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt/test-prompt-id-2",
-                },
-                {
-                    "id": "test-prompt-id-3",
-                    "name": "test-prompt-3",
-                    "arn": f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt/test-prompt-id-3",
-                },
-            ]
-        }
-    return make_api_call(self, operation_name, kwarg)
-
-
-def mock_make_api_call_no_prompts(self, operation_name, kwarg):
-    """Mock API call that returns no prompts."""
-    if operation_name == "ListPrompts":
-        return {"promptSummaries": []}
-    return make_api_call(self, operation_name, kwarg)
-
-
-class Test_bedrock_prompt_management_exists:
-    @mock.patch(
-        "botocore.client.BaseClient._make_api_call",
-        new=mock_make_api_call_no_prompts,
-    )
-    @mock_aws
-    def test_no_prompts(self):
-        """Test FAIL when no prompts exist in the region."""
-        from prowler.providers.aws.services.bedrock.bedrock_service import BedrockAgent
-
-        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=aws_provider,
-            ),
-            mock.patch(
-                "prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists.bedrock_agent_client",
-                new=BedrockAgent(aws_provider),
-            ),
-        ):
-            from prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists import (
-                bedrock_prompt_management_exists,
-            )
-
-            check = bedrock_prompt_management_exists()
-            result = check.execute()
-
-            assert len(result) == 1
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"No Bedrock Prompt Management prompts exist in region {AWS_REGION_US_EAST_1}."
-            )
-            assert result[0].resource_id == "prompt-management"
-            assert result[0].region == AWS_REGION_US_EAST_1
-            assert (
-                result[0].resource_arn
-                == f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt-management"
-            )
-
-    @mock.patch(
-        "botocore.client.BaseClient._make_api_call",
-        new=mock_make_api_call_with_prompts,
-    )
-    @mock_aws
-    def test_prompts_exist(self):
-        """Test PASS when prompts exist in the region."""
-        from prowler.providers.aws.services.bedrock.bedrock_service import BedrockAgent
-
-        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=aws_provider,
-            ),
-            mock.patch(
-                "prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists.bedrock_agent_client",
-                new=BedrockAgent(aws_provider),
-            ),
-        ):
-            from prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists import (
-                bedrock_prompt_management_exists,
-            )
-
-            check = bedrock_prompt_management_exists()
-            result = check.execute()
-
-            assert len(result) == 1
-            assert result[0].status == "PASS"
-            assert (
-                result[0].status_extended
-                == f"Bedrock Prompt Management prompt test-prompt exists in region {AWS_REGION_US_EAST_1}."
-            )
-            assert result[0].resource_id == "test-prompt-id"
-            assert result[0].region == AWS_REGION_US_EAST_1
-            assert result[0].resource_arn == PROMPT_ARN
-
-    @mock.patch(
-        "botocore.client.BaseClient._make_api_call",
-        new=mock_make_api_call_with_multiple_prompts,
-    )
-    @mock_aws
-    def test_multiple_prompts_exist(self):
-        """Test PASS with one finding per prompt when multiple prompts exist."""
-        from prowler.providers.aws.services.bedrock.bedrock_service import BedrockAgent
-
-        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=aws_provider,
-            ),
-            mock.patch(
-                "prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists.bedrock_agent_client",
-                new=BedrockAgent(aws_provider),
-            ),
-        ):
-            from prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists import (
-                bedrock_prompt_management_exists,
-            )
-
-            check = bedrock_prompt_management_exists()
-            result = check.execute()
-
-            assert len(result) == 3
-            for index, finding in enumerate(result, start=1):
-                expected_name = f"test-prompt-{index}"
-                expected_id = f"test-prompt-id-{index}"
-                assert finding.status == "PASS"
-                assert (
-                    finding.status_extended
-                    == f"Bedrock Prompt Management prompt {expected_name} exists in region {AWS_REGION_US_EAST_1}."
-                )
-                assert finding.resource_id == expected_id
-                assert finding.region == AWS_REGION_US_EAST_1
-                assert (
-                    finding.resource_arn
-                    == f"arn:aws:bedrock:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:prompt/{expected_id}"
-                )
-
-    @mock.patch(
-        "botocore.client.BaseClient._make_api_call",
-        new=mock_make_api_call_no_prompts,
-    )
-    @mock_aws
-    def test_no_prompts_multiple_regions(self):
-        """Test FAIL in multiple regions when no prompts exist."""
-        from prowler.providers.aws.services.bedrock.bedrock_service import BedrockAgent
-
-        aws_provider = set_mocked_aws_provider(
-            [AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1]
-        )
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=aws_provider,
-            ),
-            mock.patch(
-                "prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists.bedrock_agent_client",
-                new=BedrockAgent(aws_provider),
-            ),
-        ):
-            from prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists import (
-                bedrock_prompt_management_exists,
-            )
-
-            check = bedrock_prompt_management_exists()
-            result = check.execute()
-
-            assert len(result) == 2
-            for finding in result:
-                assert finding.status == "FAIL"
-                assert (
-                    finding.status_extended
-                    == f"No Bedrock Prompt Management prompts exist in region {finding.region}."
-                )
-                assert finding.resource_id == "prompt-management"
-                assert (
-                    finding.resource_arn
-                    == f"arn:aws:bedrock:{finding.region}:{AWS_ACCOUNT_NUMBER}:prompt-management"
-                )
-            regions = {finding.region for finding in result}
-            assert regions == {AWS_REGION_US_EAST_1, AWS_REGION_EU_WEST_1}
-
-    @mock.patch(
-        "botocore.client.BaseClient._make_api_call",
-        new=mock_make_api_call_list_prompts_access_denied,
-    )
-    @mock_aws
-    def test_list_prompts_client_error_skips_region(self):
-        """Test that regions where ListPrompts fails produce no findings."""
-        from prowler.providers.aws.services.bedrock.bedrock_service import BedrockAgent
-
-        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=aws_provider,
-            ),
-            mock.patch(
-                "prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists.bedrock_agent_client",
-                new=BedrockAgent(aws_provider),
-            ),
-        ):
-            from prowler.providers.aws.services.bedrock.bedrock_prompt_management_exists.bedrock_prompt_management_exists import (
-                bedrock_prompt_management_exists,
-            )
-
-            check = bedrock_prompt_management_exists()
-            result = check.execute()
-
-            assert result == []

tests/providers/aws/services/bedrock/bedrock_service_test.py

@@ -341,125 +341,3 @@ class TestBedrockAgentPagination:
         # Verify paginator was used
         regional_client.get_paginator.assert_called_once_with("list_agents")
         paginator.paginate.assert_called_once()
-
-
-class TestBedrockPromptPagination:
-    """Test suite for Bedrock Prompt pagination logic."""
-
-    def test_list_prompts_pagination(self):
-        """Test that list_prompts iterates through all pages."""
-        # Mock the audit_info
-        audit_info = MagicMock()
-        audit_info.audited_partition = "aws"
-        audit_info.audited_account = "123456789012"
-        audit_info.audit_resources = None
-
-        # Mock the regional client
-        regional_client = MagicMock()
-        regional_client.region = "us-east-1"
-
-        # Mock paginator
-        paginator = MagicMock()
-        page1 = {
-            "promptSummaries": [
-                {
-                    "id": "prompt-1",
-                    "name": "prompt-name-1",
-                    "arn": "arn:aws:bedrock:us-east-1:123456789012:prompt/prompt-1",
-                }
-            ]
-        }
-        page2 = {
-            "promptSummaries": [
-                {
-                    "id": "prompt-2",
-                    "name": "prompt-name-2",
-                    "arn": "arn:aws:bedrock:us-east-1:123456789012:prompt/prompt-2",
-                }
-            ]
-        }
-        paginator.paginate.return_value = [page1, page2]
-        regional_client.get_paginator.return_value = paginator
-
-        # Initialize service and inject mock client
-        bedrock_agent_service = BedrockAgent(audit_info)
-        bedrock_agent_service.regional_clients = {"us-east-1": regional_client}
-        bedrock_agent_service.prompts = {}  # Clear init side effects
-        bedrock_agent_service.prompt_scanned_regions = set()
-
-        # Run method
-        bedrock_agent_service._list_prompts(regional_client)
-
-        # Assertions
-        assert len(bedrock_agent_service.prompts) == 2
-        assert (
-            "arn:aws:bedrock:us-east-1:123456789012:prompt/prompt-1"
-            in bedrock_agent_service.prompts
-        )
-        assert (
-            "arn:aws:bedrock:us-east-1:123456789012:prompt/prompt-2"
-            in bedrock_agent_service.prompts
-        )
-        assert "us-east-1" in bedrock_agent_service.prompt_scanned_regions
-
-        # Verify paginator was used
-        regional_client.get_paginator.assert_called_once_with("list_prompts")
-        paginator.paginate.assert_called_once()
-
-    def test_list_prompts_ignores_audit_resources_filter(self):
-        """Prompt collection is region-scoped and must ignore audit_resources."""
-        audit_info = MagicMock()
-        audit_info.audited_partition = "aws"
-        audit_info.audited_account = "123456789012"
-        audit_info.audit_resources = ["arn:aws:s3:::unrelated-resource"]
-
-        regional_client = MagicMock()
-        regional_client.region = "us-east-1"
-
-        paginator = MagicMock()
-        paginator.paginate.return_value = [
-            {
-                "promptSummaries": [
-                    {
-                        "id": "prompt-1",
-                        "name": "prompt-name-1",
-                        "arn": "arn:aws:bedrock:us-east-1:123456789012:prompt/prompt-1",
-                    }
-                ]
-            }
-        ]
-        regional_client.get_paginator.return_value = paginator
-
-        bedrock_agent_service = BedrockAgent(audit_info)
-        bedrock_agent_service.regional_clients = {"us-east-1": regional_client}
-        bedrock_agent_service.prompts = {}
-        bedrock_agent_service.prompt_scanned_regions = set()
-
-        bedrock_agent_service._list_prompts(regional_client)
-
-        assert len(bedrock_agent_service.prompts) == 1
-        assert "us-east-1" in bedrock_agent_service.prompt_scanned_regions
-
-    def test_list_prompts_error_does_not_mark_region_scanned(self):
-        """If ListPrompts raises, the region must not be added to prompt_scanned_regions."""
-        audit_info = MagicMock()
-        audit_info.audited_partition = "aws"
-        audit_info.audited_account = "123456789012"
-        audit_info.audit_resources = None
-
-        regional_client = MagicMock()
-        regional_client.region = "us-east-1"
-
-        paginator = MagicMock()
-        paginator.paginate.side_effect = Exception("ListPrompts failed")
-        regional_client.get_paginator.return_value = paginator
-
-        bedrock_agent_service = BedrockAgent(audit_info)
-        bedrock_agent_service.regional_clients = {"us-east-1": regional_client}
-        bedrock_agent_service.prompts = {}
-        bedrock_agent_service.prompt_scanned_regions = set()
-
-        bedrock_agent_service._list_prompts(regional_client)
-
-        assert bedrock_agent_service.prompts == {}
-        assert bedrock_agent_service.prompt_scanned_regions == set()

tests/providers/image/image_provider_test.py

@@ -7,7 +7,6 @@ from unittest.mock import MagicMock, patch
 import pytest
 
 from prowler.lib.check.models import CheckReportImage
-from prowler.providers.common.provider import Provider
 from prowler.providers.image.exceptions.exceptions import (
     ImageInvalidConfigScannerError,
     ImageInvalidNameError,
@@ -21,6 +20,7 @@ from prowler.providers.image.exceptions.exceptions import (
     ImageScanError,
     ImageTrivyBinaryNotFoundError,
 )
+from prowler.providers.common.provider import Provider
 from prowler.providers.image.image_provider import ImageProvider
 from tests.providers.image.image_fixtures import (
     SAMPLE_IMAGE_SHA,
@@ -345,24 +345,6 @@ class TestImageProvider:
         )
         mock_adapter.list_repositories.assert_called_once()
 
-    @patch("prowler.providers.image.image_provider.create_registry_adapter")
-    def test_test_connection_registry_url_with_https_scheme(self, mock_factory):
-        """Registry URL with https:// scheme is normalised before adapter creation."""
-        mock_adapter = MagicMock()
-        mock_adapter.list_repositories.return_value = ["repo1"]
-        mock_factory.return_value = mock_adapter
-
-        result = ImageProvider.test_connection(image="https://my-registry.example.com")
-
-        assert result.is_connected is True
-        mock_factory.assert_called_once_with(
-            registry_url="my-registry.example.com",
-            username=None,
-            password=None,
-            token=None,
-        )
-        mock_adapter.list_repositories.assert_called_once()
-
     def test_build_status_extended(self):
         """Test status message content for different finding types."""
         provider = _make_provider()
@@ -677,27 +659,6 @@ class TestImageProviderRegistryAuth:
             assert "Docker login" in output
 
 
-class TestStripScheme:
-    @pytest.mark.parametrize(
-        "raw,expected",
-        [
-            ("https://my-registry.example.com", "my-registry.example.com"),
-            ("http://my-registry.example.com", "my-registry.example.com"),
-            ("HTTPS://My-Registry.Example.Com", "My-Registry.Example.Com"),
-            ("Http://localhost:5000", "localhost:5000"),
-            ("my-registry.example.com", "my-registry.example.com"),
-            ("https://", ""),
-            ("https://https://nested.example.com", "https://nested.example.com"),
-            (
-                "ftp://not-a-supported-scheme.example.com",
-                "ftp://not-a-supported-scheme.example.com",
-            ),
-        ],
-    )
-    def test_strip_scheme(self, raw, expected):
-        assert ImageProvider._strip_scheme(raw) == expected
-
-
 class TestExtractRegistry:
     def test_docker_hub_simple(self):
         assert ImageProvider._extract_registry("alpine:3.18") is None
@@ -737,24 +698,6 @@ class TestExtractRegistry:
     def test_bare_image_name(self):
         assert ImageProvider._extract_registry("nginx") is None
 
-    def test_https_scheme_bare_hostname_returns_none(self):
-        """Bare scheme-prefixed hostname has no image path, so no registry is extracted."""
-        assert (
-            ImageProvider._extract_registry("https://my-registry.example.com") is None
-        )
-
-    def test_http_scheme_with_port_stripped(self):
-        assert (
-            ImageProvider._extract_registry("http://localhost:5000/myimage:latest")
-            == "localhost:5000"
-        )
-
-    def test_https_scheme_with_path_stripped(self):
-        assert (
-            ImageProvider._extract_registry("https://ghcr.io/org/image:tag")
-            == "ghcr.io"
-        )
-
 
 class TestIsRegistryUrl:
     def test_bare_ecr_hostname(self):
@@ -785,16 +728,6 @@ class TestIsRegistryUrl:
     def test_dockerhub_namespace(self):
         assert not ImageProvider._is_registry_url("library/alpine")
 
-    def test_https_scheme_bare_hostname(self):
-        assert ImageProvider._is_registry_url("https://my-registry.example.com")
-
-    def test_http_scheme_bare_hostname_with_port(self):
-        assert ImageProvider._is_registry_url("http://my-registry.example.com:5000")
-
-    def test_https_scheme_image_reference_not_registry(self):
-        """A scheme-prefixed full image reference is still an image, not a registry URL."""
-        assert not ImageProvider._is_registry_url("https://ghcr.io/myorg/repo:tag")
-
 
 class TestTestRegistryConnection:
     @patch("prowler.providers.image.image_provider.create_registry_adapter")

tests/providers/vercel/lib/service/vercel_service_test.py

@@ -1,29 +0,0 @@
-from unittest import mock
-
-from prowler.providers.vercel.lib.service.service import VercelService
-
-
-class TestVercelService:
-    def test_get_returns_none_and_logs_info_on_expected_403(self):
-        service = VercelService.__new__(VercelService)
-        service.audit_config = {"max_retries": 0}
-        service.service = "security"
-        service._team_id = None
-        service._base_url = "https://api.vercel.com"
-
-        response = mock.MagicMock()
-        response.status_code = 403
-
-        service._http_session = mock.MagicMock()
-        service._http_session.get.return_value = response
-
-        with mock.patch(
-            "prowler.providers.vercel.lib.service.service.logger"
-        ) as logger_mock:
-            result = service._get("/v1/security/firewall/config/active")
-
-        assert result is None
-        logger_mock.info.assert_called_once_with(
-            "security - Access denied for /v1/security/firewall/config/active (403). "
-            "This may be caused by plan or permission restrictions."
-        )

tests/providers/vercel/services/project/project_password_protection_enabled/project_password_protection_enabled_test.py

@@ -142,41 +142,3 @@ class Test_project_password_protection_enabled:
                 == f"Project {PROJECT_NAME} does not have password protection configured for deployments."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_no_password_protection_hobby_plan(self):
-        project_client = mock.MagicMock
-        project_client.projects = {
-            PROJECT_ID: VercelProject(
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                password_protection=None,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(billing_plan="hobby"),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled.project_client",
-                new=project_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.project.project_password_protection_enabled.project_password_protection_enabled import (
-                project_password_protection_enabled,
-            )
-
-            check = project_password_protection_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == PROJECT_ID
-            assert result[0].resource_name == PROJECT_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} does not have password protection configured for deployments. This may be expected because password protection is not available on the Vercel Hobby plan."
-            )
-            assert result[0].team_id == TEAM_ID

tests/providers/vercel/services/project/project_production_deployment_protection_enabled/project_production_deployment_protection_enabled_test.py

@@ -149,41 +149,3 @@ class Test_project_production_deployment_protection_enabled:
                 == f"Project {PROJECT_NAME} does not have deployment protection enabled on production deployments."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_protection_null_hobby_plan(self):
-        project_client = mock.MagicMock
-        project_client.projects = {
-            PROJECT_ID: VercelProject(
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                production_deployment_protection=None,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(billing_plan="hobby"),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled.project_client",
-                new=project_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.project.project_production_deployment_protection_enabled.project_production_deployment_protection_enabled import (
-                project_production_deployment_protection_enabled,
-            )
-
-            check = project_production_deployment_protection_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == PROJECT_ID
-            assert result[0].resource_name == PROJECT_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} does not have deployment protection enabled on production deployments. This may be expected because protecting production deployments is not available on the Vercel Hobby plan."
-            )
-            assert result[0].team_id == TEAM_ID

tests/providers/vercel/services/project/project_service_test.py

@@ -5,7 +5,6 @@ from tests.providers.vercel.vercel_fixtures import (
     PROJECT_ID,
     PROJECT_NAME,
     TEAM_ID,
-    USER_ID,
     set_mocked_vercel_provider,
 )
 
@@ -44,69 +43,3 @@ class TestProjectService:
             "ai_bots": {"active": False, "action": "deny"},
         }
         assert project.bot_id_enabled is True
-
-    def test_list_projects_uses_scoped_team_billing_plan(self):
-        service = Project.__new__(Project)
-        service.provider = set_mocked_vercel_provider(
-            billing_plan="enterprise",
-            team_billing_plan="hobby",
-        )
-        service.projects = {}
-        service._paginate = mock.MagicMock(
-            return_value=[
-                {
-                    "id": PROJECT_ID,
-                    "name": PROJECT_NAME,
-                    "accountId": TEAM_ID,
-                }
-            ]
-        )
-
-        service._list_projects()
-
-        project = service.projects[PROJECT_ID]
-        assert project.billing_plan == "hobby"
-
-    def test_list_projects_uses_user_billing_plan_for_user_scoped_project(self):
-        service = Project.__new__(Project)
-        service.provider = set_mocked_vercel_provider(
-            billing_plan="enterprise",
-            team_billing_plan="hobby",
-        )
-        service.projects = {}
-        service._paginate = mock.MagicMock(
-            return_value=[
-                {
-                    "id": PROJECT_ID,
-                    "name": PROJECT_NAME,
-                    "accountId": USER_ID,
-                }
-            ]
-        )
-
-        service._list_projects()
-
-        project = service.projects[PROJECT_ID]
-        assert project.billing_plan == "enterprise"
-
-    def test_list_projects_does_not_guess_billing_plan_without_scope(self):
-        service = Project.__new__(Project)
-        service.provider = set_mocked_vercel_provider(
-            billing_plan="enterprise",
-            team_billing_plan="hobby",
-        )
-        service.provider.session.team_id = None
-        service.projects = {}
-        service._paginate = mock.MagicMock(
-            return_value=[
-                {
-                    "id": PROJECT_ID,
-                    "name": PROJECT_NAME,
-                }
-            ]
-        )
-
-        service._list_projects()
-
-        project = service.projects[PROJECT_ID]
-        assert project.billing_plan is None

tests/providers/vercel/services/project/project_skew_protection_enabled/project_skew_protection_enabled_test.py

@@ -105,41 +105,3 @@ class Test_project_skew_protection_enabled:
                 == f"Project {PROJECT_NAME} does not have skew protection enabled, which may cause version mismatches during deployments."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_skew_protection_disabled_hobby_plan(self):
-        project_client = mock.MagicMock
-        project_client.projects = {
-            PROJECT_ID: VercelProject(
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                skew_protection=False,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(billing_plan="hobby"),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled.project_client",
-                new=project_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.project.project_skew_protection_enabled.project_skew_protection_enabled import (
-                project_skew_protection_enabled,
-            )
-
-            check = project_skew_protection_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == PROJECT_ID
-            assert result[0].resource_name == PROJECT_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} does not have skew protection enabled, which may cause version mismatches during deployments. This may be expected because skew protection is not available on the Vercel Hobby plan."
-            )
-            assert result[0].team_id == TEAM_ID

tests/providers/vercel/services/security/security_custom_rules_configured/security_custom_rules_configured_test.py

@@ -111,41 +111,3 @@ class Test_security_custom_rules_configured:
                 == f"Project {PROJECT_NAME} ({PROJECT_ID}) does not have any custom firewall rules configured."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_custom_rules_status_unavailable_hobby_plan(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                firewall_config_accessible=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_custom_rules_configured.security_custom_rules_configured import (
-                security_custom_rules_configured,
-            )
-
-            check = security_custom_rules_configured()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for custom firewall rules because the firewall configuration endpoint was not accessible. Manual verification is required. This may be expected because custom firewall rules are not available on the Vercel Hobby plan."
-            )

tests/providers/vercel/services/security/security_ip_blocking_rules_configured/security_ip_blocking_rules_configured_test.py

@@ -111,41 +111,3 @@ class Test_security_ip_blocking_rules_configured:
                 == f"Project {PROJECT_NAME} ({PROJECT_ID}) does not have any IP blocking rules configured."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_ip_rules_status_unavailable_hobby_plan(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                firewall_config_accessible=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_ip_blocking_rules_configured.security_ip_blocking_rules_configured import (
-                security_ip_blocking_rules_configured,
-            )
-
-            check = security_ip_blocking_rules_configured()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for IP blocking rules because the firewall configuration endpoint was not accessible. Manual verification is required. This may be expected because IP blocking rules are not available on the Vercel Hobby plan."
-            )

tests/providers/vercel/services/security/security_managed_rulesets_enabled/security_managed_rulesets_enabled_test.py

@@ -121,7 +121,6 @@ class Test_security_managed_rulesets_enabled:
                 project_id=PROJECT_ID,
                 project_name=PROJECT_NAME,
                 team_id=TEAM_ID,
-                firewall_config_accessible=False,
                 firewall_enabled=False,
                 managed_rulesets=None,
                 id=PROJECT_ID,
@@ -151,45 +150,6 @@ class Test_security_managed_rulesets_enabled:
             assert result[0].status == "MANUAL"
             assert (
                 result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for managed rulesets because the firewall configuration endpoint was not accessible. Manual verification is required."
+                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for managed rulesets. Enterprise plan required to access this feature."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_managed_rulesets_plan_gated_non_enterprise_scope(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="pro",
-                firewall_config_accessible=False,
-                firewall_enabled=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_managed_rulesets_enabled.security_managed_rulesets_enabled.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_managed_rulesets_enabled.security_managed_rulesets_enabled import (
-                security_managed_rulesets_enabled,
-            )
-
-            check = security_managed_rulesets_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for managed rulesets because the firewall configuration endpoint was not accessible. Manual verification is required. This may be expected because some managed WAF rulesets, including the OWASP Core Ruleset, are only available on Vercel Enterprise plans."
-            )

tests/providers/vercel/services/security/security_rate_limiting_configured/security_rate_limiting_configured_test.py

@@ -111,41 +111,3 @@ class Test_security_rate_limiting_configured:
                 == f"Project {PROJECT_NAME} ({PROJECT_ID}) does not have any rate limiting rules configured."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_rate_limiting_status_unavailable_hobby_plan(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                firewall_config_accessible=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_rate_limiting_configured.security_rate_limiting_configured import (
-                security_rate_limiting_configured,
-            )
-
-            check = security_rate_limiting_configured()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be assessed for rate limiting rules because the firewall configuration endpoint was not accessible. Manual verification is required. This may be expected because rate limiting rules are not available on the Vercel Hobby plan."
-            )

tests/providers/vercel/services/security/security_service_test.py

@@ -7,12 +7,7 @@ from tests.providers.vercel.vercel_fixtures import PROJECT_ID, PROJECT_NAME, TEA
 
 class TestSecurityService:
     def test_fetch_firewall_config_reads_active_version_and_normalizes_response(self):
-        project = VercelProject(
-            id=PROJECT_ID,
-            name=PROJECT_NAME,
-            team_id=TEAM_ID,
-            billing_plan="pro",
-        )
+        project = VercelProject(id=PROJECT_ID, name=PROJECT_NAME, team_id=TEAM_ID)
         service = Security.__new__(Security)
         service.firewall_configs = {}
 
@@ -94,7 +89,6 @@ class TestSecurityService:
         )
 
         config = service.firewall_configs[PROJECT_ID]
-        assert config.billing_plan == "pro"
         assert config.firewall_enabled is True
         assert config.managed_rulesets == {"owasp": {"active": True, "action": "deny"}}
         assert [rule["id"] for rule in config.custom_rules] == ["rule-custom"]

tests/providers/vercel/services/security/security_waf_enabled/security_waf_enabled_test.py

@@ -113,83 +113,3 @@ class Test_security_waf_enabled:
                 == f"Project {PROJECT_NAME} ({PROJECT_ID}) does not have the Web Application Firewall enabled."
             )
             assert result[0].team_id == TEAM_ID
-
-    def test_waf_status_unavailable(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                firewall_config_accessible=False,
-                firewall_enabled=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_waf_enabled.security_waf_enabled.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_waf_enabled.security_waf_enabled import (
-                security_waf_enabled,
-            )
-
-            check = security_waf_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == PROJECT_ID
-            assert result[0].resource_name == PROJECT_NAME
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be checked for WAF status because the firewall configuration endpoint was not accessible. Manual verification is required."
-            )
-            assert result[0].team_id == TEAM_ID
-
-    def test_waf_status_unavailable_hobby_plan(self):
-        security_client = mock.MagicMock
-        security_client.firewall_configs = {
-            PROJECT_ID: VercelFirewallConfig(
-                project_id=PROJECT_ID,
-                project_name=PROJECT_NAME,
-                team_id=TEAM_ID,
-                billing_plan="hobby",
-                firewall_config_accessible=False,
-                firewall_enabled=False,
-                managed_rulesets=None,
-                id=PROJECT_ID,
-                name=PROJECT_NAME,
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.security.security_waf_enabled.security_waf_enabled.security_client",
-                new=security_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.security.security_waf_enabled.security_waf_enabled import (
-                security_waf_enabled,
-            )
-
-            check = security_waf_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].status == "MANUAL"
-            assert (
-                result[0].status_extended
-                == f"Project {PROJECT_NAME} ({PROJECT_ID}) could not be checked for WAF status because the firewall configuration endpoint was not accessible. Manual verification is required. This may be expected because the Web Application Firewall is not available on the Vercel Hobby plan."
-            )

tests/providers/vercel/services/team/team_directory_sync_enabled/team_directory_sync_enabled_test.py

@@ -105,41 +105,3 @@ class Test_team_directory_sync_enabled:
                 == f"Team {TEAM_NAME} does not have directory sync (SCIM) enabled. User provisioning and deprovisioning must be managed manually."
             )
             assert result[0].team_id == ""
-
-    def test_directory_sync_disabled_pro_plan(self):
-        team_client = mock.MagicMock
-        team_client.teams = {
-            TEAM_ID: VercelTeam(
-                id=TEAM_ID,
-                name=TEAM_NAME,
-                slug=TEAM_SLUG,
-                directory_sync_enabled=False,
-                billing_plan="pro",
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled.team_client",
-                new=team_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.team.team_directory_sync_enabled.team_directory_sync_enabled import (
-                team_directory_sync_enabled,
-            )
-
-            check = team_directory_sync_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == TEAM_ID
-            assert result[0].resource_name == TEAM_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Team {TEAM_NAME} does not have directory sync (SCIM) enabled. User provisioning and deprovisioning must be managed manually. This may be expected because directory sync (SCIM) is only available on Vercel Enterprise plans."
-            )
-            assert result[0].team_id == ""

tests/providers/vercel/services/team/team_saml_sso_enabled/team_saml_sso_enabled_test.py

@@ -106,42 +106,3 @@ class Test_team_saml_sso_enabled:
                 == f"Team {TEAM_NAME} does not have SAML SSO enabled."
             )
             assert result[0].team_id == ""
-
-    def test_saml_disabled_hobby_plan(self):
-        team_client = mock.MagicMock
-        team_client.teams = {
-            TEAM_ID: VercelTeam(
-                id=TEAM_ID,
-                name=TEAM_NAME,
-                slug=TEAM_SLUG,
-                saml=SAMLConfig(status="disabled", enforced=False),
-                billing_plan="hobby",
-                members=[],
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.team.team_saml_sso_enabled.team_saml_sso_enabled.team_client",
-                new=team_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.team.team_saml_sso_enabled.team_saml_sso_enabled import (
-                team_saml_sso_enabled,
-            )
-
-            check = team_saml_sso_enabled()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == TEAM_ID
-            assert result[0].resource_name == TEAM_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Team {TEAM_NAME} does not have SAML SSO enabled. This may be expected because SAML SSO is not available on the Vercel Hobby plan."
-            )
-            assert result[0].team_id == ""

tests/providers/vercel/services/team/team_saml_sso_enforced/team_saml_sso_enforced_test.py

@@ -142,41 +142,3 @@ class Test_team_saml_sso_enforced:
                 == f"Team {TEAM_NAME} does not have SAML SSO enforced."
             )
             assert result[0].team_id == ""
-
-    def test_saml_disabled_hobby_plan(self):
-        team_client = mock.MagicMock
-        team_client.teams = {
-            TEAM_ID: VercelTeam(
-                id=TEAM_ID,
-                name=TEAM_NAME,
-                slug=TEAM_SLUG,
-                saml=SAMLConfig(status="disabled", enforced=False),
-                billing_plan="hobby",
-            )
-        }
-
-        with (
-            mock.patch(
-                "prowler.providers.common.provider.Provider.get_global_provider",
-                return_value=set_mocked_vercel_provider(),
-            ),
-            mock.patch(
-                "prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced.team_client",
-                new=team_client,
-            ),
-        ):
-            from prowler.providers.vercel.services.team.team_saml_sso_enforced.team_saml_sso_enforced import (
-                team_saml_sso_enforced,
-            )
-
-            check = team_saml_sso_enforced()
-            result = check.execute()
-            assert len(result) == 1
-            assert result[0].resource_id == TEAM_ID
-            assert result[0].resource_name == TEAM_NAME
-            assert result[0].status == "FAIL"
-            assert (
-                result[0].status_extended
-                == f"Team {TEAM_NAME} does not have SAML SSO enforced. This may be expected because SAML SSO is not available on the Vercel Hobby plan."
-            )
-            assert result[0].team_id == ""

tests/providers/vercel/vercel_fixtures.py

@@ -33,8 +33,6 @@ def set_mocked_vercel_provider(
     team_id: str = TEAM_ID,
     identity: VercelIdentityInfo = None,
     audit_config: dict = None,
-    billing_plan: str = None,
-    team_billing_plan: str = None,
 ):
     """Create a mocked VercelProvider for testing."""
     provider = MagicMock()
@@ -44,22 +42,15 @@ def set_mocked_vercel_provider(
         team_id=team_id,
         http_session=MagicMock(),
     )
-    resolved_team_billing_plan = (
-        team_billing_plan if team_billing_plan is not None else billing_plan
-    )
-    team_info = VercelTeamInfo(
-        id=TEAM_ID,
-        name=TEAM_NAME,
-        slug=TEAM_SLUG,
-        billing_plan=resolved_team_billing_plan,
-    )
     provider.identity = identity or VercelIdentityInfo(
         user_id=USER_ID,
         username=USERNAME,
         email=USER_EMAIL,
-        billing_plan=billing_plan,
-        team=team_info,
-        teams=[team_info],
+        team=VercelTeamInfo(
+            id=TEAM_ID,
+            name=TEAM_NAME,
+            slug=TEAM_SLUG,
+        ),
     )
     provider.audit_config = audit_config or {"max_retries": 3}
     provider.fixer_config = {}

tests/providers/vercel/vercel_metadata_test.py

@@ -1,97 +0,0 @@
-from prowler.lib.check.models import CheckMetadata
-
-
-class TestVercelMetadata:
-    EXPECTED_CATEGORIES = {
-        "authentication_no_stale_tokens": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "authentication_token_not_expired": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "deployment_production_uses_stable_target": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "domain_dns_properly_configured": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "domain_ssl_certificate_valid": ["encryption", "vercel-hobby-plan"],
-        "domain_verified": ["trust-boundaries", "vercel-hobby-plan"],
-        "project_auto_expose_system_env_disabled": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "project_deployment_protection_enabled": [
-            "internet-exposed",
-            "vercel-hobby-plan",
-        ],
-        "project_directory_listing_disabled": [
-            "internet-exposed",
-            "vercel-hobby-plan",
-        ],
-        "project_environment_no_overly_broad_target": [
-            "secrets",
-            "vercel-hobby-plan",
-        ],
-        "project_environment_no_secrets_in_plain_type": [
-            "secrets",
-            "vercel-hobby-plan",
-        ],
-        "project_environment_production_vars_not_in_preview": [
-            "secrets",
-            "vercel-hobby-plan",
-        ],
-        "project_git_fork_protection_enabled": [
-            "internet-exposed",
-            "vercel-hobby-plan",
-        ],
-        "project_password_protection_enabled": [
-            "internet-exposed",
-            "vercel-pro-plan",
-        ],
-        "project_production_deployment_protection_enabled": [
-            "internet-exposed",
-            "vercel-pro-plan",
-        ],
-        "project_skew_protection_enabled": ["resilience", "vercel-pro-plan"],
-        "security_custom_rules_configured": [
-            "internet-exposed",
-            "vercel-pro-plan",
-        ],
-        "security_ip_blocking_rules_configured": [
-            "internet-exposed",
-            "vercel-pro-plan",
-        ],
-        "security_managed_rulesets_enabled": [
-            "internet-exposed",
-            "vercel-hobby-plan",
-        ],
-        "security_rate_limiting_configured": [
-            "internet-exposed",
-            "vercel-pro-plan",
-        ],
-        "security_waf_enabled": ["internet-exposed", "vercel-pro-plan"],
-        "team_directory_sync_enabled": [
-            "trust-boundaries",
-            "vercel-enterprise-plan",
-        ],
-        "team_member_role_least_privilege": [
-            "trust-boundaries",
-            "vercel-hobby-plan",
-        ],
-        "team_no_stale_invitations": ["trust-boundaries", "vercel-hobby-plan"],
-        "team_saml_sso_enabled": ["trust-boundaries", "vercel-pro-plan"],
-        "team_saml_sso_enforced": ["trust-boundaries", "vercel-pro-plan"],
-    }
-
-    def test_vercel_checks_use_legacy_and_plan_categories(self):
-        vercel_metadata = CheckMetadata.get_bulk(provider="vercel")
-
-        assert set(vercel_metadata) == set(self.EXPECTED_CATEGORIES)
-
-        for check_id, expected_categories in self.EXPECTED_CATEGORIES.items():
-            assert vercel_metadata[check_id].Categories == expected_categories

ui/CHANGELOG.md

@@ -2,15 +2,6 @@
 
 All notable changes to the **Prowler UI** are documented in this file.
 
-## [1.25.2] (Prowler UNRELEASED)
-
-### 🔄 Changed
-
-- Compliance cards: progress bar now spans the full card width, the passing-requirements caption sits beside the framework logo under the title, and the ISO 27001 logo asset is recentered within its tile [(#10939)](https://github.com/prowler-cloud/prowler/pull/10939)
-- Findings expanded resource rows now drop the redundant cube icons, render Service and Region with the same compact label style as Last seen and Failing for, and reorder columns to Status, Resource, Provider, Severity, then field labels [(#10949)](https://github.com/prowler-cloud/prowler/pull/10949)
-
----
-
 ## [1.25.1] (Prowler v5.25.1)
 
 ### 🐞 Fixed

ui/components/compliance/compliance-card.tsx

@@ -119,33 +119,49 @@ export const ComplianceCard: React.FC<ComplianceCardProps> = ({
         />
       </div>
       <CardContent className="p-0">
-        <div className="flex w-full flex-col gap-3">
-          <div className="flex items-center gap-3 pr-9">
+        <div className="flex w-full flex-col gap-3 sm:flex-row sm:items-start">
+          <div className="flex shrink-0 items-center sm:flex-col sm:items-start sm:gap-2">
             {getComplianceIcon(title) && (
-              <div className="flex h-10 w-10 min-w-10 shrink-0 items-center justify-center rounded-md border border-gray-300 bg-white">
-                <Image
-                  src={getComplianceIcon(title)}
-                  alt={`${title} logo`}
-                  width={32}
-                  height={32}
-                  className="h-8 w-8 object-contain"
-                />
-              </div>
+              <Image
+                src={getComplianceIcon(title)}
+                alt={`${title} logo`}
+                className="h-10 w-10 min-w-10 self-start rounded-md border border-gray-300 bg-white object-contain p-1"
+              />
             )}
-            <div className="flex min-w-0 flex-1 flex-col">
-              <Tooltip>
-                <TooltipTrigger asChild>
-                  <h4 className="text-small truncate leading-5 font-bold">
-                    {formatTitle(title)}
-                    {version ? ` - ${version}` : ""}
-                  </h4>
-                </TooltipTrigger>
-                <TooltipContent>
+          </div>
+          <div className="flex w-full min-w-0 flex-col gap-3">
+            <Tooltip>
+              <TooltipTrigger asChild>
+                <h4 className="text-small truncate pr-9 leading-5 font-bold">
                   {formatTitle(title)}
                   {version ? ` - ${version}` : ""}
-                </TooltipContent>
-              </Tooltip>
-              <small className="truncate">
+                </h4>
+              </TooltipTrigger>
+              <TooltipContent>
+                {formatTitle(title)}
+                {version ? ` - ${version}` : ""}
+              </TooltipContent>
+            </Tooltip>
+            <div className="flex flex-col gap-2">
+              <div className="flex items-center justify-between gap-3 text-xs">
+                <span className="text-text-neutral-secondary font-medium tracking-wider">
+                  Score:
+                </span>
+                <span className="text-text-neutral-secondary">
+                  {ratingPercentage}%
+                </span>
+              </div>
+              <Progress
+                aria-label="Compliance score"
+                value={ratingPercentage}
+                className="border-border-neutral-secondary h-2.5 border drop-shadow-sm"
+                indicatorClassName={getScoreIndicatorClass(
+                  getRatingVariant(ratingPercentage),
+                )}
+              />
+            </div>
+            <div className="flex flex-col gap-3 sm:flex-row sm:items-center sm:justify-between">
+              <small className="min-w-0">
                 <span className="mr-1 text-xs font-semibold">
                   {passingRequirements} / {totalRequirements}
                 </span>
@@ -153,24 +169,6 @@ export const ComplianceCard: React.FC<ComplianceCardProps> = ({
               </small>
             </div>
           </div>
-          <div className="flex flex-col gap-2">
-            <div className="flex items-center justify-between gap-3 text-xs">
-              <span className="text-text-neutral-secondary font-medium tracking-wider">
-                Score:
-              </span>
-              <span className="text-text-neutral-secondary">
-                {ratingPercentage}%
-              </span>
-            </div>
-            <Progress
-              aria-label="Compliance score"
-              value={ratingPercentage}
-              className="border-border-neutral-secondary h-2.5 border drop-shadow-sm"
-              indicatorClassName={getScoreIndicatorClass(
-                getRatingVariant(ratingPercentage),
-              )}
-            />
-          </div>
         </div>
       </CardContent>
     </Card>

ui/components/findings/table/column-finding-resources.tsx

@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef, Row, RowSelectionState } from "@tanstack/react-table";
-import { CornerDownRight, VolumeOff, VolumeX } from "lucide-react";
+import { Container, CornerDownRight, VolumeOff, VolumeX } from "lucide-react";
 import { useContext, useState } from "react";
 
 import { MuteFindingsModal } from "@/components/findings/mute-findings-modal";
@@ -203,6 +203,23 @@ export function getColumnFindingResources({
       enableSorting: false,
       enableHiding: false,
     },
+    // Resource — name + uid (EntityInfo with resource icon)
+    {
+      id: "resource",
+      header: ({ column }) => (
+        <DataTableColumnHeader column={column} title="Resource" />
+      ),
+      cell: ({ row }) => (
+        <div className="max-w-[240px]">
+          <EntityInfo
+            nameIcon={<Container className="size-4" />}
+            entityAlias={row.original.resourceName}
+            entityId={row.original.resourceUid}
+          />
+        </div>
+      ),
+      enableSorting: false,
+    },
     // Status
     {
       id: "status",
@@ -216,35 +233,29 @@ export function getColumnFindingResources({
       },
       enableSorting: false,
     },
-    // Resource — name + uid
+    // Service
     {
-      id: "resource",
+      id: "service",
       header: ({ column }) => (
-        <DataTableColumnHeader column={column} title="Resource" />
+        <DataTableColumnHeader column={column} title="Service" />
       ),
       cell: ({ row }) => (
-        <div className="max-w-[240px]">
-          <EntityInfo
-            entityAlias={row.original.resourceName}
-            entityId={row.original.resourceUid}
-          />
-        </div>
+        <p className="text-text-neutral-primary max-w-[100px] truncate text-sm">
+          {row.original.service}
+        </p>
       ),
       enableSorting: false,
     },
-    // Provider — alias + uid (same style as Resource)
+    // Region
     {
-      id: "provider",
+      id: "region",
       header: ({ column }) => (
-        <DataTableColumnHeader column={column} title="Provider" />
+        <DataTableColumnHeader column={column} title="Region" />
       ),
       cell: ({ row }) => (
-        <div className="max-w-[240px]">
-          <EntityInfo
-            entityAlias={row.original.providerAlias}
-            entityId={row.original.providerUid}
-          />
-        </div>
+        <p className="text-text-neutral-primary max-w-[120px] truncate text-sm">
+          {row.original.region}
+        </p>
       ),
       enableSorting: false,
     },
@@ -257,29 +268,20 @@ export function getColumnFindingResources({
       cell: ({ row }) => <SeverityBadge severity={row.original.severity} />,
       enableSorting: false,
     },
-    // Service
+    // Account — alias + uid (EntityInfo with provider logo)
     {
-      id: "service",
+      id: "account",
       header: ({ column }) => (
-        <DataTableColumnHeader column={column} title="Service" />
+        <DataTableColumnHeader column={column} title="Account" />
       ),
       cell: ({ row }) => (
-        <InfoField label="Service" variant="compact">
-          {row.original.service || "-"}
-        </InfoField>
-      ),
-      enableSorting: false,
-    },
-    // Region
-    {
-      id: "region",
-      header: ({ column }) => (
-        <DataTableColumnHeader column={column} title="Region" />
-      ),
-      cell: ({ row }) => (
-        <InfoField label="Region" variant="compact">
-          {row.original.region || "-"}
-        </InfoField>
+        <div className="max-w-[240px]">
+          <EntityInfo
+            cloudProvider={row.original.providerType}
+            entityAlias={row.original.providerAlias}
+            entityId={row.original.providerUid}
+          />
+        </div>
       ),
       enableSorting: false,
     },

ui/components/findings/table/inline-resource-container.tsx

@@ -70,31 +70,20 @@ function ResourceSkeletonRow({
           <div className="bg-bg-input-primary border-border-input-primary size-5 rounded-sm border shadow-[0_1px_2px_0_rgba(0,0,0,0.1)]" />
         </div>
       </TableCell>
+      {/* Resource: icon + name + uid */}
+      <TableCell className={cellClassName}>
+        <div className="flex items-center gap-2">
+          <Skeleton className="size-4 rounded" />
+          <div className="space-y-1.5">
+            <Skeleton className="h-4 w-32 rounded" />
+            <Skeleton className="h-3.5 w-20 rounded" />
+          </div>
+        </div>
+      </TableCell>
       {/* Status */}
       <TableCell className={cellClassName}>
         <Skeleton className="h-6 w-11 rounded-md" />
       </TableCell>
-      {/* Resource: name + uid */}
-      <TableCell className={cellClassName}>
-        <div className="space-y-1.5">
-          <Skeleton className="h-4 w-32 rounded" />
-          <Skeleton className="h-3.5 w-20 rounded" />
-        </div>
-      </TableCell>
-      {/* Provider: alias + uid */}
-      <TableCell className={cellClassName}>
-        <div className="space-y-1.5">
-          <Skeleton className="h-4 w-24 rounded" />
-          <Skeleton className="h-3.5 w-16 rounded" />
-        </div>
-      </TableCell>
-      {/* Severity */}
-      <TableCell className={cellClassName}>
-        <div className="flex items-center gap-2">
-          <Skeleton className="size-2 rounded-full" />
-          <Skeleton className="h-4.5 w-12 rounded" />
-        </div>
-      </TableCell>
       {/* Service */}
       <TableCell className={cellClassName}>
         <Skeleton className="h-4.5 w-16 rounded" />
@@ -103,6 +92,23 @@ function ResourceSkeletonRow({
       <TableCell className={cellClassName}>
         <Skeleton className="h-4.5 w-20 rounded" />
       </TableCell>
+      {/* Severity */}
+      <TableCell className={cellClassName}>
+        <div className="flex items-center gap-2">
+          <Skeleton className="size-2 rounded-full" />
+          <Skeleton className="h-4.5 w-12 rounded" />
+        </div>
+      </TableCell>
+      {/* Account: provider icon + alias + uid */}
+      <TableCell className={cellClassName}>
+        <div className="flex items-center gap-2">
+          <Skeleton className="size-4 rounded" />
+          <div className="space-y-1.5">
+            <Skeleton className="h-4 w-24 rounded" />
+            <Skeleton className="h-3.5 w-16 rounded" />
+          </div>
+        </div>
+      </TableCell>
       {/* Last seen */}
       <TableCell className={cellClassName}>
         <Skeleton className="h-4.5 w-24 rounded" />