docs(api): add Silk profiling and improve test data guidance

docs(api): update guide with project-specific patterns
- Add rls_transaction usage examples - Add DJANGO_LOGGING_LEVEL=DEBUG option - Add RLS context for raw SQL (set_config) - Add section on partitioned tables index creation - Improve index design guidance for RLS
2026-06-10 21:42:29 +00:00 · 2025-12-16 15:19:06 +01:00 · 2025-12-09 12:47:48 +01:00 · 2025-12-09 12:43:00 +01:00
1728 changed files with 14884 additions and 57177 deletions
@@ -15,13 +15,6 @@ AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="
 # Google Tag Manager ID
 NEXT_PUBLIC_GOOGLE_TAG_MANAGER_ID=""

-#### MCP Server ####
-PROWLER_MCP_VERSION=stable
-# For UI and MCP running on docker:
-PROWLER_MCP_SERVER_URL=http://mcp-server:8000/mcp
-# For UI running on host, MCP in docker:
-# PROWLER_MCP_SERVER_URL=http://localhost:8000/mcp
-
 #### Code Review Configuration ####
 # Enable Claude Code standards validation on pre-push hook
 # Set to 'true' to validate changes against AGENTS.md standards via Claude Code
@@ -119,7 +112,7 @@ NEXT_PUBLIC_SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT}


 #### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.16.0
+NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.12.2

 # Social login credentials
 SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
@@ -46,11 +46,6 @@ provider/oci:
  - changed-files:
      - any-glob-to-any-file: "prowler/providers/oraclecloud/**"
      - any-glob-to-any-file: "tests/providers/oraclecloud/**"
-      
-provider/alibabacloud:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/alibabacloud/**"
-      - any-glob-to-any-file: "tests/providers/alibabacloud/**"

 github_actions:
  - changed-files:
@@ -74,8 +69,6 @@ mutelist:
      - any-glob-to-any-file: "tests/providers/gcp/lib/mutelist/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/lib/mutelist/**"
      - any-glob-to-any-file: "tests/providers/mongodbatlas/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/oci/lib/mutelist/**"
-      - any-glob-to-any-file: "tests/providers/alibabacloud/lib/mutelist/**"

 integration/s3:
  - changed-files:
@@ -14,26 +14,14 @@ Please add a detailed description of how to review this PR.

 ### Checklist

-<details>
-
-<summary><b>Community Checklist</b></summary>
-
- [ ] This feature/issue is listed in [here](https://github.com/prowler-cloud/prowler/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen) or roadmap.prowler.com
- [ ] Is it assigned to me, if not, request it via the issue/feature in [here](https://github.com/prowler-cloud/prowler/issues?q=sort%3Aupdated-desc+is%3Aissue+is%3Aopen) or [Prowler Community Slack](goto.prowler.com/slack)
-
-</details>
-
-
+- Are there new checks included in this PR? Yes / No
+    - If so, do we need to update permissions for the provider? Please review this carefully.
 - [ ] Review if the code is being covered by tests.
 - [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
 - [ ] Review if backport is needed.
 - [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)
 - [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/prowler/CHANGELOG.md), if applicable.

-#### SDK/CLI
- Are there new checks included in this PR? Yes / No
-    - If so, do we need to update permissions for the provider? Please review this carefully.
-
 #### UI
 - [ ] All issue/task requirements work as expected on the UI
 - [ ] Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
@@ -42,13 +30,9 @@ Please add a detailed description of how to review this PR.
 - [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/ui/CHANGELOG.md), if applicable.

 #### API
- [ ] All issue/task requirements work as expected on the API
- [ ] Endpoint response output (if applicable)
- [ ] EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
- [ ] Performance test results (if applicable)
- [ ] Any other relevant evidence of the implementation (if applicable)
 - [ ] Verify if API specs need to be regenerated.
 - [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
+- [ ] Query performance validated with `EXPLAIN ANALYZE` for new/modified endpoints. See [Query Performance Guide](https://github.com/prowler-cloud/prowler/blob/master/api/docs/query-performance-guide.md).
 - [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/api/CHANGELOG.md), if applicable.

 ### License
@@ -1,254 +0,0 @@
-name: 'API: Bump Version'
-
-on:
-  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
-
-env:
-  PROWLER_VERSION: ${{ github.event.release.tag_name }}
-  BASE_BRANCH: master
-
-jobs:
-  detect-release-type:
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
-      current_api_version: ${{ steps.get_api_version.outputs.current_api_version }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Get current API version
-        id: get_api_version
-        run: |
-          CURRENT_API_VERSION=$(grep -oP '^version = "\K[^"]+' api/pyproject.toml)
-          echo "current_api_version=${CURRENT_API_VERSION}" >> "${GITHUB_OUTPUT}"
-          echo "Current API version: $CURRENT_API_VERSION"
-
-      - name: Detect release type and parse version
-        id: detect
-        run: |
-          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            MAJOR_VERSION=${BASH_REMATCH[1]}
-            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
-
-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
-
-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
-
-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
-            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
-            fi
-          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
-            exit 1
-          fi
-
-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next API minor version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          CURRENT_API_VERSION="${{ needs.detect-release-type.outputs.current_api_version }}"
-
-          # API version follows Prowler minor + 1
-          # For Prowler 5.17.0 -> API 1.18.0
-          # For next master (Prowler 5.18.0) -> API 1.19.0
-          NEXT_API_VERSION=1.$((MINOR_VERSION + 2)).0
-
-          echo "CURRENT_API_VERSION=${CURRENT_API_VERSION}" >> "${GITHUB_ENV}"
-          echo "NEXT_API_VERSION=${NEXT_API_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Prowler release version: ${MAJOR_VERSION}.${MINOR_VERSION}.0"
-          echo "Current API version: $CURRENT_API_VERSION"
-          echo "Next API minor version (for master): $NEXT_API_VERSION"
-
-      - name: Bump API versions in files for master
-        run: |
-          set -e
-
-          sed -i "s|version = \"${CURRENT_API_VERSION}\"|version = \"${NEXT_API_VERSION}\"|" api/pyproject.toml
-          sed -i "s|spectacular_settings.VERSION = \"${CURRENT_API_VERSION}\"|spectacular_settings.VERSION = \"${NEXT_API_VERSION}\"|" api/src/backend/api/v1/views.py
-          sed -i "s|  version: ${CURRENT_API_VERSION}|  version: ${NEXT_API_VERSION}|" api/src/backend/api/specs/v1.yaml
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next API minor version to master
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'chore(api): Bump version to v${{ env.NEXT_API_VERSION }}'
-          branch: api-version-bump-to-v${{ env.NEXT_API_VERSION }}
-          title: 'chore(api): Bump version to v${{ env.NEXT_API_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler API version to v${{ env.NEXT_API_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: Checkout version branch
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first API patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          CURRENT_API_VERSION="${{ needs.detect-release-type.outputs.current_api_version }}"
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          # API version follows Prowler minor + 1
-          # For Prowler 5.17.0 release -> version branch v5.17 should have API 1.18.1
-          FIRST_API_PATCH_VERSION=1.$((MINOR_VERSION + 1)).1
-
-          echo "CURRENT_API_VERSION=${CURRENT_API_VERSION}" >> "${GITHUB_ENV}"
-          echo "FIRST_API_PATCH_VERSION=${FIRST_API_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Prowler release version: ${MAJOR_VERSION}.${MINOR_VERSION}.0"
-          echo "First API patch version (for ${VERSION_BRANCH}): $FIRST_API_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
-
-      - name: Bump API versions in files for version branch
-        run: |
-          set -e
-
-          sed -i "s|version = \"${CURRENT_API_VERSION}\"|version = \"${FIRST_API_PATCH_VERSION}\"|" api/pyproject.toml
-          sed -i "s|spectacular_settings.VERSION = \"${CURRENT_API_VERSION}\"|spectacular_settings.VERSION = \"${FIRST_API_PATCH_VERSION}\"|" api/src/backend/api/v1/views.py
-          sed -i "s|  version: ${CURRENT_API_VERSION}|  version: ${FIRST_API_PATCH_VERSION}|" api/src/backend/api/specs/v1.yaml
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for first API patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(api): Bump version to v${{ env.FIRST_API_PATCH_VERSION }}'
-          branch: api-version-bump-to-v${{ env.FIRST_API_PATCH_VERSION }}
-          title: 'chore(api): Bump version to v${{ env.FIRST_API_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler API version to v${{ env.FIRST_API_PATCH_VERSION }} in version branch after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next API patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-          CURRENT_API_VERSION="${{ needs.detect-release-type.outputs.current_api_version }}"
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          # Extract current API patch to increment it
-          if [[ $CURRENT_API_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            API_PATCH=${BASH_REMATCH[3]}
-
-            # API version follows Prowler minor + 1
-            # Keep same API minor (based on Prowler minor), increment patch
-            NEXT_API_PATCH_VERSION=1.$((MINOR_VERSION + 1)).$((API_PATCH + 1))
-
-            echo "CURRENT_API_VERSION=${CURRENT_API_VERSION}" >> "${GITHUB_ENV}"
-            echo "NEXT_API_PATCH_VERSION=${NEXT_API_PATCH_VERSION}" >> "${GITHUB_ENV}"
-            echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-            echo "Prowler release version: ${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}"
-            echo "Current API version: $CURRENT_API_VERSION"
-            echo "Next API patch version: $NEXT_API_PATCH_VERSION"
-            echo "Target branch: $VERSION_BRANCH"
-          else
-            echo "::error::Invalid API version format: $CURRENT_API_VERSION"
-            exit 1
-          fi
-
-      - name: Bump API versions in files for version branch
-        run: |
-          set -e
-
-          sed -i "s|version = \"${CURRENT_API_VERSION}\"|version = \"${NEXT_API_PATCH_VERSION}\"|" api/pyproject.toml
-          sed -i "s|spectacular_settings.VERSION = \"${CURRENT_API_VERSION}\"|spectacular_settings.VERSION = \"${NEXT_API_PATCH_VERSION}\"|" api/src/backend/api/v1/views.py
-          sed -i "s|  version: ${CURRENT_API_VERSION}|  version: ${NEXT_API_PATCH_VERSION}|" api/src/backend/api/specs/v1.yaml
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next API patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(api): Bump version to v${{ env.NEXT_API_PATCH_VERSION }}'
-          branch: api-version-bump-to-v${{ env.NEXT_API_PATCH_VERSION }}
-          title: 'chore(api): Bump version to v${{ env.NEXT_API_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler API version to v${{ env.NEXT_API_PATCH_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -33,11 +33,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for API changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            api/**
@@ -42,15 +42,15 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/api-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          category: '/language:${{ matrix.language }}'
@@ -57,7 +57,7 @@ jobs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Notify container push started
        id: slack-notification
@@ -93,7 +93,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Login to DockerHub
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -102,7 +102,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build and push API container for ${{ matrix.arch }}
        id: container-push
@@ -120,18 +120,18 @@ jobs:
  # Create and push multi-architecture manifest
  create-manifest:
    needs: [setup, container-build-push]
-    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
+    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Create and push manifests for push event
        if: github.event_name == 'push'
@@ -170,7 +170,7 @@ jobs:
    timeout-minutes: 5
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Determine overall outcome
        id: outcome
@@ -198,8 +198,8 @@ jobs:
          update-ts: ${{ needs.notify-release-started.outputs.message-ts }}

  trigger-deployment:
+    if: github.event_name == 'push'
    needs: [setup, container-build-push]
-    if: always() && github.event_name == 'push' && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
@@ -207,7 +207,7 @@ jobs:

    steps:
      - name: Trigger API deployment
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -20,7 +20,6 @@ env:

 jobs:
  api-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
@@ -28,11 +27,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check if Dockerfile changed
        id: dockerfile-changed
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: api/Dockerfile

@@ -44,7 +43,6 @@ jobs:
          ignore: DL3013

  api-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ${{ matrix.runner }}
    strategy:
      matrix:
@@ -63,11 +61,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for API changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: api/**
          files_ignore: |
@@ -77,7 +75,7 @@ jobs:

      - name: Set up Docker Buildx
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build container for ${{ matrix.arch }}
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -92,7 +90,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}

      - name: Scan container with Trivy for ${{ matrix.arch }}
-        if: steps.check-changes.outputs.any_changed == 'true'
+        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
        uses: ./.github/actions/trivy-scan
        with:
          image-name: ${{ env.IMAGE_NAME }}
@@ -33,11 +33,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for API changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            api/**
@@ -60,7 +60,9 @@ jobs:

      - name: Safety
        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run safety check
+        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
+        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
+        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745

      - name: Vulture
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -73,11 +73,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for API changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            api/**
@@ -100,7 +100,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -1,247 +0,0 @@
-name: 'Docs: Bump Version'
-
-on:
-  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
-
-env:
-  PROWLER_VERSION: ${{ github.event.release.tag_name }}
-  BASE_BRANCH: master
-
-jobs:
-  detect-release-type:
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
-      current_docs_version: ${{ steps.get_docs_version.outputs.current_docs_version }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Get current documentation version
-        id: get_docs_version
-        run: |
-          CURRENT_DOCS_VERSION=$(grep -oP 'PROWLER_UI_VERSION="\K[^"]+' docs/getting-started/installation/prowler-app.mdx)
-          echo "current_docs_version=${CURRENT_DOCS_VERSION}" >> "${GITHUB_OUTPUT}"
-          echo "Current documentation version: $CURRENT_DOCS_VERSION"
-
-      - name: Detect release type and parse version
-        id: detect
-        run: |
-          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            MAJOR_VERSION=${BASH_REMATCH[1]}
-            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
-
-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
-
-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
-
-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
-            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
-            fi
-          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
-            exit 1
-          fi
-
-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next minor version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          CURRENT_DOCS_VERSION="${{ needs.detect-release-type.outputs.current_docs_version }}"
-
-          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
-          echo "CURRENT_DOCS_VERSION=${CURRENT_DOCS_VERSION}" >> "${GITHUB_ENV}"
-          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Current documentation version: $CURRENT_DOCS_VERSION"
-          echo "Current release version: $PROWLER_VERSION"
-          echo "Next minor version: $NEXT_MINOR_VERSION"
-
-      - name: Bump versions in documentation for master
-        run: |
-          set -e
-
-          # Update prowler-app.mdx with current release version
-          sed -i "s|PROWLER_UI_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_UI_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-          sed -i "s|PROWLER_API_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_API_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for documentation update to master
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          branch: docs-version-update-to-v${{ env.PROWLER_VERSION }}
-          title: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Update Prowler documentation version references to v${{ env.PROWLER_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `docs/getting-started/installation/prowler-app.mdx`: `PROWLER_UI_VERSION` and `PROWLER_API_VERSION`
-            - All `*.mdx` files with `<VersionBadge>` components
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: Checkout version branch
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          CURRENT_DOCS_VERSION="${{ needs.detect-release-type.outputs.current_docs_version }}"
-
-          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "CURRENT_DOCS_VERSION=${CURRENT_DOCS_VERSION}" >> "${GITHUB_ENV}"
-          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "First patch version: $FIRST_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
-
-      - name: Bump versions in documentation for version branch
-        run: |
-          set -e
-
-          # Update prowler-app.mdx with current release version
-          sed -i "s|PROWLER_UI_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_UI_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-          sed -i "s|PROWLER_API_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_API_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for documentation update to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          branch: docs-version-update-to-v${{ env.PROWLER_VERSION }}-branch
-          title: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Update Prowler documentation version references to v${{ env.PROWLER_VERSION }} in version branch after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `docs/getting-started/installation/prowler-app.mdx`: `PROWLER_UI_VERSION` and `PROWLER_API_VERSION`
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-          CURRENT_DOCS_VERSION="${{ needs.detect-release-type.outputs.current_docs_version }}"
-
-          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "CURRENT_DOCS_VERSION=${CURRENT_DOCS_VERSION}" >> "${GITHUB_ENV}"
-          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Current documentation version: $CURRENT_DOCS_VERSION"
-          echo "Current release version: $PROWLER_VERSION"
-          echo "Next patch version: $NEXT_PATCH_VERSION"
-          echo "Target branch: $VERSION_BRANCH"
-
-      - name: Bump versions in documentation for patch version
-        run: |
-          set -e
-
-          # Update prowler-app.mdx with current release version
-          sed -i "s|PROWLER_UI_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_UI_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-          sed -i "s|PROWLER_API_VERSION=\"${CURRENT_DOCS_VERSION}\"|PROWLER_API_VERSION=\"${PROWLER_VERSION}\"|" docs/getting-started/installation/prowler-app.mdx
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for documentation update to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          branch: docs-version-update-to-v${{ env.PROWLER_VERSION }}
-          title: 'docs: Update version to v${{ env.PROWLER_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Update Prowler documentation version references to v${{ env.PROWLER_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `docs/getting-started/installation/prowler-app.mdx`: `PROWLER_UI_VERSION` and `PROWLER_API_VERSION`
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -23,11 +23,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0

      - name: Scan for secrets with TruffleHog
-        uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4
+        uses: trufflesecurity/trufflehog@b84c3d14d189e16da175e2c27fa8136603783ffc # v3.90.12
        with:
          extra_args: '--results=verified,unknown'
@@ -56,7 +56,7 @@ jobs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Notify container push started
        id: slack-notification
@@ -91,7 +91,7 @@ jobs:
      packages: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Login to DockerHub
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -100,7 +100,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build and push MCP container for ${{ matrix.arch }}
        id: container-push
@@ -126,18 +126,18 @@ jobs:
  # Create and push multi-architecture manifest
  create-manifest:
    needs: [setup, container-build-push]
-    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
+    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Create and push manifests for push event
        if: github.event_name == 'push'
@@ -176,7 +176,7 @@ jobs:
    timeout-minutes: 5
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Determine overall outcome
        id: outcome
@@ -204,8 +204,8 @@ jobs:
          update-ts: ${{ needs.notify-release-started.outputs.message-ts }}

  trigger-deployment:
+    if: github.event_name == 'push'
    needs: [setup, container-build-push]
-    if: always() && github.event_name == 'push' && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
@@ -213,7 +213,7 @@ jobs:

    steps:
      - name: Trigger MCP deployment
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -20,7 +20,6 @@ env:

 jobs:
  mcp-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
@@ -28,11 +27,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check if Dockerfile changed
        id: dockerfile-changed
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: mcp_server/Dockerfile

@@ -43,7 +42,6 @@ jobs:
          dockerfile: mcp_server/Dockerfile

  mcp-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ${{ matrix.runner }}
    strategy:
      matrix:
@@ -62,11 +60,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for MCP changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: mcp_server/**
          files_ignore: |
@@ -75,7 +73,7 @@ jobs:

      - name: Set up Docker Buildx
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build MCP container for ${{ matrix.arch }}
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -90,7 +88,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}

      - name: Scan MCP container with Trivy for ${{ matrix.arch }}
-        if: steps.check-changes.outputs.any_changed == 'true'
+        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
        uses: ./.github/actions/trivy-scan
        with:
          image-name: ${{ env.IMAGE_NAME }}
@@ -1,81 +0,0 @@
-name: "MCP: PyPI Release"
-
-on:
-  release:
-    types:
-      - "published"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
-
-env:
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: "3.12"
-  WORKING_DIRECTORY: ./mcp_server
-
-jobs:
-  validate-release:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      prowler_version: ${{ steps.parse-version.outputs.version }}
-      major_version: ${{ steps.parse-version.outputs.major }}
-
-    steps:
-      - name: Parse and validate version
-        id: parse-version
-        run: |
-          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-          echo "version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Extract major version
-          MAJOR_VERSION="${PROWLER_VERSION%%.*}"
-          echo "major=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Validate major version (only Prowler 3, 4, 5 supported)
-          case ${MAJOR_VERSION} in
-            3|4|5)
-              echo "✓ Releasing Prowler MCP for tag ${PROWLER_VERSION}"
-              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${MAJOR_VERSION}"
-              exit 1
-              ;;
-          esac
-
-  publish-prowler-mcp:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler-mcp
-      url: https://pypi.org/project/prowler-mcp/
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v7
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Build prowler-mcp package
-        working-directory: ${{ env.WORKING_DIRECTORY }}
-        run: uv build
-
-      - name: Publish prowler-mcp package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          packages-dir: ${{ env.WORKING_DIRECTORY }}/dist/
-          print-hash: true
@@ -29,13 +29,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0

      - name: Get changed files
        id: changed-files
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            api/**
@@ -25,14 +25,14 @@ jobs:

    steps:
      - name: Checkout PR head
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0

      - name: Get changed files
        id: changed-files
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: '**'

@@ -13,10 +13,7 @@ concurrency:

 jobs:
  trigger-cloud-pull-request:
-    if: |
-      github.event.pull_request.merged == true &&
-      github.repository == 'prowler-cloud/prowler' &&
-      !contains(github.event.pull_request.labels.*.name, 'skip-sync')
+    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
@@ -29,7 +26,7 @@ jobs:
          echo "SHORT_SHA=${SHORT_SHA::7}" >> $GITHUB_ENV

      - name: Trigger Cloud repository pull request
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -27,13 +27,13 @@ jobs:
      pull-requests: write
    steps:
    - name: Checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      with:
        fetch-depth: 0
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}

    - name: Set up Python
-      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
      with:
        python-version: '3.12'

@@ -344,7 +344,7 @@ jobs:

    - name: Create PR for API dependency update
      if: ${{ env.PATCH_VERSION == '0' }}
-      uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
        commit-message: 'chore(api): update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}'
@@ -374,7 +374,7 @@ jobs:
          no-changelog

    - name: Create draft release
-      uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+      uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
      with:
        tag_name: ${{ env.PROWLER_VERSION }}
        name: Prowler ${{ env.PROWLER_VERSION }}
@@ -67,7 +67,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Calculate next minor version
        run: |
@@ -86,12 +86,13 @@ jobs:

          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_MINOR_VERSION}\"|" pyproject.toml
          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_MINOR_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff

      - name: Create PR for next minor version to master
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -99,7 +100,7 @@ jobs:
          commit-message: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
          branch: version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
          title: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          labels: no-changelog,skip-sync
+          labels: no-changelog
          body: |
            ### Description

@@ -110,7 +111,7 @@ jobs:
            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

      - name: Checkout version branch
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}

@@ -134,12 +135,13 @@ jobs:

          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${FIRST_PATCH_VERSION}\"|" pyproject.toml
          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${FIRST_PATCH_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff

      - name: Create PR for first patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -147,7 +149,7 @@ jobs:
          commit-message: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
          branch: version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
          title: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
+          labels: no-changelog
          body: |
            ### Description

@@ -167,7 +169,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Calculate next patch version
        run: |
@@ -191,12 +193,13 @@ jobs:

          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_PATCH_VERSION}\"|" pyproject.toml
          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_PATCH_VERSION}\"|" prowler/config/config.py
+          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env

          echo "Files modified:"
          git --no-pager diff

      - name: Create PR for next patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
@@ -204,7 +207,7 @@ jobs:
          commit-message: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
          branch: version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
          title: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
+          labels: no-changelog
          body: |
            ### Description

@@ -31,11 +31,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for SDK changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: ./**
          files_ignore: |
@@ -62,7 +62,7 @@ jobs:

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'poetry'
@@ -79,11 +79,11 @@ jobs:

      - name: Lint with flake8
        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api,skills
+        run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api

      - name: Check format with black
        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run black --exclude api ui skills --check .
+        run: poetry run black --exclude api ui --check .

      - name: Lint with pylint
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -49,15 +49,15 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/sdk-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          category: '/language:${{ matrix.language }}'
@@ -61,10 +61,10 @@ jobs:
      stable_tag: ${{ steps.get-prowler-version.outputs.stable_tag }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -115,7 +115,7 @@ jobs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Notify container push started
        id: slack-notification
@@ -151,7 +151,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Login to DockerHub
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -169,7 +169,7 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build and push SDK container for ${{ matrix.arch }}
        id: container-push
@@ -188,18 +188,18 @@ jobs:
  # Create and push multi-architecture manifest
  create-manifest:
    needs: [setup, container-build-push]
-    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
+    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -208,7 +208,7 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Create and push manifests for push event
        if: github.event_name == 'push'
@@ -252,7 +252,7 @@ jobs:
    timeout-minutes: 5
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Determine overall outcome
        id: outcome
@@ -280,8 +280,8 @@ jobs:
          update-ts: ${{ needs.notify-release-started.outputs.message-ts }}

  dispatch-v3-deployment:
+    if: needs.setup.outputs.prowler_version_major == '3'
    needs: [setup, container-build-push]
-    if: always() && needs.setup.outputs.prowler_version_major == '3' && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
@@ -294,7 +294,7 @@ jobs:

      - name: Dispatch v3 deployment (latest)
        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
@@ -303,7 +303,7 @@ jobs:

      - name: Dispatch v3 deployment (release)
        if: github.event_name == 'release'
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
@@ -27,11 +27,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check if Dockerfile changed
        id: dockerfile-changed
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: Dockerfile

@@ -62,11 +62,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for SDK changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: ./**
          files_ignore: |
@@ -89,7 +89,7 @@ jobs:

      - name: Set up Docker Buildx
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build SDK container for ${{ matrix.arch }}
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -104,7 +104,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}

      - name: Scan SDK container with Trivy for ${{ matrix.arch }}
-        if: steps.check-changes.outputs.any_changed == 'true'
+        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
        uses: ./.github/actions/trivy-scan
        with:
          image-name: ${{ env.IMAGE_NAME }}
@@ -59,13 +59,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Poetry
        run: pipx install poetry==2.1.1

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'poetry'
@@ -91,13 +91,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Install Poetry
        run: pipx install poetry==2.1.1

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'poetry'
@@ -25,12 +25,12 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: 'master'

      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip'
@@ -39,7 +39,7 @@ jobs:
        run: pip install boto3

      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
        with:
          aws-region: ${{ env.AWS_REGION }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,7 +50,7 @@ jobs:

      - name: Create pull request
        id: create-pr
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
@@ -24,15 +24,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for SDK changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
-          files: 
-            ./**
-            .github/workflows/sdk-security.yml
+          files: ./**
          files_ignore: |
            .github/**
            prowler/CHANGELOG.md
@@ -57,7 +55,7 @@ jobs:

      - name: Set up Python 3.12
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: '3.12'
          cache: 'poetry'
@@ -72,7 +70,7 @@ jobs:

      - name: Security scan with Safety
        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run safety check -r pyproject.toml
+        run: poetry run safety check --ignore 70612 -r pyproject.toml

      - name: Dead code detection with Vulture
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -31,11 +31,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for SDK changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: ./**
          files_ignore: |
@@ -62,7 +62,7 @@ jobs:

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'poetry'
@@ -75,7 +75,7 @@ jobs:
      - name: Check if AWS files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-aws
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/aws/**
@@ -189,7 +189,7 @@ jobs:

      - name: Upload AWS coverage to Codecov
        if: steps.changed-aws.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -200,7 +200,7 @@ jobs:
      - name: Check if Azure files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-azure
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/azure/**
@@ -213,7 +213,7 @@ jobs:

      - name: Upload Azure coverage to Codecov
        if: steps.changed-azure.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -224,7 +224,7 @@ jobs:
      - name: Check if GCP files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-gcp
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/gcp/**
@@ -237,7 +237,7 @@ jobs:

      - name: Upload GCP coverage to Codecov
        if: steps.changed-gcp.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -248,7 +248,7 @@ jobs:
      - name: Check if Kubernetes files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-kubernetes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/kubernetes/**
@@ -261,7 +261,7 @@ jobs:

      - name: Upload Kubernetes coverage to Codecov
        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -272,7 +272,7 @@ jobs:
      - name: Check if GitHub files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-github
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/github/**
@@ -285,7 +285,7 @@ jobs:

      - name: Upload GitHub coverage to Codecov
        if: steps.changed-github.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -296,7 +296,7 @@ jobs:
      - name: Check if NHN files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-nhn
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/nhn/**
@@ -309,7 +309,7 @@ jobs:

      - name: Upload NHN coverage to Codecov
        if: steps.changed-nhn.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -320,7 +320,7 @@ jobs:
      - name: Check if M365 files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-m365
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/m365/**
@@ -333,7 +333,7 @@ jobs:

      - name: Upload M365 coverage to Codecov
        if: steps.changed-m365.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -344,7 +344,7 @@ jobs:
      - name: Check if IaC files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-iac
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/iac/**
@@ -357,7 +357,7 @@ jobs:

      - name: Upload IaC coverage to Codecov
        if: steps.changed-iac.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -368,7 +368,7 @@ jobs:
      - name: Check if MongoDB Atlas files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-mongodbatlas
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/mongodbatlas/**
@@ -381,7 +381,7 @@ jobs:

      - name: Upload MongoDB Atlas coverage to Codecov
        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -392,7 +392,7 @@ jobs:
      - name: Check if OCI files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-oraclecloud
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/**/oraclecloud/**
@@ -405,7 +405,7 @@ jobs:

      - name: Upload OCI coverage to Codecov
        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -416,7 +416,7 @@ jobs:
      - name: Check if Lib files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-lib
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/lib/**
@@ -429,7 +429,7 @@ jobs:

      - name: Upload Lib coverage to Codecov
        if: steps.changed-lib.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -440,7 +440,7 @@ jobs:
      - name: Check if Config files changed
        if: steps.check-changes.outputs.any_changed == 'true'
        id: changed-config
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ./prowler/config/**
@@ -453,7 +453,7 @@ jobs:

      - name: Upload Config coverage to Codecov
        if: steps.changed-config.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -1,221 +0,0 @@
-name: 'UI: Bump Version'
-
-on:
-  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
-
-env:
-  PROWLER_VERSION: ${{ github.event.release.tag_name }}
-  BASE_BRANCH: master
-
-jobs:
-  detect-release-type:
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
-    steps:
-      - name: Detect release type and parse version
-        id: detect
-        run: |
-          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            MAJOR_VERSION=${BASH_REMATCH[1]}
-            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
-
-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
-
-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
-
-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
-            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
-            fi
-          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
-            exit 1
-          fi
-
-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next minor version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-
-          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
-          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"
-
-          echo "Current version: $PROWLER_VERSION"
-          echo "Next minor version: $NEXT_MINOR_VERSION"
-
-      - name: Bump UI version in .env for master
-        run: |
-          set -e
-
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next minor version to master
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'chore(ui): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          branch: ui-version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
-          title: 'chore(ui): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler UI version to v${{ env.NEXT_MINOR_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `.env`: `NEXT_PUBLIC_PROWLER_RELEASE_VERSION`
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: Checkout version branch
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-
-          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "First patch version: $FIRST_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
-
-      - name: Bump UI version in .env for version branch
-        run: |
-          set -e
-
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for first patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(ui): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          branch: ui-version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
-          title: 'chore(ui): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler UI version to v${{ env.FIRST_PATCH_VERSION }} in version branch after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `.env`: `NEXT_PUBLIC_PROWLER_RELEASE_VERSION`
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-
-      - name: Calculate next patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-
-          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Current version: $PROWLER_VERSION"
-          echo "Next patch version: $NEXT_PATCH_VERSION"
-          echo "Target branch: $VERSION_BRANCH"
-
-      - name: Bump UI version in .env for version branch
-        run: |
-          set -e
-
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next patch version to version branch
-        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(ui): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          branch: ui-version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
-          title: 'chore(ui): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          labels: no-changelog,skip-sync
-          body: |
-            ### Description
-
-            Bump Prowler UI version to v${{ env.NEXT_PATCH_VERSION }} after releasing Prowler v${{ env.PROWLER_VERSION }}.
-
-            ### Files Updated
-            - `.env`: `NEXT_PUBLIC_PROWLER_RELEASE_VERSION`
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -45,15 +45,15 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          category: '/language:${{ matrix.language }}'
@@ -59,7 +59,7 @@ jobs:
      message-ts: ${{ steps.slack-notification.outputs.ts }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Notify container push started
        id: slack-notification
@@ -95,7 +95,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Login to DockerHub
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
@@ -104,7 +104,7 @@ jobs:
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build and push UI container for ${{ matrix.arch }}
        id: container-push
@@ -125,18 +125,18 @@ jobs:
  # Create and push multi-architecture manifest
  create-manifest:
    needs: [setup, container-build-push]
-    if: always() && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
+    if: github.event_name == 'push' || github.event_name == 'release' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    steps:
      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Create and push manifests for push event
        if: github.event_name == 'push'
@@ -175,7 +175,7 @@ jobs:
    timeout-minutes: 5
    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Determine overall outcome
        id: outcome
@@ -203,8 +203,8 @@ jobs:
          update-ts: ${{ needs.notify-release-started.outputs.message-ts }}

  trigger-deployment:
+    if: github.event_name == 'push'
    needs: [setup, container-build-push]
-    if: always() && github.event_name == 'push' && needs.setup.result == 'success' && needs.container-build-push.result == 'success'
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
@@ -212,7 +212,7 @@ jobs:

    steps:
      - name: Trigger UI deployment
-        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1
+        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -20,7 +20,6 @@ env:

 jobs:
  ui-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
@@ -28,11 +27,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check if Dockerfile changed
        id: dockerfile-changed
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: ui/Dockerfile

@@ -44,7 +43,6 @@ jobs:
          ignore: DL3018

  ui-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ${{ matrix.runner }}
    strategy:
      matrix:
@@ -63,11 +61,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for UI changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: ui/**
          files_ignore: |
@@ -76,7 +74,7 @@ jobs:

      - name: Set up Docker Buildx
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build UI container for ${{ matrix.arch }}
        if: steps.check-changes.outputs.any_changed == 'true'
@@ -94,7 +92,7 @@ jobs:
            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX

      - name: Scan UI container with Trivy for ${{ matrix.arch }}
-        if: steps.check-changes.outputs.any_changed == 'true'
+        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
        uses: ./.github/actions/trivy-scan
        with:
          image-name: ${{ env.IMAGE_NAME }}
@@ -54,7 +54,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Create k8s Kind Cluster
        uses: helm/kind-action@v1
        with:
@@ -114,7 +114,7 @@ jobs:
            echo "All database fixtures loaded successfully!"
          '
      - name: Setup Node.js environment
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: '20.x'
      - name: Setup pnpm
@@ -126,7 +126,7 @@ jobs:
        shell: bash
        run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
      - name: Setup pnpm cache
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        with:
          path: ${{ env.STORE_PATH }}
          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('ui/pnpm-lock.yaml') }}
@@ -139,7 +139,7 @@ jobs:
        working-directory: ./ui
        run: pnpm run build
      - name: Cache Playwright browsers
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        id: playwright-cache
        with:
          path: ~/.cache/ms-playwright
@@ -154,7 +154,7 @@ jobs:
        working-directory: ./ui
        run: pnpm run test:e2e
      - name: Upload test reports
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        if: failure()
        with:
          name: playwright-report
@@ -30,11 +30,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Check for UI changes
        id: check-changes
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            ui/**
@@ -45,7 +45,7 @@ jobs:

      - name: Setup Node.js ${{ env.NODE_VERSION }}
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: ${{ env.NODE_VERSION }}

@@ -63,7 +63,7 @@ jobs:

      - name: Setup pnpm cache
        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        with:
          path: ${{ env.STORE_PATH }}
          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('ui/pnpm-lock.yaml') }}
@@ -82,9 +82,6 @@ continue.json
 .continuerc
 .continuerc.json

-# AI Coding Assistants - OpenCode
-opencode.json
-
 # AI Coding Assistants - GitHub Copilot
 .copilot/
 .github/copilot/
@@ -155,9 +152,3 @@ CLAUDE.md

 # Compliance report
 *.pdf
-
-# AI Skills symlinks (generated by skills/setup.sh)
-.claude/skills
-.codex/skills
-.github/skills
-.gemini/skills
@@ -34,7 +34,6 @@ repos:
    rev: v2.3.1
    hooks:
      - id: autoflake
-        exclude: ^skills/
        args:
          [
            "--in-place",
@@ -46,20 +45,18 @@ repos:
    rev: 5.13.2
    hooks:
      - id: isort
-        exclude: ^skills/
        args: ["--profile", "black"]

  - repo: https://github.com/psf/black
    rev: 24.4.2
    hooks:
      - id: black
-        exclude: ^skills/

  - repo: https://github.com/pycqa/flake8
    rev: 7.0.0
    hooks:
      - id: flake8
-        exclude: (contrib|^skills/)
+        exclude: contrib
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
@@ -112,7 +109,7 @@ repos:
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
-        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/,./skills/' -r .'
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
        language: system
        files: '.*\.py'

@@ -126,7 +123,7 @@ repos:
      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
-        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/,skills/" --min-confidence 100 .'
+        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
        language: system
        files: '.*\.py'

@@ -2,83 +2,109 @@

 ## How to Use This Guide

- Start here for cross-project norms. Prowler is a monorepo with several components.
- Each component has an `AGENTS.md` file with specific guidelines (e.g., `api/AGENTS.md`, `ui/AGENTS.md`).
- Component docs override this file when guidance conflicts.
-
-## Available Skills
-
-Use these skills for detailed patterns on-demand:
-
-### Generic Skills (Any Project)
-| Skill | Description | URL |
-|-------|-------------|-----|
-| `typescript` | Const types, flat interfaces, utility types | [SKILL.md](skills/typescript/SKILL.md) |
-| `react-19` | No useMemo/useCallback, React Compiler | [SKILL.md](skills/react-19/SKILL.md) |
-| `nextjs-15` | App Router, Server Actions, streaming | [SKILL.md](skills/nextjs-15/SKILL.md) |
-| `tailwind-4` | cn() utility, no var() in className | [SKILL.md](skills/tailwind-4/SKILL.md) |
-| `playwright` | Page Object Model, MCP workflow, selectors | [SKILL.md](skills/playwright/SKILL.md) |
-| `pytest` | Fixtures, mocking, markers, parametrize | [SKILL.md](skills/pytest/SKILL.md) |
-| `django-drf` | ViewSets, Serializers, Filters | [SKILL.md](skills/django-drf/SKILL.md) |
-| `zod-4` | New API (z.email(), z.uuid()) | [SKILL.md](skills/zod-4/SKILL.md) |
-| `zustand-5` | Persist, selectors, slices | [SKILL.md](skills/zustand-5/SKILL.md) |
-| `ai-sdk-5` | UIMessage, streaming, LangChain | [SKILL.md](skills/ai-sdk-5/SKILL.md) |
-
-### Prowler-Specific Skills
-| Skill | Description | URL |
-|-------|-------------|-----|
-| `prowler` | Project overview, component navigation | [SKILL.md](skills/prowler/SKILL.md) |
-| `prowler-api` | Django + RLS + JSON:API patterns | [SKILL.md](skills/prowler-api/SKILL.md) |
-| `prowler-ui` | Next.js + shadcn conventions | [SKILL.md](skills/prowler-ui/SKILL.md) |
-| `prowler-sdk-check` | Create new security checks | [SKILL.md](skills/prowler-sdk-check/SKILL.md) |
-| `prowler-mcp` | MCP server tools and models | [SKILL.md](skills/prowler-mcp/SKILL.md) |
-| `prowler-test-sdk` | SDK testing (pytest + moto) | [SKILL.md](skills/prowler-test-sdk/SKILL.md) |
-| `prowler-test-api` | API testing (pytest-django + RLS) | [SKILL.md](skills/prowler-test-api/SKILL.md) |
-| `prowler-test-ui` | E2E testing (Playwright) | [SKILL.md](skills/prowler-test-ui/SKILL.md) |
-| `prowler-compliance` | Compliance framework structure | [SKILL.md](skills/prowler-compliance/SKILL.md) |
-| `prowler-provider` | Add new cloud providers | [SKILL.md](skills/prowler-provider/SKILL.md) |
-| `prowler-pr` | Pull request conventions | [SKILL.md](skills/prowler-pr/SKILL.md) |
-| `prowler-docs` | Documentation style guide | [SKILL.md](skills/prowler-docs/SKILL.md) |
-| `skill-creator` | Create new AI agent skills | [SKILL.md](skills/skill-creator/SKILL.md) |
-
---
+- Start here for cross-project norms, Prowler is a monorepo with several components. Every component should have an `AGENTS.md` file that contains the guidelines for the agents in that component. The file is located beside the code you are touching (e.g. `api/AGENTS.md`, `ui/AGENTS.md`, `prowler/AGENTS.md`).
+- Follow the stricter rule when guidance conflicts; component docs override this file for their scope.
+- Keep instructions synchronized. When you add new workflows or scripts, update both, the relevant component `AGENTS.md` and this file if they apply broadly.

 ## Project Overview

-Prowler is an open-source cloud security assessment tool supporting AWS, Azure, GCP, Kubernetes, GitHub, M365, and more.
+Prowler is an open-source cloud security assessment tool that supports multiple cloud providers (AWS, Azure, GCP, Kubernetes, GitHub, M365, etc.). The project consists in a monorepo with the following main components:

-| Component | Location | Tech Stack |
-|-----------|----------|------------|
-| SDK | `prowler/` | Python 3.9+, Poetry |
-| API | `api/` | Django 5.1, DRF, Celery |
-| UI | `ui/` | Next.js 15, React 19, Tailwind 4 |
-| MCP Server | `mcp_server/` | FastMCP, Python 3.12+ |
-| Dashboard | `dashboard/` | Dash, Plotly |
+- **Prowler SDK**: Python SDK, includes the Prowler CLI, providers, services, checks, compliances, config, etc. (`prowler/`)
+- **Prowler API**: Django-based REST API backend (`api/`)
+- **Prowler UI**: Next.js frontend application (`ui/`)
+- **Prowler MCP Server**: Model Context Protocol server that gives access to the entire Prowler ecosystem for LLMs (`mcp_server/`)
+- **Prowler Dashboard**: Prowler CLI feature that allows to visualize the results of the scans in a simple dashboard (`dashboard/`)

---
+### Project Structure (Key Folders & Files)
+
+- `prowler/`: Main source code for Prowler SDK (CLI, providers, services, checks, compliances, config, etc.)
+- `api/`: Django-based REST API backend components
+- `ui/`: Next.js frontend application
+- `mcp_server/`: Model Context Protocol server that gives access to the entire Prowler ecosystem for LLMs
+- `dashboard/`: Prowler CLI feature that allows to visualize the results of the scans in a simple dashboard
+- `docs/`: Documentation
+- `examples/`: Example output formats for providers and scripts
+- `permissions/`: Permission-related files and policies
+- `contrib/`: Community-contributed scripts or modules
+- `tests/`: Prowler SDK test suite
+- `docker-compose.yml`: Docker compose file to run the Prowler App (API + UI) production environment
+- `docker-compose-dev.yml`: Docker compose file to run the Prowler App (API + UI) development environment
+- `pyproject.toml`: Poetry Prowler SDK project file
+- `.pre-commit-config.yaml`: Pre-commit hooks configuration
+- `Makefile`: Makefile to run the project
+- `LICENSE`: License file
+- `README.md`: README file
+- `CONTRIBUTING.md`: Contributing guide

 ## Python Development

-```bash
-# Setup
-poetry install --with dev
-poetry run pre-commit install
+Most of the code is written in Python, so the main files in the root are focused on Python code.

-# Code quality
+### Poetry Dev Environment
+
+For developing in Python we recommend using `poetry` to manage the dependencies. The minimal version is `2.1.1`. So it is recommended to run all commands using `poetry run ...`.
+
+To install the core dependencies to develop it is needed to run `poetry install --with dev`.
+
+### Pre-commit hooks
+
+The project has pre-commit hooks to lint and format the code. They are installed by running `poetry run pre-commit install`.
+
+When commiting a change, the hooks will be run automatically. Some of them are:
+
+- Code formatting (black, isort)
+- Linting (flake8, pylint)
+- Security checks (bandit, safety, trufflehog)
+- YAML/JSON validation
+- Poetry lock file validation
+
+
+### Linting and Formatting
+
+We use the following tools to lint and format the code:
+
+- `flake8`: for linting the code
+- `black`: for formatting the code
+- `pylint`: for linting the code
+
+You can run all using the `make` command:
+```bash
 poetry run make lint
 poetry run make format
-poetry run pre-commit run --all-files
 ```

---
+Or they will be run automatically when you commit your changes using pre-commit hooks.

 ## Commit & Pull Request Guidelines

-Follow conventional-commit style: `<type>[scope]: <description>`
+For the commit messages and pull requests name follow the conventional-commit style.

-**Types:** `feat`, `fix`, `docs`, `chore`, `perf`, `refactor`, `style`, `test`
+Befire creating a pull request, complete the checklist in `.github/pull_request_template.md`. Summaries should explain deployment impact, highlight review steps, and note changelog or permission updates. Run all relevant tests and linters before requesting review and link screenshots for UI or dashboard changes.

-Before creating a PR:
-1. Complete checklist in `.github/pull_request_template.md`
-2. Run all relevant tests and linters
-3. Link screenshots for UI changes
+### Conventional Commit Style
+
+The Conventional Commits specification is a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of.
+
+The commit message should be structured as follows:
+
+```
+<type>[optional scope]: <description>
+<BLANK LINE>
+[optional body]
+<BLANK LINE>
+[optional footer(s)]
+```
+
+Any line of the commit message cannot be longer 100 characters! This allows the message to be easier to read on GitHub as well as in various git tools
+
+#### Commit Types
+
+- **feat**: code change introuce new functionality to the application
+- **fix**: code change that solve a bug in the codebase
+- **docs**: documentation only changes
+- **chore**: changes related to the build process or auxiliary tools and libraries, that do not affect the application's functionality
+- **perf**: code change that improves performance
+- **refactor**: code change that neither fixes a bug nor adds a feature
+- **style**: changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
+- **test**: adding missing tests or correcting existing tests
@@ -47,12 +47,12 @@ help:     ## Show this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

 ##@ Build no cache
-build-no-cache-dev:
-	docker compose -f docker-compose-dev.yml build --no-cache api-dev worker-dev worker-beat mcp-server
+build-no-cache-dev: 
+	docker compose -f docker-compose-dev.yml build --no-cache api-dev worker-dev worker-beat

 ##@ Development Environment
-run-api-dev: ## Start development environment with API, PostgreSQL, Valkey, MCP, and workers
-	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat mcp-server
+run-api-dev: ## Start development environment with API, PostgreSQL, Valkey, and workers 
+	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat

 ##@ Development Environment
 build-and-run-api-dev: build-no-cache-dev run-api-dev
@@ -6,7 +6,7 @@
  <b><i>Prowler</b> is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.
 </p>
 <p align="center">
-<b>Secure ANY cloud at AI Speed at <a href="https://prowler.com">prowler.com</i></b>
+<b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
 </p>

 <p align="center">
@@ -23,7 +23,6 @@
  <a href="https://hub.docker.com/r/toniblyx/prowler"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/toniblyx/prowler"></a>
  <a href="https://gallery.ecr.aws/prowler-cloud/prowler"><img width="120" height=19" alt="AWS ECR Gallery" src="https://user-images.githubusercontent.com/3985464/151531396-b6535a68-c907-44eb-95a1-a09508178616.png"></a>
  <a href="https://codecov.io/gh/prowler-cloud/prowler"><img src="https://codecov.io/gh/prowler-cloud/prowler/graph/badge.svg?token=OflBGsdpDl"/></a>
-  <a href="https://insights.linuxfoundation.org/project/prowler-cloud-prowler"><img src="https://insights.linuxfoundation.org/api/badge/health-score?project=prowler-cloud-prowler"/></a>
 </p>
 <p align="center">
    <a href="https://github.com/prowler-cloud/prowler/releases"><img alt="Version" src="https://img.shields.io/github/v/release/prowler-cloud/prowler"></a>
@@ -36,32 +35,28 @@
 </p>
 <hr>
 <p align="center">
-  <img align="center" src="/docs/img/prowler-cloud.gif" width="100%" height="100%">
+  <img align="center" src="/docs/img/prowler-cli-quick.gif" width="100%" height="100%">
 </p>

 # Description

-**Prowler** is the world’s most widely used _open-source cloud security platform_ that automates security and compliance across **any cloud environment**. With hundreds of ready-to-use security checks, remediation guidance, and compliance frameworks, Prowler is built to _“Secure ANY cloud at AI Speed”_. Prowler delivers **AI-driven**, **customizable**, and **easy-to-use** assessments, dashboards, reports, and integrations, making cloud security **simple**, **scalable**, and **cost-effective** for organizations of any size.
+**Prowler** is an open-source security tool designed to assess and enforce security best practices across AWS, Azure, Google Cloud, and Kubernetes. It supports tasks such as security audits, incident response, continuous monitoring, system hardening, forensic readiness, and remediation processes.

 Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:

- **Prowler ThreatScore:** Weighted risk prioritization scoring that helps you focus on the most critical security findings first
- **Industry Standards:** CIS, NIST 800, NIST CSF, CISA, and MITRE ATT&CK
- **Regulatory Compliance and Governance:** RBI, FedRAMP, PCI-DSS, and NIS2
+- **Industry Standards:** CIS, NIST 800, NIST CSF, and CISA
+- **Regulatory Compliance and Governance:** RBI, FedRAMP, and PCI-DSS
 - **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC
- **Frameworks for Organizational Governance and Quality Control:** SOC2, GXP, and ISO 27001
- **Cloud-Specific Frameworks:** AWS Foundational Technical Review (FTR), AWS Well-Architected Framework, and BSI C5
- **National Security Standards:** ENS (Spanish National Security Scheme) and KISA ISMS-P (Korean)
+- **Frameworks for Organizational Governance and Quality Control:** SOC2 and GXP
+- **AWS-Specific Frameworks:** AWS Foundational Technical Review (FTR) and AWS Well-Architected Framework (Security Pillar)
+- **National Security Standards:** ENS (Spanish National Security Scheme)
 - **Custom Security Frameworks:** Tailored to your needs

-## Prowler App / Prowler Cloud
+## Prowler App

-Prowler App / [Prowler Cloud](https://cloud.prowler.com/) is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.
+Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.

 ![Prowler App](docs/images/products/overview.png)
-![Risk Pipeline](docs/images/products/risk-pipeline.png)
-![Threat Map](docs/images/products/threat-map.png)
-

 >For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)

@@ -87,16 +82,16 @@ prowler dashboard

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Interface |
 |---|---|---|---|---|---|---|
-| AWS | 584 | 85 | 40 | 17 | Official | UI, API, CLI |
-| GCP | 89 | 17 | 14 | 5 | Official | UI, API, CLI |
-| Azure | 169 | 22 | 15 | 8 | Official | UI, API, CLI |
-| Kubernetes | 84 | 7 | 6 | 9 | Official | UI, API, CLI |
-| GitHub | 20 | 2 | 1 | 2 | Official | UI, API, CLI |
+| AWS | 576 | 82 | 39 | 10 | Official | UI, API, CLI |
+| GCP | 79 | 13 | 13 | 3 | Official | UI, API, CLI |
+| Azure | 162 | 19 | 13 | 4 | Official | UI, API, CLI |
+| Kubernetes | 83 | 7 | 5 | 7 | Official | UI, API, CLI |
+| GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
 | M365 | 70 | 7 | 3 | 2 | Official | UI, API, CLI |
-| OCI | 52 | 15 | 1 | 12 | Official | UI, API, CLI |
-| Alibaba Cloud | 63 | 10 | 1 | 9 | Official | CLI |
+| OCI | 51 | 13 | 1 | 10 | Official | UI, API, CLI |
+| Alibaba Cloud | 61 | 9 | 1 | 9 | Official | CLI |
 | IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | UI, API, CLI |
-| MongoDB Atlas | 10 | 4 | 0 | 3 | Official | UI, API, CLI |
+| MongoDB Atlas | 10 | 3 | 0 | 0 | Official | UI, API, CLI |
 | LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | CLI |
 | NHN | 6 | 2 | 1 | 0 | Unofficial | CLI |

@@ -148,9 +143,9 @@ If your workstation's architecture is incompatible, you can resolve this by:
 ### Common Issues with Docker Pull Installation

 > [!Note]
-  If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.mdx) section for more details and examples.
+  If you want to use AWS role assumption (e.g., with the "Connect assuming IAM Role" option), you may need to mount your local `.aws` directory into the container as a volume (e.g., `- "${HOME}/.aws:/home/prowler/.aws:ro"`). There are several ways to configure credentials for Docker containers. See the [Troubleshooting](./docs/troubleshooting.md) section for more details and examples.

-You can find more information in the [Troubleshooting](./docs/troubleshooting.mdx) section.
+You can find more information in the [Troubleshooting](./docs/troubleshooting.md) section.


 ### From GitHub
@@ -277,12 +272,11 @@ python prowler-cli.py -v
 # ✏️ High level architecture

 ## Prowler App
-**Prowler App** is composed of four key components:
+**Prowler App** is composed of three key components:

 - **Prowler UI**: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.
 - **Prowler API**: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.
 - **Prowler SDK**: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.
- **Prowler MCP Server**: A Model Context Protocol server that provides AI tools for Lighthouse, the AI-powered security assistant. This is a critical dependency for Lighthouse functionality.

 ![Prowler App Architecture](docs/products/img/prowler-app-architecture.png)

@@ -310,45 +304,6 @@ And many more environments.

 ![Architecture](docs/img/architecture.png)

-# 🤖 AI Skills for Development
-
-Prowler includes a comprehensive set of **AI Skills** that help AI coding assistants understand Prowler's codebase patterns and conventions.
-
-## What are AI Skills?
-
-Skills are structured instructions that give AI assistants the context they need to write code that follows Prowler's standards. They include:
-
- **Coding patterns** for each component (SDK, API, UI, MCP Server)
- **Testing conventions** (pytest, Playwright)
- **Architecture guidelines** (Clean Architecture, RLS patterns)
- **Framework-specific rules** (React 19, Next.js 15, Django DRF, Tailwind 4)
-
-## Available Skills
-
-| Category | Skills |
-|----------|--------|
-| **Generic** | `typescript`, `react-19`, `nextjs-15`, `tailwind-4`, `playwright`, `pytest`, `django-drf`, `zod-4`, `zustand-5`, `ai-sdk-5` |
-| **Prowler** | `prowler`, `prowler-api`, `prowler-ui`, `prowler-mcp`, `prowler-sdk-check`, `prowler-test-ui`, `prowler-test-api`, `prowler-test-sdk`, `prowler-compliance`, `prowler-provider`, `prowler-pr`, `prowler-docs` |
-
-## Setup
-
-```bash
-./skills/setup.sh
-```
-
-This configures skills for AI coding assistants that follow the [agentskills.io](https://agentskills.io) standard:
-
-| Tool | Configuration |
-|------|---------------|
-| **Claude Code** | `.claude/skills/` (symlink) |
-| **OpenCode** | `.claude/skills/` (symlink) |
-| **Codex (OpenAI)** | `.codex/skills/` (symlink) |
-| **GitHub Copilot** | `.github/skills/` (symlink) |
-| **Gemini CLI** | `.gemini/skills/` (symlink) |
-
-> **Note:** Restart your AI coding assistant after running setup to load the skills.
-> Gemini CLI requires `experimental.skills` enabled in settings.
-
 # 📖 Documentation

 For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/
@@ -1,137 +0,0 @@
-# Prowler API - AI Agent Ruleset
-
-> **Skills Reference**: For detailed patterns, use these skills:
-> - [`prowler-api`](../skills/prowler-api/SKILL.md) - Models, Serializers, Views, RLS patterns
-> - [`prowler-test-api`](../skills/prowler-test-api/SKILL.md) - Testing patterns (pytest-django)
-> - [`django-drf`](../skills/django-drf/SKILL.md) - Generic DRF patterns
-> - [`pytest`](../skills/pytest/SKILL.md) - Generic pytest patterns
-
-## CRITICAL RULES - NON-NEGOTIABLE
-
-### Models
- ALWAYS: UUIDv4 PKs, `inserted_at`/`updated_at` timestamps, `JSONAPIMeta` class
- ALWAYS: Inherit from `RowLevelSecurityProtectedModel` for tenant-scoped data
- NEVER: Auto-increment integer PKs, models without tenant isolation
-
-### Serializers
- ALWAYS: Separate serializers for Create/Update operations
- ALWAYS: Inherit from `RLSSerializer` for tenant-scoped models
- NEVER: Write logic in serializers (use services/utils)
-
-### Views
- ALWAYS: Inherit from `BaseRLSViewSet` for tenant-scoped resources
- ALWAYS: Define `filterset_class`, use `@extend_schema` for OpenAPI
- NEVER: Raw SQL queries, business logic in views
-
-### Row-Level Security (RLS)
- ALWAYS: Use `rls_transaction(tenant_id)` context manager
- NEVER: Query across tenants, trust client-provided tenant_id
-
-### Celery Tasks
- ALWAYS: `@shared_task` with `name`, `queue`, `RLSTask` base class
- NEVER: Long-running ops in views, request context in tasks
-
---
-
-## DECISION TREES
-
-### Serializer Selection
-```
-Read → <Model>Serializer
-Create → <Model>CreateSerializer
-Update → <Model>UpdateSerializer
-Nested read → <Model>IncludeSerializer
-```
-
-### Task vs View
-```
-< 100ms → View
-> 100ms or external API → Celery task
-Needs retry → Celery task
-```
-
---
-
-## TECH STACK
-
-Django 5.1.x | DRF 3.15.x | djangorestframework-jsonapi 7.x | Celery 5.4.x | PostgreSQL 16 | pytest 8.x
-
---
-
-## PROJECT STRUCTURE
-
-```
-api/src/backend/
-├── api/                    # Main Django app
-│   ├── v1/                # API version 1 (views, serializers, urls)
-│   ├── models.py          # Django models
-│   ├── filters.py         # FilterSet classes
-│   ├── base_views.py      # Base ViewSet classes
-│   ├── rls.py             # Row-Level Security
-│   └── tests/             # Unit tests
-├── config/                # Django configuration
-└── tasks/                 # Celery tasks
-```
-
---
-
-## COMMANDS
-
-```bash
-# Development
-poetry run python src/backend/manage.py runserver
-poetry run celery -A config.celery worker -l INFO
-
-# Database
-poetry run python src/backend/manage.py makemigrations
-poetry run python src/backend/manage.py migrate
-
-# Testing & Linting
-poetry run pytest -x --tb=short
-poetry run make lint
-```
-
---
-
-## QA CHECKLIST
-
- [ ] `poetry run pytest` passes
- [ ] `poetry run make lint` passes
- [ ] Migrations created if models changed
- [ ] New endpoints have `@extend_schema` decorators
- [ ] RLS properly applied for tenant data
- [ ] Tests cover success and error cases
-
---
-
-## NAMING CONVENTIONS
-
-| Entity | Pattern | Example |
-|--------|---------|---------|
-| Serializer (read) | `<Model>Serializer` | `ProviderSerializer` |
-| Serializer (create) | `<Model>CreateSerializer` | `ProviderCreateSerializer` |
-| Serializer (update) | `<Model>UpdateSerializer` | `ProviderUpdateSerializer` |
-| Filter | `<Model>Filter` | `ProviderFilter` |
-| ViewSet | `<Model>ViewSet` | `ProviderViewSet` |
-| Task | `<action>_<entity>_task` | `sync_provider_resources_task` |
-
---
-
-## API CONVENTIONS (JSON:API)
-
-```json
-{
-  "data": {
-    "type": "providers",
-    "id": "uuid",
-    "attributes": { "name": "value" },
-    "relationships": { "tenant": { "data": { "type": "tenants", "id": "uuid" } } }
-  }
-}
-```
-
- Content-Type: `application/vnd.api+json`
- Pagination: `?page[number]=1&page[size]=20`
- Filtering: `?filter[field]=value`, `?filter[field__in]=val1,val2`
- Sorting: `?sort=field`, `?sort=-field`
- Including: `?include=provider,findings`
@@ -2,56 +2,7 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.18.0] (Prowler UNRELEASED)
-
-### Added
- `/api/v1/overviews/compliance-watchlist` to retrieve the compliance watchlist [(#9596)](https://github.com/prowler-cloud/prowler/pull/9596)
- Support AlibabaCloud provider [(#9485)](https://github.com/prowler-cloud/prowler/pull/9485)
- `provider_id` and `provider_id__in` filter aliases for findings endpoints to enable consistent frontend parameter naming [(#9701)](https://github.com/prowler-cloud/prowler/pull/9701)
-
---
-
-## [1.17.2] (Prowler v5.16.2)
-
-### Security
- Updated dependencies to patch security vulnerabilities: Django 5.1.15 (CVE-2025-64460, CVE-2025-13372), Werkzeug 3.1.4 (CVE-2025-66221), sqlparse 0.5.5 (PVE-2025-82038), fonttools 4.60.2 (CVE-2025-66034) [(#9730)](https://github.com/prowler-cloud/prowler/pull/9730)
-
---
-
-## [1.17.1] (Prowler v5.16.1)
-
-### Changed
- Security Hub integration error when no regions [(#9635)](https://github.com/prowler-cloud/prowler/pull/9635)
-
-### Fixed
- Orphan scheduled scans caused by transaction isolation during provider creation [(#9633)](https://github.com/prowler-cloud/prowler/pull/9633)
-
---
-
-## [1.17.0] (Prowler v5.16.0)
-
-### Added
- New endpoint to retrieve and overview of the categories based on finding severities [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529)
- Endpoints `GET /findings` and `GET /findings/latests` can now use the category filter [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529)
- Account id, alias and provider name to PDF reporting table [(#9574)](https://github.com/prowler-cloud/prowler/pull/9574)
-
-### Changed
- Endpoint `GET /overviews/attack-surfaces` no longer returns the related check IDs [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529)
- OpenAI provider to only load chat-compatible models with tool calling support [(#9523)](https://github.com/prowler-cloud/prowler/pull/9523)
- Increased execution delay for the first scheduled scan tasks to 5 seconds[(#9558)](https://github.com/prowler-cloud/prowler/pull/9558)
-
-### Fixed
- Made `scan_id` a required filter in the compliance overview endpoint [(#9560)](https://github.com/prowler-cloud/prowler/pull/9560)
- Reduced unnecessary UPDATE resources operations by only saving when tag mappings change, lowering write load during scans [(#9569)](https://github.com/prowler-cloud/prowler/pull/9569)
-
---
-
-## [1.16.1] (Prowler v5.15.1)
-
-### Fixed
- Race condition in scheduled scan creation by adding countdown to task [(#9516)](https://github.com/prowler-cloud/prowler/pull/9516)
-
-## [1.16.0] (Prowler v5.15.0)
+## [1.16.0] (Unreleased)

 ### Added
 - New endpoint to retrieve an overview of the attack surfaces [(#9309)](https://github.com/prowler-cloud/prowler/pull/9309)
@@ -61,6 +12,7 @@ All notable changes to the **Prowler API** are documented in this file.
 - Support to use admin credentials through the read replica database [(#9440)](https://github.com/prowler-cloud/prowler/pull/9440)

 ### Changed
+
 - Error messages from Lighthouse celery tasks [(#9165)](https://github.com/prowler-cloud/prowler/pull/9165)
 - Restore the compliance overview endpoint's mandatory filters [(#9338)](https://github.com/prowler-cloud/prowler/pull/9338)

@@ -0,0 +1,457 @@
+# Query Performance Guide
+
+## Overview
+
+This guide explains how to validate query performance when developing new endpoints or modifying existing ones. **This is part of the development process**, not a separate task—just like writing unit tests.
+
+The goal is simple: ensure PostgreSQL uses indexes correctly for the queries your code generates.
+
+## When to Validate
+
+You **must** validate query performance when:
+
+- Creating a new endpoint that queries the database
+- Modifying an existing query (adding filters, joins, or sorting)
+- Adding new indexes
+- Working on performance-critical endpoints (overviews, findings, resources)
+
+## Profiling with Django Silk (Recommended)
+
+[Django Silk](https://github.com/jazzband/django-silk) is the recommended way to profile queries because it captures the actual SQL generated by your code during real HTTP requests. This gives you the most accurate picture of what happens in production.
+
+### Enabling Silk
+
+Silk is installed as a dev dependency but disabled by default. To enable it temporarily for profiling:
+
+#### 1. Add Silk to your local settings
+
+In `api/src/backend/config/django/devel.py`, add at the end of the file:
+
+```python
+# Silk profiler (temporary - remove after profiling)
+INSTALLED_APPS += ["silk"]  # noqa: F405
+MIDDLEWARE += ["silk.middleware.SilkyMiddleware"]  # noqa: F405
+```
+
+#### 2. Add Silk URLs
+
+In `api/src/backend/api/v1/urls.py`, add at the end:
+
+```python
+from django.conf import settings
+
+if settings.DEBUG:
+    urlpatterns += [path("silk/", include("silk.urls", namespace="silk"))]
+```
+
+#### 3. Run Silk migrations
+
+```bash
+cd api/src/backend
+poetry run python manage.py migrate --database admin
+```
+
+#### 4. Access Silk
+
+Start the development server and navigate to `http://localhost:8000/api/v1/silk/`
+
+### Using Silk
+
+1. Make requests to the endpoint you want to profile
+2. Open Silk UI and find your request
+3. Click on the request to see all SQL queries executed
+4. For each query, you can see:
+   - Execution time
+   - Number of similar queries (N+1 detection)
+   - The actual SQL with parameters
+   - **EXPLAIN output** (click on a query to see it)
+
+### Disabling Silk
+
+After profiling, **remove the changes** you made to `devel.py` and `urls.py`. Don't commit Silk configuration to the repository.
+
+## Manual Query Analysis with EXPLAIN ANALYZE
+
+For quick checks or when you need more control, you can run `EXPLAIN ANALYZE` directly.
+
+### 1. Get Your Query
+
+#### Option A: Using Django Shell with RLS
+
+This approach mirrors how queries run in production with Row Level Security enabled:
+
+```bash
+cd api/src/backend
+poetry run python manage.py shell
+```
+
+```python
+from django.db import connection
+from api.db_utils import rls_transaction
+from api.models import Finding
+
+tenant_id = "your-tenant-uuid"
+
+with rls_transaction(tenant_id):
+    # Build your queryset
+    qs = Finding.objects.filter(status="FAIL").order_by("-inserted_at")[:25]
+
+    # Force evaluation
+    list(qs)
+
+    # Get the SQL
+    print(connection.queries[-1]['sql'])
+```
+
+#### Option B: Print Query Without Execution
+
+```python
+from api.models import Finding
+
+queryset = Finding.objects.filter(status="FAIL")
+print(queryset.query)
+```
+
+> **Note:** This won't include RLS filters, so the actual production query will differ.
+
+#### Option C: Enable SQL Logging
+
+Set `DJANGO_LOGGING_LEVEL=DEBUG` in your environment:
+
+```bash
+DJANGO_LOGGING_LEVEL=DEBUG poetry run python manage.py runserver
+```
+
+### 2. Run EXPLAIN ANALYZE
+
+Connect to PostgreSQL and run:
+
+```sql
+EXPLAIN ANALYZE <your_query>;
+```
+
+Or with more details:
+
+```sql
+EXPLAIN (ANALYZE, BUFFERS, FORMAT TEXT) <your_query>;
+```
+
+#### Running EXPLAIN with RLS Context
+
+To test with RLS enabled (as it runs in production), set the tenant context first:
+
+```sql
+-- Set tenant context
+SELECT set_config('api.tenant_id', 'your-tenant-uuid', TRUE);
+
+-- Then run your EXPLAIN ANALYZE
+EXPLAIN ANALYZE SELECT * FROM findings WHERE status = 'FAIL' LIMIT 25;
+```
+
+### 3. Interpret the Results
+
+#### Good Signs (Index is being used)
+
+```
+Index Scan using findings_tenant_status_idx on findings
+  Index Cond: ((tenant_id = '...'::uuid) AND (status = 'FAIL'))
+  Rows Removed by Filter: 0
+  Actual Rows: 150
+  Planning Time: 0.5 ms
+  Execution Time: 2.3 ms
+```
+
+#### Bad Signs (Sequential scan - no index)
+
+```
+Seq Scan on findings
+  Filter: ((tenant_id = '...'::uuid) AND (status = 'FAIL'))
+  Rows Removed by Filter: 999850
+  Actual Rows: 150
+  Planning Time: 0.3 ms
+  Execution Time: 450.2 ms
+```
+
+## Quick Reference: What to Look For
+
+| What You See | Meaning | Action |
+|--------------|---------|--------|
+| `Index Scan` | Index is being used | Good, no action needed |
+| `Index Only Scan` | Even better - data comes from index only | Good, no action needed |
+| `Bitmap Index Scan` | Index used, results combined | Usually fine |
+| `Seq Scan` on large tables | Full table scan, no index | **Needs investigation** |
+| `Rows Removed by Filter: <high number>` | Fetching too many rows | **Query or index issue** |
+| High `Execution Time` | Query is slow | **Needs optimization** |
+
+## Common Issues and Fixes
+
+### 1. Missing Index
+
+**Problem:** `Seq Scan` on a filtered column
+
+```sql
+-- Bad: No index on status
+EXPLAIN ANALYZE SELECT * FROM findings WHERE status = 'FAIL';
+-- Shows: Seq Scan on findings
+```
+
+**Fix:** Add an index
+
+```python
+# In your model
+class Meta:
+    indexes = [
+        models.Index(fields=['status'], name='findings_status_idx'),
+    ]
+```
+
+### 2. Index Not Used Due to Type Mismatch
+
+**Problem:** Index exists but PostgreSQL doesn't use it
+
+```sql
+-- If tenant_id is UUID but you're passing a string without cast
+WHERE tenant_id = 'some-uuid-string'
+```
+
+**Fix:** Ensure proper type casting in your queries
+
+### 3. Index Not Used Due to Function Call
+
+**Problem:** Wrapping column in a function prevents index usage
+
+```sql
+-- Bad: Index on inserted_at won't be used
+WHERE DATE(inserted_at) = '2024-01-01'
+
+-- Good: Use range instead
+WHERE inserted_at >= '2024-01-01' AND inserted_at < '2024-01-02'
+```
+
+### 4. Wrong Index for Sorting
+
+**Problem:** Query is sorted but index doesn't match sort order
+
+```sql
+-- If you have ORDER BY inserted_at DESC
+-- You need an index with DESC or PostgreSQL will sort in memory
+```
+
+**Fix:** Create index with matching sort order
+
+```python
+class Meta:
+    indexes = [
+        models.Index(fields=['-inserted_at'], name='findings_inserted_desc_idx'),
+    ]
+```
+
+### 5. Composite Index Column Order
+
+**Problem:** Index exists but columns are in wrong order
+
+```sql
+-- Index on (tenant_id, scan_id)
+-- This query WON'T use the index efficiently:
+WHERE scan_id = '...'
+
+-- This query WILL use the index:
+WHERE tenant_id = '...' AND scan_id = '...'
+```
+
+**Rule:** The leftmost columns in a composite index must be in your WHERE clause.
+
+## RLS (Row Level Security) Considerations
+
+Prowler uses Row Level Security via PostgreSQL's `set_config`. When analyzing queries, remember:
+
+1. RLS policies add implicit `WHERE tenant_id = current_tenant()` to queries
+2. Always test with RLS enabled (how it runs in production)
+3. Ensure `tenant_id` is the **first column** in composite indexes
+
+### Using rls_transaction in Code
+
+The `rls_transaction` context manager from `api.db_utils` sets the tenant context for all queries within its scope:
+
+```python
+from api.db_utils import rls_transaction
+from api.models import Finding
+
+with rls_transaction(tenant_id):
+    # All queries here will have RLS applied
+    qs = Finding.objects.filter(status="FAIL")
+    list(qs)  # Execute
+```
+
+### Using RLS in Raw SQL (psql)
+
+```sql
+-- Set tenant context for the transaction
+SELECT set_config('api.tenant_id', 'your-tenant-uuid', TRUE);
+
+-- Now RLS policies will filter by this tenant
+EXPLAIN ANALYZE SELECT * FROM findings WHERE status = 'FAIL';
+```
+
+### Index Design for RLS
+
+Since every query includes `tenant_id` via RLS, your composite indexes should **always start with `tenant_id`**:
+
+```python
+class Meta:
+    indexes = [
+        # Good: tenant_id first
+        models.Index(fields=['tenant_id', 'status', 'severity']),
+
+        # Bad: tenant_id not first - RLS queries won't use this efficiently
+        models.Index(fields=['status', 'tenant_id']),
+    ]
+```
+
+## Test Data Requirements
+
+The amount of test data you need depends on what you're testing. PostgreSQL's query planner considers table statistics, index definitions, and data distribution when choosing execution plans.
+
+### Important Considerations
+
+1. **Small datasets may not use indexes**: PostgreSQL may choose a sequential scan over an index scan if the table is small enough that scanning it directly is faster. This is expected behavior.
+
+2. **Data must exist in the tables you're querying**: If your endpoint queries `findings`, `resources`, `scans`, or other tables, ensure those tables have data. Use the `findings` management command to generate test data:
+
+   ```bash
+   cd api/src/backend
+   poetry run python manage.py findings \
+       --tenant <TENANT_ID> \
+       --findings 1000 \
+       --resources 500 \
+       --batch 500
+   ```
+
+3. **Update table statistics**: After inserting test data, run `ANALYZE` to update PostgreSQL's statistics:
+
+   ```sql
+   ANALYZE findings;
+   ANALYZE resources;
+   ANALYZE scans;
+   -- Add other tables as needed
+   ```
+
+4. **Test with realistic data distribution**: If your query filters by a specific value (e.g., `status='FAIL'`), ensure your test data includes a realistic mix of values.
+
+### When Index Usage Matters Most
+
+Focus on validating index usage when:
+
+- The table will have thousands or millions of rows in production
+- The query is called frequently (list endpoints, dashboards)
+- The query has multiple filters or joins
+
+For small lookup tables or infrequently-called endpoints, sequential scans may be acceptable.
+
+## Performance Checklist for PRs
+
+Before submitting a PR that adds or modifies database queries:
+
+- [ ] Profiled queries with Silk or `EXPLAIN ANALYZE`
+- [ ] Verified indexes are being used (no unexpected `Seq Scan` on large tables)
+- [ ] Checked `Rows Removed by Filter` is reasonable
+- [ ] Tested with RLS enabled
+- [ ] For critical endpoints: documented the query plan in the PR
+
+## Useful Commands
+
+### Update Table Statistics
+
+```sql
+ANALYZE findings;
+ANALYZE resources;
+```
+
+### See Existing Indexes
+
+```sql
+SELECT indexname, indexdef
+FROM pg_indexes
+WHERE tablename = 'findings';
+```
+
+### See Index Usage Stats
+
+```sql
+SELECT
+    schemaname,
+    tablename,
+    indexname,
+    idx_scan,
+    idx_tup_read,
+    idx_tup_fetch
+FROM pg_stat_user_indexes
+WHERE tablename = 'findings'
+ORDER BY idx_scan DESC;
+```
+
+### Check Table Size
+
+```sql
+SELECT
+    relname as table_name,
+    pg_size_pretty(pg_total_relation_size(relid)) as total_size
+FROM pg_catalog.pg_statio_user_tables
+WHERE relname IN ('findings', 'resources', 'scans')
+ORDER BY pg_total_relation_size(relid) DESC;
+```
+
+## Working with Partitioned Tables
+
+The `findings` and `resource_finding_mappings` tables are partitioned. When adding indexes, use the helper functions from `api.db_utils`:
+
+### Adding Indexes to Partitions
+
+```python
+# In a migration file
+from functools import partial
+
+from django.db import migrations
+
+from api.db_utils import create_index_on_partitions, drop_index_on_partitions
+
+
+class Migration(migrations.Migration):
+    atomic = False  # Required for CONCURRENTLY
+
+    dependencies = [
+        ("api", "XXXX_previous_migration"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            partial(
+                create_index_on_partitions,
+                parent_table="findings",
+                index_name="my_new_idx",
+                columns="tenant_id, status, severity",
+                all_partitions=False,  # Only current/future partitions
+            ),
+            reverse_code=partial(
+                drop_index_on_partitions,
+                parent_table="findings",
+                index_name="my_new_idx",
+            ),
+        ),
+    ]
+```
+
+### Parameters
+
+- `all_partitions=False` (default): Only creates indexes on current and future partitions. Use this for new indexes to avoid maintenance overhead on old data.
+- `all_partitions=True`: Creates indexes on all partitions. Use when migrating critical existing indexes.
+
+See [Partitions Documentation](./partitions.md) for more details on partitioning strategy.
+
+## Further Reading
+
+- [Django Silk Documentation](https://github.com/jazzband/django-silk)
+- [PostgreSQL EXPLAIN Documentation](https://www.postgresql.org/docs/current/sql-explain.html)
+- [Using EXPLAIN](https://www.postgresql.org/docs/current/using-explain.html)
+- [Index Types in PostgreSQL](https://www.postgresql.org/docs/current/indexes-types.html)
+- [Prowler Partitions Documentation](./partitions.md)
@@ -7,7 +7,7 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django (==5.1.15)",
+  "django (==5.1.14)",
  "django-allauth[saml] (>=65.8.0,<66.0.0)",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
@@ -36,10 +36,7 @@ dependencies = [
  "drf-simple-apikey (==2.2.1)",
  "matplotlib (>=3.10.6,<4.0.0)",
  "reportlab (>=4.4.4,<5.0.0)",
-  "gevent (>=25.9.1,<26.0.0)",
-  "werkzeug (>=3.1.4)",
-  "sqlparse (>=0.5.4)",
-  "fonttools (>=4.60.2)"
+  "gevent (>=25.9.1,<26.0.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -47,7 +44,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.18.0"
+version = "1.16.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -40,6 +40,7 @@ class ApiConfig(AppConfig):
            self._ensure_crypto_keys()

        load_prowler_compliance()
+        self._initialize_attack_surface_mapping()

    def _ensure_crypto_keys(self):
        """
@@ -167,3 +168,13 @@ class ApiConfig(AppConfig):
                f"Error generating JWT keys: {e}. Please set '{SIGNING_KEY_ENV}' and '{VERIFYING_KEY_ENV}' manually."
            )
            raise e
+
+    def _initialize_attack_surface_mapping(self):
+        from tasks.jobs.scan import (  # noqa: F401
+            _get_attack_surface_mapping_from_provider,
+        )
+
+        from api.models import Provider  # noqa: F401
+
+        for provider_type, _label in Provider.ProviderChoices.choices:
+            _get_attack_surface_mapping_from_provider(provider_type)
@@ -37,14 +37,12 @@ from api.models import (
    PermissionChoices,
    Processor,
    Provider,
-    ProviderComplianceScore,
    ProviderGroup,
    ProviderSecret,
    Resource,
    ResourceTag,
    Role,
    Scan,
-    ScanCategorySummary,
    ScanSummary,
    SeverityChoices,
    StateChoices,
@@ -93,62 +91,10 @@ class ChoiceInFilter(BaseInFilter, ChoiceFilter):
    pass


-class BaseProviderFilter(FilterSet):
-    """
-    Abstract base filter for models with direct FK to Provider.
-
-    Provides standard provider_id and provider_type filters.
-    Subclasses must define Meta.model.
-    """
-
-    provider_id = UUIDFilter(field_name="provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        field_name="provider__provider", choices=Provider.ProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="provider__provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )
-
-    class Meta:
-        abstract = True
-        fields = {}
-
-
-class BaseScanProviderFilter(FilterSet):
-    """
-    Abstract base filter for models with FK to Scan (and Scan has FK to Provider).
-
-    Provides standard provider_id and provider_type filters via scan relationship.
-    Subclasses must define Meta.model.
-    """
-
-    provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
-    )
-    provider_type__in = ChoiceInFilter(
-        field_name="scan__provider__provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )
-
-    class Meta:
-        abstract = True
-        fields = {}
-
-
 class CommonFindingFilters(FilterSet):
    # We filter providers from the scan in findings
-    # Both 'provider' and 'provider_id' parameters are supported for API consistency
-    # Frontend uses 'provider_id' uniformly across all endpoints
    provider = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
    provider__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
-    provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
    provider_type = ChoiceFilter(
        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
    )
@@ -211,9 +157,6 @@ class CommonFindingFilters(FilterSet):
        field_name="resources__type", lookup_expr="icontains"
    )

-    category = CharFilter(method="filter_category")
-    category__in = CharInFilter(field_name="categories", lookup_expr="overlap")
-
    # Temporarily disabled until we implement tag filtering in the UI
    # resource_tag_key = CharFilter(field_name="resources__tags__key")
    # resource_tag_key__in = CharInFilter(
@@ -245,9 +188,6 @@ class CommonFindingFilters(FilterSet):
    def filter_resource_type(self, queryset, name, value):
        return queryset.filter(resource_types__contains=[value])

-    def filter_category(self, queryset, name, value):
-        return queryset.filter(categories__contains=[value])
-
    def filter_resource_tag(self, queryset, name, value):
        overall_query = Q()
        for key_value_pair in value:
@@ -822,7 +762,7 @@ class RoleFilter(FilterSet):

 class ComplianceOverviewFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    scan_id = UUIDFilter(field_name="scan_id", required=True)
+    scan_id = UUIDFilter(field_name="scan_id")
    region = CharFilter(field_name="region")

    class Meta:
@@ -1139,25 +1079,20 @@ class ThreatScoreSnapshotFilter(FilterSet):
        }


-class AttackSurfaceOverviewFilter(BaseScanProviderFilter):
+class AttackSurfaceOverviewFilter(FilterSet):
    """Filter for attack surface overview aggregations by provider."""

-    class Meta(BaseScanProviderFilter.Meta):
+    provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
+    provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
+    provider_type = ChoiceFilter(
+        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
+    )
+    provider_type__in = ChoiceInFilter(
+        field_name="scan__provider__provider",
+        choices=Provider.ProviderChoices.choices,
+        lookup_expr="in",
+    )
+
+    class Meta:
        model = AttackSurfaceOverview
-
-
-class CategoryOverviewFilter(BaseScanProviderFilter):
-    """Filter for category overview aggregations by provider."""
-
-    category = CharFilter(field_name="category", lookup_expr="exact")
-    category__in = CharInFilter(field_name="category", lookup_expr="in")
-
-    class Meta(BaseScanProviderFilter.Meta):
-        model = ScanCategorySummary
-
-
-class ComplianceWatchlistFilter(BaseProviderFilter):
-    """Filter for compliance watchlist overview by provider."""
-
-    class Meta(BaseProviderFilter.Meta):
-        model = ProviderComplianceScore
+        fields = {}
@@ -1,30 +0,0 @@
-# Generated by Django 5.1.14 on 2025-12-10
-
-from django.db import migrations
-from tasks.tasks import backfill_daily_severity_summaries_task
-
-from api.db_router import MainRouter
-from api.rls import Tenant
-
-
-def trigger_backfill_task(apps, schema_editor):
-    """
-    Trigger the backfill task for all tenants.
-
-    This dispatches backfill_daily_severity_summaries_task for each tenant
-    in the system to populate DailySeveritySummary records from historical scans.
-    """
-    tenant_ids = Tenant.objects.using(MainRouter.admin_db).values_list("id", flat=True)
-
-    for tenant_id in tenant_ids:
-        backfill_daily_severity_summaries_task.delay(tenant_id=str(tenant_id), days=90)
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0061_daily_severity_summary"),
-    ]
-
-    operations = [
-        migrations.RunPython(trigger_backfill_task, migrations.RunPython.noop),
-    ]
@@ -1,111 +0,0 @@
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0062_backfill_daily_severity_summaries"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="ScanCategorySummary",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to="api.tenant",
-                    ),
-                ),
-                (
-                    "inserted_at",
-                    models.DateTimeField(auto_now_add=True),
-                ),
-                (
-                    "scan",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="category_summaries",
-                        related_query_name="category_summary",
-                        to="api.scan",
-                    ),
-                ),
-                (
-                    "category",
-                    models.CharField(max_length=100),
-                ),
-                (
-                    "severity",
-                    api.db_utils.SeverityEnumField(
-                        choices=[
-                            ("critical", "Critical"),
-                            ("high", "High"),
-                            ("medium", "Medium"),
-                            ("low", "Low"),
-                            ("informational", "Informational"),
-                        ],
-                    ),
-                ),
-                (
-                    "total_findings",
-                    models.IntegerField(
-                        default=0, help_text="Non-muted findings (PASS + FAIL)"
-                    ),
-                ),
-                (
-                    "failed_findings",
-                    models.IntegerField(
-                        default=0,
-                        help_text="Non-muted FAIL findings (subset of total_findings)",
-                    ),
-                ),
-                (
-                    "new_failed_findings",
-                    models.IntegerField(
-                        default=0,
-                        help_text="Non-muted FAIL with delta='new' (subset of failed_findings)",
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "scan_category_summaries",
-                "abstract": False,
-            },
-        ),
-        migrations.AddIndex(
-            model_name="scancategorysummary",
-            index=models.Index(
-                fields=["tenant_id", "scan"], name="scs_tenant_scan_idx"
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="scancategorysummary",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "scan_id", "category", "severity"),
-                name="unique_category_severity_per_scan",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="scancategorysummary",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_scancategorysummary",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -1,22 +0,0 @@
-import django.contrib.postgres.fields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0063_scan_category_summary"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="categories",
-            field=django.contrib.postgres.fields.ArrayField(
-                base_field=models.CharField(max_length=100),
-                blank=True,
-                null=True,
-                size=None,
-                help_text="Categories from check metadata for efficient filtering",
-            ),
-        ),
-    ]
@@ -1,37 +0,0 @@
-# Generated by Django migration for Alibaba Cloud provider support
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0064_finding_categories"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                    ("github", "GitHub"),
-                    ("mongodbatlas", "MongoDB Atlas"),
-                    ("iac", "IaC"),
-                    ("oraclecloud", "Oracle Cloud Infrastructure"),
-                    ("alibabacloud", "Alibaba Cloud"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'alibabacloud';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
@@ -1,94 +0,0 @@
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0065_alibabacloud_provider"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="ProviderComplianceScore",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("compliance_id", models.TextField()),
-                ("requirement_id", models.TextField()),
-                (
-                    "requirement_status",
-                    api.db_utils.StatusEnumField(
-                        choices=[
-                            ("FAIL", "Fail"),
-                            ("PASS", "Pass"),
-                            ("MANUAL", "Manual"),
-                        ]
-                    ),
-                ),
-                ("scan_completed_at", models.DateTimeField()),
-                (
-                    "provider",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="compliance_scores",
-                        related_query_name="compliance_score",
-                        to="api.provider",
-                    ),
-                ),
-                (
-                    "scan",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="compliance_scores",
-                        related_query_name="compliance_score",
-                        to="api.scan",
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to="api.tenant",
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "provider_compliance_scores",
-                "abstract": False,
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="providercompliancescore",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider_id", "compliance_id", "requirement_id"),
-                name="unique_provider_compliance_req",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="providercompliancescore",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_providercompliancescore",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="providercompliancescore",
-            index=models.Index(
-                fields=["tenant_id", "provider_id", "compliance_id"],
-                name="pcs_tenant_prov_comp_idx",
-            ),
-        ),
-    ]
@@ -1,61 +0,0 @@
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0066_provider_compliance_score"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="TenantComplianceSummary",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("compliance_id", models.TextField()),
-                ("requirements_passed", models.IntegerField(default=0)),
-                ("requirements_failed", models.IntegerField(default=0)),
-                ("requirements_manual", models.IntegerField(default=0)),
-                ("total_requirements", models.IntegerField(default=0)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to="api.tenant",
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "tenant_compliance_summaries",
-                "abstract": False,
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="tenantcompliancesummary",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "compliance_id"),
-                name="unique_tenant_compliance_summary",
-            ),
-        ),
-        migrations.AddConstraint(
-            model_name="tenantcompliancesummary",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_tenantcompliancesummary",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -287,7 +287,6 @@ class Provider(RowLevelSecurityProtectedModel):
        MONGODBATLAS = "mongodbatlas", _("MongoDB Atlas")
        IAC = "iac", _("IaC")
        ORACLECLOUD = "oraclecloud", _("Oracle Cloud Infrastructure")
-        ALIBABACLOUD = "alibabacloud", _("Alibaba Cloud")

    @staticmethod
    def validate_aws_uid(value):
@@ -392,15 +391,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_alibabacloud_uid(value):
-        if not re.match(r"^\d{16}$", value):
-            raise ModelValidationError(
-                detail="Alibaba Cloud account ID must be exactly 16 digits.",
-                code="alibabacloud-uid",
-                pointer="/data/attributes/uid",
-            )
-
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
@@ -726,19 +716,14 @@ class Resource(RowLevelSecurityProtectedModel):
            self.clear_tags()
            return

-        # Add new relationships with the tenant_id field; avoid touching the
-        # Resource row unless a mapping is actually created to prevent noisy
-        # updates during scans.
-        mapping_created = False
+        # Add new relationships with the tenant_id field
        for tag in tags:
-            _, created = ResourceTagMapping.objects.update_or_create(
+            ResourceTagMapping.objects.update_or_create(
                tag=tag, resource=self, tenant_id=self.tenant_id
            )
-            mapping_created = mapping_created or created

-        if mapping_created:
-            # Only bump updated_at when the tag set truly changed
-            self.save(update_fields=["updated_at"])
+        # Save the instance
+        self.save()

    class Meta(RowLevelSecurityProtectedModel.Meta):
        db_table = "resources"
@@ -883,14 +868,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
        null=True,
    )

-    # Check metadata denormalization
-    categories = ArrayField(
-        models.CharField(max_length=100),
-        blank=True,
-        null=True,
-        help_text="Categories from check metadata for efficient filtering",
-    )
-
    # Relationships
    scan = models.ForeignKey(to=Scan, related_name="findings", on_delete=models.CASCADE)

@@ -1974,64 +1951,6 @@ class ResourceScanSummary(RowLevelSecurityProtectedModel):
        ]


-class ScanCategorySummary(RowLevelSecurityProtectedModel):
-    """
-    Pre-aggregated category metrics per scan by severity.
-
-    Stores one row per (category, severity) combination per scan for efficient
-    overview queries. Categories come from check_metadata.categories.
-
-    Count relationships (each is a subset of the previous):
-        - total_findings >= failed_findings >= new_failed_findings
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-
-    scan = models.ForeignKey(
-        Scan,
-        on_delete=models.CASCADE,
-        related_name="category_summaries",
-        related_query_name="category_summary",
-    )
-
-    category = models.CharField(max_length=100)
-    severity = SeverityEnumField(choices=SeverityChoices)
-
-    total_findings = models.IntegerField(
-        default=0, help_text="Non-muted findings (PASS + FAIL)"
-    )
-    failed_findings = models.IntegerField(
-        default=0, help_text="Non-muted FAIL findings (subset of total_findings)"
-    )
-    new_failed_findings = models.IntegerField(
-        default=0,
-        help_text="Non-muted FAIL with delta='new' (subset of failed_findings)",
-    )
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "scan_category_summaries"
-
-        indexes = [
-            models.Index(fields=["tenant_id", "scan"], name="scs_tenant_scan_idx"),
-        ]
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "scan_id", "category", "severity"),
-                name="unique_category_severity_per_scan",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "scan-category-summaries"
-
-
 class LighthouseConfiguration(RowLevelSecurityProtectedModel):
    """
    Stores configuration and API keys for LLM services.
@@ -2605,92 +2524,3 @@ class AttackSurfaceOverview(RowLevelSecurityProtectedModel):

    class JSONAPIMeta:
        resource_name = "attack-surface-overviews"
-
-
-class ProviderComplianceScore(RowLevelSecurityProtectedModel):
-    """
-    Compliance requirement status from latest completed scan per provider.
-
-    Used for efficient compliance watchlist queries with FAIL-dominant aggregation
-    across multiple providers. Updated via atomic upsert after each scan completion.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-
-    scan = models.ForeignKey(
-        Scan,
-        on_delete=models.CASCADE,
-        related_name="compliance_scores",
-        related_query_name="compliance_score",
-    )
-
-    provider = models.ForeignKey(
-        Provider,
-        on_delete=models.CASCADE,
-        related_name="compliance_scores",
-        related_query_name="compliance_score",
-    )
-
-    compliance_id = models.TextField()
-    requirement_id = models.TextField()
-    requirement_status = StatusEnumField(choices=StatusChoices)
-
-    scan_completed_at = models.DateTimeField()
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "provider_compliance_scores"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "provider_id", "compliance_id", "requirement_id"),
-                name="unique_provider_compliance_req",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "provider_id", "compliance_id"],
-                name="pcs_tenant_prov_comp_idx",
-            ),
-        ]
-
-
-class TenantComplianceSummary(RowLevelSecurityProtectedModel):
-    """
-    Pre-aggregated compliance counts per tenant with FAIL-dominant logic applied.
-
-    One row per (tenant, compliance_id). Used for fast watchlist queries when
-    no provider filter is applied. Recalculated after each scan by aggregating
-    across all providers with FAIL-dominant logic at requirement level.
-    """
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-
-    compliance_id = models.TextField()
-
-    requirements_passed = models.IntegerField(default=0)
-    requirements_failed = models.IntegerField(default=0)
-    requirements_manual = models.IntegerField(default=0)
-    total_requirements = models.IntegerField(default=0)
-
-    updated_at = models.DateTimeField(auto_now=True)
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "tenant_compliance_summaries"
-
-        constraints = [
-            models.UniqueConstraint(
-                fields=("tenant_id", "compliance_id"),
-                name="unique_tenant_compliance_summary",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
@@ -1,21 +1,9 @@
-from datetime import datetime, timezone
-
 import pytest
 from allauth.socialaccount.models import SocialApp
 from django.core.exceptions import ValidationError
-from django.db import IntegrityError

 from api.db_router import MainRouter
-from api.models import (
-    ProviderComplianceScore,
-    Resource,
-    ResourceTag,
-    SAMLConfiguration,
-    SAMLDomainIndex,
-    StateChoices,
-    StatusChoices,
-    TenantComplianceSummary,
-)
+from api.models import Resource, ResourceTag, SAMLConfiguration, SAMLDomainIndex


@pytest.mark.django_db
@@ -336,159 +324,3 @@ class TestSAMLConfigurationModel:
        errors = exc_info.value.message_dict
        assert "metadata_xml" in errors
        assert "There is a problem with your metadata." in errors["metadata_xml"][0]
-
-
-@pytest.mark.django_db
-class TestProviderComplianceScoreModel:
-    def test_create_provider_compliance_score(self, providers_fixture, scans_fixture):
-        provider = providers_fixture[0]
-        scan = scans_fixture[0]
-        scan.completed_at = datetime.now(timezone.utc)
-        scan.save()
-
-        score = ProviderComplianceScore.objects.create(
-            tenant_id=provider.tenant_id,
-            provider=provider,
-            scan=scan,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan.completed_at,
-        )
-
-        assert score.compliance_id == "aws_cis_2.0"
-        assert score.requirement_id == "req_1"
-        assert score.requirement_status == StatusChoices.PASS
-
-    def test_unique_constraint_per_provider_compliance_requirement(
-        self, providers_fixture, scans_fixture
-    ):
-        provider = providers_fixture[0]
-        scan = scans_fixture[0]
-        scan.completed_at = datetime.now(timezone.utc)
-        scan.save()
-
-        ProviderComplianceScore.objects.create(
-            tenant_id=provider.tenant_id,
-            provider=provider,
-            scan=scan,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan.completed_at,
-        )
-
-        with pytest.raises(IntegrityError):
-            ProviderComplianceScore.objects.create(
-                tenant_id=provider.tenant_id,
-                provider=provider,
-                scan=scan,
-                compliance_id="aws_cis_2.0",
-                requirement_id="req_1",
-                requirement_status=StatusChoices.FAIL,
-                scan_completed_at=scan.completed_at,
-            )
-
-    def test_different_providers_same_requirement_allowed(
-        self, providers_fixture, scans_fixture
-    ):
-        provider1, provider2, *_ = providers_fixture
-        scan1 = scans_fixture[0]
-        scan1.completed_at = datetime.now(timezone.utc)
-        scan1.save()
-
-        scan2 = scans_fixture[2]
-        scan2.state = StateChoices.COMPLETED
-        scan2.completed_at = datetime.now(timezone.utc)
-        scan2.save()
-
-        score1 = ProviderComplianceScore.objects.create(
-            tenant_id=provider1.tenant_id,
-            provider=provider1,
-            scan=scan1,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan1.completed_at,
-        )
-
-        score2 = ProviderComplianceScore.objects.create(
-            tenant_id=provider2.tenant_id,
-            provider=provider2,
-            scan=scan2,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.FAIL,
-            scan_completed_at=scan2.completed_at,
-        )
-
-        assert score1.id != score2.id
-        assert score1.requirement_status != score2.requirement_status
-
-
-@pytest.mark.django_db
-class TestTenantComplianceSummaryModel:
-    def test_create_tenant_compliance_summary(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-
-        summary = TenantComplianceSummary.objects.create(
-            tenant_id=tenant.id,
-            compliance_id="aws_cis_2.0",
-            requirements_passed=5,
-            requirements_failed=2,
-            requirements_manual=1,
-            total_requirements=8,
-        )
-
-        assert summary.compliance_id == "aws_cis_2.0"
-        assert summary.requirements_passed == 5
-        assert summary.requirements_failed == 2
-        assert summary.requirements_manual == 1
-        assert summary.total_requirements == 8
-        assert summary.updated_at is not None
-
-    def test_unique_constraint_per_tenant_compliance(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-
-        TenantComplianceSummary.objects.create(
-            tenant_id=tenant.id,
-            compliance_id="aws_cis_2.0",
-            requirements_passed=5,
-            requirements_failed=2,
-            requirements_manual=1,
-            total_requirements=8,
-        )
-
-        with pytest.raises(IntegrityError):
-            TenantComplianceSummary.objects.create(
-                tenant_id=tenant.id,
-                compliance_id="aws_cis_2.0",
-                requirements_passed=3,
-                requirements_failed=4,
-                requirements_manual=1,
-                total_requirements=8,
-            )
-
-    def test_different_tenants_same_compliance_allowed(self, tenants_fixture):
-        tenant1, tenant2, *_ = tenants_fixture
-
-        summary1 = TenantComplianceSummary.objects.create(
-            tenant_id=tenant1.id,
-            compliance_id="aws_cis_2.0",
-            requirements_passed=5,
-            requirements_failed=2,
-            requirements_manual=1,
-            total_requirements=8,
-        )
-
-        summary2 = TenantComplianceSummary.objects.create(
-            tenant_id=tenant2.id,
-            compliance_id="aws_cis_2.0",
-            requirements_passed=3,
-            requirements_failed=4,
-            requirements_manual=1,
-            total_requirements=8,
-        )
-
-        assert summary1.id != summary2.id
-        assert summary1.requirements_passed != summary2.requirements_passed
@@ -16,7 +16,6 @@ from api.utils import (
    return_prowler_provider,
    validate_invitation,
 )
-from prowler.providers.alibabacloud.alibabacloud_provider import AlibabacloudProvider
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHubConnection
 from prowler.providers.azure.azure_provider import AzureProvider
@@ -117,7 +116,6 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.MONGODBATLAS.value, MongodbatlasProvider),
            (Provider.ProviderChoices.ORACLECLOUD.value, OraclecloudProvider),
            (Provider.ProviderChoices.IAC.value, IacProvider),
-            (Provider.ProviderChoices.ALIBABACLOUD.value, AlibabacloudProvider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -1165,11 +1165,6 @@ class TestProviderViewSet:
                    "uid": "64b1d3c0e4b03b1234567890",
                    "alias": "Atlas Organization",
                },
-                {
-                    "provider": "alibabacloud",
-                    "uid": "1234567890123456",
-                    "alias": "Alibaba Cloud Account",
-                },
            ]
        ),
    )
@@ -1519,36 +1514,6 @@ class TestProviderViewSet:
                    "mongodbatlas-uid",
                    "uid",
                ),
-                # Alibaba Cloud UID validation - too short (not 16 digits)
-                (
-                    {
-                        "provider": "alibabacloud",
-                        "uid": "123456789012345",
-                        "alias": "test",
-                    },
-                    "alibabacloud-uid",
-                    "uid",
-                ),
-                # Alibaba Cloud UID validation - too long (not 16 digits)
-                (
-                    {
-                        "provider": "alibabacloud",
-                        "uid": "12345678901234567",
-                        "alias": "test",
-                    },
-                    "alibabacloud-uid",
-                    "uid",
-                ),
-                # Alibaba Cloud UID validation - contains non-digits
-                (
-                    {
-                        "provider": "alibabacloud",
-                        "uid": "123456789012345a",
-                        "alias": "test",
-                    },
-                    "alibabacloud-uid",
-                    "uid",
-                ),
            ]
        ),
    )
@@ -1722,21 +1687,21 @@ class TestProviderViewSet:
                (
                    "uid.icontains",
                    "1",
-                    8,
+                    7,
                ),
                ("alias", "aws_testing_1", 1),
                ("alias.icontains", "aws", 2),
-                ("inserted_at", TODAY, 9),
+                ("inserted_at", TODAY, 8),
                (
                    "inserted_at.gte",
                    "2024-01-01",
-                    9,
+                    8,
                ),
                ("inserted_at.lte", "2024-01-01", 0),
                (
                    "updated_at.gte",
                    "2024-01-01",
-                    9,
+                    8,
                ),
                ("updated_at.lte", "2024-01-01", 0),
            ]
@@ -2286,46 +2251,6 @@ class TestProviderSecretViewSet:
                    "atlas_private_key": "private-key",
                },
            ),
-            # Alibaba Cloud credentials (with access key only)
-            (
-                Provider.ProviderChoices.ALIBABACLOUD.value,
-                ProviderSecret.TypeChoices.STATIC,
-                {
-                    "access_key_id": "LTAI5t1234567890abcdef",
-                    "access_key_secret": "my-secret-access-key",
-                },
-            ),
-            # Alibaba Cloud credentials (with STS security token)
-            (
-                Provider.ProviderChoices.ALIBABACLOUD.value,
-                ProviderSecret.TypeChoices.STATIC,
-                {
-                    "access_key_id": "LTAI5t1234567890abcdef",
-                    "access_key_secret": "my-secret-access-key",
-                    "security_token": "my-security-token-for-sts",
-                },
-            ),
-            # Alibaba Cloud RAM Role Assumption (minimal required fields)
-            (
-                Provider.ProviderChoices.ALIBABACLOUD.value,
-                ProviderSecret.TypeChoices.ROLE,
-                {
-                    "role_arn": "acs:ram::1234567890123456:role/ProwlerRole",
-                    "access_key_id": "LTAI5t1234567890abcdef",
-                    "access_key_secret": "my-secret-access-key",
-                },
-            ),
-            # Alibaba Cloud RAM Role Assumption (with optional role_session_name)
-            (
-                Provider.ProviderChoices.ALIBABACLOUD.value,
-                ProviderSecret.TypeChoices.ROLE,
-                {
-                    "role_arn": "acs:ram::1234567890123456:role/ProwlerRole",
-                    "access_key_id": "LTAI5t1234567890abcdef",
-                    "access_key_secret": "my-secret-access-key",
-                    "role_session_name": "ProwlerAuditSession",
-                },
-            ),
        ],
    )
    def test_provider_secrets_create_valid(
@@ -4110,37 +4035,6 @@ class TestFindingViewSet:
        assert response.status_code == status.HTTP_200_OK
        assert len(response.json()["data"]) == 2

-    def test_finding_filter_by_provider_id_alias(
-        self, authenticated_client, findings_fixture
-    ):
-        """Test that provider_id filter alias works identically to provider filter."""
-        response = authenticated_client.get(
-            reverse("finding-list"),
-            {
-                "filter[provider_id]": findings_fixture[0].scan.provider.id,
-                "filter[inserted_at]": TODAY,
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 2
-
-    def test_finding_filter_by_provider_id_in_alias(
-        self, authenticated_client, findings_fixture
-    ):
-        """Test that provider_id__in filter alias works identically to provider__in filter."""
-        response = authenticated_client.get(
-            reverse("finding-list"),
-            {
-                "filter[provider_id__in]": [
-                    findings_fixture[0].scan.provider.id,
-                    findings_fixture[1].scan.provider.id,
-                ],
-                "filter[inserted_at]": TODAY,
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 2
-
    @pytest.mark.parametrize(
        "filter_name",
        (
@@ -4362,28 +4256,6 @@ class TestFindingViewSet:
            == latest_scan_finding.status
        )

-    def test_findings_latest_filter_by_provider_id_alias(
-        self, authenticated_client, latest_scan_finding
-    ):
-        """Test that provider_id filter alias works on latest findings endpoint."""
-        response = authenticated_client.get(
-            reverse("finding-latest"),
-            {"filter[provider_id]": latest_scan_finding.scan.provider.id},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-
-    def test_findings_latest_filter_by_provider_id_in_alias(
-        self, authenticated_client, latest_scan_finding
-    ):
-        """Test that provider_id__in filter alias works on latest findings endpoint."""
-        response = authenticated_client.get(
-            reverse("finding-latest"),
-            {"filter[provider_id__in]": str(latest_scan_finding.scan.provider.id)},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-
    def test_findings_metadata_latest(self, authenticated_client, latest_scan_finding):
        response = authenticated_client.get(
            reverse("finding-metadata_latest"),
@@ -4395,74 +4267,6 @@ class TestFindingViewSet:
        assert attributes["regions"] == latest_scan_finding.resource_regions
        assert attributes["resource_types"] == latest_scan_finding.resource_types

-    def test_findings_metadata_categories(
-        self, authenticated_client, findings_with_categories
-    ):
-        finding = findings_with_categories
-        response = authenticated_client.get(
-            reverse("finding-metadata"),
-            {"filter[inserted_at]": finding.inserted_at.strftime("%Y-%m-%d")},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        attributes = response.json()["data"]["attributes"]
-        assert set(attributes["categories"]) == {"gen-ai", "security"}
-
-    def test_findings_metadata_latest_categories(
-        self, authenticated_client, latest_scan_finding_with_categories
-    ):
-        response = authenticated_client.get(
-            reverse("finding-metadata_latest"),
-        )
-        assert response.status_code == status.HTTP_200_OK
-        attributes = response.json()["data"]["attributes"]
-        assert set(attributes["categories"]) == {"gen-ai", "iam"}
-
-    def test_findings_filter_by_category(
-        self, authenticated_client, findings_with_categories
-    ):
-        finding = findings_with_categories
-        response = authenticated_client.get(
-            reverse("finding-list"),
-            {
-                "filter[category]": "gen-ai",
-                "filter[inserted_at]": finding.inserted_at.strftime("%Y-%m-%d"),
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 1
-        assert set(response.json()["data"][0]["attributes"]["categories"]) == {
-            "gen-ai",
-            "security",
-        }
-
-    def test_findings_filter_by_category_in(
-        self, authenticated_client, findings_with_multiple_categories
-    ):
-        finding1, _ = findings_with_multiple_categories
-        response = authenticated_client.get(
-            reverse("finding-list"),
-            {
-                "filter[category__in]": "gen-ai,iam",
-                "filter[inserted_at]": finding1.inserted_at.strftime("%Y-%m-%d"),
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 2
-
-    def test_findings_filter_by_category_no_match(
-        self, authenticated_client, findings_with_categories
-    ):
-        finding = findings_with_categories
-        response = authenticated_client.get(
-            reverse("finding-list"),
-            {
-                "filter[category]": "nonexistent",
-                "filter[inserted_at]": finding.inserted_at.strftime("%Y-%m-%d"),
-            },
-        )
-        assert response.status_code == status.HTTP_200_OK
-        assert len(response.json()["data"]) == 0
-

@pytest.mark.django_db
 class TestJWTFields:
@@ -7454,6 +7258,7 @@ class TestOverviewViewSet:
            assert item["attributes"]["total_findings"] == 0
            assert item["attributes"]["failed_findings"] == 0
            assert item["attributes"]["muted_failed_findings"] == 0
+            assert item["attributes"]["check_ids"] == []

    def test_overview_attack_surface_with_data(
        self,
@@ -7465,6 +7270,13 @@ class TestOverviewViewSet:
        tenant = tenants_fixture[0]
        provider = providers_fixture[0]

+        mapping = {
+            "internet-exposed": {"aws-check-1", "aws-check-2"},
+            "secrets": {"aws-secret-check"},
+            "privilege-escalation": {"aws-priv-check"},
+            "ec2-imdsv1": {"aws-imdsv1-check"},
+        }
+
        scan = Scan.objects.create(
            name="attack-surface-scan",
            provider=provider,
@@ -7490,7 +7302,11 @@ class TestOverviewViewSet:
            muted_failed=2,
        )

-        response = authenticated_client.get(reverse("overview-attack-surface"))
+        with patch(
+            "api.v1.views._get_attack_surface_mapping_from_provider",
+            return_value=mapping,
+        ):
+            response = authenticated_client.get(reverse("overview-attack-surface"))
        assert response.status_code == status.HTTP_200_OK
        data = response.json()["data"]
        assert len(data) == 4
@@ -7498,10 +7314,19 @@ class TestOverviewViewSet:
        results_by_type = {item["id"]: item["attributes"] for item in data}
        assert results_by_type["internet-exposed"]["total_findings"] == 20
        assert results_by_type["internet-exposed"]["failed_findings"] == 10
+        assert set(results_by_type["internet-exposed"]["check_ids"]) == {
+            "aws-check-1",
+            "aws-check-2",
+        }
        assert results_by_type["secrets"]["total_findings"] == 15
        assert results_by_type["secrets"]["failed_findings"] == 8
+        assert set(results_by_type["secrets"]["check_ids"]) == {"aws-secret-check"}
        assert results_by_type["privilege-escalation"]["total_findings"] == 0
+        assert set(results_by_type["privilege-escalation"]["check_ids"]) == {
+            "aws-priv-check"
+        }
        assert results_by_type["ec2-imdsv1"]["total_findings"] == 0
+        assert set(results_by_type["ec2-imdsv1"]["check_ids"]) == {"aws-imdsv1-check"}

    def test_overview_attack_surface_provider_filter(
        self,
@@ -7528,6 +7353,13 @@ class TestOverviewViewSet:
            tenant=tenant,
        )

+        mapping = {
+            "internet-exposed": {"shared-check", "shared-check"},
+            "secrets": set(),
+            "privilege-escalation": {"priv-check"},
+            "ec2-imdsv1": {"imdsv1-check"},
+        }
+
        create_attack_surface_overview(
            tenant,
            scan1,
@@ -7545,15 +7377,20 @@ class TestOverviewViewSet:
            muted_failed=3,
        )

-        response = authenticated_client.get(
-            reverse("overview-attack-surface"),
-            {"filter[provider_id]": str(provider1.id)},
-        )
+        with patch(
+            "api.v1.views._get_attack_surface_mapping_from_provider",
+            return_value=mapping,
+        ):
+            response = authenticated_client.get(
+                reverse("overview-attack-surface"),
+                {"filter[provider_id]": str(provider1.id)},
+            )
        assert response.status_code == status.HTTP_200_OK
        data = response.json()["data"]
        results_by_type = {item["id"]: item["attributes"] for item in data}
        assert results_by_type["internet-exposed"]["total_findings"] == 10
        assert results_by_type["internet-exposed"]["failed_findings"] == 5
+        assert results_by_type["internet-exposed"]["check_ids"] == ["shared-check"]

    def test_overview_services_region_filter(
        self, authenticated_client, scan_summaries_fixture
@@ -7796,310 +7633,6 @@ class TestOverviewViewSet:
        assert len(data) == 1
        assert data[0]["attributes"]["overall_score"] == "80.00"

-    def test_overview_categories_no_data(self, authenticated_client):
-        response = authenticated_client.get(reverse("overview-categories"))
-        assert response.status_code == status.HTTP_200_OK
-        assert response.json()["data"] == []
-
-    def test_overview_categories_aggregates_by_category_with_severity(
-        self,
-        authenticated_client,
-        tenants_fixture,
-        providers_fixture,
-        create_scan_category_summary,
-    ):
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-
-        scan = Scan.objects.create(
-            name="categories-scan",
-            provider=provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-
-        create_scan_category_summary(
-            tenant,
-            scan,
-            "iam",
-            "high",
-            total_findings=20,
-            failed_findings=10,
-            new_failed_findings=5,
-        )
-        create_scan_category_summary(
-            tenant,
-            scan,
-            "iam",
-            "medium",
-            total_findings=15,
-            failed_findings=8,
-            new_failed_findings=3,
-        )
-        create_scan_category_summary(
-            tenant,
-            scan,
-            "encryption",
-            "critical",
-            total_findings=5,
-            failed_findings=2,
-            new_failed_findings=1,
-        )
-
-        response = authenticated_client.get(reverse("overview-categories"))
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 2
-
-        results_by_category = {item["id"]: item["attributes"] for item in data}
-
-        assert results_by_category["iam"]["total_findings"] == 35
-        assert results_by_category["iam"]["failed_findings"] == 18
-        assert results_by_category["iam"]["new_failed_findings"] == 8
-        assert results_by_category["iam"]["severity"]["high"] == 10
-        assert results_by_category["iam"]["severity"]["medium"] == 8
-        assert results_by_category["iam"]["severity"]["critical"] == 0
-
-        assert results_by_category["encryption"]["total_findings"] == 5
-        assert results_by_category["encryption"]["failed_findings"] == 2
-        assert results_by_category["encryption"]["severity"]["critical"] == 2
-
-    @pytest.mark.parametrize(
-        "filter_key,filter_value_fn,expected_total,expected_failed",
-        [
-            ("filter[provider_id]", lambda p1, _: str(p1.id), 10, 5),
-            ("filter[provider_type]", lambda *_: "aws", 10, 5),
-            ("filter[provider_type__in]", lambda *_: "aws,gcp", 30, 20),
-        ],
-    )
-    def test_overview_categories_filters(
-        self,
-        authenticated_client,
-        tenants_fixture,
-        providers_fixture,
-        create_scan_category_summary,
-        filter_key,
-        filter_value_fn,
-        expected_total,
-        expected_failed,
-    ):
-        tenant = tenants_fixture[0]
-        provider1, _, gcp_provider, *_ = providers_fixture
-
-        scan1 = Scan.objects.create(
-            name="categories-scan-1",
-            provider=provider1,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-        scan2 = Scan.objects.create(
-            name="categories-scan-2",
-            provider=gcp_provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-
-        create_scan_category_summary(
-            tenant, scan1, "iam", "high", total_findings=10, failed_findings=5
-        )
-        create_scan_category_summary(
-            tenant, scan2, "iam", "high", total_findings=20, failed_findings=15
-        )
-
-        response = authenticated_client.get(
-            reverse("overview-categories"),
-            {filter_key: filter_value_fn(provider1, gcp_provider)},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-        assert data[0]["attributes"]["total_findings"] == expected_total
-        assert data[0]["attributes"]["failed_findings"] == expected_failed
-
-    def test_overview_categories_category_filter(
-        self,
-        authenticated_client,
-        tenants_fixture,
-        providers_fixture,
-        create_scan_category_summary,
-    ):
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-
-        scan = Scan.objects.create(
-            name="category-filter-scan",
-            provider=provider,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-
-        create_scan_category_summary(
-            tenant, scan, "iam", "high", total_findings=10, failed_findings=5
-        )
-        create_scan_category_summary(
-            tenant, scan, "encryption", "medium", total_findings=20, failed_findings=8
-        )
-        create_scan_category_summary(
-            tenant, scan, "logging", "low", total_findings=15, failed_findings=3
-        )
-
-        response = authenticated_client.get(
-            reverse("overview-categories"),
-            {"filter[category__in]": "iam,encryption"},
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        category_ids = {item["id"] for item in data}
-        assert category_ids == {"iam", "encryption"}
-
-    def test_overview_categories_aggregates_multiple_providers(
-        self,
-        authenticated_client,
-        tenants_fixture,
-        providers_fixture,
-        create_scan_category_summary,
-    ):
-        tenant = tenants_fixture[0]
-        provider1, provider2, *_ = providers_fixture
-
-        scan1 = Scan.objects.create(
-            name="multi-provider-scan-1",
-            provider=provider1,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-        scan2 = Scan.objects.create(
-            name="multi-provider-scan-2",
-            provider=provider2,
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.COMPLETED,
-            tenant=tenant,
-        )
-
-        create_scan_category_summary(
-            tenant,
-            scan1,
-            "iam",
-            "high",
-            total_findings=10,
-            failed_findings=5,
-            new_failed_findings=2,
-        )
-        create_scan_category_summary(
-            tenant,
-            scan2,
-            "iam",
-            "high",
-            total_findings=15,
-            failed_findings=8,
-            new_failed_findings=3,
-        )
-
-        response = authenticated_client.get(reverse("overview-categories"))
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) == 1
-        assert data[0]["id"] == "iam"
-        assert data[0]["attributes"]["total_findings"] == 25
-        assert data[0]["attributes"]["failed_findings"] == 13
-        assert data[0]["attributes"]["new_failed_findings"] == 5
-
-    def test_compliance_watchlist_no_filters_uses_tenant_summary(
-        self, authenticated_client, tenant_compliance_summary_fixture
-    ):
-        response = authenticated_client.get(reverse("overview-compliance-watchlist"))
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-
-        assert len(data) == 2
-
-        by_id = {item["id"]: item["attributes"] for item in data}
-        assert "aws_cis_2.0" in by_id
-        assert by_id["aws_cis_2.0"]["requirements_passed"] == 1
-        assert by_id["aws_cis_2.0"]["requirements_failed"] == 2
-        assert by_id["aws_cis_2.0"]["requirements_manual"] == 1
-        assert by_id["aws_cis_2.0"]["total_requirements"] == 4
-
-        assert "gdpr_aws" in by_id
-        assert by_id["gdpr_aws"]["requirements_passed"] == 5
-        assert by_id["gdpr_aws"]["requirements_failed"] == 0
-        assert by_id["gdpr_aws"]["total_requirements"] == 7
-
-    def test_compliance_watchlist_with_provider_filter_uses_provider_scores(
-        self,
-        authenticated_client,
-        provider_compliance_scores_fixture,
-        providers_fixture,
-    ):
-        provider1 = providers_fixture[0]
-        url = f"{reverse('overview-compliance-watchlist')}?filter[provider_id]={provider1.id}"
-        response = authenticated_client.get(url)
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-
-        assert len(data) == 2
-        by_id = {item["id"]: item["attributes"] for item in data}
-
-        assert by_id["aws_cis_2.0"]["requirements_passed"] == 1
-        assert by_id["aws_cis_2.0"]["requirements_failed"] == 1
-        assert by_id["aws_cis_2.0"]["requirements_manual"] == 1
-        assert by_id["aws_cis_2.0"]["total_requirements"] == 3
-
-    def test_compliance_watchlist_fail_dominant_logic(
-        self, authenticated_client, provider_compliance_scores_fixture
-    ):
-        response = authenticated_client.get(
-            f"{reverse('overview-compliance-watchlist')}?filter[provider_type]=aws"
-        )
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-
-        by_id = {item["id"]: item["attributes"] for item in data}
-        aws_cis = by_id["aws_cis_2.0"]
-
-        assert aws_cis["requirements_failed"] == 2
-        assert aws_cis["requirements_passed"] == 0
-        assert aws_cis["requirements_manual"] == 1
-        assert aws_cis["total_requirements"] == 3
-
-    def test_compliance_watchlist_provider_id_in_filter(
-        self,
-        authenticated_client,
-        provider_compliance_scores_fixture,
-        providers_fixture,
-    ):
-        provider1, provider2, *_ = providers_fixture
-        url = (
-            f"{reverse('overview-compliance-watchlist')}"
-            f"?filter[provider_id__in]={provider1.id},{provider2.id}"
-        )
-        response = authenticated_client.get(url)
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert len(data) >= 1
-
-    def test_compliance_watchlist_empty_result(self, authenticated_client):
-        response = authenticated_client.get(reverse("overview-compliance-watchlist"))
-        assert response.status_code == status.HTTP_200_OK
-        data = response.json()["data"]
-        assert data == []
-
-    @pytest.mark.parametrize(
-        "invalid_provider_type",
-        ["invalid", "not_a_provider", "AWS", "awss"],
-    )
-    def test_compliance_watchlist_invalid_provider_type_filter(
-        self, authenticated_client, invalid_provider_type
-    ):
-        url = f"{reverse('overview-compliance-watchlist')}?filter[provider_type]={invalid_provider_type}"
-        response = authenticated_client.get(url)
-        assert response.status_code == status.HTTP_400_BAD_REQUEST
-

@pytest.mark.django_db
 class TestScheduleViewSet:
@@ -11,7 +11,6 @@ from api.exceptions import InvitationTokenExpiredException
 from api.models import Integration, Invitation, Processor, Provider, Resource
 from api.v1.serializers import FindingMetadataSerializer
 from prowler.lib.outputs.jira.jira import Jira, JiraBasicAuthError
-from prowler.providers.alibabacloud.alibabacloud_provider import AlibabacloudProvider
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.aws.lib.s3.s3 import S3
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHub
@@ -64,9 +63,8 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> (
-    AlibabacloudProvider
-    | AwsProvider
+) -> [
+    AwsProvider
    | AzureProvider
    | GcpProvider
    | GithubProvider
@@ -75,14 +73,14 @@ def return_prowler_provider(
    | M365Provider
    | MongodbatlasProvider
    | OraclecloudProvider
-):
+]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AlibabacloudProvider | AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OraclecloudProvider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -106,8 +104,6 @@ def return_prowler_provider(
            prowler_provider = IacProvider
        case Provider.ProviderChoices.ORACLECLOUD.value:
            prowler_provider = OraclecloudProvider
-        case Provider.ProviderChoices.ALIBABACLOUD.value:
-            prowler_provider = AlibabacloudProvider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -173,8 +169,7 @@ def initialize_prowler_provider(
    provider: Provider,
    mutelist_processor: Processor | None = None,
 ) -> (
-    AlibabacloudProvider
-    | AwsProvider
+    AwsProvider
    | AzureProvider
    | GcpProvider
    | GithubProvider
@@ -191,8 +186,9 @@ def initialize_prowler_provider(
        mutelist_processor (Processor): The mutelist processor object containing the mutelist configuration.

    Returns:
-        AlibabacloudProvider | AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | MongodbatlasProvider | OraclecloudProvider: An instance of the corresponding provider class
-            initialized with the provider's secrets.
+        AwsProvider | AzureProvider | GcpProvider | GithubProvider | IacProvider | KubernetesProvider | M365Provider | OraclecloudProvider | MongodbatlasProvider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `GithubProvider`, `IacProvider`, `KubernetesProvider`, `M365Provider`, `OraclecloudProvider` or `MongodbatlasProvider`) initialized with the
+            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
    prowler_provider_kwargs = get_prowler_provider_kwargs(provider, mutelist_processor)
@@ -386,18 +382,10 @@ def get_findings_metadata_no_aggregations(tenant_id: str, filtered_queryset):
    regions = sorted({region for region in aggregation["regions"] or [] if region})
    resource_types = sorted(set(aggregation["resource_types"] or []))

-    # Aggregate categories from findings
-    categories_set = set()
-    for categories_list in filtered_queryset.values_list("categories", flat=True):
-        if categories_list:
-            categories_set.update(categories_list)
-    categories = sorted(categories_set)
-
    result = {
        "services": services,
        "regions": regions,
        "resource_types": resource_types,
-        "categories": categories,
    }

    serializer = FindingMetadataSerializer(data=result)
@@ -304,48 +304,6 @@ from rest_framework_json_api import serializers
                },
                "required": ["atlas_public_key", "atlas_private_key"],
            },
-            {
-                "type": "object",
-                "title": "Alibaba Cloud Static Credentials",
-                "properties": {
-                    "access_key_id": {
-                        "type": "string",
-                        "description": "The Alibaba Cloud access key ID for authentication.",
-                    },
-                    "access_key_secret": {
-                        "type": "string",
-                        "description": "The Alibaba Cloud access key secret for authentication.",
-                    },
-                    "security_token": {
-                        "type": "string",
-                        "description": "The STS security token for temporary credentials (optional).",
-                    },
-                },
-                "required": ["access_key_id", "access_key_secret"],
-            },
-            {
-                "type": "object",
-                "title": "Alibaba Cloud RAM Role Assumption",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The ARN of the RAM role to assume (e.g., acs:ram::1234567890123456:role/ProwlerRole).",
-                    },
-                    "access_key_id": {
-                        "type": "string",
-                        "description": "The Alibaba Cloud access key ID of the RAM user that will assume the role.",
-                    },
-                    "access_key_secret": {
-                        "type": "string",
-                        "description": "The Alibaba Cloud access key secret of the RAM user that will assume the role.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session (optional, defaults to 'ProwlerSession').",
-                    },
-                },
-                "required": ["role_arn", "access_key_id", "access_key_secret"],
-            },
        ]
    }
 )
@@ -1301,7 +1301,6 @@ class FindingSerializer(RLSSerializer):
            "severity",
            "check_id",
            "check_metadata",
-            "categories",
            "raw_result",
            "inserted_at",
            "updated_at",
@@ -1357,7 +1356,6 @@ class FindingMetadataSerializer(BaseSerializerV1):
    resource_types = serializers.ListField(
        child=serializers.CharField(), allow_empty=True
    )
-    categories = serializers.ListField(child=serializers.CharField(), allow_empty=True)
    # Temporarily disabled until we implement tag filtering in the UI
    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")

@@ -1390,23 +1388,12 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = OracleCloudProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.MONGODBATLAS.value:
                serializer = MongoDBAtlasProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.ALIBABACLOUD.value:
-                serializer = AlibabaCloudProviderSecret(data=secret)
            else:
                raise serializers.ValidationError(
                    {"provider": f"Provider type not supported {provider_type}"}
                )
        elif secret_type == ProviderSecret.TypeChoices.ROLE:
-            if provider_type == Provider.ProviderChoices.AWS.value:
-                serializer = AWSRoleAssumptionProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.ALIBABACLOUD.value:
-                serializer = AlibabaCloudRoleAssumptionProviderSecret(data=secret)
-            else:
-                raise serializers.ValidationError(
-                    {
-                        "secret_type": f"Role assumption not supported for provider type: {provider_type}"
-                    }
-                )
+            serializer = AWSRoleAssumptionProviderSecret(data=secret)
        elif secret_type == ProviderSecret.TypeChoices.SERVICE_ACCOUNT:
            serializer = GCPServiceAccountProviderSecret(data=secret)
        else:
@@ -1543,34 +1530,6 @@ class OracleCloudProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class AlibabaCloudProviderSecret(serializers.Serializer):
-    access_key_id = serializers.CharField()
-    access_key_secret = serializers.CharField()
-    security_token = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
-class AlibabaCloudRoleAssumptionProviderSecret(serializers.Serializer):
-    role_arn = serializers.CharField(
-        help_text="Access Key ID of the RAM user that will assume the role"
-    )
-    access_key_id = serializers.CharField(
-        help_text="Access Key ID of the RAM user that will assume the role"
-    )
-    access_key_secret = serializers.CharField(
-        help_text="Access Key Secret of the RAM user that will assume the role"
-    )
-    role_session_name = serializers.CharField(
-        required=False,
-        help_text="Session name for the assumed role session (optional, defaults to 'ProwlerSession')",
-    )
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
    external_id = serializers.CharField()
@@ -2283,38 +2242,12 @@ class AttackSurfaceOverviewSerializer(BaseSerializerV1):
    total_findings = serializers.IntegerField()
    failed_findings = serializers.IntegerField()
    muted_failed_findings = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "attack-surface-overviews"
-
-
-class CategoryOverviewSerializer(BaseSerializerV1):
-    """Serializer for category overview aggregations."""
-
-    id = serializers.CharField(source="category")
-    total_findings = serializers.IntegerField()
-    failed_findings = serializers.IntegerField()
-    new_failed_findings = serializers.IntegerField()
-    severity = serializers.JSONField(
-        help_text="Severity breakdown: {informational, low, medium, high, critical}"
+    check_ids = serializers.ListField(
+        child=serializers.CharField(), allow_empty=True, default=list, read_only=True
    )

    class JSONAPIMeta:
-        resource_name = "category-overviews"
-
-
-class ComplianceWatchlistOverviewSerializer(BaseSerializerV1):
-    """Serializer for compliance watchlist overview with FAIL-dominant aggregation."""
-
-    id = serializers.CharField(source="compliance_id")
-    compliance_id = serializers.CharField()
-    requirements_passed = serializers.IntegerField()
-    requirements_failed = serializers.IntegerField()
-    requirements_manual = serializers.IntegerField()
-    total_requirements = serializers.IntegerField()
-
-    class JSONAPIMeta:
-        resource_name = "compliance-watchlist-overviews"
+        resource_name = "attack-surface-overviews"


 class OverviewRegionSerializer(serializers.Serializer):
@@ -74,6 +74,7 @@ from rest_framework_json_api.views import RelationshipView, Response
 from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
 from tasks.beat import schedule_provider_scan
 from tasks.jobs.export import get_s3_client
+from tasks.jobs.scan import _get_attack_surface_mapping_from_provider
 from tasks.tasks import (
    backfill_compliance_summaries_task,
    backfill_scan_resource_summaries_task,
@@ -99,9 +100,7 @@ from api.db_utils import rls_transaction
 from api.exceptions import TaskFailedException
 from api.filters import (
    AttackSurfaceOverviewFilter,
-    CategoryOverviewFilter,
    ComplianceOverviewFilter,
-    ComplianceWatchlistFilter,
    CustomDjangoFilterBackend,
    DailySeveritySummaryFilter,
    FindingFilter,
@@ -145,7 +144,6 @@ from api.models import (
    MuteRule,
    Processor,
    Provider,
-    ProviderComplianceScore,
    ProviderGroup,
    ProviderGroupMembership,
    ProviderSecret,
@@ -159,13 +157,11 @@ from api.models import (
    SAMLDomainIndex,
    SAMLToken,
    Scan,
-    ScanCategorySummary,
    ScanSummary,
    SeverityChoices,
    StateChoices,
    Task,
    TenantAPIKey,
-    TenantComplianceSummary,
    ThreatScoreSnapshot,
    User,
    UserRoleRelationship,
@@ -182,13 +178,11 @@ from api.uuid_utils import datetime_to_uuid7, uuid7_start
 from api.v1.mixins import DisablePaginationMixin, PaginateByPkMixin, TaskManagementMixin
 from api.v1.serializers import (
    AttackSurfaceOverviewSerializer,
-    CategoryOverviewSerializer,
    ComplianceOverviewAttributesSerializer,
    ComplianceOverviewDetailSerializer,
    ComplianceOverviewDetailThreatscoreSerializer,
    ComplianceOverviewMetadataSerializer,
    ComplianceOverviewSerializer,
-    ComplianceWatchlistOverviewSerializer,
    FindingDynamicFilterSerializer,
    FindingMetadataSerializer,
    FindingSerializer,
@@ -363,7 +357,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.18.0"
+        spectacular_settings.VERSION = "1.16.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -2766,15 +2760,12 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):

        queryset = ResourceScanSummary.objects.filter(tenant_id=tenant_id)
        scan_based_filters = {}
-        category_scan_filters = {}  # Filters for ScanCategorySummary

        if scans := query_params.get("filter[scan__in]") or query_params.get(
            "filter[scan]"
        ):
-            scan_ids_list = scans.split(",")
-            queryset = queryset.filter(scan_id__in=scan_ids_list)
-            scan_based_filters = {"id__in": scan_ids_list}
-            category_scan_filters = {"scan_id__in": scan_ids_list}
+            queryset = queryset.filter(scan_id__in=scans.split(","))
+            scan_based_filters = {"id__in": scans.split(",")}
        else:
            exact = query_params.get("filter[inserted_at]")
            gte = query_params.get("filter[inserted_at__gte]")
@@ -2818,7 +2809,6 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
                scan_based_filters = {
                    key.lstrip("scan_"): value for key, value in date_filters.items()
                }
-                category_scan_filters = date_filters

        # ToRemove: Temporary fallback mechanism
        if not queryset.exists():
@@ -2865,31 +2855,10 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
            .order_by("resource_type")
        )

-        # Get categories from ScanCategorySummary using same scan filters
-        categories = list(
-            ScanCategorySummary.objects.filter(
-                tenant_id=tenant_id, **category_scan_filters
-            )
-            .values_list("category", flat=True)
-            .distinct()
-            .order_by("category")
-        )
-
-        # Fallback to finding aggregation if no ScanCategorySummary exists
-        if not categories:
-            categories_set = set()
-            for categories_list in filtered_queryset.values_list(
-                "categories", flat=True
-            ):
-                if categories_list:
-                    categories_set.update(categories_list)
-            categories = sorted(categories_set)
-
        result = {
            "services": services,
            "regions": regions,
            "resource_types": resource_types,
-            "categories": categories,
        }

        serializer = self.get_serializer(data=result)
@@ -2994,36 +2963,10 @@ class FindingViewSet(PaginateByPkMixin, BaseRLSViewSet):
            .order_by("resource_type")
        )

-        # Get categories from ScanCategorySummary for latest scans
-        categories = list(
-            ScanCategorySummary.objects.filter(
-                tenant_id=tenant_id,
-                scan_id__in=latest_scans_queryset.values_list("id", flat=True),
-            )
-            .values_list("category", flat=True)
-            .distinct()
-            .order_by("category")
-        )
-
-        # Fallback to finding aggregation if no ScanCategorySummary exists
-        if not categories:
-            filtered_queryset = self.filter_queryset(self.get_queryset()).filter(
-                tenant_id=tenant_id,
-                scan_id__in=latest_scans_queryset.values_list("id", flat=True),
-            )
-            categories_set = set()
-            for categories_list in filtered_queryset.values_list(
-                "categories", flat=True
-            ):
-                if categories_list:
-                    categories_set.update(categories_list)
-            categories = sorted(categories_set)
-
        result = {
            "services": services,
            "regions": regions,
            "resource_types": resource_types,
-            "categories": categories,
        }

        serializer = self.get_serializer(data=result)
@@ -4083,19 +4026,32 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
        summary="Get attack surface overview",
        description="Retrieve aggregated attack surface metrics from latest completed scans per provider.",
        tags=["Overview"],
-        filters=True,
-        responses={200: AttackSurfaceOverviewSerializer(many=True)},
-    ),
-    categories=extend_schema(
-        summary="Get category overview",
-        description=(
-            "Retrieve aggregated category metrics from latest completed scans per provider. "
-            "Returns one row per category with total, failed, and new failed findings counts, "
-            "plus a severity breakdown showing failed findings per severity level. "
-        ),
-        tags=["Overview"],
-        filters=True,
-        responses={200: CategoryOverviewSerializer(many=True)},
+        parameters=[
+            OpenApiParameter(
+                name="filter[provider_id]",
+                type=OpenApiTypes.UUID,
+                location=OpenApiParameter.QUERY,
+                description="Filter by specific provider ID",
+            ),
+            OpenApiParameter(
+                name="filter[provider_id.in]",
+                type=OpenApiTypes.STR,
+                location=OpenApiParameter.QUERY,
+                description="Filter by multiple provider IDs (comma-separated UUIDs)",
+            ),
+            OpenApiParameter(
+                name="filter[provider_type]",
+                type=OpenApiTypes.STR,
+                location=OpenApiParameter.QUERY,
+                description="Filter by provider type (aws, azure, gcp, etc.)",
+            ),
+            OpenApiParameter(
+                name="filter[provider_type.in]",
+                type=OpenApiTypes.STR,
+                location=OpenApiParameter.QUERY,
+                description="Filter by multiple provider types (comma-separated)",
+            ),
+        ],
    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@@ -4144,10 +4100,6 @@ class OverviewViewSet(BaseRLSViewSet):
            return ThreatScoreSnapshotSerializer
        elif self.action == "attack_surface":
            return AttackSurfaceOverviewSerializer
-        elif self.action == "categories":
-            return CategoryOverviewSerializer
-        elif self.action == "compliance_watchlist":
-            return ComplianceWatchlistOverviewSerializer
        return super().get_serializer_class()

    def get_filterset_class(self):
@@ -4159,12 +4111,6 @@ class OverviewViewSet(BaseRLSViewSet):
            return ScanSummarySeverityFilter
        elif self.action == "findings_severity_timeseries":
            return DailySeveritySummaryFilter
-        elif self.action == "categories":
-            return CategoryOverviewFilter
-        elif self.action == "attack_surface":
-            return AttackSurfaceOverviewFilter
-        elif self.action == "compliance_watchlist":
-            return ComplianceWatchlistFilter
        return None

    def filter_queryset(self, queryset):
@@ -4248,56 +4194,31 @@ class OverviewViewSet(BaseRLSViewSet):
            self.request.query_params, exclude_keys=set(exclude_keys or [])
        )
        filterset = filterset_class(normalized_params, queryset=queryset)
-        if not filterset.is_valid():
-            raise ValidationError(filterset.errors)
        return filterset.qs

-    def _latest_scan_ids_for_allowed_providers(self, tenant_id, provider_filters=None):
+    def _latest_scan_ids_for_allowed_providers(self, tenant_id):
        provider_filter = self._get_provider_filter()
-        queryset = Scan.all_objects.filter(
-            tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
-        )
-        if provider_filters:
-            queryset = queryset.filter(**provider_filters)
        return (
-            queryset.order_by("provider_id", "-inserted_at")
+            Scan.all_objects.filter(
+                tenant_id=tenant_id, state=StateChoices.COMPLETED, **provider_filter
+            )
+            .order_by("provider_id", "-inserted_at")
            .distinct("provider_id")
            .values_list("id", flat=True)
        )

-    def _extract_provider_filters_from_params(self):
-        """Extract and validate provider filters from query params."""
-        params = self.request.query_params
-        filters = {}
-        valid_provider_types = {c[0] for c in Provider.ProviderChoices.choices}
-
-        provider_id = params.get("filter[provider_id]")
-        if provider_id:
-            filters["provider_id"] = provider_id
-
-        provider_id_in = params.get("filter[provider_id__in]")
-        if provider_id_in:
-            filters["provider_id__in"] = provider_id_in.split(",")
-
-        provider_type = params.get("filter[provider_type]")
-        if provider_type:
-            if provider_type not in valid_provider_types:
-                raise ValidationError(
-                    {"provider_type": f"Invalid choice: {provider_type}"}
-                )
-            filters["provider__provider"] = provider_type
-
-        provider_type_in = params.get("filter[provider_type__in]")
-        if provider_type_in:
-            types = provider_type_in.split(",")
-            invalid = [t for t in types if t not in valid_provider_types]
-            if invalid:
-                raise ValidationError(
-                    {"provider_type__in": f"Invalid choices: {', '.join(invalid)}"}
-                )
-            filters["provider__provider__in"] = types
-
-        return filters
+    def _attack_surface_check_ids_by_provider_types(self, provider_types):
+        check_ids_by_type = {
+            attack_surface_type: set()
+            for attack_surface_type in AttackSurfaceOverview.AttackSurfaceTypeChoices.values
+        }
+        for provider_type in provider_types:
+            attack_surface_mapping = _get_attack_surface_mapping_from_provider(
+                provider_type=provider_type
+            )
+            for attack_surface_type, check_ids in attack_surface_mapping.items():
+                check_ids_by_type[attack_surface_type].update(check_ids)
+        return check_ids_by_type

    @action(detail=False, methods=["get"], url_name="providers")
    def providers(self, request):
@@ -4904,13 +4825,22 @@ class OverviewViewSet(BaseRLSViewSet):
        tenant_id = request.tenant_id
        latest_scan_ids = self._latest_scan_ids_for_allowed_providers(tenant_id)

+        # Build base queryset and apply user filters via FilterSet
        base_queryset = AttackSurfaceOverview.objects.filter(
            tenant_id=tenant_id, scan_id__in=latest_scan_ids
        )
        filtered_queryset = self._apply_filterset(
            base_queryset, AttackSurfaceOverviewFilter
        )
-
+        provider_types = list(
+            filtered_queryset.values_list(
+                "scan__provider__provider", flat=True
+            ).distinct()
+        )
+        attack_surface_check_ids = self._attack_surface_check_ids_by_provider_types(
+            provider_types
+        )
+        # Aggregate attack surface data
        aggregation = filtered_queryset.values("attack_surface_type").annotate(
            total_findings=Coalesce(Sum("total_findings"), 0),
            failed_findings=Coalesce(Sum("failed_findings"), 0),
@@ -4933,71 +4863,12 @@ class OverviewViewSet(BaseRLSViewSet):
            }

        response_data = [
-            {"attack_surface_type": key, **value} for key, value in results.items()
-        ]
-
-        return Response(
-            self.get_serializer(response_data, many=True).data,
-            status=status.HTTP_200_OK,
-        )
-
-    @action(detail=False, methods=["get"], url_name="categories")
-    def categories(self, request):
-        tenant_id = request.tenant_id
-        provider_filters = self._extract_provider_filters_from_params()
-        latest_scan_ids = self._latest_scan_ids_for_allowed_providers(
-            tenant_id, provider_filters
-        )
-
-        base_queryset = ScanCategorySummary.objects.filter(
-            tenant_id=tenant_id, scan_id__in=latest_scan_ids
-        )
-        provider_filter_keys = {
-            "provider_id",
-            "provider_id__in",
-            "provider_type",
-            "provider_type__in",
-        }
-        filtered_queryset = self._apply_filterset(
-            base_queryset, CategoryOverviewFilter, exclude_keys=provider_filter_keys
-        )
-
-        aggregation = (
-            filtered_queryset.values("category", "severity")
-            .annotate(
-                total=Coalesce(Sum("total_findings"), 0),
-                failed=Coalesce(Sum("failed_findings"), 0),
-                new_failed=Coalesce(Sum("new_failed_findings"), 0),
-            )
-            .order_by("category", "severity")
-        )
-
-        category_data = defaultdict(
-            lambda: {
-                "total_findings": 0,
-                "failed_findings": 0,
-                "new_failed_findings": 0,
-                "severity": {
-                    "informational": 0,
-                    "low": 0,
-                    "medium": 0,
-                    "high": 0,
-                    "critical": 0,
-                },
+            {
+                "attack_surface_type": key,
+                **value,
+                "check_ids": attack_surface_check_ids.get(key, []),
            }
-        )
-
-        for row in aggregation:
-            cat = row["category"]
-            sev = row["severity"]
-            category_data[cat]["total_findings"] += row["total"]
-            category_data[cat]["failed_findings"] += row["failed"]
-            category_data[cat]["new_failed_findings"] += row["new_failed"]
-            if sev in category_data[cat]["severity"]:
-                category_data[cat]["severity"][sev] = row["failed"]
-
-        response_data = [
-            {"category": cat, **data} for cat, data in sorted(category_data.items())
+            for key, value in results.items()
        ]

        return Response(
@@ -5005,92 +4876,6 @@ class OverviewViewSet(BaseRLSViewSet):
            status=status.HTTP_200_OK,
        )

-    @action(
-        detail=False,
-        methods=["get"],
-        url_name="compliance-watchlist",
-        url_path="compliance-watchlist",
-    )
-    def compliance_watchlist(self, request):
-        """
-        Get compliance watchlist overview with FAIL-dominant aggregation.
-
-        Without filters: uses pre-aggregated TenantComplianceSummary (~70 rows).
-        With provider filters: queries ProviderComplianceScore with FAIL-dominant logic.
-        """
-        tenant_id = request.tenant_id
-        rbac_filter = self._get_provider_filter()
-        query_params = request.query_params
-
-        has_provider_filter = any(
-            key.startswith("filter[provider") for key in query_params.keys()
-        )
-        has_rbac_restriction = bool(rbac_filter)
-
-        if not has_provider_filter and not has_rbac_restriction:
-            response_data = list(
-                TenantComplianceSummary.objects.filter(tenant_id=tenant_id)
-                .values(
-                    "compliance_id",
-                    "requirements_passed",
-                    "requirements_failed",
-                    "requirements_manual",
-                    "total_requirements",
-                )
-                .order_by("compliance_id")
-            )
-        else:
-            base_queryset = ProviderComplianceScore.objects.filter(
-                tenant_id=tenant_id, **rbac_filter
-            )
-
-            filtered_queryset = self._apply_filterset(
-                base_queryset, ComplianceWatchlistFilter
-            )
-
-            aggregation = (
-                filtered_queryset.values("compliance_id", "requirement_id")
-                .annotate(
-                    has_fail=Sum(
-                        Case(When(requirement_status="FAIL", then=1), default=0)
-                    ),
-                    has_manual=Sum(
-                        Case(When(requirement_status="MANUAL", then=1), default=0)
-                    ),
-                )
-                .values("compliance_id", "requirement_id", "has_fail", "has_manual")
-            )
-
-            compliance_data = defaultdict(
-                lambda: {
-                    "requirements_passed": 0,
-                    "requirements_failed": 0,
-                    "requirements_manual": 0,
-                    "total_requirements": 0,
-                }
-            )
-
-            for row in aggregation:
-                cid = row["compliance_id"]
-                compliance_data[cid]["total_requirements"] += 1
-
-                if row["has_fail"] and row["has_fail"] > 0:
-                    compliance_data[cid]["requirements_failed"] += 1
-                elif row["has_manual"] and row["has_manual"] > 0:
-                    compliance_data[cid]["requirements_manual"] += 1
-                else:
-                    compliance_data[cid]["requirements_passed"] += 1
-
-            response_data = [
-                {"compliance_id": cid, **data}
-                for cid, data in sorted(compliance_data.items())
-            ]
-
-        return Response(
-            self.get_serializer(response_data, many=True).data,
-            status=status.HTTP_200_OK,
-        )
-

@extend_schema(tags=["Schedule"])
@extend_schema_view(
@@ -19,6 +19,8 @@ PORT = env("DJANGO_PORT", default=8000)

 # Server settings
 bind = f"{BIND_ADDRESS}:{PORT}"
+# TODO: Remove after the category filter is implemented
+limit_request_line = 0

 workers = env.int("DJANGO_WORKERS", default=multiprocessing.cpu_count() * 2 + 1)
 reload = DEBUG
@@ -11,10 +11,7 @@ from django.urls import reverse
 from django_celery_results.models import TaskResult
 from rest_framework import status
 from rest_framework.test import APIClient
-from tasks.jobs.backfill import (
-    backfill_resource_scan_summaries,
-    backfill_scan_category_summaries,
-)
+from tasks.jobs.backfill import backfill_resource_scan_summaries

 from api.db_utils import rls_transaction
 from api.models import (
@@ -30,7 +27,6 @@ from api.models import (
    MuteRule,
    Processor,
    Provider,
-    ProviderComplianceScore,
    ProviderGroup,
    ProviderSecret,
    Resource,
@@ -40,13 +36,11 @@ from api.models import (
    SAMLConfiguration,
    SAMLDomainIndex,
    Scan,
-    ScanCategorySummary,
    ScanSummary,
    StateChoices,
    StatusChoices,
    Task,
    TenantAPIKey,
-    TenantComplianceSummary,
    User,
    UserRoleRelationship,
 )
@@ -519,12 +513,6 @@ def providers_fixture(tenants_fixture):
        alias="mongodbatlas_testing",
        tenant_id=tenant.id,
    )
-    provider9 = Provider.objects.create(
-        provider="alibabacloud",
-        uid="1234567890123456",
-        alias="alibabacloud_testing",
-        tenant_id=tenant.id,
-    )

    return (
        provider1,
@@ -535,7 +523,6 @@ def providers_fixture(tenants_fixture):
        provider6,
        provider7,
        provider8,
-        provider9,
    )


@@ -1284,113 +1271,6 @@ def latest_scan_finding(authenticated_client, providers_fixture, resources_fixtu
    return finding


-@pytest.fixture(scope="function")
-def findings_with_categories(scans_fixture, resources_fixture):
-    scan = scans_fixture[0]
-    resource = resources_fixture[0]
-
-    finding = Finding.objects.create(
-        tenant_id=scan.tenant_id,
-        uid="finding_with_categories_1",
-        scan=scan,
-        delta=None,
-        status=Status.FAIL,
-        status_extended="test status",
-        impact=Severity.critical,
-        impact_extended="test impact",
-        severity=Severity.critical,
-        raw_result={"status": Status.FAIL},
-        check_id="genai_check",
-        check_metadata={"CheckId": "genai_check"},
-        categories=["gen-ai", "security"],
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-    backfill_resource_scan_summaries(str(scan.tenant_id), str(scan.id))
-    return finding
-
-
-@pytest.fixture(scope="function")
-def findings_with_multiple_categories(scans_fixture, resources_fixture):
-    scan = scans_fixture[0]
-    resource1, resource2 = resources_fixture[:2]
-
-    finding1 = Finding.objects.create(
-        tenant_id=scan.tenant_id,
-        uid="finding_multi_cat_1",
-        scan=scan,
-        delta=None,
-        status=Status.FAIL,
-        status_extended="test status",
-        impact=Severity.critical,
-        impact_extended="test impact",
-        severity=Severity.critical,
-        raw_result={"status": Status.FAIL},
-        check_id="genai_check",
-        check_metadata={"CheckId": "genai_check"},
-        categories=["gen-ai", "security"],
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding1.add_resources([resource1])
-
-    finding2 = Finding.objects.create(
-        tenant_id=scan.tenant_id,
-        uid="finding_multi_cat_2",
-        scan=scan,
-        delta=None,
-        status=Status.FAIL,
-        status_extended="test status 2",
-        impact=Severity.high,
-        impact_extended="test impact 2",
-        severity=Severity.high,
-        raw_result={"status": Status.FAIL},
-        check_id="iam_check",
-        check_metadata={"CheckId": "iam_check"},
-        categories=["iam", "security"],
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding2.add_resources([resource2])
-
-    backfill_resource_scan_summaries(str(scan.tenant_id), str(scan.id))
-    return finding1, finding2
-
-
-@pytest.fixture(scope="function")
-def latest_scan_finding_with_categories(
-    authenticated_client, providers_fixture, resources_fixture
-):
-    provider = providers_fixture[0]
-    tenant_id = str(providers_fixture[0].tenant_id)
-    resource = resources_fixture[0]
-    scan = Scan.objects.create(
-        name="latest completed scan with categories",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant_id=tenant_id,
-    )
-    finding = Finding.objects.create(
-        tenant_id=tenant_id,
-        uid="latest_finding_with_categories",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status",
-        impact=Severity.critical,
-        impact_extended="test impact",
-        severity=Severity.critical,
-        raw_result={"status": Status.FAIL},
-        check_id="genai_iam_check",
-        check_metadata={"CheckId": "genai_iam_check"},
-        categories=["gen-ai", "iam"],
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-    backfill_resource_scan_summaries(tenant_id, str(scan.id))
-    backfill_scan_category_summaries(tenant_id, str(scan.id))
-    return finding
-
-
@pytest.fixture(scope="function")
 def latest_scan_resource(authenticated_client, providers_fixture):
    provider = providers_fixture[0]
@@ -1605,136 +1485,10 @@ def create_attack_surface_overview():
    return _create


-@pytest.fixture
-def create_scan_category_summary():
-    def _create(
-        tenant,
-        scan,
-        category,
-        severity,
-        total_findings=10,
-        failed_findings=5,
-        new_failed_findings=2,
-    ):
-        return ScanCategorySummary.objects.create(
-            tenant=tenant,
-            scan=scan,
-            category=category,
-            severity=severity,
-            total_findings=total_findings,
-            failed_findings=failed_findings,
-            new_failed_findings=new_failed_findings,
-        )
-
-    return _create
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}


-@pytest.fixture
-def provider_compliance_scores_fixture(
-    tenants_fixture, providers_fixture, scans_fixture
-):
-    """Create ProviderComplianceScore entries for compliance watchlist tests."""
-    tenant = tenants_fixture[0]
-    provider1, provider2, *_ = providers_fixture
-    scan1, _, scan3 = scans_fixture
-
-    scan1.completed_at = datetime.now(timezone.utc) - timedelta(hours=1)
-    scan1.save()
-    scan3.state = StateChoices.COMPLETED
-    scan3.completed_at = datetime.now(timezone.utc)
-    scan3.save()
-
-    scores = [
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            scan=scan1,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan1.completed_at,
-        ),
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            scan=scan1,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_2",
-            requirement_status=StatusChoices.FAIL,
-            scan_completed_at=scan1.completed_at,
-        ),
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            scan=scan1,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_3",
-            requirement_status=StatusChoices.MANUAL,
-            scan_completed_at=scan1.completed_at,
-        ),
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider2,
-            scan=scan3,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_1",
-            requirement_status=StatusChoices.FAIL,
-            scan_completed_at=scan3.completed_at,
-        ),
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider2,
-            scan=scan3,
-            compliance_id="aws_cis_2.0",
-            requirement_id="req_2",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan3.completed_at,
-        ),
-        ProviderComplianceScore.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            scan=scan1,
-            compliance_id="gdpr_aws",
-            requirement_id="gdpr_req_1",
-            requirement_status=StatusChoices.PASS,
-            scan_completed_at=scan1.completed_at,
-        ),
-    ]
-
-    return scores
-
-
-@pytest.fixture
-def tenant_compliance_summary_fixture(tenants_fixture):
-    """Create TenantComplianceSummary entries for compliance watchlist tests."""
-    tenant = tenants_fixture[0]
-
-    summaries = [
-        TenantComplianceSummary.objects.create(
-            tenant_id=tenant.id,
-            compliance_id="aws_cis_2.0",
-            requirements_passed=1,
-            requirements_failed=2,
-            requirements_manual=1,
-            total_requirements=4,
-        ),
-        TenantComplianceSummary.objects.create(
-            tenant_id=tenant.id,
-            compliance_id="gdpr_aws",
-            requirements_passed=5,
-            requirements_failed=0,
-            requirements_manual=2,
-            total_requirements=7,
-        ),
-    ]
-
-    return summaries
-
-
 def pytest_collection_modifyitems(items):
    """Ensure test_rbac.py is executed first."""
    items.sort(key=lambda item: 0 if "test_rbac.py" in item.nodeid else 1)
@@ -61,5 +61,4 @@ def schedule_provider_scan(provider_instance: Provider):
            "tenant_id": str(provider_instance.tenant_id),
            "provider_id": provider_id,
        },
-        countdown=5,  # Avoid race conditions between the worker and the database
    )
@@ -1,39 +1,21 @@
 from collections import defaultdict
-from datetime import timedelta

-from celery.utils.log import get_task_logger
 from django.db.models import Sum
-from django.utils import timezone
-from tasks.jobs.queries import (
-    COMPLIANCE_UPSERT_PROVIDER_SCORE_SQL,
-    COMPLIANCE_UPSERT_TENANT_SUMMARY_ALL_SQL,
-)
-from tasks.jobs.scan import aggregate_category_counts

-from api.db_router import READ_REPLICA_ALIAS, MainRouter
-from api.db_utils import (
-    POSTGRES_TENANT_VAR,
-    SET_CONFIG_QUERY,
-    psycopg_connection,
-    rls_transaction,
-)
+from api.db_router import READ_REPLICA_ALIAS
+from api.db_utils import rls_transaction
 from api.models import (
    ComplianceOverviewSummary,
    ComplianceRequirementOverview,
    DailySeveritySummary,
-    Finding,
-    ProviderComplianceScore,
    Resource,
    ResourceFindingMapping,
    ResourceScanSummary,
    Scan,
-    ScanCategorySummary,
    ScanSummary,
    StateChoices,
 )

-logger = get_task_logger(__name__)
-

 def backfill_resource_scan_summaries(tenant_id: str, scan_id: str):
    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
@@ -204,6 +186,10 @@ def backfill_daily_severity_summaries(tenant_id: str, days: int = None):
    Backfill DailySeveritySummary from completed scans.
    Groups by provider+date, keeps latest scan per day.
    """
+    from datetime import timedelta
+
+    from django.utils import timezone
+
    created_count = 0
    updated_count = 0

@@ -290,178 +276,3 @@ def backfill_daily_severity_summaries(tenant_id: str, days: int = None):
        "updated": updated_count,
        "total_days": len(latest_scans_by_day),
    }
-
-
-def backfill_scan_category_summaries(tenant_id: str, scan_id: str):
-    """
-    Backfill ScanCategorySummary for a completed scan.
-
-    Aggregates category counts from all findings in the scan and creates
-    one ScanCategorySummary row per (category, severity) combination.
-
-    Args:
-        tenant_id: Target tenant UUID
-        scan_id: Scan UUID to backfill
-
-    Returns:
-        dict: Status indicating whether backfill was performed
-    """
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        if ScanCategorySummary.objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id
-        ).exists():
-            return {"status": "already backfilled"}
-
-        if not Scan.objects.filter(
-            tenant_id=tenant_id,
-            id=scan_id,
-            state__in=(StateChoices.COMPLETED, StateChoices.FAILED),
-        ).exists():
-            return {"status": "scan is not completed"}
-
-        category_counts: dict[tuple[str, str], dict[str, int]] = {}
-        for finding in Finding.all_objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id
-        ).values("categories", "severity", "status", "delta", "muted"):
-            aggregate_category_counts(
-                categories=finding.get("categories") or [],
-                severity=finding.get("severity"),
-                status=finding.get("status"),
-                delta=finding.get("delta"),
-                muted=finding.get("muted", False),
-                cache=category_counts,
-            )
-
-        if not category_counts:
-            return {"status": "no categories to backfill"}
-
-    category_summaries = [
-        ScanCategorySummary(
-            tenant_id=tenant_id,
-            scan_id=scan_id,
-            category=category,
-            severity=severity,
-            total_findings=counts["total"],
-            failed_findings=counts["failed"],
-            new_failed_findings=counts["new_failed"],
-        )
-        for (category, severity), counts in category_counts.items()
-    ]
-
-    with rls_transaction(tenant_id):
-        ScanCategorySummary.objects.bulk_create(
-            category_summaries, batch_size=500, ignore_conflicts=True
-        )
-
-    return {"status": "backfilled", "categories_count": len(category_counts)}
-
-
-def backfill_provider_compliance_scores(tenant_id: str) -> dict:
-    """
-    Backfill ProviderComplianceScore from latest completed scan per provider.
-
-    For each provider with completed scans, finds the most recent scan and
-    upserts compliance requirement statuses with FAIL-dominant aggregation.
-
-    Args:
-        tenant_id: Target tenant UUID
-
-    Returns:
-        dict: Statistics about the backfill operation
-    """
-    with rls_transaction(tenant_id, using=READ_REPLICA_ALIAS):
-        completed_scans = Scan.all_objects.filter(
-            tenant_id=tenant_id,
-            state=StateChoices.COMPLETED,
-            completed_at__isnull=False,
-        )
-        if not completed_scans.exists():
-            return {"status": "no completed scans"}
-
-        existing_providers = set(
-            ProviderComplianceScore.objects.filter(tenant_id=tenant_id)
-            .values_list("provider_id", flat=True)
-            .distinct()
-        )
-
-        if existing_providers:
-            completed_scans = completed_scans.exclude(
-                provider_id__in=existing_providers
-            )
-
-        scan_info = list(
-            completed_scans.order_by("provider_id", "-completed_at")
-            .distinct("provider_id")
-            .values("id", "provider_id", "completed_at")
-        )
-
-        if not scan_info:
-            return {"status": "no scans to process"}
-
-    total_upserted = 0
-    providers_processed = 0
-    providers_skipped = 0
-
-    for scan in scan_info:
-        provider_id = scan["provider_id"]
-
-        scan_id = scan["id"]
-
-        try:
-            with psycopg_connection(MainRouter.default_db) as connection:
-                connection.autocommit = False
-                try:
-                    with connection.cursor() as cursor:
-                        cursor.execute(
-                            SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id]
-                        )
-                        cursor.execute(
-                            COMPLIANCE_UPSERT_PROVIDER_SCORE_SQL,
-                            [tenant_id, str(scan_id)],
-                        )
-                        upserted = cursor.rowcount
-                    connection.commit()
-                    total_upserted += upserted
-                    providers_processed += 1
-                except Exception:
-                    connection.rollback()
-                    raise
-        except Exception as e:
-            providers_skipped += 1
-            logger.exception(
-                "Error backfilling provider %s for tenant %s: %s",
-                provider_id,
-                tenant_id,
-                e,
-            )
-
-    # Recalculate tenant summary after all providers are backfilled
-    if providers_processed > 0:
-        with psycopg_connection(MainRouter.default_db) as connection:
-            connection.autocommit = False
-            try:
-                with connection.cursor() as cursor:
-                    cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
-                    # Advisory lock to prevent race conditions
-                    cursor.execute(
-                        "SELECT pg_advisory_xact_lock(hashtext(%s))", [tenant_id]
-                    )
-                    cursor.execute(
-                        COMPLIANCE_UPSERT_TENANT_SUMMARY_ALL_SQL,
-                        [tenant_id, tenant_id],
-                    )
-                    tenant_summary_count = cursor.rowcount
-                connection.commit()
-            except Exception:
-                connection.rollback()
-                raise
-    else:
-        tenant_summary_count = 0
-
-    return {
-        "status": "backfilled",
-        "providers_processed": providers_processed,
-        "providers_skipped": providers_skipped,
-        "total_upserted": total_upserted,
-        "tenant_summary_count": tenant_summary_count,
-    }
@@ -27,7 +27,6 @@ from prowler.lib.outputs.compliance.c5.c5_gcp import GCPC5
 from prowler.lib.outputs.compliance.ccc.ccc_aws import CCC_AWS
 from prowler.lib.outputs.compliance.ccc.ccc_azure import CCC_Azure
 from prowler.lib.outputs.compliance.ccc.ccc_gcp import CCC_GCP
-from prowler.lib.outputs.compliance.cis.cis_alibabacloud import AlibabaCloudCIS
 from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
 from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
 from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
@@ -51,9 +50,6 @@ from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
    AzureMitreAttack,
 )
 from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_gcp import GCPMitreAttack
-from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_alibaba import (
-    ProwlerThreatScoreAlibaba,
-)
 from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_aws import (
    ProwlerThreatScoreAWS,
 )
@@ -132,13 +128,6 @@ COMPLIANCE_CLASS_MAP = {
    "oraclecloud": [
        (lambda name: name.startswith("cis_"), OracleCloudCIS),
    ],
-    "alibabacloud": [
-        (lambda name: name.startswith("cis_"), AlibabaCloudCIS),
-        (
-            lambda name: name == "prowler_threatscore_alibabacloud",
-            ProwlerThreatScoreAlibaba,
-        ),
-    ],
 }


@@ -19,9 +19,6 @@ from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.aws.lib.s3.s3 import S3
 from prowler.providers.aws.lib.security_hub.security_hub import SecurityHub
 from prowler.providers.common.models import Connection
-from prowler.providers.aws.lib.security_hub.exceptions.exceptions import (
-    SecurityHubNoEnabledRegionsError,
-)

 logger = get_task_logger(__name__)

@@ -225,9 +222,8 @@ def get_security_hub_client_from_integration(
        )
        return True, security_hub
    else:
-        # Reset regions information if connection fails and integration is not connected
+        # Reset regions information if connection fails
        with rls_transaction(tenant_id, using=MainRouter.default_db):
-            integration.connected = False
            integration.configuration["regions"] = {}
            integration.save()

@@ -334,18 +330,15 @@ def upload_security_hub_integration(
                                )

                                if not connected:
-                                    if isinstance(
-                                        security_hub.error,
-                                        SecurityHubNoEnabledRegionsError,
+                                    logger.error(
+                                        f"Security Hub connection failed for integration {integration.id}: "
+                                        f"{security_hub.error}"
+                                    )
+                                    with rls_transaction(
+                                        tenant_id, using=MainRouter.default_db
                                    ):
-                                        logger.warning(
-                                            f"Security Hub integration {integration.id} has no enabled regions"
-                                        )
-                                    else:
-                                        logger.error(
-                                            f"Security Hub connection failed for integration {integration.id}: "
-                                            f"{security_hub.error}"
-                                        )
+                                        integration.connected = False
+                                        integration.save()
                                    break  # Skip this integration

                                security_hub_client = security_hub
@@ -416,16 +409,22 @@ def upload_security_hub_integration(
                            logger.warning(
                                f"Failed to archive previous findings: {str(archive_error)}"
                            )
+
            except Exception as e:
                logger.error(
                    f"Security Hub integration {integration.id} failed: {str(e)}"
                )
+                continue

        result = integration_executions == len(integrations)
        if result:
            logger.info(
                f"All Security Hub integrations completed successfully for provider {provider_id}"
            )
+        else:
+            logger.error(
+                f"Some Security Hub integrations failed for provider {provider_id}"
+            )

        return result

@@ -11,41 +11,6 @@ from api.models import LighthouseProviderConfiguration, LighthouseProviderModels

 logger = get_task_logger(__name__)

-# OpenAI model prefixes to exclude from Lighthouse model selection.
-# These models don't support text chat completions and tool calling.
-EXCLUDED_OPENAI_MODEL_PREFIXES = (
-    "dall-e",  # Image generation
-    "whisper",  # Audio transcription
-    "tts-",  # Text-to-speech (tts-1, tts-1-hd, etc.)
-    "sora",  # Text-to-video (sora-2, sora-2-pro, etc.)
-    "text-embedding",  # Embeddings
-    "embedding",  # Embeddings (alternative naming)
-    "text-moderation",  # Content moderation
-    "omni-moderation",  # Content moderation
-    "text-davinci",  # Legacy completion models
-    "text-curie",  # Legacy completion models
-    "text-babbage",  # Legacy completion models
-    "text-ada",  # Legacy completion models
-    "davinci",  # Legacy completion models
-    "curie",  # Legacy completion models
-    "babbage",  # Legacy completion models
-    "ada",  # Legacy completion models
-    "computer-use",  # Computer control agent
-    "gpt-image",  # Image generation
-    "gpt-audio",  # Audio models
-    "gpt-realtime",  # Realtime voice API
-)
-
-# OpenAI model substrings to exclude (patterns that can appear anywhere in model ID).
-# These patterns identify non-chat model variants.
-EXCLUDED_OPENAI_MODEL_SUBSTRINGS = (
-    "-audio-",  # Audio preview models (gpt-4o-audio-preview, etc.)
-    "-realtime-",  # Realtime preview models (gpt-4o-realtime-preview, etc.)
-    "-transcribe",  # Transcription models (gpt-4o-transcribe, etc.)
-    "-tts",  # TTS models (gpt-4o-mini-tts)
-    "-instruct",  # Legacy instruct models (gpt-3.5-turbo-instruct, etc.)
-)
-

 def _extract_error_message(e: Exception) -> str:
    """
@@ -318,41 +283,20 @@ def _fetch_openai_models(api_key: str) -> Dict[str, str]:
    """
    Fetch available models from OpenAI API.

-    Filters out models that don't support text input/output and tool calling,
-    such as image generation (DALL-E), audio transcription (Whisper),
-    text-to-speech (TTS), embeddings, and moderation models.
-
    Args:
        api_key: OpenAI API key for authentication.

    Returns:
        Dict mapping model_id to model_name. For OpenAI, both are the same
-        as the API doesn't provide separate display names. Only includes
-        models that support text input, text output or tool calling.
+        as the API doesn't provide separate display names.

    Raises:
        Exception: If the API call fails.
    """
    client = openai.OpenAI(api_key=api_key)
    models = client.models.list()
-
-    # Filter models to only include those supporting chat completions + tool calling
-    filtered_models = {}
-    for model in getattr(models, "data", []):
-        model_id = model.id
-
-        # Skip if model ID starts with excluded prefixes
-        if model_id.startswith(EXCLUDED_OPENAI_MODEL_PREFIXES):
-            continue
-
-        # Skip if model ID contains excluded substrings
-        if any(substring in model_id for substring in EXCLUDED_OPENAI_MODEL_SUBSTRINGS):
-            continue
-
-        # Include model (supports chat completions + tool calling)
-        filtered_models[model_id] = model_id
-
-    return filtered_models
+    # OpenAI uses model.id for both ID and display name
+    return {m.id: m.id for m in getattr(models, "data", [])}


 def _fetch_openai_compatible_models(base_url: str, api_key: str) -> Dict[str, str]:
@@ -1,134 +0,0 @@
-"""
-Shared SQL queries for tasks.
-
-This module centralizes raw SQL queries used across multiple task modules
-to ensure consistency and maintainability.
-"""
-
-# =============================================================================
-# COMPLIANCE SCORE QUERIES
-# =============================================================================
-
-# Upsert provider compliance scores from a scan's compliance requirements.
-# Uses FAIL-dominant aggregation: FAIL > MANUAL > PASS
-# Parameters: [tenant_id, scan_id]
-COMPLIANCE_UPSERT_PROVIDER_SCORE_SQL = """
-    INSERT INTO provider_compliance_scores
-        (id, tenant_id, provider_id, scan_id, compliance_id, requirement_id,
-         requirement_status, scan_completed_at)
-    SELECT
-        gen_random_uuid(),
-        agg.tenant_id,
-        agg.provider_id,
-        agg.scan_id,
-        agg.compliance_id,
-        agg.requirement_id,
-        agg.requirement_status,
-        agg.completed_at
-    FROM (
-        SELECT DISTINCT ON (cro.compliance_id, cro.requirement_id)
-            cro.tenant_id,
-            s.provider_id,
-            cro.scan_id,
-            cro.compliance_id,
-            cro.requirement_id,
-            (CASE
-                WHEN bool_or(cro.requirement_status = 'FAIL')
-                    OVER (PARTITION BY cro.compliance_id, cro.requirement_id) THEN 'FAIL'
-                WHEN bool_or(cro.requirement_status = 'MANUAL')
-                    OVER (PARTITION BY cro.compliance_id, cro.requirement_id) THEN 'MANUAL'
-                ELSE 'PASS'
-            END)::status as requirement_status,
-            s.completed_at
-        FROM compliance_requirements_overviews cro
-        JOIN scans s ON s.id = cro.scan_id
-        WHERE cro.tenant_id = %s AND cro.scan_id = %s
-        ORDER BY cro.compliance_id, cro.requirement_id
-    ) agg
-    ON CONFLICT (tenant_id, provider_id, compliance_id, requirement_id)
-    DO UPDATE SET
-        requirement_status = EXCLUDED.requirement_status,
-        scan_id = EXCLUDED.scan_id,
-        scan_completed_at = EXCLUDED.scan_completed_at
-    WHERE EXCLUDED.scan_completed_at > provider_compliance_scores.scan_completed_at
-"""
-
-# Upsert tenant compliance summary for specific compliance IDs.
-# Aggregates across all providers with FAIL-dominant logic at requirement level.
-# Parameters: [tenant_id, tenant_id, compliance_ids_array]
-COMPLIANCE_UPSERT_TENANT_SUMMARY_SQL = """
-    INSERT INTO tenant_compliance_summaries
-        (id, tenant_id, compliance_id,
-         requirements_passed, requirements_failed, requirements_manual,
-         total_requirements, updated_at)
-    SELECT
-        gen_random_uuid(),
-        %s as tenant_id,
-        compliance_id,
-        COUNT(*) FILTER (WHERE req_status = 'PASS') as requirements_passed,
-        COUNT(*) FILTER (WHERE req_status = 'FAIL') as requirements_failed,
-        COUNT(*) FILTER (WHERE req_status = 'MANUAL') as requirements_manual,
-        COUNT(*) as total_requirements,
-        NOW() as updated_at
-    FROM (
-        SELECT
-            compliance_id,
-            requirement_id,
-            CASE
-                WHEN bool_or(requirement_status = 'FAIL') THEN 'FAIL'
-                WHEN bool_or(requirement_status = 'MANUAL') THEN 'MANUAL'
-                ELSE 'PASS'
-            END as req_status
-        FROM provider_compliance_scores
-        WHERE tenant_id = %s AND compliance_id = ANY(%s)
-        GROUP BY compliance_id, requirement_id
-    ) req_agg
-    GROUP BY compliance_id
-    ON CONFLICT (tenant_id, compliance_id)
-    DO UPDATE SET
-        requirements_passed = EXCLUDED.requirements_passed,
-        requirements_failed = EXCLUDED.requirements_failed,
-        requirements_manual = EXCLUDED.requirements_manual,
-        total_requirements = EXCLUDED.total_requirements,
-        updated_at = NOW()
-"""
-
-# Upsert tenant compliance summary for ALL compliance IDs in tenant.
-# Used by backfill when recalculating entire tenant summary.
-# Parameters: [tenant_id, tenant_id]
-COMPLIANCE_UPSERT_TENANT_SUMMARY_ALL_SQL = """
-    INSERT INTO tenant_compliance_summaries
-        (id, tenant_id, compliance_id,
-         requirements_passed, requirements_failed, requirements_manual,
-         total_requirements, updated_at)
-    SELECT
-        gen_random_uuid(),
-        %s as tenant_id,
-        compliance_id,
-        COUNT(*) FILTER (WHERE req_status = 'PASS') as requirements_passed,
-        COUNT(*) FILTER (WHERE req_status = 'FAIL') as requirements_failed,
-        COUNT(*) FILTER (WHERE req_status = 'MANUAL') as requirements_manual,
-        COUNT(*) as total_requirements,
-        NOW() as updated_at
-    FROM (
-        SELECT
-            compliance_id,
-            requirement_id,
-            CASE
-                WHEN bool_or(requirement_status = 'FAIL') THEN 'FAIL'
-                WHEN bool_or(requirement_status = 'MANUAL') THEN 'MANUAL'
-                ELSE 'PASS'
-            END as req_status
-        FROM provider_compliance_scores
-        WHERE tenant_id = %s
-        GROUP BY compliance_id, requirement_id
-    ) req_agg
-    GROUP BY compliance_id
-    ON CONFLICT (tenant_id, compliance_id)
-    DO UPDATE SET
-        requirements_passed = EXCLUDED.requirements_passed,
-        requirements_failed = EXCLUDED.requirements_failed,
-        requirements_manual = EXCLUDED.requirements_manual,
-        total_requirements = EXCLUDED.total_requirements,
-        updated_at = NOW()
-"""
@@ -243,28 +243,15 @@ def _safe_getattr(obj, attr: str, default: str = "N/A") -> str:


 def _create_info_table_style() -> TableStyle:
-    """Create a reusable table style for information/metadata tables.
-
-    ReportLab TableStyle coordinate system:
-        - Format: (COMMAND, (start_col, start_row), (end_col, end_row), value)
-        - Coordinates use (column, row) format, starting at (0, 0) for top-left cell
-        - Negative indices work like Python slicing: -1 means "last row/column"
-        - (0, 0) to (0, -1) = entire first column (all rows)
-        - (0, 0) to (-1, 0) = entire first row (all columns)
-        - (0, 0) to (-1, -1) = entire table
-        - Styles are applied in order; later rules override earlier ones
-    """
+    """Create a reusable table style for information/metadata tables."""
    return TableStyle(
        [
-            # Column 0 (labels): blue background with white text
            ("BACKGROUND", (0, 0), (0, -1), COLOR_BLUE),
            ("TEXTCOLOR", (0, 0), (0, -1), COLOR_WHITE),
            ("FONTNAME", (0, 0), (0, -1), "FiraCode"),
-            # Column 1 (values): light blue background with gray text
            ("BACKGROUND", (1, 0), (1, -1), COLOR_BG_BLUE),
            ("TEXTCOLOR", (1, 0), (1, -1), COLOR_GRAY),
            ("FONTNAME", (1, 0), (1, -1), "PlusJakartaSans"),
-            # Apply to entire table
            ("ALIGN", (0, 0), (-1, -1), "LEFT"),
            ("VALIGN", (0, 0), (-1, -1), "TOP"),
            ("FONTSIZE", (0, 0), (-1, -1), 11),
@@ -278,30 +265,19 @@ def _create_info_table_style() -> TableStyle:


 def _create_header_table_style(header_color: colors.Color = None) -> TableStyle:
-    """Create a reusable table style for tables with headers.
-
-    ReportLab TableStyle coordinate system:
-        - Format: (COMMAND, (start_col, start_row), (end_col, end_row), value)
-        - (0, 0) to (-1, 0) = entire first row (header row)
-        - (1, 1) to (-1, -1) = all data cells (excludes header row and first column)
-        - See _create_info_table_style() for full coordinate system documentation
-    """
+    """Create a reusable table style for tables with headers."""
    if header_color is None:
        header_color = COLOR_BLUE

    return TableStyle(
        [
-            # Header row (row 0): colored background with white text
            ("BACKGROUND", (0, 0), (-1, 0), header_color),
            ("TEXTCOLOR", (0, 0), (-1, 0), COLOR_WHITE),
            ("FONTNAME", (0, 0), (-1, 0), "FiraCode"),
            ("FONTSIZE", (0, 0), (-1, 0), 10),
-            # Apply to entire table
            ("ALIGN", (0, 0), (-1, -1), "CENTER"),
            ("VALIGN", (0, 0), (-1, -1), "MIDDLE"),
-            # Data cells (excluding header): smaller font
            ("FONTSIZE", (1, 1), (-1, -1), 9),
-            # Apply to entire table
            ("GRID", (0, 0), (-1, -1), 1, COLOR_GRID_GRAY),
            ("LEFTPADDING", (0, 0), (-1, -1), PADDING_MEDIUM),
            ("RIGHTPADDING", (0, 0), (-1, -1), PADDING_MEDIUM),
@@ -312,30 +288,18 @@ def _create_header_table_style(header_color: colors.Color = None) -> TableStyle:


 def _create_findings_table_style() -> TableStyle:
-    """Create a reusable table style for findings tables.
-
-    ReportLab TableStyle coordinate system:
-        - Format: (COMMAND, (start_col, start_row), (end_col, end_row), value)
-        - (0, 0) to (-1, 0) = entire first row (header row)
-        - (0, 0) to (0, 0) = only the top-left cell
-        - See _create_info_table_style() for full coordinate system documentation
-    """
+    """Create a reusable table style for findings tables."""
    return TableStyle(
        [
-            # Header row (row 0): colored background with white text
            ("BACKGROUND", (0, 0), (-1, 0), COLOR_BLUE),
            ("TEXTCOLOR", (0, 0), (-1, 0), COLOR_WHITE),
            ("FONTNAME", (0, 0), (-1, 0), "FiraCode"),
-            # Only top-left cell centered (for index/number column)
            ("ALIGN", (0, 0), (0, 0), "CENTER"),
-            # Apply to entire table
            ("VALIGN", (0, 0), (-1, -1), "MIDDLE"),
            ("FONTSIZE", (0, 0), (-1, -1), 9),
            ("GRID", (0, 0), (-1, -1), 0.1, COLOR_BORDER_GRAY),
-            # Remove padding only from top-left cell
            ("LEFTPADDING", (0, 0), (0, 0), 0),
            ("RIGHTPADDING", (0, 0), (0, 0), 0),
-            # Apply to entire table
            ("TOPPADDING", (0, 0), (-1, -1), PADDING_SMALL),
            ("BOTTOMPADDING", (0, 0), (-1, -1), PADDING_SMALL),
        ]
@@ -1139,15 +1103,11 @@ def generate_threatscore_report(
        elements.append(Spacer(1, 0.5 * inch))

        # Add compliance information table
-        provider_alias = provider_obj.alias or "N/A"
        info_data = [
            ["Framework:", compliance_framework],
            ["ID:", compliance_id],
            ["Name:", Paragraph(compliance_name, normal_center)],
            ["Version:", compliance_version],
-            ["Provider:", provider_type.upper()],
-            ["Account ID:", provider_obj.uid],
-            ["Alias:", provider_alias],
            ["Scan ID:", scan_id],
            ["Description:", Paragraph(compliance_description, normal_center)],
        ]
@@ -2099,15 +2059,12 @@ def generate_ens_report(
        elements.append(Spacer(1, 0.5 * inch))

        # Add compliance information table
-        provider_alias = provider_obj.alias or "N/A"
        info_data = [
            ["Framework:", compliance_framework],
            ["ID:", compliance_id],
            ["Nombre:", Paragraph(compliance_name, normal_center)],
            ["Versión:", compliance_version],
            ["Proveedor:", provider_type.upper()],
-            ["Account ID:", provider_obj.uid],
-            ["Alias:", provider_alias],
            ["Scan ID:", scan_id],
            ["Descripción:", Paragraph(compliance_description, normal_center)],
        ]
@@ -2115,12 +2072,12 @@ def generate_ens_report(
        info_table.setStyle(
            TableStyle(
                [
-                    ("BACKGROUND", (0, 0), (0, -1), colors.Color(0.2, 0.4, 0.6)),
-                    ("TEXTCOLOR", (0, 0), (0, -1), colors.white),
-                    ("FONTNAME", (0, 0), (0, -1), "FiraCode"),
-                    ("BACKGROUND", (1, 0), (1, -1), colors.Color(0.95, 0.97, 1.0)),
-                    ("TEXTCOLOR", (1, 0), (1, -1), colors.Color(0.2, 0.2, 0.2)),
-                    ("FONTNAME", (1, 0), (1, -1), "PlusJakartaSans"),
+                    ("BACKGROUND", (0, 0), (0, 6), colors.Color(0.2, 0.4, 0.6)),
+                    ("TEXTCOLOR", (0, 0), (0, 6), colors.white),
+                    ("FONTNAME", (0, 0), (0, 6), "FiraCode"),
+                    ("BACKGROUND", (1, 0), (1, 6), colors.Color(0.95, 0.97, 1.0)),
+                    ("TEXTCOLOR", (1, 0), (1, 6), colors.Color(0.2, 0.2, 0.2)),
+                    ("FONTNAME", (1, 0), (1, 6), "PlusJakartaSans"),
                    ("ALIGN", (0, 0), (-1, -1), "LEFT"),
                    ("VALIGN", (0, 0), (-1, -1), "TOP"),
                    ("FONTSIZE", (0, 0), (-1, -1), 11),
@@ -3040,14 +2997,11 @@ def generate_nis2_report(
        elements.append(Spacer(1, 0.3 * inch))

        # Compliance metadata table
-        provider_alias = provider_obj.alias or "N/A"
        metadata_data = [
            ["Framework:", compliance_framework],
            ["Name:", Paragraph(compliance_name, normal_center)],
            ["Version:", compliance_version or "N/A"],
            ["Provider:", provider_type.upper()],
-            ["Account ID:", provider_obj.uid],
-            ["Alias:", provider_alias],
            ["Scan ID:", scan_id],
            ["Description:", Paragraph(compliance_description, normal_center)],
        ]
@@ -3531,7 +3485,6 @@ def generate_compliance_reports(
        "gcp",
        "m365",
        "kubernetes",
-        "alibabacloud",
    ]:
        logger.info(
            f"Provider {provider_id} ({provider_type}) is not supported for ThreatScore report"
@@ -8,16 +8,11 @@ from collections import defaultdict
 from datetime import datetime, timezone
 from typing import Any

-import sentry_sdk
 from celery.utils.log import get_task_logger
 from config.env import env
 from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
 from django.db import IntegrityError, OperationalError
 from django.db.models import Case, Count, IntegerField, Prefetch, Q, Sum, When
-from tasks.jobs.queries import (
-    COMPLIANCE_UPSERT_PROVIDER_SCORE_SQL,
-    COMPLIANCE_UPSERT_TENANT_SUMMARY_SQL,
-)
 from tasks.utils import CustomEncoder

 from api.compliance import PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE
@@ -44,7 +39,6 @@ from api.models import (
    ResourceScanSummary,
    ResourceTag,
    Scan,
-    ScanCategorySummary,
    ScanSummary,
    StateChoices,
 )
@@ -83,6 +77,7 @@ FINDINGS_MICRO_BATCH_SIZE = env.int("DJANGO_FINDINGS_MICRO_BATCH_SIZE", default=
 # Controls how many rows each ORM bulk_create/bulk_update call sends to Postgres
 SCAN_DB_BATCH_SIZE = env.int("DJANGO_SCAN_DB_BATCH_SIZE", default=500)

+
 ATTACK_SURFACE_PROVIDER_COMPATIBILITY = {
    "internet-exposed": None,  # Compatible with all providers
    "secrets": None,  # Compatible with all providers
@@ -93,40 +88,6 @@ ATTACK_SURFACE_PROVIDER_COMPATIBILITY = {
 _ATTACK_SURFACE_MAPPING_CACHE: dict[str, dict] = {}


-def aggregate_category_counts(
-    categories: list[str],
-    severity: str,
-    status: str,
-    delta: str | None,
-    muted: bool,
-    cache: dict[tuple[str, str], dict[str, int]],
-) -> None:
-    """
-    Increment category counters in-place for a finding.
-
-    Args:
-        categories: List of categories from finding metadata.
-        severity: Severity level (e.g., "high", "medium").
-        status: Finding status as string ("FAIL", "PASS").
-        delta: Delta value as string ("new", "changed") or None.
-        muted: Whether the finding is muted.
-        cache: Dict {(category, severity): {"total", "failed", "new_failed"}} to update.
-    """
-    is_failed = status == "FAIL" and not muted
-    is_new_failed = is_failed and delta == "new"
-
-    for cat in categories:
-        key = (cat, severity)
-        if key not in cache:
-            cache[key] = {"total": 0, "failed": 0, "new_failed": 0}
-        if not muted:
-            cache[key]["total"] += 1
-        if is_failed:
-            cache[key]["failed"] += 1
-        if is_new_failed:
-            cache[key]["new_failed"] += 1
-
-
 def _get_attack_surface_mapping_from_provider(provider_type: str) -> dict:
    global _ATTACK_SURFACE_MAPPING_CACHE

@@ -437,7 +398,6 @@ def _process_finding_micro_batch(
    unique_resources: set,
    scan_resource_cache: set,
    mute_rules_cache: dict,
-    scan_categories_cache: dict[tuple[str, str], dict[str, int]],
 ) -> None:
    """
    Process a micro-batch of findings and persist them using bulk operations.
@@ -458,7 +418,6 @@ def _process_finding_micro_batch(
        unique_resources: Set tracking (uid, region) pairs seen in the scan.
        scan_resource_cache: Set of tuples used to create `ResourceScanSummary` rows.
        mute_rules_cache: Map of finding UID -> mute reason gathered before the scan.
-        scan_categories_cache: Dict tracking category counts {(category, severity): {"total", "failed", "new_failed"}}.
    """
    # Accumulate objects for bulk operations
    findings_to_create = []
@@ -614,12 +573,11 @@ def _process_finding_micro_batch(
            resource_failed_findings_cache[resource_uid] += 1

        # Create finding object (don't save yet)
-        check_metadata = finding.get_metadata()
        finding_instance = Finding(
            tenant_id=tenant_id,
            uid=finding_uid,
            delta=delta,
-            check_metadata=check_metadata,
+            check_metadata=finding.get_metadata(),
            status=status,
            status_extended=finding.status_extended,
            severity=finding.severity,
@@ -632,7 +590,6 @@ def _process_finding_micro_batch(
            muted_at=datetime.now(tz=timezone.utc) if is_muted else None,
            muted_reason=muted_reason,
            compliance=finding.compliance,
-            categories=check_metadata.get("categories", []) or [],
        )
        findings_to_create.append(finding_instance)
        resource_denormalized_data.append((finding_instance, resource_instance))
@@ -647,16 +604,6 @@ def _process_finding_micro_batch(
            )
        )

-        # Track categories with counts for ScanCategorySummary by (category, severity)
-        aggregate_category_counts(
-            categories=check_metadata.get("categories", []) or [],
-            severity=finding.severity.value,
-            status=status.value,
-            delta=delta.value if delta else None,
-            muted=is_muted,
-            cache=scan_categories_cache,
-        )
-
    # Bulk operations within single transaction
    with rls_transaction(tenant_id):
        # Bulk create findings
@@ -756,7 +703,6 @@ def perform_prowler_scan(
    exception = None
    unique_resources = set()
    scan_resource_cache: set[tuple[str, str, str, str]] = set()
-    scan_categories_cache: dict[tuple[str, str], dict[str, int]] = {}
    start_time = time.time()
    exc = None

@@ -846,7 +792,6 @@ def perform_prowler_scan(
                    unique_resources=unique_resources,
                    scan_resource_cache=scan_resource_cache,
                    mute_rules_cache=mute_rules_cache,
-                    scan_categories_cache=scan_categories_cache,
                )

            # Update scan progress
@@ -906,33 +851,13 @@ def perform_prowler_scan(
                resource_scan_summaries, batch_size=500, ignore_conflicts=True
            )
    except Exception as filter_exception:
+        import sentry_sdk
+
        sentry_sdk.capture_exception(filter_exception)
        logger.error(
            f"Error storing filter values for scan {scan_id}: {filter_exception}"
        )

-    try:
-        if scan_categories_cache:
-            category_summaries = [
-                ScanCategorySummary(
-                    tenant_id=tenant_id,
-                    scan_id=scan_id,
-                    category=category,
-                    severity=severity,
-                    total_findings=counts["total"],
-                    failed_findings=counts["failed"],
-                    new_failed_findings=counts["new_failed"],
-                )
-                for (category, severity), counts in scan_categories_cache.items()
-            ]
-            with rls_transaction(tenant_id):
-                ScanCategorySummary.objects.bulk_create(
-                    category_summaries, batch_size=500, ignore_conflicts=True
-                )
-    except Exception as cat_exception:
-        sentry_sdk.capture_exception(cat_exception)
-        logger.error(f"Error storing categories for scan {scan_id}: {cat_exception}")
-
    serializer = ScanTaskSerializer(instance=scan_instance)
    return serializer.data

@@ -1493,140 +1418,3 @@ def aggregate_daily_severity(tenant_id: str, scan_id: str):
        "date": str(scan_date),
        "severity_data": severity_data,
    }
-
-
-def update_provider_compliance_scores(tenant_id: str, scan_id: str):
-    """
-    Update ProviderComplianceScore with requirement statuses from a completed scan.
-
-    Uses atomic SQL upsert with ON CONFLICT for concurrency safety. Only updates
-    if the new scan is more recent than existing data. Also cleans up stale
-    requirements that no longer exist in the new scan.
-
-    Reads from primary DB (not replica) to avoid replication lag issues since
-    this runs immediately after create_compliance_requirements_task.
-
-    Args:
-        tenant_id: Tenant that owns the scan.
-        scan_id: Scan UUID whose compliance data should be materialized.
-
-    Returns:
-        dict: Statistics about the upsert operation.
-    """
-    with rls_transaction(tenant_id):
-        scan = (
-            Scan.all_objects.filter(
-                tenant_id=tenant_id,
-                id=scan_id,
-                state=StateChoices.COMPLETED,
-            )
-            .select_related("provider")
-            .first()
-        )
-
-        if not scan:
-            logger.warning(
-                f"Scan {scan_id} not found or not completed for compliance score update"
-            )
-            return {"status": "skipped", "reason": "scan not completed"}
-
-        if not scan.completed_at:
-            logger.warning(f"Scan {scan_id} has no completed_at timestamp")
-            return {"status": "skipped", "reason": "no completed_at"}
-
-        provider_id = str(scan.provider_id)
-        scan_completed_at = scan.completed_at
-
-    delete_stale_sql = """
-        DELETE FROM provider_compliance_scores pcs
-        WHERE pcs.tenant_id = %s
-          AND pcs.provider_id = %s
-          AND pcs.scan_completed_at < %s
-          AND NOT EXISTS (
-              SELECT 1 FROM compliance_requirements_overviews cro
-              WHERE cro.tenant_id = pcs.tenant_id
-                AND cro.scan_id = %s
-                AND cro.compliance_id = pcs.compliance_id
-                AND cro.requirement_id = pcs.requirement_id
-          )
-        RETURNING compliance_id
-    """
-
-    compliance_ids_sql = """
-        SELECT DISTINCT compliance_id
-        FROM compliance_requirements_overviews
-        WHERE tenant_id = %s AND scan_id = %s
-    """
-
-    try:
-        with psycopg_connection(MainRouter.default_db) as connection:
-            connection.autocommit = False
-            try:
-                with connection.cursor() as cursor:
-                    cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
-
-                    # Update requirement-level scores per provider
-                    cursor.execute(
-                        COMPLIANCE_UPSERT_PROVIDER_SCORE_SQL, [tenant_id, scan_id]
-                    )
-                    upserted_count = cursor.rowcount
-
-                    cursor.execute(compliance_ids_sql, [tenant_id, scan_id])
-                    scan_rows = cursor.fetchall()
-                    if not isinstance(scan_rows, (list, tuple)):
-                        scan_rows = []
-                    scan_compliance_ids = {row[0] for row in scan_rows}
-
-                    cursor.execute(
-                        delete_stale_sql,
-                        [tenant_id, provider_id, scan_completed_at, scan_id],
-                    )
-                    deleted_rows = cursor.fetchall()
-                    if not isinstance(deleted_rows, (list, tuple)):
-                        deleted_rows = []
-                    deleted_ids = {row[0] for row in deleted_rows}
-                    stale_deleted = len(deleted_ids)
-
-                    impacted_compliance_ids = sorted(scan_compliance_ids | deleted_ids)
-
-                    if impacted_compliance_ids:
-                        # Advisory lock on tenant to prevent race conditions when
-                        # multiple scans complete simultaneously for the same tenant
-                        cursor.execute(
-                            "SELECT pg_advisory_xact_lock(hashtext(%s))", [tenant_id]
-                        )
-
-                        # Recalculate tenant-level summary (FAIL-dominant across all providers)
-                        cursor.execute(
-                            COMPLIANCE_UPSERT_TENANT_SUMMARY_SQL,
-                            [tenant_id, tenant_id, impacted_compliance_ids],
-                        )
-                        tenant_summary_count = cursor.rowcount
-                    else:
-                        tenant_summary_count = 0
-
-                connection.commit()
-            except Exception:
-                connection.rollback()
-                raise
-
-        logger.info(
-            f"Provider compliance scores updated for scan {scan_id}: "
-            f"{upserted_count} upserted, {stale_deleted} stale deleted, "
-            f"{tenant_summary_count} tenant summaries upserted"
-        )
-
-        return {
-            "status": "completed",
-            "scan_id": str(scan_id),
-            "provider_id": provider_id,
-            "upserted": upserted_count,
-            "stale_deleted": stale_deleted,
-            "tenant_summary_count": tenant_summary_count,
-        }
-
-    except Exception as e:
-        logger.error(
-            f"Error updating provider compliance scores for scan {scan_id}: {e}"
-        )
-        raise
@@ -11,9 +11,7 @@ from django_celery_beat.models import PeriodicTask
 from tasks.jobs.backfill import (
    backfill_compliance_summaries,
    backfill_daily_severity_summaries,
-    backfill_provider_compliance_scores,
    backfill_resource_scan_summaries,
-    backfill_scan_category_summaries,
 )
 from tasks.jobs.connection import (
    check_integration_connection,
@@ -45,7 +43,6 @@ from tasks.jobs.scan import (
    aggregate_findings,
    create_compliance_requirements,
    perform_prowler_scan,
-    update_provider_compliance_scores,
 )
 from tasks.utils import batched, get_next_execution_datetime

@@ -63,58 +60,6 @@ from prowler.lib.outputs.finding import Finding as FindingOutput
 logger = get_task_logger(__name__)


-def _cleanup_orphan_scheduled_scans(
-    tenant_id: str,
-    provider_id: str,
-    scheduler_task_id: int,
-) -> int:
-    """
-    TEMPORARY WORKAROUND: Clean up orphan AVAILABLE scans.
-
-    Detects and removes AVAILABLE scans that were never used due to an
-    issue during the first scheduled scan setup.
-
-    An AVAILABLE scan is considered orphan if there's also a SCHEDULED scan for
-    the same provider with the same scheduler_task_id. This situation indicates
-    that the first scan execution didn't find the AVAILABLE scan (because it
-    wasn't committed yet, probably) and created a new one, leaving the AVAILABLE orphaned.
-
-    Args:
-        tenant_id: The tenant ID.
-        provider_id: The provider ID.
-        scheduler_task_id: The PeriodicTask ID that triggers these scans.
-
-    Returns:
-        Number of orphan scans deleted (0 if none found).
-    """
-    orphan_available_scans = Scan.objects.filter(
-        tenant_id=tenant_id,
-        provider_id=provider_id,
-        trigger=Scan.TriggerChoices.SCHEDULED,
-        state=StateChoices.AVAILABLE,
-        scheduler_task_id=scheduler_task_id,
-    )
-
-    scheduled_scan_exists = Scan.objects.filter(
-        tenant_id=tenant_id,
-        provider_id=provider_id,
-        trigger=Scan.TriggerChoices.SCHEDULED,
-        state=StateChoices.SCHEDULED,
-        scheduler_task_id=scheduler_task_id,
-    ).exists()
-
-    if scheduled_scan_exists and orphan_available_scans.exists():
-        orphan_count = orphan_available_scans.count()
-        logger.warning(
-            f"[WORKAROUND] Found {orphan_count} orphan AVAILABLE scan(s) for "
-            f"provider {provider_id} alongside a SCHEDULED scan. Cleaning up orphans..."
-        )
-        orphan_available_scans.delete()
-        return orphan_count
-
-    return 0
-
-
 def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str):
    """
    Helper function to perform tasks after a scan is completed.
@@ -124,10 +69,9 @@ def _perform_scan_complete_tasks(tenant_id: str, scan_id: str, provider_id: str)
        scan_id (str): The ID of the scan that was performed.
        provider_id (str): The primary key of the Provider instance that was scanned.
    """
-    chain(
-        create_compliance_requirements_task.si(tenant_id=tenant_id, scan_id=scan_id),
-        update_provider_compliance_scores_task.si(tenant_id=tenant_id, scan_id=scan_id),
-    ).apply_async()
+    create_compliance_requirements_task.apply_async(
+        kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
+    )
    aggregate_attack_surface_task.apply_async(
        kwargs={"tenant_id": tenant_id, "scan_id": scan_id}
    )
@@ -302,14 +246,6 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
            return serializer.data

        next_scan_datetime = get_next_execution_datetime(task_id, provider_id)
-
-        # TEMPORARY WORKAROUND: Clean up orphan scans from transaction isolation issue
-        _cleanup_orphan_scheduled_scans(
-            tenant_id=tenant_id,
-            provider_id=provider_id,
-            scheduler_task_id=periodic_task_instance.id,
-        )
-
        scan_instance, _ = Scan.objects.get_or_create(
            tenant_id=tenant_id,
            provider_id=provider_id,
@@ -598,35 +534,6 @@ def backfill_daily_severity_summaries_task(tenant_id: str, days: int = None):
    return backfill_daily_severity_summaries(tenant_id=tenant_id, days=days)


-@shared_task(name="backfill-scan-category-summaries", queue="backfill")
-@handle_provider_deletion
-def backfill_scan_category_summaries_task(tenant_id: str, scan_id: str):
-    """
-    Backfill ScanCategorySummary for a completed scan.
-
-    Aggregates unique categories from findings and creates a summary row.
-
-    Args:
-        tenant_id (str): The tenant identifier.
-        scan_id (str): The scan identifier.
-    """
-    return backfill_scan_category_summaries(tenant_id=tenant_id, scan_id=scan_id)
-
-
-@shared_task(name="backfill-provider-compliance-scores", queue="backfill")
-def backfill_provider_compliance_scores_task(tenant_id: str):
-    """
-    Backfill ProviderComplianceScore from latest completed scan per provider.
-
-    Used to populate the compliance watchlist materialized table for tenants
-    that had scans before the feature was deployed.
-
-    Args:
-        tenant_id: Target tenant UUID.
-    """
-    return backfill_provider_compliance_scores(tenant_id=tenant_id)
-
-
@shared_task(base=RLSTask, name="scan-compliance-overviews", queue="compliance")
@handle_provider_deletion
 def create_compliance_requirements_task(tenant_id: str, scan_id: str):
@@ -660,21 +567,6 @@ def aggregate_attack_surface_task(tenant_id: str, scan_id: str):
    return aggregate_attack_surface(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(name="scan-provider-compliance-scores", queue="compliance")
-def update_provider_compliance_scores_task(tenant_id: str, scan_id: str):
-    """
-    Update provider compliance scores from a completed scan.
-
-    This task materializes compliance requirement statuses into ProviderComplianceScore
-    for efficient watchlist queries. Uses atomic upsert with concurrency protection.
-
-    Args:
-        tenant_id (str): The tenant ID for which to update scores.
-        scan_id (str): The ID of the scan whose data should be materialized.
-    """
-    return update_provider_compliance_scores(tenant_id=tenant_id, scan_id=scan_id)
-
-
@shared_task(name="scan-daily-severity", queue="overview")
@handle_provider_deletion
 def aggregate_daily_severity_task(tenant_id: str, scan_id: str):
@@ -1,25 +1,17 @@
-from datetime import datetime, timezone
-from unittest.mock import MagicMock, patch
 from uuid import uuid4

 import pytest
 from tasks.jobs.backfill import (
    backfill_compliance_summaries,
-    backfill_provider_compliance_scores,
    backfill_resource_scan_summaries,
-    backfill_scan_category_summaries,
 )

 from api.models import (
    ComplianceOverviewSummary,
-    Finding,
    ResourceScanSummary,
    Scan,
-    ScanCategorySummary,
    StateChoices,
 )
-from prowler.lib.check.models import Severity
-from prowler.lib.outputs.finding import Status


@pytest.fixture(scope="function")
@@ -54,45 +46,6 @@ def get_not_completed_scans(providers_fixture):
    return scan_1, scan_2


-@pytest.fixture(scope="function")
-def findings_with_categories_fixture(scans_fixture, resources_fixture):
-    scan = scans_fixture[0]
-    resource = resources_fixture[0]
-
-    finding = Finding.objects.create(
-        tenant_id=scan.tenant_id,
-        uid="finding_with_categories",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status",
-        impact=Severity.critical,
-        impact_extended="test impact",
-        severity=Severity.critical,
-        raw_result={"status": Status.FAIL},
-        check_id="test_check",
-        check_metadata={"CheckId": "test_check"},
-        categories=["gen-ai", "security"],
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-    finding.add_resources([resource])
-    return finding
-
-
-@pytest.fixture(scope="function")
-def scan_category_summary_fixture(scans_fixture):
-    scan = scans_fixture[0]
-    return ScanCategorySummary.objects.create(
-        tenant_id=scan.tenant_id,
-        scan=scan,
-        category="existing-category",
-        severity=Severity.critical,
-        total_findings=1,
-        failed_findings=0,
-        new_failed_findings=0,
-    )
-
-
@pytest.mark.django_db
 class TestBackfillResourceScanSummaries:
    def test_already_backfilled(self, resource_scan_summary_data):
@@ -219,106 +172,3 @@ class TestBackfillComplianceSummaries:
            assert summary.requirements_failed == expected_counts["requirements_failed"]
            assert summary.requirements_manual == expected_counts["requirements_manual"]
            assert summary.total_requirements == expected_counts["total_requirements"]
-
-
-@pytest.mark.django_db
-class TestBackfillScanCategorySummaries:
-    def test_already_backfilled(self, scan_category_summary_fixture):
-        tenant_id = scan_category_summary_fixture.tenant_id
-        scan_id = scan_category_summary_fixture.scan_id
-
-        result = backfill_scan_category_summaries(str(tenant_id), str(scan_id))
-
-        assert result == {"status": "already backfilled"}
-
-    def test_not_completed_scan(self, get_not_completed_scans):
-        for scan in get_not_completed_scans:
-            result = backfill_scan_category_summaries(str(scan.tenant_id), str(scan.id))
-            assert result == {"status": "scan is not completed"}
-
-    def test_no_categories_to_backfill(self, scans_fixture):
-        scan = scans_fixture[1]  # Failed scan with no findings
-        result = backfill_scan_category_summaries(str(scan.tenant_id), str(scan.id))
-        assert result == {"status": "no categories to backfill"}
-
-    def test_successful_backfill(self, findings_with_categories_fixture):
-        finding = findings_with_categories_fixture
-        tenant_id = str(finding.tenant_id)
-        scan_id = str(finding.scan_id)
-
-        result = backfill_scan_category_summaries(tenant_id, scan_id)
-
-        # 2 categories × 1 severity = 2 rows
-        assert result == {"status": "backfilled", "categories_count": 2}
-
-        summaries = ScanCategorySummary.objects.filter(
-            tenant_id=tenant_id, scan_id=scan_id
-        )
-        assert summaries.count() == 2
-        categories = set(summaries.values_list("category", flat=True))
-        assert categories == {"gen-ai", "security"}
-
-        for summary in summaries:
-            assert summary.severity == Severity.critical
-            assert summary.total_findings == 1
-            assert summary.failed_findings == 1
-            assert summary.new_failed_findings == 1
-
-
-@pytest.mark.django_db
-class TestBackfillProviderComplianceScores:
-    def test_no_completed_scans(self, tenants_fixture):
-        tenant = tenants_fixture[2]
-        result = backfill_provider_compliance_scores(str(tenant.id))
-        assert result == {"status": "no completed scans"}
-
-    def test_no_scans_to_process(self, tenants_fixture, scans_fixture):
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        scan.completed_at = None
-        scan.save()
-
-        result = backfill_provider_compliance_scores(str(tenant.id))
-        assert result == {"status": "no completed scans"}
-
-    @patch("tasks.jobs.backfill.psycopg_connection")
-    def test_successful_backfill_executes_sql_queries(
-        self,
-        mock_psycopg_connection,
-        tenants_fixture,
-        scans_fixture,
-        settings,
-    ):
-        """Test successful backfill executes SQL queries and returns correct stats."""
-        settings.DATABASES.setdefault("admin", settings.DATABASES["default"])
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-
-        # Set completed_at to make the scan eligible for backfill
-        scan.completed_at = datetime.now(timezone.utc)
-        scan.save()
-
-        connection = MagicMock()
-        cursor = MagicMock()
-        cursor_context = MagicMock()
-        cursor_context.__enter__.return_value = cursor
-        cursor_context.__exit__.return_value = False
-        connection.cursor.return_value = cursor_context
-        connection.__enter__.return_value = connection
-        connection.__exit__.return_value = False
-        connection.autocommit = True
-
-        context_manager = MagicMock()
-        context_manager.__enter__.return_value = connection
-        context_manager.__exit__.return_value = False
-        mock_psycopg_connection.return_value = context_manager
-
-        cursor.rowcount = 5
-
-        result = backfill_provider_compliance_scores(str(tenant.id))
-
-        assert result["status"] == "backfilled"
-        assert result["providers_processed"] == 1
-        assert result["providers_skipped"] == 0
-        assert result["total_upserted"] == 5
-        assert result["tenant_summary_count"] == 5
@@ -28,7 +28,6 @@ class TestScheduleProviderScan:
                    "tenant_id": str(provider_instance.tenant_id),
                    "provider_id": str(provider_instance.id),
                },
-                countdown=5,
            )

            task_name = f"scan-perform-scheduled-{provider_instance.id}"
@@ -1199,6 +1199,9 @@ class TestSecurityHubIntegrationUploads:
                    )

        assert result is False
+        # Integration should be marked as disconnected
+        integration.save.assert_called_once()
+        assert integration.connected is False

    @patch("tasks.jobs.integrations.ASFF")
    @patch("tasks.jobs.integrations.FindingOutput")
@@ -20,11 +20,9 @@ from tasks.jobs.scan import (
    _process_finding_micro_batch,
    _store_resources,
    aggregate_attack_surface,
-    aggregate_category_counts,
    aggregate_findings,
    create_compliance_requirements,
    perform_prowler_scan,
-    update_provider_compliance_scores,
 )
 from tasks.utils import CustomEncoder

@@ -1379,7 +1377,6 @@ class TestProcessFindingMicroBatch:
        unique_resources: set[tuple[str, str]] = set()
        scan_resource_cache: set[tuple[str, str, str, str]] = set()
        mute_rules_cache = {}
-        scan_categories_cache: dict[tuple[str, str], dict[str, int]] = {}

        with (
            patch("tasks.jobs.scan.rls_transaction", new=noop_rls_transaction),
@@ -1397,7 +1394,6 @@ class TestProcessFindingMicroBatch:
                unique_resources,
                scan_resource_cache,
                mute_rules_cache,
-                scan_categories_cache,
            )

        created_finding = Finding.objects.get(uid=finding.uid)
@@ -1490,7 +1486,6 @@ class TestProcessFindingMicroBatch:
        unique_resources: set[tuple[str, str]] = set()
        scan_resource_cache: set[tuple[str, str, str, str]] = set()
        mute_rules_cache = {finding.uid: "Muted via rule"}
-        scan_categories_cache: dict[tuple[str, str], dict[str, int]] = {}

        with (
            patch("tasks.jobs.scan.rls_transaction", new=noop_rls_transaction),
@@ -1508,7 +1503,6 @@ class TestProcessFindingMicroBatch:
                unique_resources,
                scan_resource_cache,
                mute_rules_cache,
-                scan_categories_cache,
            )

        existing_resource.refresh_from_db()
@@ -1616,7 +1610,6 @@ class TestProcessFindingMicroBatch:
        unique_resources: set[tuple[str, str]] = set()
        scan_resource_cache: set[tuple[str, str, str, str]] = set()
        mute_rules_cache = {}
-        scan_categories_cache: dict[tuple[str, str], dict[str, int]] = {}

        with (
            patch("tasks.jobs.scan.rls_transaction", new=noop_rls_transaction),
@@ -1635,7 +1628,6 @@ class TestProcessFindingMicroBatch:
                unique_resources,
                scan_resource_cache,
                mute_rules_cache,
-                scan_categories_cache,
            )

        # Verify the long UID finding was NOT created
@@ -1656,118 +1648,6 @@ class TestProcessFindingMicroBatch:
            for call in warning_calls
        )

-    def test_process_finding_micro_batch_tracks_categories(
-        self, tenants_fixture, scans_fixture
-    ):
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        provider = scan.provider
-
-        finding1 = FakeFinding(
-            uid="finding-cat-1",
-            status=StatusChoices.PASS,
-            status_extended="all good",
-            severity=Severity.low,
-            check_id="genai_check",
-            resource_uid="arn:aws:bedrock:::model/test",
-            resource_name="test-model",
-            region="us-east-1",
-            service_name="bedrock",
-            resource_type="model",
-            resource_tags={},
-            resource_metadata={},
-            resource_details={},
-            partition="aws",
-            raw={},
-            compliance={},
-            metadata={"categories": ["gen-ai", "security"]},
-            muted=False,
-        )
-
-        finding2 = FakeFinding(
-            uid="finding-cat-2",
-            status=StatusChoices.FAIL,
-            status_extended="bad",
-            severity=Severity.high,
-            check_id="iam_check",
-            resource_uid="arn:aws:iam:::user/test",
-            resource_name="test-user",
-            region="us-east-1",
-            service_name="iam",
-            resource_type="user",
-            resource_tags={},
-            resource_metadata={},
-            resource_details={},
-            partition="aws",
-            raw={},
-            compliance={},
-            metadata={"categories": ["security", "iam"]},
-            muted=False,
-        )
-
-        resource_cache = {}
-        tag_cache = {}
-        last_status_cache = {}
-        resource_failed_findings_cache = {}
-        unique_resources: set[tuple[str, str]] = set()
-        scan_resource_cache: set[tuple[str, str, str, str]] = set()
-        mute_rules_cache = {}
-        scan_categories_cache: dict[tuple[str, str], dict[str, int]] = {}
-
-        with (
-            patch("tasks.jobs.scan.rls_transaction", new=noop_rls_transaction),
-            patch("api.db_utils.rls_transaction", new=noop_rls_transaction),
-        ):
-            _process_finding_micro_batch(
-                str(tenant.id),
-                [finding1, finding2],
-                scan,
-                provider,
-                resource_cache,
-                tag_cache,
-                last_status_cache,
-                resource_failed_findings_cache,
-                unique_resources,
-                scan_resource_cache,
-                mute_rules_cache,
-                scan_categories_cache,
-            )
-
-        # finding1: PASS, severity=low, categories=["gen-ai", "security"]
-        # finding2: FAIL, severity=high, categories=["security", "iam"]
-        # Keys are (category, severity) tuples
-        assert set(scan_categories_cache.keys()) == {
-            ("gen-ai", "low"),
-            ("security", "low"),
-            ("security", "high"),
-            ("iam", "high"),
-        }
-        assert scan_categories_cache[("gen-ai", "low")] == {
-            "total": 1,
-            "failed": 0,
-            "new_failed": 0,
-        }
-        assert scan_categories_cache[("security", "low")] == {
-            "total": 1,
-            "failed": 0,
-            "new_failed": 0,
-        }
-        assert scan_categories_cache[("security", "high")] == {
-            "total": 1,
-            "failed": 1,
-            "new_failed": 1,
-        }
-        assert scan_categories_cache[("iam", "high")] == {
-            "total": 1,
-            "failed": 1,
-            "new_failed": 1,
-        }
-
-        created_finding1 = Finding.objects.get(uid="finding-cat-1")
-        created_finding2 = Finding.objects.get(uid="finding-cat-2")
-        assert set(created_finding1.categories) == {"gen-ai", "security"}
-        assert set(created_finding2.categories) == {"security", "iam"}
-

@pytest.mark.django_db
 class TestCreateComplianceRequirements:
@@ -3876,270 +3756,3 @@ class TestAggregateAttackSurface:
            aggregate_attack_surface(str(tenant.id), str(scan.id))

        mock_select_related.assert_called_once_with("provider")
-
-
-class TestAggregateCategoryCounts:
-    """Test aggregate_category_counts helper function."""
-
-    def test_aggregate_category_counts_basic(self):
-        """Test basic category counting for a non-muted PASS finding."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["security", "iam"],
-            severity="high",
-            status="PASS",
-            delta=None,
-            muted=False,
-            cache=cache,
-        )
-
-        assert ("security", "high") in cache
-        assert ("iam", "high") in cache
-        assert cache[("security", "high")] == {"total": 1, "failed": 0, "new_failed": 0}
-        assert cache[("iam", "high")] == {"total": 1, "failed": 0, "new_failed": 0}
-
-    def test_aggregate_category_counts_fail_not_muted(self):
-        """Test category counting for a non-muted FAIL finding."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["security"],
-            severity="critical",
-            status="FAIL",
-            delta=None,
-            muted=False,
-            cache=cache,
-        )
-
-        assert cache[("security", "critical")] == {
-            "total": 1,
-            "failed": 1,
-            "new_failed": 0,
-        }
-
-    def test_aggregate_category_counts_new_fail(self):
-        """Test category counting for a new FAIL finding (delta='new')."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["gen-ai"],
-            severity="high",
-            status="FAIL",
-            delta="new",
-            muted=False,
-            cache=cache,
-        )
-
-        assert cache[("gen-ai", "high")] == {"total": 1, "failed": 1, "new_failed": 1}
-
-    def test_aggregate_category_counts_muted_finding(self):
-        """Test that muted findings are excluded from all counts."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["security"],
-            severity="high",
-            status="FAIL",
-            delta="new",
-            muted=True,
-            cache=cache,
-        )
-
-        assert cache[("security", "high")] == {"total": 0, "failed": 0, "new_failed": 0}
-
-    def test_aggregate_category_counts_accumulates(self):
-        """Test that multiple calls accumulate counts."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-
-        # First finding: PASS
-        aggregate_category_counts(
-            categories=["security"],
-            severity="high",
-            status="PASS",
-            delta=None,
-            muted=False,
-            cache=cache,
-        )
-
-        # Second finding: FAIL (new)
-        aggregate_category_counts(
-            categories=["security"],
-            severity="high",
-            status="FAIL",
-            delta="new",
-            muted=False,
-            cache=cache,
-        )
-
-        # Third finding: FAIL (changed)
-        aggregate_category_counts(
-            categories=["security"],
-            severity="high",
-            status="FAIL",
-            delta="changed",
-            muted=False,
-            cache=cache,
-        )
-
-        assert cache[("security", "high")] == {"total": 3, "failed": 2, "new_failed": 1}
-
-    def test_aggregate_category_counts_empty_categories(self):
-        """Test with empty categories list."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=[],
-            severity="high",
-            status="FAIL",
-            delta="new",
-            muted=False,
-            cache=cache,
-        )
-
-        assert cache == {}
-
-    def test_aggregate_category_counts_changed_delta(self):
-        """Test that changed delta increments failed but not new_failed."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["iam"],
-            severity="medium",
-            status="FAIL",
-            delta="changed",
-            muted=False,
-            cache=cache,
-        )
-
-        assert cache[("iam", "medium")] == {"total": 1, "failed": 1, "new_failed": 0}
-
-    def test_aggregate_category_counts_multiple_categories_single_finding(self):
-        """Test single finding with multiple categories."""
-        cache: dict[tuple[str, str], dict[str, int]] = {}
-        aggregate_category_counts(
-            categories=["security", "compliance", "data-protection"],
-            severity="low",
-            status="FAIL",
-            delta="new",
-            muted=False,
-            cache=cache,
-        )
-
-        assert len(cache) == 3
-        for cat in ["security", "compliance", "data-protection"]:
-            assert cache[(cat, "low")] == {"total": 1, "failed": 1, "new_failed": 1}
-
-
-@pytest.mark.django_db
-class TestUpdateProviderComplianceScores:
-    @patch("tasks.jobs.scan.psycopg_connection")
-    def test_update_provider_compliance_scores_basic(
-        self,
-        mock_psycopg_connection,
-        tenants_fixture,
-        scans_fixture,
-        settings,
-    ):
-        settings.DATABASES.setdefault("admin", settings.DATABASES["default"])
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        tenant_id = str(tenant.id)
-        scan_id = str(scan.id)
-
-        scan.state = StateChoices.COMPLETED
-        scan.completed_at = datetime.now(timezone.utc)
-        scan.save()
-
-        connection = MagicMock()
-        cursor = MagicMock()
-        cursor_context = MagicMock()
-        cursor_context.__enter__.return_value = cursor
-        cursor_context.__exit__.return_value = False
-        connection.cursor.return_value = cursor_context
-        connection.__enter__.return_value = connection
-        connection.__exit__.return_value = False
-        connection.autocommit = True
-
-        context_manager = MagicMock()
-        context_manager.__enter__.return_value = connection
-        context_manager.__exit__.return_value = False
-        mock_psycopg_connection.return_value = context_manager
-
-        cursor.rowcount = 2
-
-        result = update_provider_compliance_scores(tenant_id, scan_id)
-
-        assert result["status"] == "completed"
-        assert result["upserted"] == 2
-        assert cursor.execute.call_count >= 3
-        connection.commit.assert_called_once()
-
-    def test_update_provider_compliance_scores_skips_incomplete_scan(
-        self, tenants_fixture, scans_fixture
-    ):
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[1]
-        tenant_id = str(tenant.id)
-        scan_id = str(scan.id)
-
-        result = update_provider_compliance_scores(tenant_id, scan_id)
-
-        assert result["status"] == "skipped"
-        assert result["reason"] == "scan not completed"
-
-    def test_update_provider_compliance_scores_skips_no_completed_at(
-        self, tenants_fixture, scans_fixture
-    ):
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        tenant_id = str(tenant.id)
-        scan_id = str(scan.id)
-
-        scan.state = StateChoices.COMPLETED
-        scan.completed_at = None
-        scan.save()
-
-        result = update_provider_compliance_scores(tenant_id, scan_id)
-
-        assert result["status"] == "skipped"
-        assert result["reason"] == "no completed_at"
-
-    @patch("tasks.jobs.scan.psycopg_connection")
-    def test_update_provider_compliance_scores_executes_sql_queries(
-        self,
-        mock_psycopg_connection,
-        tenants_fixture,
-        providers_fixture,
-        scans_fixture,
-        settings,
-    ):
-        settings.DATABASES.setdefault("admin", settings.DATABASES["default"])
-        tenant = tenants_fixture[0]
-        scan = scans_fixture[0]
-        tenant_id = str(tenant.id)
-        scan_id = str(scan.id)
-
-        scan.state = StateChoices.COMPLETED
-        scan.completed_at = datetime.now(timezone.utc)
-        scan.save()
-
-        connection = MagicMock()
-        cursor = MagicMock()
-        cursor_context = MagicMock()
-        cursor_context.__enter__.return_value = cursor
-        cursor_context.__exit__.return_value = False
-        connection.cursor.return_value = cursor_context
-        connection.__enter__.return_value = connection
-        connection.__exit__.return_value = False
-
-        context_manager = MagicMock()
-        context_manager.__enter__.return_value = connection
-        context_manager.__exit__.return_value = False
-        mock_psycopg_connection.return_value = context_manager
-
-        cursor.rowcount = 1
-        cursor.fetchall.side_effect = [[("aws_cis_2.0",)], []]
-
-        result = update_provider_compliance_scores(tenant_id, scan_id)
-
-        assert result["status"] == "completed"
-
-        calls = [str(c) for c in cursor.execute.call_args_list]
-        assert any("provider_compliance_scores" in c for c in calls)
-        assert any("tenant_compliance_summaries" in c for c in calls)
-        assert any("pg_advisory_xact_lock" in c for c in calls)
@@ -4,13 +4,11 @@ from unittest.mock import MagicMock, patch
 import openai
 import pytest
 from botocore.exceptions import ClientError
-from django_celery_beat.models import IntervalSchedule, PeriodicTask
 from tasks.jobs.lighthouse_providers import (
    _create_bedrock_client,
    _extract_bedrock_credentials,
 )
 from tasks.tasks import (
-    _cleanup_orphan_scheduled_scans,
    _perform_scan_complete_tasks,
    check_integrations_task,
    check_lighthouse_provider_connection_task,
@@ -24,8 +22,6 @@ from api.models import (
    Integration,
    LighthouseProviderConfiguration,
    LighthouseProviderModels,
-    Scan,
-    StateChoices,
 )


@@ -730,9 +726,7 @@ class TestGenerateOutputs:

 class TestScanCompleteTasks:
    @patch("tasks.tasks.aggregate_attack_surface_task.apply_async")
-    @patch("tasks.tasks.chain")
-    @patch("tasks.tasks.create_compliance_requirements_task.si")
-    @patch("tasks.tasks.update_provider_compliance_scores_task.si")
+    @patch("tasks.tasks.create_compliance_requirements_task.apply_async")
    @patch("tasks.tasks.perform_scan_summary_task.si")
    @patch("tasks.tasks.generate_outputs_task.si")
    @patch("tasks.tasks.generate_compliance_reports_task.si")
@@ -743,22 +737,15 @@ class TestScanCompleteTasks:
        mock_compliance_reports_task,
        mock_outputs_task,
        mock_scan_summary_task,
-        mock_update_compliance_scores_task,
        mock_compliance_requirements_task,
-        mock_chain,
        mock_attack_surface_task,
    ):
        """Test that scan complete tasks are properly orchestrated with optimized reports."""
        _perform_scan_complete_tasks("tenant-id", "scan-id", "provider-id")

-        # Verify compliance requirements task is called via chain
+        # Verify compliance requirements task is called
        mock_compliance_requirements_task.assert_called_once_with(
-            tenant_id="tenant-id", scan_id="scan-id"
-        )
-
-        # Verify update provider compliance scores task is called via chain
-        mock_update_compliance_scores_task.assert_called_once_with(
-            tenant_id="tenant-id", scan_id="scan-id"
+            kwargs={"tenant_id": "tenant-id", "scan_id": "scan-id"},
        )

        # Verify attack surface task is called
@@ -1728,343 +1715,3 @@ class TestRefreshLighthouseProviderModelsTask:
            assert result["deleted"] == 0
            assert "error" in result
            assert result["error"] is not None
-
-
-@pytest.mark.django_db
-class TestCleanupOrphanScheduledScans:
-    """Unit tests for _cleanup_orphan_scheduled_scans helper function."""
-
-    def _create_periodic_task(self, provider_id, tenant_id):
-        """Helper to create a PeriodicTask for testing."""
-        interval, _ = IntervalSchedule.objects.get_or_create(every=24, period="hours")
-        return PeriodicTask.objects.create(
-            name=f"scan-perform-scheduled-{provider_id}",
-            task="scan-perform-scheduled",
-            interval=interval,
-            kwargs=f'{{"tenant_id": "{tenant_id}", "provider_id": "{provider_id}"}}',
-            enabled=True,
-        )
-
-    def test_cleanup_deletes_orphan_when_both_available_and_scheduled_exist(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that AVAILABLE scan is deleted when SCHEDULED also exists."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create orphan AVAILABLE scan
-        orphan_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Create SCHEDULED scan (next execution)
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Execute cleanup
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Verify orphan was deleted
-        assert deleted_count == 1
-        assert not Scan.objects.filter(id=orphan_scan.id).exists()
-        assert Scan.objects.filter(id=scheduled_scan.id).exists()
-
-    def test_cleanup_does_not_delete_when_only_available_exists(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that AVAILABLE scan is NOT deleted when no SCHEDULED exists."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create only AVAILABLE scan (normal first scan scenario)
-        available_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Execute cleanup
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Verify nothing was deleted
-        assert deleted_count == 0
-        assert Scan.objects.filter(id=available_scan.id).exists()
-
-    def test_cleanup_does_not_delete_when_only_scheduled_exists(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that nothing is deleted when only SCHEDULED exists."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create only SCHEDULED scan (normal subsequent scan scenario)
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Execute cleanup
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Verify nothing was deleted
-        assert deleted_count == 0
-        assert Scan.objects.filter(id=scheduled_scan.id).exists()
-
-    def test_cleanup_returns_zero_when_no_scans_exist(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that cleanup returns 0 when no scans exist."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Execute cleanup with no scans
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        assert deleted_count == 0
-
-    def test_cleanup_deletes_multiple_orphan_available_scans(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that multiple AVAILABLE orphan scans are all deleted."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create multiple orphan AVAILABLE scans
-        orphan_scan_1 = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task.id,
-        )
-        orphan_scan_2 = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Create SCHEDULED scan
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Execute cleanup
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Verify all orphans were deleted
-        assert deleted_count == 2
-        assert not Scan.objects.filter(id=orphan_scan_1.id).exists()
-        assert not Scan.objects.filter(id=orphan_scan_2.id).exists()
-        assert Scan.objects.filter(id=scheduled_scan.id).exists()
-
-    def test_cleanup_does_not_affect_different_provider(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that cleanup only affects scans for the specified provider."""
-        tenant = tenants_fixture[0]
-        provider1 = providers_fixture[0]
-        provider2 = providers_fixture[1]
-        periodic_task1 = self._create_periodic_task(provider1.id, tenant.id)
-        periodic_task2 = self._create_periodic_task(provider2.id, tenant.id)
-
-        # Create orphan scenario for provider1
-        orphan_scan_p1 = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task1.id,
-        )
-        scheduled_scan_p1 = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider1,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task1.id,
-        )
-
-        # Create AVAILABLE scan for provider2 (should not be affected)
-        available_scan_p2 = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider2,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task2.id,
-        )
-
-        # Execute cleanup for provider1 only
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider1.id),
-            scheduler_task_id=periodic_task1.id,
-        )
-
-        # Verify only provider1's orphan was deleted
-        assert deleted_count == 1
-        assert not Scan.objects.filter(id=orphan_scan_p1.id).exists()
-        assert Scan.objects.filter(id=scheduled_scan_p1.id).exists()
-        assert Scan.objects.filter(id=available_scan_p2.id).exists()
-
-    def test_cleanup_does_not_affect_manual_scans(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that cleanup only affects SCHEDULED trigger scans, not MANUAL."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create orphan AVAILABLE scheduled scan
-        orphan_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Create SCHEDULED scan
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Create AVAILABLE manual scan (should not be affected)
-        manual_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Manual scan",
-            trigger=Scan.TriggerChoices.MANUAL,
-            state=StateChoices.AVAILABLE,
-        )
-
-        # Execute cleanup
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task.id,
-        )
-
-        # Verify only scheduled orphan was deleted
-        assert deleted_count == 1
-        assert not Scan.objects.filter(id=orphan_scan.id).exists()
-        assert Scan.objects.filter(id=scheduled_scan.id).exists()
-        assert Scan.objects.filter(id=manual_scan.id).exists()
-
-    def test_cleanup_does_not_affect_different_scheduler_task(
-        self, tenants_fixture, providers_fixture
-    ):
-        """Test that cleanup only affects scans with the specified scheduler_task_id."""
-        tenant = tenants_fixture[0]
-        provider = providers_fixture[0]
-        periodic_task1 = self._create_periodic_task(provider.id, tenant.id)
-
-        # Create another periodic task
-        interval, _ = IntervalSchedule.objects.get_or_create(every=24, period="hours")
-        periodic_task2 = PeriodicTask.objects.create(
-            name=f"scan-perform-scheduled-other-{provider.id}",
-            task="scan-perform-scheduled",
-            interval=interval,
-            kwargs=f'{{"tenant_id": "{tenant.id}", "provider_id": "{provider.id}"}}',
-            enabled=True,
-        )
-
-        # Create orphan scenario for periodic_task1
-        orphan_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task1.id,
-        )
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.SCHEDULED,
-            scheduler_task_id=periodic_task1.id,
-        )
-
-        # Create AVAILABLE scan for periodic_task2 (should not be affected)
-        available_scan_other_task = Scan.objects.create(
-            tenant_id=tenant.id,
-            provider=provider,
-            name="Daily scheduled scan",
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduler_task_id=periodic_task2.id,
-        )
-
-        # Execute cleanup for periodic_task1 only
-        deleted_count = _cleanup_orphan_scheduled_scans(
-            tenant_id=str(tenant.id),
-            provider_id=str(provider.id),
-            scheduler_task_id=periodic_task1.id,
-        )
-
-        # Verify only periodic_task1's orphan was deleted
-        assert deleted_count == 1
-        assert not Scan.objects.filter(id=orphan_scan.id).exists()
-        assert Scan.objects.filter(id=scheduled_scan.id).exists()
-        assert Scan.objects.filter(id=available_scan_other_task.id).exists()
@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
@@ -1,25 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
@@ -1,24 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_cis
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_cis(
-        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
-    )
@@ -1,28 +0,0 @@
-import warnings
-
-from dashboard.common_methods import get_section_containers_threatscore
-
-warnings.filterwarnings("ignore")
-
-
-def get_table(data):
-    aux = data[
-        [
-            "REQUIREMENTS_ID",
-            "REQUIREMENTS_DESCRIPTION",
-            "REQUIREMENTS_ATTRIBUTES_SECTION",
-            "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
-            "CHECKID",
-            "STATUS",
-            "REGION",
-            "ACCOUNTID",
-            "RESOURCEID",
-        ]
-    ].copy()
-
-    return get_section_containers_threatscore(
-        aux,
-        "REQUIREMENTS_ATTRIBUTES_SECTION",
-        "REQUIREMENTS_ATTRIBUTES_SUBSECTION",
-        "REQUIREMENTS_ID",
-    )
@@ -312,28 +312,3 @@ def create_table_row_dropdown(table_rows: list) -> html.Div:
            ),
        ],
    )
-
-
-def create_category_dropdown(categories: list) -> html.Div:
-    """
-    Dropdown to select the category.
-    Args:
-        categories (list): List of categories.
-    Returns:
-        html.Div: Dropdown to select the category.
-    """
-    return html.Div(
-        [
-            html.Label(
-                "Category:", className="text-prowler-stone-900 font-bold text-sm"
-            ),
-            dcc.Dropdown(
-                id="category-filter",
-                options=[{"label": i, "value": i} for i in categories],
-                value=["All"],
-                clearable=False,
-                multi=True,
-                style={"color": "#000000"},
-            ),
-        ],
-    )
@@ -12,7 +12,6 @@ def create_layout_overview(
    provider_dropdown: html.Div,
    table_row_dropdown: html.Div,
    status_dropdown: html.Div,
-    category_dropdown: html.Div,
    table_div_header: html.Div,
    amount_providers: int,
 ) -> html.Div:
@@ -52,9 +51,8 @@ def create_layout_overview(
                    html.Div([service_dropdown], className=""),
                    html.Div([provider_dropdown], className=""),
                    html.Div([status_dropdown], className=""),
-                    html.Div([category_dropdown], className=""),
                ],
-                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-5",
+                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-4",
            ),
            html.Div(
                [
@@ -407,11 +407,9 @@ def display_data(
            compliance_module = importlib.import_module(
                f"dashboard.compliance.{current}"
            )
-            # Build subset list based on available columns
-            dedup_columns = ["CHECKID", "STATUS", "RESOURCEID", "STATUSEXTENDED"]
-            if "MUTED" in data.columns:
-                dedup_columns.insert(2, "MUTED")
-            data = data.drop_duplicates(subset=dedup_columns)
+            data = data.drop_duplicates(
+                subset=["CHECKID", "STATUS", "MUTED", "RESOURCEID", "STATUSEXTENDED"]
+            )

            if "threatscore" in analytics_input:
                data = get_threatscore_mean_by_pillar(data)
@@ -654,7 +652,6 @@ def get_table(current_compliance, table):
 def get_threatscore_mean_by_pillar(df):
    score_per_pillar = {}
    max_score_per_pillar = {}
-    counted_findings_per_pillar = {}

    for _, row in df.iterrows():
        pillar = (
@@ -666,18 +663,6 @@ def get_threatscore_mean_by_pillar(df):
        if pillar not in score_per_pillar:
            score_per_pillar[pillar] = 0
            max_score_per_pillar[pillar] = 0
-            counted_findings_per_pillar[pillar] = set()
-
-        # Skip muted findings for score calculation
-        is_muted = "MUTED" in df.columns and row.get("MUTED") == "True"
-        if is_muted:
-            continue
-
-        # Create unique finding identifier to avoid counting duplicates
-        finding_id = f"{row.get('CHECKID', '')}_{row.get('RESOURCEID', '')}"
-        if finding_id in counted_findings_per_pillar[pillar]:
-            continue
-        counted_findings_per_pillar[pillar].add(finding_id)

        level_of_risk = pd.to_numeric(
            row["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
@@ -721,10 +706,6 @@ def get_table_prowler_threatscore(df):
    score_per_pillar = {}
    max_score_per_pillar = {}
    pillars = {}
-    counted_findings_per_pillar = {}
-    counted_pass = set()
-    counted_fail = set()
-    counted_muted = set()

    df_copy = df.copy()

@@ -739,24 +720,6 @@ def get_table_prowler_threatscore(df):
            pillars[pillar] = {"FAIL": 0, "PASS": 0, "MUTED": 0}
            score_per_pillar[pillar] = 0
            max_score_per_pillar[pillar] = 0
-            counted_findings_per_pillar[pillar] = set()
-
-        # Create unique finding identifier
-        finding_id = f"{row.get('CHECKID', '')}_{row.get('RESOURCEID', '')}"
-
-        # Check if muted
-        is_muted = "MUTED" in df_copy.columns and row.get("MUTED") == "True"
-
-        # Count muted findings (separate from score calculation)
-        if is_muted and finding_id not in counted_muted:
-            counted_muted.add(finding_id)
-            pillars[pillar]["MUTED"] += 1
-            continue  # Skip muted findings for score calculation
-
-        # Skip if already counted for this pillar
-        if finding_id in counted_findings_per_pillar[pillar]:
-            continue
-        counted_findings_per_pillar[pillar].add(finding_id)

        level_of_risk = pd.to_numeric(
            row["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
@@ -775,14 +738,13 @@ def get_table_prowler_threatscore(df):
        max_score_per_pillar[pillar] += level_of_risk * weight

        if row["STATUS"] == "PASS":
-            if finding_id not in counted_pass:
-                counted_pass.add(finding_id)
-                pillars[pillar]["PASS"] += 1
+            pillars[pillar]["PASS"] += 1
            score_per_pillar[pillar] += level_of_risk * weight
        elif row["STATUS"] == "FAIL":
-            if finding_id not in counted_fail:
-                counted_fail.add(finding_id)
-                pillars[pillar]["FAIL"] += 1
+            pillars[pillar]["FAIL"] += 1
+
+        if "MUTED" in row and row["MUTED"] == "True":
+            pillars[pillar]["MUTED"] += 1

    result_df = []

@@ -35,7 +35,6 @@ from dashboard.config import (
 from dashboard.lib.cards import create_provider_card
 from dashboard.lib.dropdowns import (
    create_account_dropdown,
-    create_category_dropdown,
    create_date_dropdown,
    create_provider_dropdown,
    create_region_dropdown,
@@ -344,18 +343,6 @@ else:
    status = [x for x in status if str(x) != "nan" and x.__class__.__name__ == "str"]

    status_dropdown = create_status_dropdown(status)
-
-    # Create the category dropdown
-    categories = []
-    if "CATEGORIES" in data.columns:
-        for cat_list in data["CATEGORIES"].dropna().unique():
-            if cat_list and str(cat_list) != "nan":
-                for cat in str(cat_list).split(","):
-                    cat = cat.strip()
-                    if cat and cat not in categories:
-                        categories.append(cat)
-    categories = ["All"] + sorted(categories)
-    category_dropdown = create_category_dropdown(categories)
    table_div_header = []
    table_div_header.append(
        html.Div(
@@ -517,7 +504,6 @@ else:
        provider_dropdown,
        table_row_dropdown,
        status_dropdown,
-        category_dropdown,
        table_div_header,
        len(data["PROVIDER"].unique()),
    )
@@ -554,8 +540,6 @@ else:
        Output("table-rows", "options"),
        Output("status-filter", "value"),
        Output("status-filter", "options"),
-        Output("category-filter", "value"),
-        Output("category-filter", "options"),
        Output("aws_card", "n_clicks"),
        Output("azure_card", "n_clicks"),
        Output("gcp_card", "n_clicks"),
@@ -573,7 +557,6 @@ else:
    Input("provider-filter", "value"),
    Input("table-rows", "value"),
    Input("status-filter", "value"),
-    Input("category-filter", "value"),
    Input("search-input", "value"),
    Input("aws_card", "n_clicks"),
    Input("azure_card", "n_clicks"),
@@ -599,7 +582,6 @@ def filter_data(
    provider_values,
    table_row_values,
    status_values,
-    category_values,
    search_value,
    aws_clicks,
    azure_clicks,
@@ -983,41 +965,6 @@ def filter_data(

    status_filter_options = ["All"] + list(filtered_data["STATUS"].unique())

-    # Filter Category
-    if "CATEGORIES" in filtered_data.columns:
-        if category_values == ["All"]:
-            updated_category_values = None
-        elif "All" in category_values and len(category_values) > 1:
-            category_values.remove("All")
-            updated_category_values = category_values
-        elif len(category_values) == 0:
-            updated_category_values = None
-            category_values = ["All"]
-        else:
-            updated_category_values = category_values
-
-        if updated_category_values:
-            filtered_data = filtered_data[
-                filtered_data["CATEGORIES"].apply(
-                    lambda x: any(
-                        cat.strip() in updated_category_values
-                        for cat in str(x).split(",")
-                        if str(x) != "nan"
-                    )
-                )
-            ]
-
-        category_filter_options = ["All"]
-        for cat_list in filtered_data["CATEGORIES"].dropna().unique():
-            if cat_list and str(cat_list) != "nan":
-                for cat in str(cat_list).split(","):
-                    cat = cat.strip()
-                    if cat and cat not in category_filter_options:
-                        category_filter_options.append(cat)
-        category_filter_options = sorted(category_filter_options)
-    else:
-        category_filter_options = ["All"]
-
    if len(filtered_data_sp) == 0:
        fig = px.pie()
        fig.update_layout(
@@ -1565,8 +1512,6 @@ def filter_data(
            table_row_options,
            status_values,
            status_filter_options,
-            category_values,
-            category_filter_options,
            aws_clicks,
            azure_clicks,
            gcp_clicks,
@@ -1604,8 +1549,6 @@ def filter_data(
            table_row_options,
            status_values,
            status_filter_options,
-            category_values,
-            category_filter_options,
            aws_clicks,
            azure_clicks,
            gcp_clicks,
@@ -41,9 +41,6 @@ services:
    volumes:
      - "./ui:/app"
      - "/app/node_modules"
-    depends_on:
-      mcp-server:
-        condition: service_healthy

  postgres:
    image: postgres:16.3-alpine3.20
@@ -60,11 +57,7 @@ services:
    ports:
      - "${POSTGRES_PORT:-5432}:${POSTGRES_PORT:-5432}"
    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER} -d ${POSTGRES_DB}'",
-        ]
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_ADMIN_USER} -d ${POSTGRES_DB}'"]
      interval: 5s
      timeout: 5s
      retries: 5
@@ -125,32 +118,6 @@ services:
      - "../docker-entrypoint.sh"
      - "beat"

-  mcp-server:
-    build:
-      context: ./mcp_server
-      dockerfile: Dockerfile
-    environment:
-      - PROWLER_MCP_TRANSPORT_MODE=http
-    env_file:
-      - path: .env
-        required: false
-    ports:
-      - "8000:8000"
-    volumes:
-      - ./mcp_server/prowler_mcp_server:/app/prowler_mcp_server
-      - ./mcp_server/pyproject.toml:/app/pyproject.toml
-      - ./mcp_server/entrypoint.sh:/app/entrypoint.sh
-    command: ["uvicorn", "--host", "0.0.0.0", "--port", "8000"]
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "wget -q -O /dev/null http://127.0.0.1:8000/health || exit 1",
-        ]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
 volumes:
  outputs:
    driver: local
@@ -1,9 +1,3 @@
-# Production Docker Compose configuration
-# Uses pre-built images from Docker Hub (prowlercloud/*)
-#
-# For development with local builds and hot-reload, use docker-compose-dev.yml instead:
-#   docker compose -f docker-compose-dev.yml up
-#
 services:
  api:
    hostname: "prowler-api"
@@ -32,9 +26,6 @@ services:
        required: false
    ports:
      - ${UI_PORT:-3000}:${UI_PORT:-3000}
-    depends_on:
-      mcp-server:
-        condition: service_healthy

  postgres:
    image: postgres:16.3-alpine3.20
@@ -102,22 +93,6 @@ services:
      - "../docker-entrypoint.sh"
      - "beat"

-  mcp-server:
-    image: prowlercloud/prowler-mcp:${PROWLER_MCP_VERSION:-stable}
-    environment:
-      - PROWLER_MCP_TRANSPORT_MODE=http
-    env_file:
-      - path: .env
-        required: false
-    ports:
-      - "8000:8000"
-    command: ["uvicorn", "--host", "0.0.0.0", "--port", "8000"]
-    healthcheck:
-      test: ["CMD-SHELL", "wget -q -O /dev/null http://127.0.0.1:8000/health || exit 1"]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
 volumes:
  output:
    driver: local
@@ -479,66 +479,6 @@ Effective headers and section titles enhance document readability and structure,

 ---

-## Version Badge for Feature Documentation
-
-The Version Badge component indicates when a specific feature or functionality was introduced in Prowler. This component is located at `docs/snippets/version-badge.mdx` and should be used consistently across the documentation.
-
-### When to Use the Version Badge
-
-Use the Version Badge when documenting:
-
-* New features added in a specific version.
-* New CLI options or flags.
-* New API endpoints or SDK methods.
-* New compliance frameworks or security checks.
-* Breaking changes or deprecated features (with appropriate context).
-
-### How to Use the Version Badge
-
-1.  **Import the Component**
-
-    At the top of the MDX file, import the snippet:
-
-    ```mdx
-    import { VersionBadge } from "/snippets/version-badge.mdx"
-    ```
-
-2.  **Place the Badge**
-
-    Insert the badge immediately after the section header or feature title:
-
-    ```mdx
-    ## New Feature Name
-
-    <VersionBadge version="4.5.0" />
-
-    Description of the feature...
-    ```
-
-3.  **Version Format**
-
-    Use semantic versioning format (e.g., `4.5.0`, `5.0.0`). Do not include the "v" prefix.
-
-### Placement Guidelines
-
-* Place the Version Badge on its own line, directly below the header.
-* Leave a blank line after the badge before continuing with the content.
-* For subsections, place the badge only if the subsection introduces something new independently from the parent section.
-
-**Example:**
-
-```mdx
-## Tag-Based Scanning
-
-import { VersionBadge } from "/snippets/version-badge.mdx"
-
-<VersionBadge version="4.3.0" />
-
-Tag-Based Scanning allows filtering resources by AWS tags during security assessments...
-```
-
---
-
 ## Avoid Assumptions Regarding Audience’s Expertise

 ### Understand Your Audience’s Expertise
@@ -1,216 +0,0 @@
---
-title: 'AI Skills System'
---
-
-This guide explains the AI Skills system that provides on-demand context and patterns to AI agents working with the Prowler codebase.
-
-<Info>
-**What are AI Skills?** Skills are structured instructions that help AI agents (Claude Code, Cursor, Copilot, etc.) understand Prowler's conventions, patterns, and best practices.
-</Info>
-
-## Architecture Overview
-
-```mermaid
-graph LR
-    subgraph FLOW["AI Skills Architecture"]
-        A["AI Agent"] -->|"1. matches trigger"| B["AGENTS.md"]
-        B -->|"2. loads"| C["Skill"]
-        C -->|"3. provides"| D["Patterns<br/>Templates<br/>Commands"]
-        C -->|"4. references"| E["Local Docs"]
-        D --> F["Correct Output"]
-        E --> F
-    end
-
-    style A fill:#1e3a5f,stroke:#4a9eff,color:#fff
-    style B fill:#5c4d1a,stroke:#ffd700,color:#fff
-    style C fill:#1a4d1a,stroke:#4caf50,color:#fff
-    style E fill:#4a1a4d,stroke:#ba68c8,color:#fff
-    style F fill:#1a4d2e,stroke:#66bb6a,color:#fff
-```
-
-## How It Works
-
-```mermaid
-sequenceDiagram
-    participant U as User
-    participant A as AI Agent
-    participant R as AGENTS.md
-    participant S as Skill
-    participant AS as assets/
-    participant RF as references/
-    participant D as Local Docs
-
-    U->>A: "Create an AWS security check"
-
-    Note over A: Analyze request context
-
-    A->>R: Find matching skill trigger
-    R-->>A: prowler-sdk-check matches
-
-    A->>S: Load SKILL.md
-    S-->>A: Patterns, rules, templates, commands
-
-    Note over A: Need code template?
-
-    A->>AS: Read assets/aws_check.py
-    AS-->>A: Check implementation template
-
-    Note over A: Need more details?
-
-    A->>RF: Read references/metadata-docs.md
-    RF-->>A: Points to local docs
-
-    A->>D: Read docs/developer-guide/checks.mdx
-    D-->>A: Full documentation
-
-    Note over A: Execute with full context
-
-    A->>U: Creates check with correct patterns
-```
-
-## Before vs After
-
-```mermaid
-graph TD
-    subgraph COMPARISON["BEFORE vs AFTER"]
-        direction LR
-
-        subgraph BEFORE["Without Skills"]
-            B1["AI guesses conventions"]
-            B2["Wrong structure"]
-            B3["Multiple iterations"]
-            B4["Web searches for docs"]
-            B5["Inconsistent patterns"]
-        end
-
-        subgraph AFTER["With Skills"]
-            A1["AI loads exact patterns"]
-            A2["Correct structure"]
-            A3["First-time right"]
-            A4["Local docs referenced"]
-            A5["Consistent patterns"]
-        end
-    end
-
-    style BEFORE fill:#5c1a1a,stroke:#ef5350,color:#fff
-    style AFTER fill:#1a4d1a,stroke:#66bb6a,color:#fff
-```
-
-## Complete Architecture
-
-```mermaid
-flowchart TB
-    subgraph ENTRY["ENTRY POINT"]
-        AGENTS["AGENTS.md<br/>━━━━━━━━━━━━━━━━━<br/>• Available skills registry<br/>• Skill → Trigger mapping<br/>• Component navigation"]
-    end
-
-    subgraph SKILLS["SKILLS LIBRARY"]
-        direction TB
-
-        subgraph GENERIC["Generic Skills"]
-            G1["typescript"]
-            G2["react-19"]
-            G3["nextjs-15"]
-            G4["tailwind-4"]
-            G5["pytest"]
-            G6["playwright"]
-            G7["django-drf"]
-            G8["zod-4"]
-            G9["zustand-5"]
-            G10["ai-sdk-5"]
-        end
-
-        subgraph PROWLER["Prowler Skills"]
-            P1["prowler"]
-            P2["prowler-sdk-check"]
-            P3["prowler-api"]
-            P4["prowler-ui"]
-            P5["prowler-mcp"]
-            P6["prowler-provider"]
-            P7["prowler-compliance"]
-            P8["prowler-docs"]
-            P9["prowler-pr"]
-        end
-
-        subgraph TESTING["Testing Skills"]
-            T1["prowler-test-sdk"]
-            T2["prowler-test-api"]
-            T3["prowler-test-ui"]
-        end
-
-        subgraph META["Meta Skills"]
-            M1["skill-creator"]
-        end
-    end
-
-    subgraph STRUCTURE["SKILL STRUCTURE"]
-        direction LR
-
-        SKILLMD["SKILL.md<br/>━━━━━━━━━━━━━━<br/>• Frontmatter<br/>• Critical patterns<br/>• Decision trees<br/>• Code examples<br/>• Commands<br/>• Keywords"]
-
-        ASSETS["assets/<br/>━━━━━━━━━━━━━━<br/>• Code templates<br/>• JSON schemas<br/>• Config examples"]
-
-        REFS["references/<br/>━━━━━━━━━━━━━━<br/>• Local doc paths<br/>• No web URLs<br/>• Single source"]
-    end
-
-    subgraph DOCS["DOCUMENTATION"]
-        direction TB
-        DD["docs/developer-guide/"]
-        D1["checks.mdx"]
-        D2["unit-testing.mdx"]
-        D3["provider.mdx"]
-        D4["mcp-server.mdx"]
-        D5["..."]
-
-        DD --> D1
-        DD --> D2
-        DD --> D3
-        DD --> D4
-        DD --> D5
-    end
-
-    ENTRY --> SKILLS
-    SKILLS --> STRUCTURE
-    SKILLMD --> ASSETS
-    SKILLMD --> REFS
-    REFS -.->|"points to"| DOCS
-
-    style ENTRY fill:#1e3a5f,stroke:#4a9eff,color:#fff
-    style GENERIC fill:#5c4d1a,stroke:#ffd700,color:#fff
-    style PROWLER fill:#1a4d1a,stroke:#66bb6a,color:#fff
-    style TESTING fill:#4d1a3d,stroke:#f06292,color:#fff
-    style META fill:#4a1a4d,stroke:#ba68c8,color:#fff
-    style STRUCTURE fill:#5c3d1a,stroke:#ffb74d,color:#fff
-    style DOCS fill:#1a3d4d,stroke:#4dd0e1,color:#fff
-```
-
-## Skills Included
-
-| Type | Skills |
-|------|--------|
-| **Generic** | typescript, react-19, nextjs-15, tailwind-4, pytest, playwright, django-drf, zod-4, zustand-5, ai-sdk-5 |
-| **Prowler** | prowler, prowler-sdk-check, prowler-api, prowler-ui, prowler-mcp, prowler-provider, prowler-compliance, prowler-docs, prowler-pr |
-| **Testing** | prowler-test-sdk, prowler-test-api, prowler-test-ui |
-| **Meta** | skill-creator |
-
-## Skill Structure
-
-Each skill follows the [Agent Skills spec](https://agentskills.io):
-
-```
-skills/{skill-name}/
-├── SKILL.md          # Patterns, rules, decision trees
-├── assets/           # Code templates, schemas
-└── references/       # Links to local docs (single source of truth)
-```
-
-## Key Design Decisions
-
-1. **Self-contained skills** - Critical patterns inline for fast loading
-2. **Local doc references** - No web URLs, points to `docs/developer-guide/*.mdx`
-3. **Single source of truth** - Skills reference docs, no duplication
-4. **On-demand loading** - AI loads only what's needed for the task
-
-## Creating New Skills
-
-Use the `skill-creator` meta-skill to create new skills that follow the Agent Skills spec. See `AGENTS.md` for the full list of available skills and their triggers.
@@ -1,212 +0,0 @@
---
-title: 'Alibaba Cloud Provider'
---
-
-This page details the [Alibaba Cloud](https://www.alibabacloud.com/) provider implementation in Prowler.
-
-By default, Prowler will audit all the Alibaba Cloud regions that are available. To configure it, follow the [Alibaba Cloud getting started guide](/user-guide/providers/alibabacloud/getting-started-alibabacloud).
-
-## Alibaba Cloud Provider Classes Architecture
-
-The Alibaba Cloud provider implementation follows the general [Provider structure](/developer-guide/provider). This section focuses on the Alibaba Cloud-specific implementation, highlighting how the generic provider concepts are realized for Alibaba Cloud in Prowler. For a full overview of the provider pattern, base classes, and extension guidelines, see [Provider documentation](/developer-guide/provider).
-
-### Main Class
-
- **Location:** [`prowler/providers/alibabacloud/alibabacloud_provider.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/alibabacloud/alibabacloud_provider.py)
- **Base Class:** Inherits from `Provider` (see [base class details](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/common/provider.py)).
- **Purpose:** Central orchestrator for Alibaba Cloud-specific logic, session management, credential validation, and configuration.
- **Key Alibaba Cloud Responsibilities:**
-    - Initializes and manages Alibaba Cloud sessions (supports Access Keys, STS Temporary Credentials, RAM Role Assumption, ECS RAM Role, OIDC Authentication, and Credentials URI).
-    - Validates credentials using STS GetCallerIdentity.
-    - Loads and manages configuration, mutelist, and fixer settings.
-    - Discovers and manages Alibaba Cloud regions.
-    - Provides properties and methods for downstream Alibaba Cloud service classes to access session, identity, and configuration data.
-
-### Data Models
-
- **Location:** [`prowler/providers/alibabacloud/models.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/alibabacloud/models.py)
- **Purpose:** Define structured data for Alibaba Cloud identity, session, credentials, and region info.
- **Key Alibaba Cloud Models:**
-    - `AlibabaCloudCallerIdentity`: Stores caller identity information from STS GetCallerIdentity (account_id, principal_id, arn, identity_type).
-    - `AlibabaCloudIdentityInfo`: Holds Alibaba Cloud identity metadata including account ID, user info, profile, and audited regions.
-    - `AlibabaCloudCredentials`: Stores credentials (access_key_id, access_key_secret, security_token).
-    - `AlibabaCloudRegion`: Represents an Alibaba Cloud region with region_id and region_name.
-    - `AlibabaCloudSession`: Manages the session and provides methods to create service clients.
-
-### `AlibabaCloudService` (Service Base Class)
-
- **Location:** [`prowler/providers/alibabacloud/lib/service/service.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/alibabacloud/lib/service/service.py)
- **Purpose:** Abstract base class that all Alibaba Cloud service-specific classes inherit from. This implements the generic service pattern (described in [service page](/developer-guide/services#service-base-class)) specifically for Alibaba Cloud.
- **Key Alibaba Cloud Responsibilities:**
-    - Receives an `AlibabacloudProvider` instance to access session, identity, and configuration.
-    - Manages regional clients for services that are region-specific.
-    - Provides `__threading_call__` method to make API calls in parallel by region or resource.
-    - Exposes common audit context (`audited_account`, `audited_account_name`, `audit_resources`, `audit_config`) to subclasses.
-
-### Exception Handling
-
- **Location:** [`prowler/providers/alibabacloud/exceptions/exceptions.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/alibabacloud/exceptions/exceptions.py)
- **Purpose:** Custom exception classes for Alibaba Cloud-specific error handling.
- **Key Alibaba Cloud Exceptions:**
-    - `AlibabaCloudClientError`: General client errors
-    - `AlibabaCloudNoCredentialsError`: No credentials found
-    - `AlibabaCloudInvalidCredentialsError`: Invalid credentials provided
-    - `AlibabaCloudSetUpSessionError`: Session setup failures
-    - `AlibabaCloudAssumeRoleError`: RAM role assumption failures
-    - `AlibabaCloudInvalidRegionError`: Invalid region specified
-    - `AlibabaCloudHTTPError`: HTTP/API errors
-
-### Session and Utility Helpers
-
- **Location:** [`prowler/providers/alibabacloud/lib/`](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers/alibabacloud/lib/)
- **Purpose:** Helpers for argument parsing, mutelist management, and other cross-cutting concerns.
-
-## Specific Patterns in Alibaba Cloud Services
-
-The generic service pattern is described in [service page](/developer-guide/services#service-structure-and-initialisation). You can find all the currently implemented services in the following locations:
-
- Directly in the code, in location [`prowler/providers/alibabacloud/services/`](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers/alibabacloud/services)
- In the [Prowler Hub](https://hub.prowler.com/) for a more human-readable view.
-
-The best reference to understand how to implement a new service is following the [service implementation documentation](/developer-guide/services#adding-a-new-service) and taking other services already implemented as reference. In next subsection you can find a list of common patterns that are used across all Alibaba Cloud services.
-
-### Alibaba Cloud Service Common Patterns
-
- Services communicate with Alibaba Cloud using the official Alibaba Cloud Python SDKs. Documentation for individual services can be found in the [Alibaba Cloud SDK documentation](https://www.alibabacloud.com/help/en/sdk).
- Every Alibaba Cloud service class inherits from `AlibabaCloudService`, ensuring access to session, identity, configuration, and client utilities.
- The constructor (`__init__`) always calls `super().__init__` with the service name, provider, and optionally `global_service=True` for services that are not regional (e.g., RAM).
- Resource containers **must** be initialized in the constructor. For regional services, resources are typically stored in dictionaries keyed by region and resource ID.
- All Alibaba Cloud resources are represented as Pydantic `BaseModel` classes, providing type safety and structured access to resource attributes.
- Alibaba Cloud SDK functions are wrapped in try/except blocks, with specific handling for errors, always logging errors.
- Regional services use `self.regional_clients` to maintain clients for each audited region.
- The `__threading_call__` method is used for parallel execution across regions or resources.
-
-### Example Service Implementation
-
-```python
-from prowler.lib.logger import logger
-from prowler.providers.alibabacloud.lib.service.service import AlibabaCloudService
-
-
-class MyService(AlibabaCloudService):
-    def __init__(self, provider):
-        # Initialize parent class with service name
-        super().__init__("myservice", provider)
-
-        # Initialize resource containers
-        self.resources = {}
-
-        # Discover resources using threading
-        self.__threading_call__(self._describe_resources)
-
-    def _describe_resources(self, regional_client):
-        try:
-            region = regional_client.region
-            response = regional_client.describe_resources()
-
-            for resource in response.body.resources:
-                self.resources[resource.id] = MyResource(
-                    id=resource.id,
-                    name=resource.name,
-                    region=region,
-                    # ... other attributes
-                )
-        except Exception as error:
-            logger.error(
-                f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
-```
-
-## Specific Patterns in Alibaba Cloud Checks
-
-The Alibaba Cloud checks pattern is described in [checks page](/developer-guide/checks). You can find all the currently implemented checks:
-
- Directly in the code, within each service folder, each check has its own folder named after the name of the check. (e.g. [`prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/`](https://github.com/prowler-cloud/prowler/tree/master/prowler/providers/alibabacloud/services/ram/ram_no_root_access_key))
- In the [Prowler Hub](https://hub.prowler.com/) for a more human-readable view.
-
-The best reference to understand how to implement a new check is following the [check implementation documentation](/developer-guide/checks#creating-a-check) and taking other similar checks as reference.
-
-### Check Report Class
-
-The `CheckReportAlibabaCloud` class models a single finding for an Alibaba Cloud resource in a check report. It is defined in [`prowler/lib/check/models.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/lib/check/models.py) and inherits from the generic `Check_Report` base class.
-
-#### Purpose
-
-`CheckReportAlibabaCloud` extends the base report structure with Alibaba Cloud-specific fields, enabling detailed tracking of the resource, resource ID, ARN, and region associated with each finding.
-
-#### Constructor and Attribute Population
-
-When you instantiate `CheckReportAlibabaCloud`, you must provide the check metadata and a resource object. The class will attempt to automatically populate its Alibaba Cloud-specific attributes from the resource, using the following logic:
-
- **`resource_id`**:
-    - Uses `resource.id` if present.
-    - Otherwise, uses `resource.name` if present.
-    - Defaults to an empty string if not available.
-
- **`resource_arn`**:
-    - Uses `resource.arn` if present.
-    - Defaults to an empty string if not available.
-
- **`region`**:
-    - Uses `resource.region` if present.
-    - Defaults to an empty string if not available.
-
-If the resource object does not contain the required attributes, you must set them manually in the check logic.
-
-Other attributes are inherited from the `Check_Report` class, from which you **always** have to set the `status` and `status_extended` attributes in the check logic.
-
-#### Example Usage
-
-```python
-from prowler.lib.check.models import Check, CheckReportAlibabaCloud
-from prowler.providers.alibabacloud.services.myservice.myservice_client import myservice_client
-
-
-class myservice_example_check(Check):
-    def execute(self) -> list[CheckReportAlibabaCloud]:
-        findings = []
-
-        for resource in myservice_client.resources.values():
-            report = CheckReportAlibabaCloud(
-                metadata=self.metadata(),
-                resource=resource
-            )
-            report.region = resource.region
-            report.resource_id = resource.id
-            report.resource_arn = f"acs:myservice::{myservice_client.audited_account}:resource/{resource.id}"
-
-            if resource.is_compliant:
-                report.status = "PASS"
-                report.status_extended = f"Resource {resource.name} is compliant."
-            else:
-                report.status = "FAIL"
-                report.status_extended = f"Resource {resource.name} is not compliant."
-
-            findings.append(report)
-
-        return findings
-```
-
-## Authentication Methods
-
-The Alibaba Cloud provider supports multiple authentication methods, prioritized in the following order:
-
-1. **Credentials URI** - Retrieve credentials from an external URI endpoint
-2. **OIDC Role Authentication** - For applications running in ACK with RRSA enabled
-3. **ECS RAM Role** - For ECS instances with attached RAM roles
-4. **RAM Role Assumption** - Cross-account access with role assumption
-5. **STS Temporary Credentials** - Pre-obtained temporary credentials
-6. **Permanent Access Keys** - Static access key credentials
-7. **Default Credential Chain** - Automatic credential discovery
-
-For detailed authentication configuration, see the [Authentication documentation](/user-guide/providers/alibabacloud/authentication).
-
-## Regions
-
-Alibaba Cloud has multiple regions across the globe. By default, Prowler audits all available regions. You can specify specific regions using the `--regions` CLI argument:
-
-```bash
-prowler alibabacloud --regions cn-hangzhou cn-shanghai
-```
-
-The list of supported regions is maintained in [`prowler/providers/alibabacloud/config.py`](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/alibabacloud/config.py).
@@ -213,5 +213,3 @@ Also is important to keep all code examples as short as possible, including the
 | software-supply-chain   | Detects or prevents tampering, unauthorized packages, or third-party risks in software supply chain                                                                                               |
 | e3                      | M365-specific controls enabled by or dependent on an E3 license (e.g., baseline security policies, conditional access)                                                                            |
 | e5                      | M365-specific controls enabled by or dependent on an E5 license (e.g., advanced threat protection, audit, DLP, and eDiscovery)                                                                    |
-| privilege-escalation    | Detects IAM policies or permissions that allow identities to elevate their privileges beyond their intended scope, potentially gaining administrator or higher-level access through specific action combinations |
-| ec2-imdsv1              | Identifies EC2 instances using Instance Metadata Service version 1 (IMDSv1), which is vulnerable to SSRF attacks and should be replaced with IMDSv2 for enhanced security                        |
@@ -237,7 +237,6 @@ Below is a generic example of a check metadata file. **Do not include comments i
  "ResourceIdTemplate": "",
  "Severity": "medium",
  "ResourceType": "Other",
-  "ResourceGroup": "security",
  "Description": "This check verifies that the service resource has the required **security setting** enabled to protect against potential vulnerabilities.\n\nIt ensures that the resource follows security best practices and maintains proper access controls. The check evaluates whether the security configuration is properly implemented and active.",
  "Risk": "Without proper security settings, the resource may be vulnerable to:\n\n- **Unauthorized access** - Malicious actors could gain entry\n- **Data breaches** - Sensitive information could be compromised\n- **Security threats** - Various attack vectors could be exploited\n\nThis could result in compliance violations and potential financial or reputational damage.",
  "RelatedUrl": "",
@@ -313,33 +312,7 @@ The type of resource being audited. This field helps categorize and organize fin
 - **Azure**: Use types from [Azure Resource Graph](https://learn.microsoft.com/en-us/azure/governance/resource-graph/reference/supported-tables-resources), for example: `Microsoft.Storage/storageAccounts`.
 - **Google Cloud**: Use [Cloud Asset Inventory asset types](https://cloud.google.com/asset-inventory/docs/asset-types), for example: `compute.googleapis.com/Instance`.
 - **Kubernetes**: Use types shown under `KIND` from `kubectl api-resources`.
- **Oracle Cloud Infrastructure**: Use types from [Oracle Cloud Infrastructure documentation](https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Search/Tasks/queryingresources_topic-Listing_Supported_Resource_Types.htm).
- **M365 / GitHub / MongoDB Atlas**: Leave empty due to lack of standardized types.
-
-#### ResourceGroup
-
-A high-level classification that groups checks by the type of cloud resource they audit. This field enables filtering and organizing findings by resource category across all providers. The value must be one of the following predefined groups:
-
-| Group | Description |
-|-------|-------------|
-| `compute` | Virtual machines, instances, auto-scaling groups, workspaces, streaming |
-| `container` | Container orchestration, Kubernetes, registries, pods |
-| `serverless` | Functions, step functions, event-driven compute |
-| `database` | Relational, NoSQL, caches, search engines, data warehouses, graph databases |
-| `storage` | Object storage, block storage, file systems, backups, archives |
-| `network` | VPCs, subnets, load balancers, DNS, VPN, firewalls, CDN |
-| `IAM` | IAM users, roles, policies, access keys, service accounts, directories |
-| `messaging` | Queues, topics, event buses, streaming, email services |
-| `security` | WAF, secrets, KMS, certificates, security tools, defenders, DDoS protection |
-| `monitoring` | Logs, metrics, alerts, audit trails, observability, config tracking |
-| `api_gateway` | API management, REST APIs, GraphQL endpoints |
-| `ai_ml` | Machine learning, AI services, notebooks, training, LLM |
-| `governance` | Accounts, organizations, projects, policies, settings, compliance tools |
-| `collaboration` | Productivity SaaS apps (Exchange, Teams, SharePoint) |
-| `devops` | CI/CD, infrastructure as code, automation, code repositories, version control |
-| `analytics` | Data warehouses, query engines, ETL pipelines, BI tools, data lakes |
-
-The group is determined by the resource type being audited, not the service. For example, an EC2 security group check would use `network` (not `compute`), while an EC2 instance check would use `compute`.
+- **M365 / GitHub**: Leave empty due to lack of standardized types.

 #### Description

@@ -1,327 +0,0 @@
---
-title: 'End-2-End Tests for Prowler App'
---
-
-End-to-end (E2E) tests validate complete user flows in Prowler App (UI + API). These tests are implemented with [Playwright](https://playwright.dev/) under the `ui/tests` folder and are designed to run against a Prowler App environment.
-
-## General Recommendations
-
-When adding or maintaining E2E tests for Prowler App, follow these guidelines:
-
-1. **Test real user journeys**
-   Focus on full workflows (for example, sign-up → login → add provider → launch scan) instead of low-level UI details already covered by unit or integration tests.
-
-2. **Group tests by entity or feature area**
-   - Organize E2E tests by entity or feature area (for example, `providers.spec.ts`, `scans.spec.ts`, `invitations.spec.ts`, `sign-up.spec.ts`).
-   - Each entity should have its own test file and corresponding page model class (for example, `ProvidersPage`, `ScansPage`, `InvitationsPage`).
-   - Related tests for the same entity should be grouped together in the same test file to improve maintainability and make it easier to find and update tests for a specific feature.
-
-3. **Use a Page Model (Page Object Model)**
-   - Encapsulate selectors and common actions in page classes instead of repeating them in each test.
-   - Leverage and extend the existing Playwright page models in `ui/tests`—such as `ProvidersPage`, `ScansPage`, and others—which are all based on the shared `BasePage`.
-   - Page models for Prowler App pages should be placed in their respective entity folders (for example, `ui/tests/providers/providers-page.ts`).
-   - Page models for external pages (not part of Prowler App) should be grouped in the `external` folder (for example, `ui/tests/external/github-page.ts`).
-   - This approach improves readability, reduces duplication, and makes refactors safer.
-
-4. **Reuse authentication states (StorageState)**
-   - Multiple authentication setup projects are available that generate pre-authenticated state files stored in `playwright/.auth/`. Each project requires specific environment variables:
-     - `admin.auth.setup` – Admin users with full system permissions (requires `E2E_ADMIN_USER` / `E2E_ADMIN_PASSWORD`)
-     - `manage-scans.auth.setup` – Users with scan management permissions (requires `E2E_MANAGE_SCANS_USER` / `E2E_MANAGE_SCANS_PASSWORD`)
-     - `manage-integrations.auth.setup` – Users with integration management permissions (requires `E2E_MANAGE_INTEGRATIONS_USER` / `E2E_MANAGE_INTEGRATIONS_PASSWORD`)
-     - `manage-account.auth.setup` – Users with account management permissions (requires `E2E_MANAGE_ACCOUNT_USER` / `E2E_MANAGE_ACCOUNT_PASSWORD`)
-     - `manage-cloud-providers.auth.setup` – Users with cloud provider management permissions (requires `E2E_MANAGE_CLOUD_PROVIDERS_USER` / `E2E_MANAGE_CLOUD_PROVIDERS_PASSWORD`)
-     - `unlimited-visibility.auth.setup` – Users with unlimited visibility permissions (requires `E2E_UNLIMITED_VISIBILITY_USER` / `E2E_UNLIMITED_VISIBILITY_PASSWORD`)
-     - `invite-and-manage-users.auth.setup` – Users with user invitation and management permissions (requires `E2E_INVITE_AND_MANAGE_USERS_USER` / `E2E_INVITE_AND_MANAGE_USERS_PASSWORD`)
-   <Note>
-   If fixtures have been applied (fixtures are used to populate the database with initial development data), you can use the user `e2e@prowler.com` with password `Thisisapassword123@` to configure the Admin credentials by setting `E2E_ADMIN_USER=e2e@prowler.com` and `E2E_ADMIN_PASSWORD=Thisisapassword123@`.
-   </Note>
-
-   - Within test files, use `test.use({ storageState: "playwright/.auth/admin_user.json" })` to load the pre-authenticated state, avoiding redundant authentication steps in each test. This must be placed at the test level (not inside the test function) to apply the authentication state to all tests in that scope. This approach is preferred over declaring dependencies in `playwright.config.ts` because it provides more control over which authentication states are used in specific tests.
-
-     **Example:**
-
-     ```typescript
-     // Use admin authentication state for all tests in this scope
-     test.use({ storageState: "playwright/.auth/admin_user.json" });
-
-     test("should perform admin action", async ({ page }) => {
-       // Test implementation
-     });
-     ```
-
-5. **Tag and document scenarios**
-   - Follow the existing naming convention for suites and test cases (for example, `SCANS-E2E-001`, `PROVIDER-E2E-003`) and use tags such as `@e2e`, `@serial` and feature tags (for example, `@providers`, `@scans`,`@aws`) to filter and organize tests.
-
-   **Example:**
-     ```typescript
-     test(
-       "should add a new AWS provider with static credentials",
-       {
-         tag: [
-           "@critical",
-           "@e2e",
-           "@providers",
-           "@aws",
-           "@serial",
-           "@PROVIDER-E2E-001",
-         ],
-       },
-       async ({ page }) => {
-         // Test implementation
-       }
-     );
-     ```
-   -  Document each one in the Markdown files under `ui/tests`, including **Priority**, **Tags**, **Description**, **Preconditions**, **Flow steps**, **Expected results**,**Key verification points** and **Notes**.
-
-   **Example**
-   ```Markdown
-   ## Test Case: `SCANS-E2E-001` - Execute On-Demand Scan
-
-   **Priority:** `critical`
-
-   **Tags:**
-
-   - type → @e2e, @serial
-   - feature → @scans
-
-   **Description/Objective:** Validates the complete flow to execute an on-demand scan selecting a provider by UID and confirming success on the Scans page.
-
-   **Preconditions:**
-
-   - Admin user authentication required (admin.auth.setup setup)
-   - Environment variables configured for : E2E_AWS_PROVIDER_ACCOUNT_ID,E2E_AWS_PROVIDER_ACCESS_KEY and E2E_AWS_PROVIDER_SECRET_KEY
-   - Remove any existing AWS provider with the same Account ID before starting the test
-   - This test must be run serially and never in parallel with other tests, as it requires the Account ID Provider to be already registered.
-
-   ### Flow Steps:
-
-   1. Navigate to Scans page
-   2. Open provider selector and choose the entry whose text contains E2E_AWS_PROVIDER_ACCOUNT_ID
-   3. Optionally fill scan label (alias)
-   4. Click "Start now" to launch the scan
-   5. Verify the success toast appears
-   6. Verify a row in the Scans table contains the provided scan label (or shows the new scan entry)
-
-   ### Expected Result:
-
-   - Scan is launched successfully
-   - Success toast is displayed to the user
-   - Scans table displays the new scan entry (including the alias when provided)
-
-   ### Key verification points:
-
-   - Scans page loads correctly
-   - Provider select is available and lists the configured provider UID
-   - "Start now" button is rendered and enabled when form is valid
-   - Success toast message: "The scan was launched successfully."
-   - Table contains a row with the scan label or new scan state (queued/available/executing)
-
-   ### Notes:
-
-   - The table may take a short time to reflect the new scan; assertions look for a row containing the alias.
-   - Provider cleanup performed before each test to ensure clean state
-   - Tests should run serially to avoid state conflicts.
-
-   ```
-
-6. **Use environment variables for secrets and dynamic data**
-   Credentials, provider identifiers, secrets, tokens must come from environment variables (for example, `E2E_AWS_PROVIDER_ACCOUNT_ID`, `E2E_AWS_PROVIDER_ACCESS_KEY`, `E2E_AWS_PROVIDER_SECRET_KEY`, `E2E_GCP_PROJECT_ID`).
-
-   <Warning>
-   Never commit real secrets, tokens, or account IDs to the repository.
-   </Warning>
-
-7. **Keep tests deterministic and isolated**
-   - Use Playwright's `test.beforeEach()` and `test.afterEach()` hooks to manage test state:
-     - **`test.beforeEach()`**: Execute cleanup or setup logic before each test runs (for example, delete existing providers with a specific account ID to ensure a clean state).
-     - **`test.afterEach()`**: Execute cleanup logic after each test completes (for example, remove test data created during the test execution to prevent interference with subsequent tests).
-   - Define tests as serial using `test.describe.serial()` when they share state or resources that could interfere with parallel execution (for example, tests that use the same provider account ID or create dependent resources). This ensures tests within the serial group run sequentially, preventing race conditions and data conflicts.
-   - Use unique identifiers (for example, random suffixes for emails or labels) to prevent data collisions.
-
-8. **Use explicit waiting strategies**
-   - Avoid using `waitForLoadState('networkidle')` as it is unreliable and can lead to flaky tests or unnecessary delays.
-   - Leverage Playwright's auto-waiting capabilities by waiting for specific elements to be actionable (for example, `locator.click()`, `locator.fill()`, `locator.waitFor()`).
-   - **Prioritize selector strategies**: Prefer `page.getByRole()` over other approaches like `page.getByText()`. `getByRole()` is more resilient to UI changes, aligns with accessibility best practices, and better reflects how users interact with the application (by role and accessible name rather than implementation details).
-   - For dynamic content, wait for specific UI elements that indicate the page is ready (for example, button becoming enabled, a specific text appearing, etc).
-   - This approach makes tests more reliable, faster, and aligned with how users actually interact with the application.
-
-   **Common waiting patterns used in Prowler E2E tests:**
-
-   - **Element visibility assertions**: Use `expect(locator).toBeVisible()` or `expect(locator).not.toBeVisible()` to wait for elements to appear or disappear (Playwright automatically waits for these conditions).
-
-   - **URL changes**: Use `expect(page).toHaveURL(url)` or `page.waitForURL(url)` to wait for navigation to complete.
-
-   - **Element states**: Use `locator.waitFor({ state: "visible" })` or `locator.waitFor({ state: "hidden" })` when you need explicit state control.
-
-   - **Text content**: Use `expect(locator).toHaveText(text)` or `expect(locator).toContainText(text)` to wait for specific text to appear.
-
-   - **Element attributes**: Use `expect(locator).toHaveAttribute(name, value)` to wait for attributes like `aria-disabled="false"` indicating a button is enabled.
-
-   - **Custom conditions**: Use `page.waitForFunction(() => condition)` for complex conditions that cannot be expressed with locators (for example, checking DOM element dimensions or computed styles).
-
-   - **Retryable assertions**: Use `expect(async () => { ... }).toPass({ timeout })` for conditions that may take time to stabilize (for example, waiting for table rows to filter after a server request).
-
-   - **Scroll into view**: Use `locator.scrollIntoViewIfNeeded()` before interacting with elements that may be outside the viewport.
-
-   **Example from Prowler tests:**
-
-   ```typescript
-   // Wait for page to load by checking main content is visible
-   await expect(page.locator("main")).toBeVisible();
-
-   // Wait for URL change after form submission
-   await expect(page).toHaveURL("/providers");
-
-   // Wait for button to become enabled
-   await expect(submitButton).toHaveAttribute("aria-disabled", "false");
-
-   // Wait for loading spinner to disappear
-   await expect(page.getByText("Loading")).not.toBeVisible();
-
-   // Wait for custom condition
-   await page.waitForFunction(() => {
-     const main = document.querySelector("main");
-     return main && main.offsetHeight > 0;
-   });
-
-   // Wait for retryable condition (e.g., table filtering)
-   await expect(async () => {
-     const rowCount = await tableRows.count();
-     expect(rowCount).toBeLessThanOrEqual(1);
-   }).toPass({ timeout: 20000 });
-   ```
-
-## Running Prowler Tests
-
-E2E tests for Prowler App run from the `ui` project using Playwright. The Playwright configuration lives in `ui/playwright.config.ts` and defines:
-
- `testDir: "./tests"` – location of E2E test files (relative to the `ui` project root, so `ui/tests`).
- `webServer` – how to start the Next.js development server and connect to Prowler API.
- `use.baseURL` – base URL for browser interactions (defaults to `http://localhost:3000` or `AUTH_URL` if set).
- `reporter: [["list"]]` – uses the list reporter to display test results in a concise format in the terminal. Other reporter options are available (for example, `html`, `json`, `junit`, `github`), and multiple reporters can be configured simultaneously. See the [Playwright reporter documentation](https://playwright.dev/docs/test-reporters) for all available options.
- `expect.timeout: 20000` – timeout for assertions (20 seconds). This is the maximum time Playwright will wait for an assertion to pass before considering it failed.
- **Test artifacts** (in `use` configuration): By default, `trace`, `screenshot`, and `video` are set to `"off"` to minimize resource usage. To review test failures or debug issues, these can be enabled in `playwright.config.ts` by changing them to `"on"`, `"on-first-retry"`, or `"retain-on-failure"` depending on your needs.
- `outputDir: "/tmp/playwright-tests"` – directory where Playwright stores test artifacts (screenshots, videos, traces) during test execution.
- **CI-specific configuration**: The configuration uses different settings when running in CI environments (detected via `process.env.CI`):
-  - **Retries**: `2` retries in CI (to handle flaky tests), `0` retries locally (for faster feedback during development).
-  - **Workers**: `1` worker in CI (sequential execution for stability), `undefined` locally (parallel execution by default for faster test runs).
-
-### Prerequisites
-
-Before running E2E tests:
-
- **Install root and UI dependencies**
-  - Follow the [developer guide introduction](/developer-guide/introduction#getting-the-code-and-installing-all-dependencies) to clone the repository and install core dependencies.
-  - From the `ui` directory, install frontend dependencies:
-
-    ```bash
-    cd ui
-    pnpm install
-    pnpm run test:e2e:install  # Install Playwright browsers
-    ```
-
- **Ensure Prowler API is available**
-  - By default, Playwright uses `NEXT_PUBLIC_API_BASE_URL=http://localhost:8080/api/v1` (configured in `playwright.config.ts`).
-  - Start Prowler API so it is reachable on that URL (for example, via `docker-compose-dev.yml` or the development orchestration used locally).
-  - If a different API URL is required, set `NEXT_PUBLIC_API_BASE_URL` accordingly before running the tests.
-
- **Ensure Prowler App UI is available**
-  - Playwright automatically starts the Next.js server through the `webServer` block in `playwright.config.ts` (`pnpm run dev` by default).
-  - If the UI is already running on `http://localhost:3000`, Playwright will reuse the existing server when `reuseExistingServer` is `true`.
-
- **Configure E2E environment variables**
-  - Suite-specific variables (for example, provider account IDs, credentials, and E2E user data) must be provided before running tests.
-  - They can be defined either:
-    - As exported environment variables in the shell before executing the Playwright commands, or
-    - In a `.env.local` or `.env` file under `ui/`, and then loaded into the shell before running tests, for example:
-
-      ```bash
-      cd ui
-      set -a
-      source .env.local  # or .env
-      set +a
-      ```
-  - Refer to the Markdown documentation files in `ui/tests` for each E2E suite (for example, the `*.md` files that describe sign-up, providers, scans, invitations, and other flows) to see the exact list of required variables and their meaning.
-  - Each E2E test suite explicitly checks that its required environment variables are defined at runtime and will fail with a clear error message if any mandatory variable is missing, making misconfiguration easy to detect.
-
-### Executing Tests
-
-To execute E2E tests for Prowler App:
-
-1. **Run the full E2E suite (headless)**
-
-   From the `ui` directory:
-
-   ```bash
-   pnpm run test:e2e
-   ```
-
-   This command runs Playwright with the configured projects
-
-2. **Run E2E tests with the Playwright UI runner**
-
-   ```bash
-   pnpm run test:e2e:ui
-   ```
-
-   This opens the Playwright test runner UI to inspect, debug, and rerun specific tests or projects.
-
-3. **Debug E2E tests interactively**
-
-   ```bash
-   pnpm run test:e2e:debug
-   ```
-
-   Use this mode to step through flows, inspect selectors, and adjust timings. It runs tests in headed mode with debugging tools enabled.
-
-4. **Run tests in headed mode without debugger**
-
-   ```bash
-   pnpm run test:e2e:headed
-   ```
-
-   This is useful to visually confirm flows while still running the full suite.
-
-5. **View previous test reports**
-
-   ```bash
-   pnpm run test:e2e:report
-   ```
-
-   This opens the latest Playwright HTML report, including traces and screenshots when enabled.
-
-6. **Run specific tests or subsets**
-
-   In addition to the predefined scripts, Playwright allows filtering which tests run. These examples use the Playwright CLI directly through `pnpm`:
-
-   - **By test ID (`@ID` in the test metadata or description)**
-
-     To run a single test case identified by its ID (for example, `@PROVIDER-E2E-001` or `@SCANS-E2E-001`):
-
-     ```bash
-     pnpm playwright test --grep @PROVIDER-E2E-001
-     ```
-
-   - **By tags**
-
-     To run all tests that share a common tag (for example, all provider E2E tests tagged with `@providers`):
-
-     ```bash
-     pnpm playwright test --grep @providers
-     ```
-
-     This is useful to focus on a specific feature area such as providers, scans, invitations, or sign-up.
-
-   - **By Playwright project**
-
-     To run only the tests associated with a given project defined in `playwright.config.ts` (for example, `providers` or `scans`):
-
-     ```bash
-     pnpm playwright test --project=providers
-     ```
-
-     Combining project and grep filters is also supported, enabling very narrow runs (for example, a single test ID within the `providers` project). For additional CLI options and combinations, see the [Playwright command line documentation](https://playwright.dev/docs/test-cli).
-
-<Note>
-For detailed flows, preconditions, and environment variable requirements per feature, always refer to the Markdown files in `ui/tests`. Those documents are the single source of truth for business expectations and validation points in each E2E suite.
-</Note>
@@ -6,10 +6,6 @@ Thanks for your interest in contributing to Prowler!

 Prowler can be extended in various ways. This guide provides the different ways to contribute and how to get started.

-<Warning>
-Maintainers will assess whether a change fits the project roadmap and scope before merging.
-</Warning>
-
 ## Contributing to Prowler

 ### Review Current Issues
@@ -36,9 +32,6 @@ Prowler is constantly evolving. Contributions to checks, services, or integratio
  <Card title="Adding New Providers" icon="cloud" href="/developer-guide/provider">
    If you would like to extend Prowler to work with a new cloud provider, this typically involves setting up new services and checks to ensure compatibility.
  </Card>
-  <Card title="Adding New Compliance Frameworks" icon="scale-balanced" href="/developer-guide/security-compliance-framework">
-    Need to ensure Prowler supports a specific compliance framework? Add new security compliance frameworks to map checks against regulatory or industry standards.
-  </Card>
  <Card title="Adding New Output Formats" icon="file" href="/developer-guide/outputs">
    Want to tailor how results are displayed or exported? You can add custom output formats.
  </Card>
@@ -220,4 +213,4 @@ pipx install "git+https://github.com/prowler-cloud/prowler.git@branch-name"

 Replace `branch-name` with the name of the branch you want to test. This will install Prowler in an isolated environment, allowing you to try out the changes safely.

-For more details on testing go to the [Testing section](/developer-guide/unit-testing) of this documentation.
+For more details on testing go to the [Testing section](/developer-guide/unit-testing) of this documentation.
@@ -1,407 +0,0 @@
---
-title: 'Lighthouse AI Architecture'
---
-
-This document describes the internal architecture of Prowler Lighthouse AI, enabling developers to understand how components interact and where to add new functionality.
-
-<Info>
-**Looking for user documentation?** See:
- [Lighthouse AI Overview](/getting-started/products/prowler-lighthouse-ai) - Capabilities and FAQs
- [How Lighthouse AI Works](/user-guide/tutorials/prowler-app-lighthouse) - Configuration and usage
- [Multi-LLM Provider Setup](/user-guide/tutorials/prowler-app-lighthouse-multi-llm) - Provider configuration
-</Info>
-
-## Architecture Overview
-
-Lighthouse AI operates as a Langchain-based agent that connects Large Language Models (LLMs) with Prowler security data through the Model Context Protocol (MCP).
-
-<img className="block dark:hidden" src="/images/lighthouse-architecture-light.png" alt="Prowler Lighthouse Architecture" />
-<img className="hidden dark:block" src="/images/lighthouse-architecture-dark.png" alt="Prowler Lighthouse Architecture" />
-
-### Three-Tier Architecture
-
-The system follows a three-tier architecture:
-
-1. **Frontend (Next.js)**: Chat interface, message rendering, model selection
-2. **API Route**: Request handling, authentication, stream transformation
-3. **Langchain Agent**: LLM orchestration, tool calling through MCP
-
-### Request Flow
-
-When a user sends a message through the Lighthouse chat interface, the system processes it through several stages:
-
-1. **User Submits a Message**.
-   The chat component (`ui/components/lighthouse/chat.tsx`) captures the user's question (e.g., "What are my critical findings in AWS?") and sends it as an HTTP POST request to the backend API route.
-
-2. **Authentication and Context Assembly**.
-   The API route (`ui/app/api/lighthouse/analyst/route.ts`) validates the user's session, extracts the JWT token (stored via `auth-context.ts`), and gathers context including the tenant's business context and current security posture data (assembled in `data.ts`).
-
-3. **Agent Initialization**.
-   The workflow orchestrator (`ui/lib/lighthouse/workflow.ts`) creates a Langchain agent configured with:
-   - The selected LLM, instantiated through the factory (`llm-factory.ts`)
-   - A system prompt containing available tools and instructions (`system-prompt.ts`)
-   - Two meta-tools (`describe_tool` and `execute_tool`) for accessing Prowler data
-
-4. **LLM Reasoning and Tool Calling**.
-   The agent sends the conversation to the LLM, which decides whether to respond directly or call tools to fetch data. When tools are needed, the meta-tools in `ui/lib/lighthouse/tools/meta-tool.ts` interact with the MCP client (`mcp-client.ts`) to:
-   - First call `describe_tool` to understand the tool's parameters
-   - Then call `execute_tool` to retrieve data from the MCP Server
-   - Continue reasoning with the returned data
-
-5. **Streaming Response**.
-   As the LLM generates its response, the stream handler (`ui/lib/lighthouse/analyst-stream.ts`) transforms Langchain events into UI-compatible messages and streams tokens back to the browser in real-time using Server-Sent Events. The stream includes both text tokens and tool execution events (displayed as "chain of thought").
-
-6. **Message Rendering**.
-   The frontend receives the stream and renders it through `message-item.tsx` with markdown formatting. Any tool calls that occurred during reasoning are displayed via `chain-of-thought-display.tsx`.
-
-## Frontend Components
-
-Frontend components reside in `ui/components/lighthouse/` and handle the chat interface and configuration workflows.
-
-### Core Components
-
-| Component | Location | Purpose |
-|-----------|----------|---------|
-| `chat.tsx` | `ui/components/lighthouse/` | Main chat interface managing message history and input handling |
-| `message-item.tsx` | `ui/components/lighthouse/` | Individual message rendering with markdown support |
-| `select-model.tsx` | `ui/components/lighthouse/` | Model and provider selection dropdown |
-| `chain-of-thought-display.tsx` | `ui/components/lighthouse/` | Displays tool calls and reasoning steps during execution |
-
-### Configuration Components
-
-| Component | Location | Purpose |
-|-----------|----------|---------|
-| `lighthouse-settings.tsx` | `ui/components/lighthouse/` | Settings panel for business context and preferences |
-| `connect-llm-provider.tsx` | `ui/components/lighthouse/` | Provider connection workflow |
-| `llm-providers-table.tsx` | `ui/components/lighthouse/` | Provider management table |
-| `forms/delete-llm-provider-form.tsx` | `ui/components/lighthouse/forms/` | Provider deletion confirmation dialog |
-
-### Supporting Components
-
-| Component | Location | Purpose |
-|-----------|----------|---------|
-| `banner.tsx` / `banner-client.tsx` | `ui/components/lighthouse/` | Status banners and notifications |
-| `workflow/` | `ui/components/lighthouse/workflow/` | Multi-step configuration workflows |
-| `ai-elements/` | `ui/components/lighthouse/ai-elements/` | Custom UI primitives for chat interface (input, select, dropdown, tooltip) |
-
-## Library Code
-
-Core library code resides in `ui/lib/lighthouse/` and handles agent orchestration, MCP communication, and stream processing.
-
-### Workflow Orchestrator
-
-**Location:** `ui/lib/lighthouse/workflow.ts`
-
-The workflow module serves as the core orchestrator, responsible for:
-
- Initializing the Langchain agent with system prompt and tools
- Loading tenant configuration (default provider, model, business context)
- Creating the LLM instance through the factory
- Generating dynamic tool listings from available MCP tools
-
-```typescript
-// Simplified workflow initialization
-export async function initLighthouseWorkflow(runtimeConfig?: RuntimeConfig) {
-  await initializeMCPClient();
-
-  const toolListing = generateToolListing();
-  const systemPrompt = LIGHTHOUSE_SYSTEM_PROMPT_TEMPLATE.replace(
-    "{{TOOL_LISTING}}",
-    toolListing,
-  );
-
-  const llm = createLLM({
-    provider: providerType,
-    model: modelId,
-    credentials,
-    // ...
-  });
-
-  return createAgent({
-    model: llm,
-    tools: [describeTool, executeTool],
-    systemPrompt,
-  });
-}
-```
-
-### MCP Client Manager
-
-**Location:** `ui/lib/lighthouse/mcp-client.ts`
-
-The MCP client manages connections to the Prowler MCP Server using a singleton pattern:
-
- **Connection Management**: Retry logic with configurable attempts and delays
- **Tool Discovery**: Fetches available tools from MCP server on initialization
- **Authentication Injection**: Automatically adds JWT tokens to `prowler_app_*` tool calls
- **Reconnection**: Supports forced reconnection after server restarts
-
-Key constants:
- `MAX_RETRY_ATTEMPTS`: 3 connection attempts
- `RETRY_DELAY_MS`: 2000ms between retries
- `RECONNECT_INTERVAL_MS`: 5 minutes before retry after failure
-
-```typescript
-// Authentication injection for Prowler App tools
-private handleBeforeToolCall = ({ name, args }) => {
-  // Only inject auth for prowler_app_* tools (user-specific data)
-  if (!name.startsWith("prowler_app_")) {
-    return { args };
-  }
-
-  const accessToken = getAuthContext();
-  return {
-    args,
-    headers: { Authorization: `Bearer ${accessToken}` },
-  };
-};
-```
-
-### Meta-Tools
-
-**Location:** `ui/lib/lighthouse/tools/meta-tool.ts`
-
-Instead of registering all MCP tools directly with the agent, Lighthouse uses two meta-tools for dynamic tool discovery and execution:
-
-| Tool | Purpose |
-|------|---------|
-| `describe_tool` | Retrieves full schema and parameter details for a specific tool |
-| `execute_tool` | Executes a tool with provided parameters |
-
-This pattern reduces the number of tools the LLM must track while maintaining access to all MCP capabilities.
-
-### Additional Library Modules
-
-| Module | Location | Purpose |
-|--------|----------|---------|
-| `analyst-stream.ts` | `ui/lib/lighthouse/` | Transforms Langchain stream events to UI message format |
-| `llm-factory.ts` | `ui/lib/lighthouse/` | Creates LLM instances for OpenAI, Bedrock, and OpenAI-compatible providers |
-| `system-prompt.ts` | `ui/lib/lighthouse/` | System prompt template with dynamic tool listing injection |
-| `auth-context.ts` | `ui/lib/lighthouse/` | AsyncLocalStorage for JWT token propagation across async boundaries |
-| `types.ts` | `ui/lib/lighthouse/` | TypeScript type definitions |
-| `constants.ts` | `ui/lib/lighthouse/` | Configuration constants and error messages |
-| `utils.ts` | `ui/lib/lighthouse/` | Message conversion and model parameter extraction |
-| `validation.ts` | `ui/lib/lighthouse/` | Input validation utilities |
-| `data.ts` | `ui/lib/lighthouse/` | Current data section generation for context enrichment |
-
-## API Route
-
-**Location:** `ui/app/api/lighthouse/analyst/route.ts`
-
-The API route handles chat requests and manages the streaming response pipeline:
-
-1. **Request Parsing**: Extracts messages, model, and provider from request body
-2. **Authentication**: Validates session and extracts access token
-3. **Context Assembly**: Gathers business context and current data
-4. **Agent Initialization**: Creates Langchain agent with runtime configuration
-5. **Stream Processing**: Transforms agent events to UI-compatible format
-6. **Error Handling**: Captures errors with Sentry integration
-
-```typescript
-export async function POST(req: Request) {
-  const { messages, model, provider } = await req.json();
-
-  const session = await auth();
-  if (!session?.accessToken) {
-    return Response.json({ error: "Unauthorized" }, { status: 401 });
-  }
-
-  return await authContextStorage.run(accessToken, async () => {
-    const app = await initLighthouseWorkflow(runtimeConfig);
-    const agentStream = app.streamEvents({ messages }, { version: "v2" });
-
-    // Transform stream events to UI format
-    const stream = new ReadableStream({
-      async start(controller) {
-        for await (const streamEvent of agentStream) {
-          // Handle on_chat_model_stream, on_tool_start, on_tool_end, etc.
-        }
-      },
-    });
-
-    return createUIMessageStreamResponse({ stream });
-  });
-}
-```
-
-## Backend Components
-
-Backend components handle LLM provider configuration, model management, and credential storage.
-
-### Database Models
-
-**Location:** `api/src/backend/api/models.py`
-
-| Model | Purpose |
-|-------|---------|
-| `LighthouseProviderConfiguration` | Per-tenant LLM provider credentials (encrypted with Fernet) |
-| `LighthouseTenantConfiguration` | Tenant-level settings including business context and default provider/model |
-| `LighthouseProviderModels` | Available models per provider configuration |
-
-All models implement Row-Level Security (RLS) for tenant isolation.
-
-#### LighthouseProviderConfiguration
-
-Stores provider-specific credentials for each tenant:
-
- **provider_type**: `openai`, `bedrock`, or `openai_compatible`
- **credentials**: Encrypted JSON containing API keys or AWS credentials
- **base_url**: Custom endpoint for OpenAI-compatible providers
- **is_active**: Connection validation status
-
-#### LighthouseTenantConfiguration
-
-Stores tenant-wide Lighthouse settings:
-
- **business_context**: Optional context for personalized responses
- **default_provider**: Default LLM provider type
- **default_models**: JSON mapping provider types to default model IDs
-
-#### LighthouseProviderModels
-
-Catalogs available models for each provider:
-
- **model_id**: Provider-specific model identifier
- **model_name**: Human-readable display name
- **default_parameters**: Optional model-specific parameters
-
-### Background Jobs
-
-**Location:** `api/src/backend/tasks/jobs/lighthouse_providers.py`
-
-#### check_lighthouse_provider_connection
-
-Validates provider credentials by making a test API call:
-
- OpenAI: Lists models via `client.models.list()`
- Bedrock: Lists foundation models via `bedrock_client.list_foundation_models()`
- OpenAI-compatible: Lists models via custom base URL
-
-Updates `is_active` status based on connection result.
-
-#### refresh_lighthouse_provider_models
-
-Synchronizes available models from provider APIs:
-
- Fetches current model catalog from provider
- Filters out non-chat models (DALL-E, Whisper, TTS, embeddings)
- Upserts model records in `LighthouseProviderModels`
- Removes stale models no longer available
-
-**Excluded OpenAI model prefixes:**
-```python
-EXCLUDED_OPENAI_MODEL_PREFIXES = (
-    "dall-e", "whisper", "tts-", "sora",
-    "text-embedding", "text-moderation",
-    # Legacy models
-    "text-davinci", "davinci", "curie", "babbage", "ada",
-)
-```
-
-## MCP Server Integration
-
-Lighthouse AI communicates with the Prowler MCP Server to access security data. For detailed MCP Server architecture, see [Extending the MCP Server](/developer-guide/mcp-server).
-
-### Tool Namespacing
-
-MCP tools are organized into three namespaces based on authentication requirements:
-
-| Namespace | Auth Required | Description |
-|-----------|---------------|-------------|
-| `prowler_app_*` | Yes (JWT) | Prowler Cloud/App tools for findings, providers, scans, resources |
-| `prowler_hub_*` | No | Security checks catalog, compliance frameworks |
-| `prowler_docs_*` | No | Documentation search and retrieval |
-
-### Authentication Flow
-
-1. User authenticates with Prowler App, receiving a JWT token
-2. Token is stored in session and propagated via `authContextStorage`
-3. MCP client injects `Authorization: Bearer <token>` header for `prowler_app_*` calls
-4. MCP Server validates token and applies RLS filtering
-
-### Tool Execution Pattern
-
-The agent uses meta-tools rather than direct tool registration:
-
-```
-Agent needs data → describe_tool("prowler_app_search_findings")
-    → Returns parameter schema → execute_tool with parameters
-    → MCP client adds auth header → MCP Server executes
-    → Results returned to agent → Agent continues reasoning
-```
-
-## Extension Points
-
-### Adding New LLM Providers
-
-To add a new LLM provider:
-
-1. **Frontend**: Update `ui/lib/lighthouse/llm-factory.ts` with provider-specific initialization
-2. **Backend**: Add provider type to `LighthouseProviderConfiguration.LLMProviderChoices`
-3. **Jobs**: Add credential extraction and model fetching in `lighthouse_providers.py`
-4. **UI**: Add connection workflow in `ui/components/lighthouse/workflow/`
-
-### Modifying System Prompt
-
-The system prompt template lives in `ui/lib/lighthouse/system-prompt.ts`. The `{{TOOL_LISTING}}` placeholder is dynamically replaced with available MCP tools during agent initialization.
-
-### Adding Stream Events
-
-To handle new Langchain stream events, modify `ui/lib/lighthouse/analyst-stream.ts`. Current handlers include:
-
- `on_chat_model_stream`: Token-by-token text streaming
- `on_chat_model_end`: Model completion with tool call detection
- `on_tool_start`: Tool execution started
- `on_tool_end`: Tool execution completed
-
-### Adding MCP Tools
-
-See [Extending the MCP Server](/developer-guide/mcp-server) for detailed instructions on adding new tools to the Prowler MCP Server.
-
-## Configuration
-
-### Environment Variables
-
-| Variable | Description |
-|----------|-------------|
-| `PROWLER_MCP_SERVER_URL` | MCP server endpoint (e.g., `https://mcp.prowler.com/mcp`) |
-
-### Database Configuration
-
-Provider credentials are stored encrypted in `LighthouseProviderConfiguration`:
-
- **OpenAI**: `{"api_key": "sk-..."}`
- **Bedrock**: `{"access_key_id": "...", "secret_access_key": "...", "region": "us-east-1"}` or `{"api_key": "...", "region": "us-east-1"}`
- **OpenAI-compatible**: `{"api_key": "..."}` with `base_url` field
-
-### Tenant Configuration
-
-Business context and default settings are stored in `LighthouseTenantConfiguration`:
-
-```python
-{
-    "business_context": "Optional organization context for personalized responses",
-    "default_provider": "openai",
-    "default_models": {
-        "openai": "gpt-4o",
-        "bedrock": "anthropic.claude-3-5-sonnet-20240620-v1:0"
-    }
-}
-```
-
-## Related Documentation
-
-<CardGroup cols={2}>
-  <Card title="MCP Server Extension" icon="wrench" href="/developer-guide/mcp-server">
-    Adding new tools to the Prowler MCP Server
-  </Card>
-  <Card title="Lighthouse AI Overview" icon="robot" href="/getting-started/products/prowler-lighthouse-ai">
-    Capabilities, FAQs, and limitations
-  </Card>
-  <Card title="Multi-LLM Setup" icon="sliders" href="/user-guide/tutorials/prowler-app-lighthouse-multi-llm">
-    Configuring multiple LLM providers
-  </Card>
-  <Card title="How Lighthouse Works" icon="gear" href="/user-guide/tutorials/prowler-app-lighthouse">
-    User-facing architecture and setup guide
-  </Card>
-</CardGroup>
@@ -0,0 +1,140 @@
+---
+title: 'Extending Prowler Lighthouse AI'
+---
+
+This guide helps developers customize and extend Prowler Lighthouse AI by adding or modifying AI agents.
+
+## Understanding AI Agents
+
+AI agents combine Large Language Models (LLMs) with specialized tools that provide environmental context. These tools can include API calls, system command execution, or any function-wrapped capability.
+
+### Types of AI Agents
+
+AI agents fall into two main categories:
+
+- **Autonomous Agents**: Freely chooses from available tools to complete tasks, adapting their approach based on context. They decide which tools to use and when.
+- **Workflow Agents**: Follows structured paths with predefined logic. They execute specific tool sequences and can include conditional logic.
+
+Prowler Lighthouse AI is an autonomous agent - selecting the right tool(s) based on the users query.
+
+<Note>
+To learn more about AI agents, read [Anthropic's blog post on building effective agents](https://www.anthropic.com/engineering/building-effective-agents).
+
+</Note>
+### LLM Dependency
+
+The autonomous nature of agents depends on the underlying LLM. Autonomous agents using identical system prompts and tools but powered by different LLM providers might approach user queries differently. Agent with one LLM might solve a problem efficiently, while with another it might take a different route or fail entirely.
+
+After evaluating multiple LLM providers (OpenAI, Gemini, Claude, LLama) based on tool calling features and response accuracy, we recommend using the `gpt-4o` model.
+
+## Prowler Lighthouse AI Architecture
+
+Prowler Lighthouse AI uses a multi-agent architecture orchestrated by the [Langgraph-Supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor) library.
+
+### Architecture Components
+
+<img src="/images/prowler-app/lighthouse-architecture.png" alt="Prowler Lighthouse architecture" />
+
+Prowler Lighthouse AI integrates with the NextJS application:
+
+- The [Langgraph-Supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor) library integrates directly with NextJS
+- The system uses the authenticated user session to interact with the Prowler API server
+- Agents only access data the current user is authorized to view
+- Session management operates automatically, ensuring Role-Based Access Control (RBAC) is maintained
+
+## Available Prowler AI Agents
+
+The following specialized AI agents are available in Prowler:
+
+### Agent Overview
+
+- **provider_agent**: Fetches information about cloud providers connected to Prowler
+- **user_info_agent**: Retrieves information about Prowler users
+- **scans_agent**: Fetches information about Prowler scans
+- **compliance_agent**: Retrieves compliance overviews across scans
+- **findings_agent**: Fetches information about individual findings across scans
+- **overview_agent**: Retrieves overview information (providers, findings by status and severity, etc.)
+
+## How to Add New Capabilities
+
+### Updating the Supervisor Prompt
+
+The supervisor agent controls system behavior, tone, and capabilities. You can find the supervisor prompt at: [https://github.com/prowler-cloud/prowler/blob/master/ui/lib/lighthouse/prompts.ts](https://github.com/prowler-cloud/prowler/blob/master/ui/lib/lighthouse/prompts.ts)
+
+#### Supervisor Prompt Modifications
+
+Modifying the supervisor prompt allows you to:
+
+- Change personality or response style
+- Add new high-level capabilities
+- Modify task delegation to specialized agents
+- Set up guardrails (query types to answer or decline)
+
+<Note>
+The supervisor agent should not have its own tools. This design keeps the system modular and maintainable.
+
+</Note>
+### How to Create New Specialized Agents
+
+The supervisor agent and all specialized agents are defined in the `route.ts` file. The supervisor agent uses [langgraph-supervisor](https://www.npmjs.com/package/@langchain/langgraph-supervisor), while other agents use the prebuilt [create-react-agent](https://langchain-ai.github.io/langgraphjs/how-tos/create-react-agent/).
+
+To add new capabilities or all Lighthouse AI to interact with other APIs, create additional specialized agents:
+
+1. First determine what the new agent would do. Create a detailed prompt defining the agent's purpose and capabilities. You can see an example from [here](https://github.com/prowler-cloud/prowler/blob/master/ui/lib/lighthouse/prompts.ts#L359-L385).
+<Note>
+Ensure that the new agent's capabilities don't collide with existing agents. For example, if there's already a *findings_agent* that talks to findings APIs don't create a new agent to do the same.
+
+</Note>
+2. Create necessary tools for the agents to access specific data or perform actions. A tool is a specialized function that extends the capabilities of LLM by allowing it to access external data or APIs. A tool is triggered by LLM based on the description of the tool and the user's query.
+For example, the description of `getScanTool` is "Fetches detailed information about a specific scan by its ID." If the description doesn't convey what the tool is capable of doing, LLM will not invoke the function. If the description of `getScanTool` was set to something random or not set at all, LLM will not answer queries like "Give me the critical issues from the scan ID xxxxxxxxxxxxxxx"
+<Note>
+Ensure that one tool is added to one agent only. Adding tools is optional. There can be agents with no tools at all.
+
+</Note>
+3. Use the `createReactAgent` function to define a new agent. For example, the rolesAgent name is "roles_agent" and has access to call tools "*getRolesTool*" and "*getRoleTool*"
+```js
+const rolesAgent = createReactAgent({
+  llm: llm,
+  tools: [getRolesTool, getRoleTool],
+  name: "roles_agent",
+  prompt: rolesAgentPrompt,
+});
+```
+
+4. Create a detailed prompt defining the agent's purpose and capabilities.
+
+5. Add the new agent to the available agents list:
+```js
+const agents = [
+  userInfoAgent,
+  providerAgent,
+  overviewAgent,
+  scansAgent,
+  complianceAgent,
+  findingsAgent,
+  rolesAgent,  // New agent added here
+];
+// Create supervisor workflow
+const workflow = createSupervisor({
+  agents: agents,
+  llm: supervisorllm,
+  prompt: supervisorPrompt,
+  outputMode: "last_message",
+});
+```
+
+6. Update the supervisor's system prompt to summarize the new agent's capabilities.
+
+### Best Practices for Agent Development
+
+When developing new agents or capabilities:
+
+- **Clear Responsibility Boundaries**: Each agent should have a defined purpose with minimal overlap. No two agents should access the same tools or different tools accessing the same Prowler APIs.
+- **Minimal Data Access**: Agents should only request the data they need, keeping requests specific to minimize context window usage, cost, and response time.
+- **Thorough Prompting:** Ensure agent prompts include clear instructions about:
+    - The agent's purpose and limitations
+    - How to use its tools
+    - How to format responses for the supervisor
+    - Error handling procedures (Optional)
+- **Security Considerations:** Agents should never modify data or access sensitive information like secrets or credentials.
+- **Testing:** Thoroughly test new agents with various queries before deploying to production.
@@ -1,447 +0,0 @@
---
-title: 'Extending the MCP Server'
---
-
-This guide explains how to extend the Prowler MCP Server with new tools and features.
-
-<Info>
-**New to Prowler MCP Server?** Start with the user documentation:
- [Overview](/getting-started/products/prowler-mcp) - Key capabilities, use cases, and deployment options
- [Installation](/getting-started/installation/prowler-mcp) - Install locally or use the managed server
- [Configuration](/getting-started/basic-usage/prowler-mcp) - Configure Claude Desktop, Cursor, and other MCP hosts
- [Tools Reference](/getting-started/basic-usage/prowler-mcp-tools) - Complete list of all available tools
-</Info>
-
-## Introduction
-
-The Prowler MCP Server brings the entire Prowler ecosystem to AI assistants through the [Model Context Protocol (MCP)](https://modelcontextprotocol.io). It enables seamless integration with AI tools like Claude Desktop, Cursor, and other MCP clients.
-
-The server follows a modular architecture with three independent sub-servers:
-
-| Sub-Server | Auth Required | Description |
-|------------|---------------|-------------|
-| Prowler App | Yes | Full access to Prowler Cloud and Self-Managed features |
-| Prowler Hub | No | Security checks catalog with **over 1000 checks**, fixers, and **70+ compliance frameworks** |
-| Prowler Documentation | No | Full-text search and retrieval of official documentation |
-
-<Note>
-For a complete list of tools and their descriptions, see the [Tools Reference](/getting-started/basic-usage/prowler-mcp-tools).
-</Note>
-
-## Architecture Overview
-
-The MCP Server architecture is illustrated in the [Overview documentation](/getting-started/products/prowler-mcp#mcp-server-architecture). AI assistants connect through the MCP protocol to access Prowler's three main components.
-
-### Server Structure
-
-The main server orchestrates three sub-servers with prefixed namespacing:
-
-```
-mcp_server/prowler_mcp_server/
-├── server.py                 # Main orchestrator
-├── main.py                   # CLI entry point
-├── prowler_hub/
-├── prowler_app/
-│   ├── tools/                # Tool implementations
-│   ├── models/               # Pydantic models
-│   └── utils/                # API client, auth, loader
-└── prowler_documentation/
-```
-
-### Tool Registration Patterns
-
-The MCP Server uses two patterns for tool registration:
-
-1. **Direct Decorators** (Prowler Hub/Docs): Tools are registered using `@mcp.tool()` decorators
-2. **Auto-Discovery** (Prowler App): All public methods of `BaseTool` subclasses are auto-registered
-
-## Adding Tools to Prowler App
-
-### Step 1: Create the Tool Class
-
-Create a new file or add to an existing file in `prowler_app/tools/`:
-
-```python
-# prowler_app/tools/new_feature.py
-from typing import Any
-
-from pydantic import Field
-
-from prowler_mcp_server.prowler_app.models.new_feature import (
-    FeatureListResponse,
-    DetailedFeature,
-)
-from prowler_mcp_server.prowler_app.tools.base import BaseTool
-
-
-class NewFeatureTools(BaseTool):
-    """Tools for managing new features."""
-
-    async def list_features(
-        self,
-        status: str | None = Field(
-            default=None,
-            description="Filter by status (active, inactive, pending)"
-        ),
-        page_size: int = Field(
-            default=50,
-            description="Number of results per page (1-100)"
-        ),
-    ) -> dict[str, Any]:
-        """List all features with optional filtering.
-
-        Returns a lightweight list of features optimized for LLM consumption.
-        Use get_feature for complete information about a specific feature.
-        """
-        # Validate parameters
-        self.api_client.validate_page_size(page_size)
-
-        # Build query parameters
-        params: dict[str, Any] = {"page[size]": page_size}
-        if status:
-            params["filter[status]"] = status
-
-        # Make API request
-        clean_params = self.api_client.build_filter_params(params)
-        response = await self.api_client.get("/api/v1/features", params=clean_params)
-
-        # Transform to LLM-friendly format
-        return FeatureListResponse.from_api_response(response).model_dump()
-
-    async def get_feature(
-        self,
-        feature_id: str = Field(description="The UUID of the feature"),
-    ) -> dict[str, Any]:
-        """Get detailed information about a specific feature.
-
-        Returns complete feature details including configuration and metadata.
-        """
-        try:
-            response = await self.api_client.get(f"/api/v1/features/{feature_id}")
-            return DetailedFeature.from_api_response(response["data"]).model_dump()
-        except Exception as e:
-            self.logger.error(f"Failed to get feature {feature_id}: {e}")
-            return {"error": str(e), "status": "failed"}
-```
-
-### Step 2: Create the Models
-
-Create corresponding models in `prowler_app/models/`:
-
-```python
-# prowler_app/models/new_feature.py
-from typing import Any
-
-from pydantic import Field
-
-from prowler_mcp_server.prowler_app.models.base import MinimalSerializerMixin
-
-
-class SimplifiedFeature(MinimalSerializerMixin):
-    """Lightweight feature for list operations."""
-
-    id: str = Field(description="Unique feature identifier")
-    name: str = Field(description="Feature name")
-    status: str = Field(description="Current status")
-
-    @classmethod
-    def from_api_response(cls, data: dict[str, Any]) -> "SimplifiedFeature":
-        """Transform API response to simplified format."""
-        attributes = data.get("attributes", {})
-        return cls(
-            id=data["id"],
-            name=attributes["name"],
-            status=attributes["status"],
-        )
-
-
-class DetailedFeature(SimplifiedFeature):
-    """Extended feature with complete details."""
-
-    description: str | None = Field(default=None, description="Feature description")
-    configuration: dict[str, Any] | None = Field(default=None, description="Configuration")
-    created_at: str = Field(description="Creation timestamp")
-    updated_at: str = Field(description="Last update timestamp")
-
-    @classmethod
-    def from_api_response(cls, data: dict[str, Any]) -> "DetailedFeature":
-        """Transform API response to detailed format."""
-        attributes = data.get("attributes", {})
-        return cls(
-            id=data["id"],
-            name=attributes["name"],
-            status=attributes["status"],
-            description=attributes.get("description"),
-            configuration=attributes.get("configuration"),
-            created_at=attributes["created_at"],
-            updated_at=attributes["updated_at"],
-        )
-
-
-class FeatureListResponse(MinimalSerializerMixin):
-    """Response wrapper for feature list operations."""
-
-    count: int = Field(description="Total number of features")
-    features: list[SimplifiedFeature] = Field(description="List of features")
-
-    @classmethod
-    def from_api_response(cls, response: dict[str, Any]) -> "FeatureListResponse":
-        """Transform API response to list format."""
-        data = response.get("data", [])
-        features = [SimplifiedFeature.from_api_response(item) for item in data]
-        return cls(count=len(features), features=features)
-```
-
-### Step 3: Verify Auto-Discovery
-
-No manual registration is needed. The `tool_loader.py` automatically discovers and registers all `BaseTool` subclasses. Verify your tool is loaded by checking the server logs:
-
-```
-INFO - Auto-registered 2 tools from NewFeatureTools
-INFO - Loaded and registered: NewFeatureTools
-```
-
-## Adding Tools to Prowler Hub/Docs
-
-For Prowler Hub or Documentation tools, use the `@mcp.tool()` decorator directly:
-
-```python
-# prowler_hub/server.py
-from fastmcp import FastMCP
-
-hub_mcp_server = FastMCP("prowler-hub")
-
-@hub_mcp_server.tool()
-async def get_new_artifact(
-    artifact_id: str,
-) -> dict:
-    """Fetch a specific artifact from Prowler Hub.
-
-    Args:
-        artifact_id: The unique identifier of the artifact
-
-    Returns:
-        Dictionary containing artifact details
-    """
-    response = prowler_hub_client.get(f"/artifact/{artifact_id}")
-    response.raise_for_status()
-    return response.json()
-```
-
-## Model Design Patterns
-
-### MinimalSerializerMixin
-
-All models should use `MinimalSerializerMixin` to optimize responses for LLM consumption:
-
-```python
-from prowler_mcp_server.prowler_app.models.base import MinimalSerializerMixin
-
-class MyModel(MinimalSerializerMixin):
-    """Model that excludes empty values from serialization."""
-    required_field: str
-    optional_field: str | None = None  # Excluded if None
-    empty_list: list = []              # Excluded if empty
-```
-
-This mixin automatically excludes:
- `None` values
- Empty strings
- Empty lists
- Empty dictionaries
-
-### Two-Tier Model Pattern
-
-Use two-tier models for efficient responses:
-
- **Simplified**: Lightweight models for list operations
- **Detailed**: Extended models for single-item retrieval
-
-```python
-class SimplifiedItem(MinimalSerializerMixin):
-    """Use for list operations - minimal fields."""
-    id: str
-    name: str
-    status: str
-
-class DetailedItem(SimplifiedItem):
-    """Use for get operations - extends simplified with details."""
-    description: str | None = None
-    configuration: dict | None = None
-    created_at: str
-    updated_at: str
-```
-
-### Factory Method Pattern
-
-Always implement `from_api_response()` for API transformation:
-
-```python
-@classmethod
-def from_api_response(cls, data: dict[str, Any]) -> "MyModel":
-    """Transform API response to model.
-
-    This method handles the JSON:API format used by Prowler API,
-    extracting attributes and relationships as needed.
-    """
-    attributes = data.get("attributes", {})
-    return cls(
-        id=data["id"],
-        name=attributes["name"],
-        # ... map other fields
-    )
-```
-
-## API Client Usage
-
-The `ProwlerAPIClient` is a singleton that handles authentication and HTTP requests:
-
-```python
-class MyTools(BaseTool):
-    async def my_tool(self) -> dict:
-        # GET request
-        response = await self.api_client.get("/api/v1/endpoint", params={"key": "value"})
-
-        # POST request
-        response = await self.api_client.post(
-            "/api/v1/endpoint",
-            json_data={"data": {"type": "items", "attributes": {...}}}
-        )
-
-        # PATCH request
-        response = await self.api_client.patch(
-            f"/api/v1/endpoint/{id}",
-            json_data={"data": {"attributes": {...}}}
-        )
-
-        # DELETE request
-        response = await self.api_client.delete(f"/api/v1/endpoint/{id}")
-```
-
-### Helper Methods
-
-The API client provides useful helper methods:
-
-```python
-# Validate page size (1-1000)
-self.api_client.validate_page_size(page_size)
-
-# Normalize date range with max days limit
-date_range = self.api_client.normalize_date_range(date_from, date_to, max_days=2)
-
-# Build filter parameters (handles type conversion)
-clean_params = self.api_client.build_filter_params({
-    "filter[status]": "active",
-    "filter[severity__in]": ["high", "critical"],  # Converts to comma-separated
-    "filter[muted]": True,  # Converts to "true"
-})
-
-# Poll async task until completion
-result = await self.api_client.poll_task_until_complete(
-    task_id=task_id,
-    timeout=60,
-    poll_interval=1.0
-)
-```
-
-## Best Practices
-
-### Tool Docstrings
-
-Tool docstrings become description that is going to be read by the LLM. Provide clear usage instructions and common workflows:
-
-```python
-async def search_items(self, status: str = Field(...)) -> dict:
-    """Search items with advanced filtering.
-
-    Returns a lightweight list optimized for LLM consumption.
-    Use get_item for complete details about a specific item.
-
-    Common workflows:
-    - Find critical items: status="critical"
-    - Find recent items: Use date_from parameter
-    """
-```
-
-### Error Handling
-
-Return structured error responses instead of raising exceptions:
-
-```python
-async def get_item(self, item_id: str) -> dict:
-    try:
-        response = await self.api_client.get(f"/api/v1/items/{item_id}")
-        return DetailedItem.from_api_response(response["data"]).model_dump()
-    except Exception as e:
-        self.logger.error(f"Failed to get item {item_id}: {e}")
-        return {"error": str(e), "status": "failed"}
-```
-
-### Parameter Descriptions
-
-Use Pydantic `Field()` with clear descriptions. This also helps LLMs understand
-the purpose of each parameter, so be as descriptive as possible:
-
-```python
-async def list_items(
-    self,
-    severity: list[str] = Field(
-        default=[],
-        description="Filter by severity levels (critical, high, medium, low)"
-    ),
-    status: str | None = Field(
-        default=None,
-        description="Filter by status (PASS, FAIL, MANUAL)"
-    ),
-    page_size: int = Field(
-        default=50,
-        description="Results per page"
-    ),
-) -> dict:
-```
-
-## Development Commands
-
-```bash
-# Navigate to MCP server directory
-cd mcp_server
-
-# Run in STDIO mode (default)
-uv run prowler-mcp
-
-# Run in HTTP mode
-uv run prowler-mcp --transport http --host 0.0.0.0 --port 8000
-
-# Run with environment variables
-PROWLER_APP_API_KEY="pk_xxx" uv run prowler-mcp
-```
-
-For complete installation and deployment options, see:
- [Installation Guide](/getting-started/installation/prowler-mcp#from-source-development) - Development setup instructions
- [Configuration Guide](/getting-started/basic-usage/prowler-mcp) - MCP client configuration
-
-For development I recommend to use the [Model Context Protocol Inspector](https://github.com/modelcontextprotocol/inspector) as MCP client to test and debug your tools.
-
-## Related Documentation
-
-<CardGroup cols={2}>
-  <Card title="MCP Server Overview" icon="circle-info" href="/getting-started/products/prowler-mcp">
-    Key capabilities, use cases, and deployment options
-  </Card>
-  <Card title="Tools Reference" icon="wrench" href="/getting-started/basic-usage/prowler-mcp-tools">
-    Complete reference of all available tools
-  </Card>
-  <Card title="Prowler Hub" icon="database" href="/getting-started/products/prowler-hub">
-    Security checks and compliance frameworks catalog
-  </Card>
-  <Card title="Lighthouse AI" icon="robot" href="/getting-started/products/prowler-lighthouse-ai">
-    AI-powered security analyst
-  </Card>
-</CardGroup>
-
-## Additional Resources
-
- [MCP Protocol Specification](https://modelcontextprotocol.io) - Model Context Protocol details
- [Prowler API Documentation](https://api.prowler.com/api/v1/docs) - API reference
- [Prowler Hub API](https://hub.prowler.com/api/docs) - Hub API reference
- [GitHub Repository](https://github.com/prowler-cloud/prowler) - Source code
@@ -220,7 +220,6 @@ The function returns a JSON file containing the list of regions for the provider
          "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"
        ],
        "aws-cn": ["cn-north-1", "cn-northwest-1"],
-        "aws-eusc": ["eusc-de-east-1"],
        "aws-us-gov": ["us-gov-east-1", "us-gov-west-1"]
      }
    }
@@ -63,82 +63,6 @@ Other Commands for Running Tests
 Refer to the [pytest documentation](https://docs.pytest.org/en/7.1.x/getting-started.html) for more details.

 </Note>
-
-## AWS Service Dependency Table (CI Optimization)
-
-To optimize CI pipeline execution time, the GitHub Actions workflow for AWS tests uses a **service dependency table** that determines which tests to run based on changed files. This ensures that when a service is modified, all dependent services are also tested.
-
-### How It Works
-
-The dependency table is defined in `.github/workflows/sdk-tests.yml` within the "Resolve AWS services under test" step. When files in a specific AWS service are changed:
-
-1. Tests for the changed service are run
-2. Tests for all services that **depend on** the changed service are also run
-
-For example, if you modify the `ec2` service, tests will also run for `dlm`, `dms`, `elbv2`, `emr`, `inspector2`, `rds`, `redshift`, `route53`, `shield`, `ssm`, and `workspaces` because these services use the EC2 client.
-
-### Current Dependency Table
-
-The table maps a service (key) to the list of services that depend on it (values):
-
-| Service | Dependent Services |
-|---------|-------------------|
-| `acm` | `elb` |
-| `autoscaling` | `dynamodb` |
-| `awslambda` | `ec2`, `inspector2` |
-| `backup` | `dynamodb`, `ec2`, `rds` |
-| `cloudfront` | `shield` |
-| `cloudtrail` | `awslambda`, `cloudwatch` |
-| `cloudwatch` | `bedrock` |
-| `ec2` | `dlm`, `dms`, `elbv2`, `emr`, `inspector2`, `rds`, `redshift`, `route53`, `shield`, `ssm` |
-| `ecr` | `inspector2` |
-| `elb` | `shield` |
-| `elbv2` | `shield` |
-| `globalaccelerator` | `shield` |
-| `iam` | `bedrock`, `cloudtrail`, `cloudwatch`, `codebuild` |
-| `kafka` | `firehose` |
-| `kinesis` | `firehose` |
-| `kms` | `kafka` |
-| `organizations` | `iam`, `servicecatalog` |
-| `route53` | `shield` |
-| `s3` | `bedrock`, `cloudfront`, `cloudtrail`, `macie` |
-| `ssm` | `ec2` |
-| `vpc` | `awslambda`, `ec2`, `efs`, `elasticache`, `neptune`, `networkfirewall`, `rds`, `redshift`, `workspaces` |
-| `waf` | `elbv2` |
-| `wafv2` | `cognito`, `elbv2` |
-
-### When to Update the Table
-
-You must update the dependency table when:
-
-1. **A new check or service uses another service's client**: If your check imports a client from another service (e.g., `from prowler.providers.aws.services.ec2.ec2_client import ec2_client` in a non-ec2 check), add your service to the dependent services list of that client's service.
-
-2. **A service relationship changes**: If you remove or add a service client dependency in an existing check, update the table accordingly.
-
-### How to Update the Table
-
-1. Open `.github/workflows/sdk-tests.yml`
-2. Find the `dependents` dictionary in the "Resolve AWS services under test" step
-3. Add or modify entries as needed
-4. **Update this documentation page** (`docs/developer-guide/unit-testing.mdx`) to reflect the changes in the [Current Dependency Table](#current-dependency-table) section above
-
-```python
-dependents = {
-    # ... existing entries ...
-    "service_being_used": ["service_that_uses_it"],
-}
-```
-
-**Example**: If you create a new check in the `newservice` service that imports `ec2_client`, add `newservice` to the `ec2` entry:
-
-```python
-"ec2": ["dlm", "dms", "elbv2", "emr", "inspector2", "newservice", "rds", "redshift", "route53", "shield", "ssm"],
-```
-
-<Warning>
-Failing to update this table when adding cross-service dependencies may result in CI tests passing even when related functionality is broken, as the dependent service tests won't be triggered.
-</Warning>
-
 ## AWS Testing Approaches

 For AWS provider, different testing approaches apply based on API coverage based on several criteria.
@@ -99,14 +99,7 @@
              },
              "user-guide/tutorials/prowler-app-rbac",
              "user-guide/tutorials/prowler-app-api-keys",
-              {
-                "group": "Mutelist",
-                "expanded": true,
-                "pages": [
-                  "user-guide/tutorials/prowler-app-simple-mutelist",
-                  "user-guide/tutorials/prowler-app-mute-findings"
-                ]
-              },
+              "user-guide/tutorials/prowler-app-mute-findings",
              {
                "group": "Integrations",
                "expanded": true,
@@ -284,9 +277,7 @@
              "developer-guide/outputs",
              "developer-guide/integrations",
              "developer-guide/security-compliance-framework",
-              "developer-guide/lighthouse-architecture",
-              "developer-guide/mcp-server",
-              "developer-guide/ai-skills"
+              "developer-guide/lighthouse"
            ]
          },
          {
@@ -295,7 +286,6 @@
              "developer-guide/aws-details",
              "developer-guide/azure-details",
              "developer-guide/gcp-details",
-              "developer-guide/alibabacloud-details",
              "developer-guide/kubernetes-details",
              "developer-guide/m365-details",
              "developer-guide/github-details",
@@ -310,8 +300,7 @@
                "group": "Testing",
                "pages": [
                  "developer-guide/unit-testing",
-                  "developer-guide/integration-testing",
-                  "developer-guide/end2end-testing"
+                  "developer-guide/integration-testing"
                ]
              },
              "developer-guide/debugging",
--- a/Show More
+++ b/Show More