docs(api): update README to emphasize environment variable requirements for production deployment

2026-06-13 05:59:47 +00:00 · 2025-09-26 11:16:50 +02:00
1995 changed files with 16646 additions and 283891 deletions
@@ -29,14 +29,6 @@ POSTGRES_ADMIN_PASSWORD=postgres
 POSTGRES_USER=prowler
 POSTGRES_PASSWORD=postgres
 POSTGRES_DB=prowler_db
-# Read replica settings (optional)
-# POSTGRES_REPLICA_HOST=postgres-db
-# POSTGRES_REPLICA_PORT=5432
-# POSTGRES_REPLICA_USER=prowler
-# POSTGRES_REPLICA_PASSWORD=postgres
-# POSTGRES_REPLICA_DB=prowler_db
-# POSTGRES_REPLICA_MAX_ATTEMPTS=3
-# POSTGRES_REPLICA_RETRY_BASE_DELAY=0.5

 # Celery-Prowler task settings
 TASK_RETRY_DELAY_SECONDS=0.1
@@ -107,7 +99,7 @@ SENTRY_ENVIRONMENT=local
 SENTRY_RELEASE=local

 #### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.12.2
+NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.10.0

 # Social login credentials
 SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
@@ -1,28 +1,6 @@
-# SDK
 /* @prowler-cloud/sdk
-/prowler/ @prowler-cloud/sdk @prowler-cloud/detection-and-remediation
-/tests/ @prowler-cloud/sdk @prowler-cloud/detection-and-remediation
-/dashboard/ @prowler-cloud/sdk
-/docs/ @prowler-cloud/sdk
-/examples/ @prowler-cloud/sdk
-/util/ @prowler-cloud/sdk
-/contrib/ @prowler-cloud/sdk
-/permissions/ @prowler-cloud/sdk
-/codecov.yml @prowler-cloud/sdk @prowler-cloud/api
-
-# API
-/api/ @prowler-cloud/api
-
-# UI
-/ui/ @prowler-cloud/ui
-
-# AI
-/mcp_server/ @prowler-cloud/ai
-
-# Platform
-/.github/ @prowler-cloud/platform
-/Makefile @prowler-cloud/platform
-/kubernetes/ @prowler-cloud/platform
-**/Dockerfile* @prowler-cloud/platform
-**/docker-compose*.yml @prowler-cloud/platform
-**/docker-compose*.yaml @prowler-cloud/platform
+/.github/ @prowler-cloud/sdk
+prowler @prowler-cloud/sdk @prowler-cloud/detection-and-remediation
+tests @prowler-cloud/sdk @prowler-cloud/detection-and-remediation
+api @prowler-cloud/api
+ui @prowler-cloud/ui
@@ -3,41 +3,6 @@ description: Create a report to help us improve
 labels: ["bug", "status/needs-triage"]

 body:
-  - type: checkboxes
-    id: search
-    attributes:
-      label: Issue search
-      options:
-        - label: I have searched the existing issues and this bug has not been reported yet
-          required: true
-  - type: dropdown
-    id: component
-    attributes:
-      label: Which component is affected?
-      multiple: true
-      options:
-        - Prowler CLI/SDK
-        - Prowler API
-        - Prowler UI
-        - Prowler Dashboard
-        - Prowler MCP Server
-        - Documentation
-        - Other
-    validations:
-      required: true
-  - type: dropdown
-    id: provider
-    attributes:
-      label: Cloud Provider (if applicable)
-      multiple: true
-      options:
-        - AWS
-        - Azure
-        - GCP
-        - Kubernetes
-        - GitHub
-        - Microsoft 365
-        - Not applicable
  - type: textarea
    id: reproduce
    attributes:
@@ -113,15 +78,6 @@ body:
        prowler --version
    validations:
      required: true
-  - type: input
-    id: python-version
-    attributes:
-      label: Python version
-      description: Which Python version are you using?
-      placeholder: |-
-        python --version
-    validations:
-      required: true
  - type: input
    id: pip-version
    attributes:
@@ -1,11 +1 @@
 blank_issues_enabled: false
-contact_links:
-  - name: 📖 Documentation
-    url: https://docs.prowler.com
-    about: Check our comprehensive documentation for guides and tutorials
-  - name: 💬 GitHub Discussions
-    url: https://github.com/prowler-cloud/prowler/discussions
-    about: Ask questions and discuss with the community
-  - name: 🌟 Prowler Community
-    url: https://goto.prowler.com/slack
-    about: Join our community for support and updates
@@ -3,42 +3,6 @@ description: Suggest an idea for this project
 labels: ["feature-request", "status/needs-triage"]

 body:
-  - type: checkboxes
-    id: search
-    attributes:
-      label: Feature search
-      options:
-        - label: I have searched the existing issues and this feature has not been requested yet or is already in our [Public Roadmap](https://roadmap.prowler.com/roadmap)
-          required: true
-  - type: dropdown
-    id: component
-    attributes:
-      label: Which component would this feature affect?
-      multiple: true
-      options:
-        - Prowler CLI/SDK
-        - Prowler API
-        - Prowler UI
-        - Prowler Dashboard
-        - Prowler MCP Server
-        - Documentation
-        - New component/Integration
-    validations:
-      required: true
-  - type: dropdown
-    id: provider
-    attributes:
-      label: Related to specific cloud provider?
-      multiple: true
-      options:
-        - AWS
-        - Azure
-        - GCP
-        - Kubernetes
-        - GitHub
-        - Microsoft 365
-        - All providers
-        - Not provider-specific
  - type: textarea
    id: Problem
    attributes:
@@ -55,14 +19,6 @@ body:
      description: A clear and concise description of what you want to happen.
    validations:
      required: true
-  - type: textarea
-    id: use-case
-    attributes:
-      label: Use case and benefits
-      description: Who would benefit from this feature and how?
-      placeholder: This would help security teams by...
-    validations:
-      required: true
  - type: textarea
    id: Alternatives
    attributes:
@@ -1,93 +0,0 @@
-name: 'Setup Python with Poetry'
-description: 'Setup Python environment with Poetry and install dependencies'
-author: 'Prowler'
-
-inputs:
-  python-version:
-    description: 'Python version to use'
-    required: true
-  working-directory:
-    description: 'Working directory for Poetry'
-    required: false
-    default: '.'
-  poetry-version:
-    description: 'Poetry version to install'
-    required: false
-    default: '2.1.1'
-  install-dependencies:
-    description: 'Install Python dependencies with Poetry'
-    required: false
-    default: 'true'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Replace @master with current branch in pyproject.toml (prowler repo only)
-      if: github.event_name == 'pull_request' && github.base_ref == 'master' && github.repository == 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
-        echo "Using branch: $BRANCH_NAME"
-        sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
-
-    - name: Install poetry
-      shell: bash
-      run: |
-        python -m pip install --upgrade pip
-        pipx install poetry==${{ inputs.poetry-version }}
-
-    - name: Update poetry.lock with latest Prowler commit
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha')
-        echo "Latest commit hash: $LATEST_COMMIT"
-        sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / {
-          s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/
-        }' poetry.lock
-        echo "Updated resolved_reference:"
-        grep -A2 -B2 "resolved_reference" poetry.lock
-
-    - name: Update SDK resolved_reference to latest commit (prowler repo on push)
-      if: github.event_name == 'push' && github.ref == 'refs/heads/master' && github.repository == 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha')
-        echo "Latest commit hash: $LATEST_COMMIT"
-        sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / {
-          s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/
-        }' poetry.lock
-        echo "Updated resolved_reference:"
-        grep -A2 -B2 "resolved_reference" poetry.lock
-
-    - name: Update poetry.lock (prowler repo only)
-      if: github.repository == 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: poetry lock
-
-    - name: Set up Python ${{ inputs.python-version }}
-      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-      with:
-        python-version: ${{ inputs.python-version }}
-        cache: 'poetry'
-        cache-dependency-path: ${{ inputs.working-directory }}/poetry.lock
-
-    - name: Install Python dependencies
-      if: inputs.install-dependencies == 'true'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        poetry install --no-root
-        poetry run pip list
-
-    - name: Update Prowler Cloud API Client
-      if: github.repository_owner == 'prowler-cloud' && github.repository != 'prowler-cloud/prowler'
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: |
-        poetry remove prowler-cloud-api-client
-        poetry add ./prowler-cloud-api-client
@@ -1,198 +0,0 @@
-# Slack Notification Action
-
-A generic and flexible GitHub composite action for sending Slack notifications using JSON template files. Supports both standalone messages and message updates, with automatic status detection.
-
-## Features
-
- **Template-based**: All messages use JSON template files for consistency
- **Automatic status detection**: Pass `step-outcome` to auto-calculate success/failure
- **Message updates**: Supports updating existing messages (using `chat.update`)
- **Simple API**: Clean and minimal interface
- **Reusable**: Use across all workflows and scenarios
- **Maintainable**: Centralized message templates
-
-## Use Cases
-
-1. **Container releases**: Track push start and completion with automatic status
-2. **Deployments**: Track deployment progress with rich Block Kit formatting
-3. **Custom notifications**: Any scenario where you need to notify Slack
-
-## Inputs
-
-| Input | Description | Required | Default |
-|-------|-------------|----------|---------|
-| `slack-bot-token` | Slack bot token for authentication | Yes | - |
-| `payload-file-path` | Path to JSON file with the Slack message payload | Yes | - |
-| `update-ts` | Message timestamp to update (leave empty for new messages) | No | `''` |
-| `step-outcome` | Step outcome for automatic status detection (sets STATUS_EMOJI and STATUS_TEXT env vars) | No | `''` |
-
-## Outputs
-
-| Output | Description |
-|--------|-------------|
-| `ts` | Timestamp of the Slack message (use for updates) |
-
-## Usage Examples
-
-### Example 1: Container Release with Automatic Status Detection
-
-Using JSON template files with automatic status detection:
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Do the work
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Send completion notification with automatic status detection
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-    step-outcome: ${{ steps.container-push.outcome }}
-```
-
-**Benefits:**
- No status calculation needed in workflow
- Reusable template files
- Clean and concise
- Automatic `STATUS_EMOJI` and `STATUS_TEXT` env vars set by action
- Consistent message format across all workflows
-
-### Example 2: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Determine additional status variables
- name: Determine deployment status
-  if: always()
-  id: deploy-status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "STATUS_COLOR=28a745" >> $GITHUB_ENV
-      echo "STATUS=Completed" >> $GITHUB_ENV
-    else
-      echo "STATUS_COLOR=fc3434" >> $GITHUB_ENV
-      echo "STATUS=Failed" >> $GITHUB_ENV
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ env.STATUS }}
-    STATUS_COLOR: ${{ env.STATUS_COLOR }}
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-    step-outcome: ${{ steps.deploy.outcome }}
-```
-
-## Automatic Status Detection
-
-When you provide `step-outcome` input, the action automatically sets these environment variables:
-
-| Outcome | STATUS_EMOJI | STATUS_TEXT |
-|---------|--------------|-------------|
-| success | `[✓]` | `completed successfully!` |
-| failure | `[✗]` | `failed` |
-
-These variables are then available in your payload template files.
-
-## Template File Format
-
-All template files must be valid JSON and support environment variable substitution. Example:
-
-```json
-{
-  "channel": "$SLACK_CHANNEL_ID",
-  "text": "$STATUS_EMOJI $COMPONENT container release $RELEASE_TAG push $STATUS_TEXT <$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|View run>"
-}
-```
-
-See available templates in [`.github/scripts/slack-messages/`](../../scripts/slack-messages/).
-
-## Requirements
-
- Slack Bot Token with scopes: `chat:write`, `chat:write.public`
- Slack Channel ID where messages will be posted
- JSON template files for your messages
-
-## Benefits
-
- **Consistency**: All notifications use standardized templates
- **Automatic status handling**: No need to calculate success/failure in workflows
- **Clean workflows**: Minimal boilerplate code
- **Reusable templates**: One template for all components
- **Easy to maintain**: Change template once, applies everywhere
- **Version controlled**: All message formats in git
-
-## Related Resources
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
- [Message templates documentation](../../scripts/slack-messages/README.md)
@@ -1,74 +0,0 @@
-name: 'Slack Notification'
-description: 'Generic action to send Slack notifications with optional message updates and automatic status detection'
-inputs:
-  slack-bot-token:
-    description: 'Slack bot token for authentication'
-    required: true
-  payload-file-path:
-    description: 'Path to JSON file with the Slack message payload'
-    required: true
-  update-ts:
-    description: 'Message timestamp to update (only for updates, leave empty for new messages)'
-    required: false
-    default: ''
-  step-outcome:
-    description: 'Outcome of a step to determine status (success/failure) - automatically sets STATUS_TEXT and STATUS_COLOR env vars'
-    required: false
-    default: ''
-outputs:
-  ts:
-    description: 'Timestamp of the Slack message'
-    value: ${{ steps.slack-notification.outputs.ts }}
-runs:
-  using: 'composite'
-  steps:
-    - name: Determine status
-      id: status
-      shell: bash
-      run: |
-        if [[ "${{ inputs.step-outcome }}" == "success" ]]; then
-          echo "STATUS_TEXT=Completed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#6aa84f" >> $GITHUB_ENV
-        elif [[ "${{ inputs.step-outcome }}" == "failure" ]]; then
-          echo "STATUS_TEXT=Failed" >> $GITHUB_ENV
-          echo "STATUS_COLOR=#fc3434" >> $GITHUB_ENV
-        else
-          # No outcome provided - pending/in progress state
-          echo "STATUS_COLOR=#dbab09" >> $GITHUB_ENV
-        fi
-
-    - name: Send Slack notification (new message)
-      if: inputs.update-ts == ''
-      id: slack-notification-post
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.postMessage
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Update Slack notification
-      if: inputs.update-ts != ''
-      id: slack-notification-update
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-      env:
-        SLACK_PAYLOAD_FILE_PATH: ${{ inputs.payload-file-path }}
-      with:
-        method: chat.update
-        token: ${{ inputs.slack-bot-token }}
-        payload-file-path: ${{ inputs.payload-file-path }}
-        payload-templated: true
-        errors: true
-
-    - name: Set output
-      id: slack-notification
-      shell: bash
-      run: |
-        if [[ "${{ inputs.update-ts }}" == "" ]]; then
-          echo "ts=${{ steps.slack-notification-post.outputs.ts }}" >> $GITHUB_OUTPUT
-        else
-          echo "ts=${{ inputs.update-ts }}" >> $GITHUB_OUTPUT
-        fi
@@ -1,164 +0,0 @@
-name: 'Container Security Scan with Trivy'
-description: 'Scans container images for vulnerabilities using Trivy and reports results'
-author: 'Prowler'
-
-inputs:
-  image-name:
-    description: 'Container image name to scan'
-    required: true
-  image-tag:
-    description: 'Container image tag to scan'
-    required: true
-    default: ${{ github.sha }}
-  severity:
-    description: 'Severities to scan for (comma-separated)'
-    required: false
-    default: 'CRITICAL,HIGH,MEDIUM,LOW'
-  fail-on-critical:
-    description: 'Fail the build if critical vulnerabilities are found'
-    required: false
-    default: 'false'
-  upload-sarif:
-    description: 'Upload results to GitHub Security tab'
-    required: false
-    default: 'true'
-  create-pr-comment:
-    description: 'Create a comment on the PR with scan results'
-    required: false
-    default: 'true'
-  artifact-retention-days:
-    description: 'Days to retain the Trivy report artifact'
-    required: false
-    default: '2'
-
-outputs:
-  critical-count:
-    description: 'Number of critical vulnerabilities found'
-    value: ${{ steps.security-check.outputs.critical }}
-  high-count:
-    description: 'Number of high vulnerabilities found'
-    value: ${{ steps.security-check.outputs.high }}
-  total-count:
-    description: 'Total number of vulnerabilities found'
-    value: ${{ steps.security-check.outputs.total }}
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Cache Trivy vulnerability database
-      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-      with:
-        path: ~/.cache/trivy
-        key: trivy-db-${{ runner.os }}-${{ github.run_id }}
-        restore-keys: |
-          trivy-db-${{ runner.os }}-
-
-    - name: Run Trivy vulnerability scan (JSON)
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
-      with:
-        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
-        format: 'json'
-        output: 'trivy-report.json'
-        severity: ${{ inputs.severity }}
-        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Run Trivy vulnerability scan (SARIF)
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
-      with:
-        image-ref: ${{ inputs.image-name }}:${{ inputs.image-tag }}
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
-        exit-code: '0'
-        scanners: 'vuln'
-        timeout: '5m'
-
-    - name: Upload Trivy results to GitHub Security tab
-      if: inputs.upload-sarif == 'true' && github.event_name == 'push'
-      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-      with:
-        sarif_file: 'trivy-results.sarif'
-        category: 'trivy-container'
-
-    - name: Upload Trivy report artifact
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      if: always()
-      with:
-        name: trivy-scan-report-${{ inputs.image-name }}
-        path: trivy-report.json
-        retention-days: ${{ inputs.artifact-retention-days }}
-
-    - name: Generate security summary
-      id: security-check
-      shell: bash
-      run: |
-        CRITICAL=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity=="CRITICAL")] | length' trivy-report.json)
-        HIGH=$(jq '[.Results[]?.Vulnerabilities[]? | select(.Severity=="HIGH")] | length' trivy-report.json)
-        TOTAL=$(jq '[.Results[]?.Vulnerabilities[]?] | length' trivy-report.json)
-
-        echo "critical=$CRITICAL" >> $GITHUB_OUTPUT
-        echo "high=$HIGH" >> $GITHUB_OUTPUT
-        echo "total=$TOTAL" >> $GITHUB_OUTPUT
-
-        echo "### 🔒 Container Security Scan" >> $GITHUB_STEP_SUMMARY
-        echo "" >> $GITHUB_STEP_SUMMARY
-        echo "**Image:** \`${{ inputs.image-name }}:${{ inputs.image-tag }}\`" >> $GITHUB_STEP_SUMMARY
-        echo "" >> $GITHUB_STEP_SUMMARY
-        echo "- 🔴 Critical: $CRITICAL" >> $GITHUB_STEP_SUMMARY
-        echo "- 🟠 High: $HIGH" >> $GITHUB_STEP_SUMMARY
-        echo "- **Total**: $TOTAL" >> $GITHUB_STEP_SUMMARY
-
-    - name: Comment scan results on PR
-      if: inputs.create-pr-comment == 'true' && github.event_name == 'pull_request'
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-      env:
-        IMAGE_NAME: ${{ inputs.image-name }}
-        GITHUB_SHA: ${{ inputs.image-tag }}
-        SEVERITY: ${{ inputs.severity }}
-      with:
-        script: |
-          const comment = require('./.github/scripts/trivy-pr-comment.js');
-
-          // Unique identifier to find our comment
-          const marker = '<!-- trivy-scan-comment:${{ inputs.image-name }} -->';
-          const body = marker + '\n' + comment;
-
-          // Find existing comment
-          const { data: comments } = await github.rest.issues.listComments({
-            owner: context.repo.owner,
-            repo: context.repo.repo,
-            issue_number: context.issue.number,
-          });
-
-          const existingComment = comments.find(c => c.body?.includes(marker));
-
-          if (existingComment) {
-            // Update existing comment
-            await github.rest.issues.updateComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              comment_id: existingComment.id,
-              body: body
-            });
-            console.log('✅ Updated existing Trivy scan comment');
-          } else {
-            // Create new comment
-            await github.rest.issues.createComment({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.issue.number,
-              body: body
-            });
-            console.log('✅ Created new Trivy scan comment');
-          }
-
-    - name: Check for critical vulnerabilities
-      if: inputs.fail-on-critical == 'true' && steps.security-check.outputs.critical != '0'
-      shell: bash
-      run: |
-        echo "::error::Found ${{ steps.security-check.outputs.critical }} critical vulnerabilities"
-        echo "::warning::Please update packages or use a different base image"
-        exit 1
@@ -1,12 +1,3 @@
-name: 'API: CodeQL Config'
+name: "API - CodeQL Config"
 paths:
-  - 'api/'
-
-paths-ignore:
-  - 'api/tests/**'
-  - 'api/**/__pycache__/**'
-  - 'api/**/migrations/**'
-  - 'api/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "api/"
@@ -1,18 +1,4 @@
-name: 'SDK: CodeQL Config'
-paths:
-  - 'prowler/'
-
+name: "SDK - CodeQL Config"
 paths-ignore:
-  - 'api/'
-  - 'ui/'
-  - 'dashboard/'
-  - 'mcp_server/'
-  - 'tests/**'
-  - 'util/**'
-  - 'contrib/**'
-  - 'examples/**'
-  - 'prowler/**/__pycache__/**'
-  - 'prowler/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "api/"
+  - "ui/"
@@ -1,17 +1,3 @@
-name: 'UI: CodeQL Config'
+name: "UI - CodeQL Config"
 paths:
-  - 'ui/'
-
-paths-ignore:
-  - 'ui/node_modules/**'
-  - 'ui/.next/**'
-  - 'ui/out/**'
-  - 'ui/tests/**'
-  - 'ui/**/*.test.ts'
-  - 'ui/**/*.test.tsx'
-  - 'ui/**/*.spec.ts'
-  - 'ui/**/*.spec.tsx'
-  - 'ui/**/*.md'
-
-queries:
-  - uses: security-and-quality
+  - "ui/"
@@ -42,11 +42,6 @@ provider/mongodbatlas:
      - any-glob-to-any-file: "prowler/providers/mongodbatlas/**"
      - any-glob-to-any-file: "tests/providers/mongodbatlas/**"

-provider/oci:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/oraclecloud/**"
-      - any-glob-to-any-file: "tests/providers/oraclecloud/**"
-
 github_actions:
  - changed-files:
      - any-glob-to-any-file: ".github/workflows/*"
@@ -1,462 +0,0 @@
-# Slack Message Templates
-
-This directory contains reusable message templates for Slack notifications sent from GitHub Actions workflows.
-
-## Usage
-
-These JSON templates are used with the `slackapi/slack-github-action` using the Slack API method (`chat.postMessage` and `chat.update`). All templates support rich Block Kit formatting and message updates.
-
-### Available Templates
-
-**Container Releases**
- `container-release-started.json`: Simple one-line notification when container push starts
- `container-release-completed.json`: Simple one-line notification when container release completes
-
-**Deployments**
- `deployment-started.json`: Deployment start notification with Block Kit formatting
- `deployment-completed.json`: Deployment completion notification (updates the start message)
-
-All templates use the Slack API method and require a Slack Bot Token.
-
-## Setup Requirements
-
-1. Create a Slack App (or use existing)
-2. Add Bot Token Scopes: `chat:write`, `chat:write.public`
-3. Install the app to your workspace
-4. Get the Bot Token from OAuth & Permissions page
-5. Add secrets:
-   - `SLACK_BOT_TOKEN`: Your bot token
-   - `SLACK_CHANNEL_ID`: The channel ID where messages will be posted
-
-Reference: [Sending data using a Slack API method](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
-
-## Environment Variables
-
-### Required Secrets (GitHub Secrets)
- `SLACK_BOT_TOKEN`: Passed as `token` parameter to the action (not as env variable)
- `SLACK_CHANNEL_ID`: Used in payload as env variable
-
-### Container Release Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `RELEASE_TAG` / `PROWLER_VERSION`: The release tag or version being deployed
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
- `STATUS_EMOJI`: Status symbol (calculated: `[✓]` for success, `[✗]` for failure)
- `STATUS_TEXT`: Status text (calculated: "completed successfully!" or "failed")
-
-### Deployment Variables (configured as env)
- `COMPONENT`: Component name (e.g., "API", "SDK", "UI", "MCP")
- `ENVIRONMENT`: Environment name (e.g., "DEVELOPMENT", "PRODUCTION")
- `COMMIT_HASH`: Commit hash being deployed
- `VERSION_DEPLOYED`: Version being deployed
- `GITHUB_ACTOR`: User who triggered the workflow
- `GITHUB_WORKFLOW`: Workflow name
- `GITHUB_SERVER_URL`: Provided by GitHub context
- `GITHUB_REPOSITORY`: Provided by GitHub context
- `GITHUB_RUN_ID`: Provided by GitHub context
-
-All other variables (MESSAGE_TS, STATUS, STATUS_COLOR, STATUS_EMOJI, etc.) are calculated internally within the workflow and should NOT be configured as environment variables.
-
-## Example Workflow Usage
-
-### Using the Generic Slack Notification Action (Recommended)
-
-**Recommended approach**: Use the generic reusable action `.github/actions/slack-notification` which provides maximum flexibility:
-
-#### Example 1: Container Release (Start + Completion)
-
-```yaml
-# Send start notification
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API container release ${{ env.RELEASE_TAG }} push started... <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-
-# Build and push container
- name: Build and push container
-  if: github.event_name == 'release'
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Calculate status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Send completion notification
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "${{ steps.push-status.outputs.emoji }} API container release ${{ env.RELEASE_TAG }} push ${{ steps.push-status.outputs.text }} <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run>"
-      }
-```
-
-#### Example 2: Simple One-Time Message
-
-```yaml
- name: Send notification
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "Deployment completed successfully!"
-      }
-```
-
-#### Example 3: Deployment with Message Update Pattern
-
-```yaml
-# Send initial deployment message
- name: Notify deployment started
-  id: slack-start
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "text": "API deployment to PRODUCTION started",
-        "attachments": [
-          {
-            "color": "dbab09",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\nIn Progress"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-
-# Run deployment
- name: Deploy
-  id: deploy
-  run: terraform apply -auto-approve
-
-# Calculate status
- name: Determine status
-  if: always()
-  id: status
-  run: |
-    if [[ "${{ steps.deploy.outcome }}" == "success" ]]; then
-      echo "color=28a745" >> $GITHUB_OUTPUT
-      echo "emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status=Completed" >> $GITHUB_OUTPUT
-    else
-      echo "color=fc3434" >> $GITHUB_OUTPUT
-      echo "emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status=Failed" >> $GITHUB_OUTPUT
-    fi
-
-# Update the same message with final status
- name: Update deployment notification
-  if: always()
-  uses: ./.github/actions/slack-notification
-  with:
-    slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-    update-ts: ${{ steps.slack-start.outputs.ts }}
-    payload: |
-      {
-        "channel": "${{ secrets.SLACK_CHANNEL_ID }}",
-        "ts": "${{ steps.slack-start.outputs.ts }}",
-        "text": "${{ steps.status.outputs.emoji }} API deployment to PRODUCTION ${{ steps.status.outputs.status }}",
-        "attachments": [
-          {
-            "color": "${{ steps.status.outputs.color }}",
-            "blocks": [
-              {
-                "type": "header",
-                "text": {
-                  "type": "plain_text",
-                  "text": "API | Deployment to PRODUCTION"
-                }
-              },
-              {
-                "type": "section",
-                "fields": [
-                  {
-                    "type": "mrkdwn",
-                    "text": "*Status:*\n${{ steps.status.outputs.emoji }} ${{ steps.status.outputs.status }}"
-                  }
-                ]
-              }
-            ]
-          }
-        ]
-      }
-```
-
-**Benefits of using the generic action:**
- Maximum flexibility: Build any payload you need directly in the workflow
- No template files needed: Everything inline
- Supports all scenarios: one-time messages, start/update patterns, rich Block Kit
- Easy to customize per use case
- Generic: Works for containers, deployments, or any notification type
-
-For more details, see [Slack Notification Action](../../actions/slack-notification/README.md).
-
-### Using Message Templates (Alternative Approach)
-
-Simple one-line notifications for container releases:
-
-```yaml
-# Step 1: Notify when push starts
- name: Notify container push started
-  if: github.event_name == 'release'
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-# Step 2: Build and push container
- name: Build and push container
-  id: container-push
-  uses: docker/build-push-action@...
-  with:
-    push: true
-    tags: ...
-
-# Step 3: Determine push status
- name: Determine push status
-  if: github.event_name == 'release' && always()
-  id: push-status
-  run: |
-    if [[ "${{ steps.container-push.outcome }}" == "success" ]]; then
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "status-text=completed successfully!" >> $GITHUB_OUTPUT
-    else
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "status-text=failed" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Notify when push completes (success or failure)
- name: Notify container push completed
-  if: github.event_name == 'release' && always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    RELEASE_TAG: ${{ env.RELEASE_TAG }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS_EMOJI: ${{ steps.push-status.outputs.status-emoji }}
-    STATUS_TEXT: ${{ steps.push-status.outputs.status-text }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-```
-
-### Deployment with Update Pattern
-
-For deployments that start with one message and update it with the final status:
-
-```yaml
-# Step 1: Send deployment start notification
- name: Notify Deployment Start
-  id: slack-notification-start
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-  with:
-    method: chat.postMessage
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-started.json"
-
-# Step 2: Run your deployment steps
- name: Terraform Plan
-  id: terraform-plan
-  run: terraform plan
-
- name: Terraform Apply
-  id: terraform-apply
-  run: terraform apply -auto-approve
-
-# Step 3: Determine status (calculated internally, not configured)
- name: Determine Status
-  if: always()
-  id: determine-status
-  run: |
-    if [[ "${{ steps.terraform-apply.outcome }}" == "success" ]]; then
-      echo "status=Completed" >> $GITHUB_OUTPUT
-      echo "status-color=28a745" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-    elif [[ "${{ steps.terraform-plan.outcome }}" == "failure" || "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      if [[ "${{ steps.terraform-plan.outcome }}" == "failure" ]]; then
-        echo "plan-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "plan-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-      if [[ "${{ steps.terraform-apply.outcome }}" == "failure" ]]; then
-        echo "apply-emoji=[✗]" >> $GITHUB_OUTPUT
-      else
-        echo "apply-emoji=[✓]" >> $GITHUB_OUTPUT
-      fi
-    else
-      echo "status=Failed" >> $GITHUB_OUTPUT
-      echo "status-color=fc3434" >> $GITHUB_OUTPUT
-      echo "status-emoji=[✗]" >> $GITHUB_OUTPUT
-      echo "plan-emoji=[?]" >> $GITHUB_OUTPUT
-      echo "apply-emoji=[?]" >> $GITHUB_OUTPUT
-    fi
-
-# Step 4: Update the same Slack message (using calculated values)
- name: Notify Deployment Result
-  if: always()
-  uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-  env:
-    SLACK_CHANNEL_ID: ${{ secrets.SLACK_CHANNEL_ID }}
-    MESSAGE_TS: ${{ steps.slack-notification-start.outputs.ts }}
-    COMPONENT: API
-    ENVIRONMENT: PRODUCTION
-    COMMIT_HASH: ${{ github.sha }}
-    VERSION_DEPLOYED: latest
-    GITHUB_ACTOR: ${{ github.actor }}
-    GITHUB_WORKFLOW: ${{ github.workflow }}
-    GITHUB_SERVER_URL: ${{ github.server_url }}
-    GITHUB_REPOSITORY: ${{ github.repository }}
-    GITHUB_RUN_ID: ${{ github.run_id }}
-    STATUS: ${{ steps.determine-status.outputs.status }}
-    STATUS_COLOR: ${{ steps.determine-status.outputs.status-color }}
-    STATUS_EMOJI: ${{ steps.determine-status.outputs.status-emoji }}
-    PLAN_EMOJI: ${{ steps.determine-status.outputs.plan-emoji }}
-    APPLY_EMOJI: ${{ steps.determine-status.outputs.apply-emoji }}
-    TERRAFORM_PLAN_OUTCOME: ${{ steps.terraform-plan.outcome }}
-    TERRAFORM_APPLY_OUTCOME: ${{ steps.terraform-apply.outcome }}
-  with:
-    method: chat.update
-    token: ${{ secrets.SLACK_BOT_TOKEN }}
-    payload-file-path: "./.github/scripts/slack-messages/deployment-completed.json"
-```
-
-**Note**: Variables like `STATUS`, `STATUS_COLOR`, `STATUS_EMOJI`, `PLAN_EMOJI`, `APPLY_EMOJI` are calculated by the `determine-status` step based on the outcomes of previous steps. They should NOT be manually configured.
-
-## Key Features
-
-### Benefits of Using Slack API Method
-
- **Rich Block Kit Formatting**: Full support for Slack's Block Kit including headers, sections, fields, colors, and attachments
- **Message Updates**: Update the same message instead of posting multiple messages (using `chat.update` with `ts`)
- **Consistent Experience**: Same look and feel as Prowler Cloud notifications
- **Flexible**: Easy to customize message appearance by editing JSON templates
-
-### Differences from Webhook Method
-
-| Feature | webhook-trigger | Slack API (chat.postMessage) |
-|---------|-----------------|------------------------------|
-| Setup | Workflow Builder webhook | Slack Bot Token + Channel ID |
-| Formatting | Plain text/simple | Full Block Kit support |
-| Message Update | No | Yes (with chat.update) |
-| Authentication | Webhook URL | Bot Token |
-| Scopes Required | None | chat:write, chat:write.public |
-
-## Message Appearance
-
-### Container Release (Simple One-Line)
-
-**Start message:**
-```
-API container release 4.5.0 push started... View run
-```
-
-**Completion message (success):**
-```
-[✓] API container release 4.5.0 push completed successfully! View run
-```
-
-**Completion message (failure):**
-```
-[✗] API container release 4.5.0 push failed View run
-```
-
-All messages are simple one-liners with a clickable "View run" link. The completion message adapts to show success `[✓]` or failure `[✗]` based on the outcome of the container push.
-
-### Deployment Start
- Header: Component and environment
- Yellow bar (color: `dbab09`)
- Status: In Progress
- Details: Commit, version, actor, workflow
- Link: Direct link to deployment run
-
-### Deployment Completion
- Header: Component and environment
- Green bar for success (color: `28a745`) / Red bar for failure (color: `fc3434`)
- Status: [✓] Completed or [✗] Failed
- Details: All deployment info plus terraform outcomes
- Link: Direct link to deployment run
-
-## Adding New Templates
-
-1. Create a new JSON file with Block Kit structure
-2. Use environment variable placeholders (e.g., `$VAR_NAME`)
-3. Include `channel` and `text` fields (required)
-4. Add `blocks` or `attachments` for rich formatting
-5. For update templates, include `ts` field as `$MESSAGE_TS`
-6. Document the template in this README
-7. Reference it in your workflow using `payload-file-path`
-
-## Reference
-
- [Slack Block Kit Builder](https://app.slack.com/block-kit-builder)
- [Slack API Method Documentation](https://docs.slack.dev/tools/slack-github-action/sending-techniques/sending-data-slack-api-method/)
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\n${{ env.STATUS_TEXT }}\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push ${{ env.STATUS_TEXT }}\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -1,17 +0,0 @@
-{
-  "channel": "${{ env.SLACK_CHANNEL_ID }}",
-  "attachments": [
-    {
-      "color": "${{ env.STATUS_COLOR }}",
-      "blocks": [
-        {
-          "type": "section",
-          "text": {
-            "type": "mrkdwn",
-            "text": "*Status:*\nStarted\n\n${{ env.COMPONENT }} container release ${{ env.RELEASE_TAG }} push started...\n\n<${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}/actions/runs/${{ env.GITHUB_RUN_ID }}|View run>"
-          }
-        }
-      ]
-    }
-  ]
-}
@@ -1,102 +0,0 @@
-const fs = require('fs');
-
-// Configuration from environment variables
-const REPORT_FILE = process.env.TRIVY_REPORT_FILE || 'trivy-report.json';
-const IMAGE_NAME = process.env.IMAGE_NAME || 'container-image';
-const GITHUB_SHA = process.env.GITHUB_SHA || 'unknown';
-const GITHUB_REPOSITORY = process.env.GITHUB_REPOSITORY || '';
-const GITHUB_RUN_ID = process.env.GITHUB_RUN_ID || '';
-const SEVERITY = process.env.SEVERITY || 'CRITICAL,HIGH,MEDIUM,LOW';
-
-// Parse severities to scan
-const scannedSeverities = SEVERITY.split(',').map(s => s.trim());
-
-// Read and parse the Trivy report
-const report = JSON.parse(fs.readFileSync(REPORT_FILE, 'utf-8'));
-
-let vulnCount = 0;
-let vulnsByType = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
-let affectedPackages = new Set();
-
-if (report.Results && Array.isArray(report.Results)) {
-    for (const result of report.Results) {
-        if (result.Vulnerabilities && Array.isArray(result.Vulnerabilities)) {
-            for (const vuln of result.Vulnerabilities) {
-                vulnCount++;
-                if (vulnsByType[vuln.Severity] !== undefined) {
-                    vulnsByType[vuln.Severity]++;
-                }
-                if (vuln.PkgName) {
-                    affectedPackages.add(vuln.PkgName);
-                }
-            }
-        }
-    }
-}
-
-const shortSha = GITHUB_SHA.substring(0, 7);
-const timestamp = new Date().toISOString().replace('T', ' ').substring(0, 19) + ' UTC';
-
-// Severity icons and labels
-const severityConfig = {
-    CRITICAL: { icon: '🔴', label: 'Critical' },
-    HIGH: { icon: '🟠', label: 'High' },
-    MEDIUM: { icon: '🟡', label: 'Medium' },
-    LOW: { icon: '🔵', label: 'Low' }
-};
-
-let comment = '## 🔒 Container Security Scan\n\n';
-comment += `**Image:** \`${IMAGE_NAME}:${shortSha}\`\n`;
-comment += `**Last scan:** ${timestamp}\n\n`;
-
-if (vulnCount === 0) {
-    comment += '### ✅ No Vulnerabilities Detected\n\n';
-    comment += 'The container image passed all security checks. No known CVEs were found.\n';
-} else {
-    comment += '### 📊 Vulnerability Summary\n\n';
-    comment += '| Severity | Count |\n';
-    comment += '|----------|-------|\n';
-
-    // Only show severities that were scanned
-    for (const severity of scannedSeverities) {
-        const config = severityConfig[severity];
-        const count = vulnsByType[severity] || 0;
-        const isBold = (severity === 'CRITICAL' || severity === 'HIGH') && count > 0;
-        const countDisplay = isBold ? `**${count}**` : count;
-        comment += `| ${config.icon} ${config.label} | ${countDisplay} |\n`;
-    }
-
-    comment += `| **Total** | **${vulnCount}** |\n\n`;
-
-    if (affectedPackages.size > 0) {
-        comment += `**${affectedPackages.size}** package(s) affected\n\n`;
-    }
-
-    if (vulnsByType.CRITICAL > 0) {
-        comment += '### ⚠️ Action Required\n\n';
-        comment += '**Critical severity vulnerabilities detected.** These should be addressed before merging:\n';
-        comment += '- Review the detailed scan results\n';
-        comment += '- Update affected packages to patched versions\n';
-        comment += '- Consider using a different base image if updates are unavailable\n\n';
-    } else if (vulnsByType.HIGH > 0) {
-        comment += '### ⚠️ Attention Needed\n\n';
-        comment += '**High severity vulnerabilities found.** Please review and plan remediation:\n';
-        comment += '- Assess the risk and exploitability\n';
-        comment += '- Prioritize updates in the next maintenance cycle\n\n';
-    } else {
-        comment += '### ℹ️ Review Recommended\n\n';
-        comment += 'Medium/Low severity vulnerabilities found. Consider addressing during regular maintenance.\n\n';
-    }
-}
-
-comment += '---\n';
-comment += '📋 **Resources:**\n';
-
-if (GITHUB_REPOSITORY && GITHUB_RUN_ID) {
-    comment += `- [Download full report](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) (see artifacts)\n`;
-}
-
-comment += '- [View in Security tab](https://github.com/' + (GITHUB_REPOSITORY || 'repository') + '/security/code-scanning)\n';
-comment += '- Scanned with [Trivy](https://github.com/aquasecurity/trivy)\n';
-
-module.exports = comment;
@@ -0,0 +1,115 @@
+name: API - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "api/**"
+      - "prowler/**"
+      - ".github/workflows/api-build-lint-push-containers.yml"
+
+  # Uncomment the code below to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "api/**"
+  #     - ".github/workflows/api-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./api
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-api-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,71 +0,0 @@
-name: 'API: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-code-quality:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-code-quality.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Poetry check
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Ruff lint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff check . --exclude contrib
-
-      - name: Ruff format
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run ruff format --check . --exclude contrib
-
-      - name: Pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
@@ -1,34 +1,36 @@
-name: 'API: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: API - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'api/**'
-      - '.github/workflows/api-codeql.yml'
-      - '.github/codeql/api-codeql-config.yml'
+      - "api/**"
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'api/**'
-      - '.github/workflows/api-codeql.yml'
-      - '.github/codeql/api-codeql-config.yml'
+      - "api/**"
  schedule:
    - cron: '00 12 * * *'

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
-  api-analyze:
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -37,20 +39,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'python'
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-        with:
-          languages: ${{ matrix.language }}
-          config-file: ./.github/codeql/api-codeql-config.yml
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/api-codeql-config.yml

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-        with:
-          category: '/language:${{ matrix.language }}'
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      with:
+        category: "/language:${{matrix.language}}"
@@ -1,135 +0,0 @@
-name: 'API: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'api/**'
-      - 'prowler/**'
-      - '.github/workflows/api-build-lint-push-containers.yml'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./api
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push API container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push API container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: API
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger API deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: api-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,89 +0,0 @@
-name: 'API: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-  IMAGE_NAME: prowler-api
-
-jobs:
-  api-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: api/Dockerfile
-          ignore: DL3013
-
-  api-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: api/**
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.API_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,239 @@
+name: API - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - ".github/workflows/api-pull-request.yml"
+      - "api/**"
+  pull_request:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - ".github/workflows/api-pull-request.yml"
+      - "api/**"
+
+env:
+  POSTGRES_HOST: localhost
+  POSTGRES_PORT: 5432
+  POSTGRES_ADMIN_USER: prowler
+  POSTGRES_ADMIN_PASSWORD: S3cret
+  POSTGRES_USER: prowler_user
+  POSTGRES_PASSWORD: prowler
+  POSTGRES_DB: postgres-db
+  VALKEY_HOST: localhost
+  VALKEY_PORT: 6379
+  VALKEY_DB: 0
+  API_WORKING_DIR: ./api
+  IMAGE_NAME: prowler-api
+  IGNORE_FILES: |
+    api/docs/**
+    api/README.md
+    api/CHANGELOG.md
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.12"]
+
+    # Service containers to run with `test`
+    services:
+      # Label used to access the service container
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
+          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+        # Set health checks to wait until postgres has started
+        ports:
+          - 5432:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      valkey:
+        image: valkey/valkey:7-alpine3.19
+        env:
+          VALKEY_HOST: ${{ env.VALKEY_HOST }}
+          VALKEY_PORT: ${{ env.VALKEY_PORT }}
+          VALKEY_DB: ${{ env.VALKEY_DB }}
+        # Set health checks to wait until postgres has started
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "valkey-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Test if changes are in not ignored paths
+        id: are-non-ignored-files-changed
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            api/**
+            .github/workflows/api-pull-request.yml
+          files_ignore: ${{ env.IGNORE_FILES }}
+
+      - name: Replace @master with current branch in pyproject.toml
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
+          echo "Using branch: $BRANCH_NAME"
+          sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
+
+      - name: Install poetry
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          python -m pip install --upgrade pip
+          pipx install poetry==2.1.1
+
+      - name: Update SDK's poetry.lock resolved_reference to latest commit - Only for push events to `master`
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true' && github.event_name == 'push'
+        run: |
+          # Get the latest commit hash from the prowler-cloud/prowler repository
+          LATEST_COMMIT=$(curl -s "https://api.github.com/repos/prowler-cloud/prowler/commits/master" | jq -r '.sha')
+          echo "Latest commit hash: $LATEST_COMMIT"
+
+          # Update the resolved_reference specifically for prowler-cloud/prowler repository
+          sed -i '/url = "https:\/\/github\.com\/prowler-cloud\/prowler\.git"/,/resolved_reference = / {
+            s/resolved_reference = "[a-f0-9]\{40\}"/resolved_reference = "'"$LATEST_COMMIT"'"/
+          }' poetry.lock
+
+          # Verify the change was made
+          echo "Updated resolved_reference:"
+          grep -A2 -B2 "resolved_reference" poetry.lock
+
+      - name: Update poetry.lock
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry lock
+
+      - name: Set up Python ${{ matrix.python-version }}
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install system dependencies for xmlsec
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libxml2-dev libxmlsec1-dev libxmlsec1-openssl pkg-config
+
+      - name: Install dependencies
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry install --no-root
+          poetry run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
+            && chmod +x /tmp/hadolint
+
+      - name: Poetry check
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry check --lock
+
+      - name: Lint with ruff
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run ruff check . --exclude contrib
+
+      - name: Check Format with ruff
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run ruff format --check . --exclude contrib
+
+      - name: Lint with pylint
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn src/
+
+      - name: Bandit
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
+
+      - name: Safety
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
+        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
+        run: |
+          poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
+
+      - name: Vulture
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
+
+      - name: Hadolint
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
+
+      - name: Test with pytest
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest --cov=./src/backend --cov-report=xml src/backend
+
+      - name: Upload coverage reports to Codecov
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: api
+  test-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Test if changes are in not ignored paths
+        id: are-non-ignored-files-changed
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: api/**
+          files_ignore: ${{ env.IGNORE_FILES }}
+      - name: Set up Docker Buildx
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Build Container
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.API_WORKING_DIR }}
+          push: false
+          tags: ${{ env.IMAGE_NAME }}:latest
+          outputs: type=docker
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
@@ -1,69 +0,0 @@
-name: 'API: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-security-scans:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-security.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
-
-      - name: Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        # 76352, 76353, 77323 come from SDK, but they cannot upgrade it yet. It does not affect API
-        # TODO: Botocore needs urllib3 1.X so we need to ignore these vulnerabilities 77744,77745. Remove this once we upgrade to urllib3 2.X
-        run: poetry run safety check --ignore 70612,66963,74429,76352,76353,77323,77744,77745
-
-      - name: Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,tests,conftest.py" --min-confidence 100 .
@@ -1,107 +0,0 @@
-name: 'API: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  POSTGRES_HOST: localhost
-  POSTGRES_PORT: 5432
-  POSTGRES_ADMIN_USER: prowler
-  POSTGRES_ADMIN_PASSWORD: S3cret
-  POSTGRES_USER: prowler_user
-  POSTGRES_PASSWORD: prowler
-  POSTGRES_DB: postgres-db
-  VALKEY_HOST: localhost
-  VALKEY_PORT: 6379
-  VALKEY_DB: 0
-  API_WORKING_DIR: ./api
-
-jobs:
-  api-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.12'
-    defaults:
-      run:
-        working-directory: ./api
-
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_HOST: ${{ env.POSTGRES_HOST }}
-          POSTGRES_PORT: ${{ env.POSTGRES_PORT }}
-          POSTGRES_USER: ${{ env.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
-          POSTGRES_DB: ${{ env.POSTGRES_DB }}
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      valkey:
-        image: valkey/valkey:7-alpine3.19
-        env:
-          VALKEY_HOST: ${{ env.VALKEY_HOST }}
-          VALKEY_PORT: ${{ env.VALKEY_PORT }}
-          VALKEY_DB: ${{ env.VALKEY_DB }}
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "valkey-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for API changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            .github/workflows/api-tests.yml
-          files_ignore: |
-            api/docs/**
-            api/README.md
-            api/CHANGELOG.md
-
-      - name: Setup Python with Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/setup-python-poetry
-        with:
-          python-version: ${{ matrix.python-version }}
-          working-directory: ./api
-
-      - name: Run tests with pytest
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pytest --cov=./src/backend --cov-report=xml src/backend
-
-      - name: Upload coverage reports to Codecov
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: api
@@ -1,33 +1,28 @@
-name: 'Tools: Backport'
+name: Prowler - Automatic Backport

 on:
  pull_request_target:
-    branches:
-      - 'master'
-    types:
-      - 'labeled'
-      - 'closed'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: false
+    branches: ['master']
+    types: ['labeled', 'closed']

 env:
+  # The prefix of the label that triggers the backport must not contain the branch name
+  # so, for example, if the branch is 'master', the label should be 'backport-to-<branch>'
  BACKPORT_LABEL_PREFIX: backport-to-
  BACKPORT_LABEL_IGNORE: was-backported

 jobs:
  backport:
+    name: Backport PR
    if: github.event.pull_request.merged == true && !(contains(github.event.pull_request.labels.*.name, 'backport')) && !(contains(github.event.pull_request.labels.*.name, 'was-backported'))
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
-      contents: write
+      id-token: write
      pull-requests: write
-
+      contents: write
    steps:
      - name: Check labels
-        id: label_check
+        id: preview_label_check
        uses: agilepathway/label-checker@c3d16ad512e7cea5961df85ff2486bb774caf3c5 # v1.6.65
        with:
          allow_failure: true
@@ -36,17 +31,17 @@ jobs:
          none_of: ${{ env.BACKPORT_LABEL_IGNORE }}
          repo_token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Backport PR
-        if: steps.label_check.outputs.label_check == 'success'
+      - name: Backport Action
+        if: steps.preview_label_check.outputs.label_check == 'success'
        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}

-      - name: Display backport info log
-        if: success() && steps.label_check.outputs.label_check == 'success'
+      - name: Info log
+        if: ${{ success() && steps.preview_label_check.outputs.label_check == 'success' }}
        run: cat ~/.backport/backport.info.log

-      - name: Display backport debug log
-        if: failure() && steps.label_check.outputs.label_check == 'success'
+      - name: Debug log
+        if: ${{ failure() && steps.preview_label_check.outputs.label_check == 'success' }}
        run: cat ~/.backport/backport.debug.log
@@ -0,0 +1,36 @@
+name: Prowler - Pull Request Documentation Link
+
+on:
+  pull_request:
+    branches:
+      - 'master'
+      - 'v3'
+    paths:
+      - 'docs/**'
+      - '.github/workflows/build-documentation-on-pr.yml'
+
+env:
+  PR_NUMBER: ${{ github.event.pull_request.number }}
+
+jobs:
+  documentation-link:
+    name: Documentation Link
+    runs-on: ubuntu-latest
+    steps:
+      - name: Find existing documentation comment
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
+        id: find-comment
+        with:
+          issue-number: ${{ env.PR_NUMBER }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '<!-- prowler-docs-link -->'
+
+      - name: Create or update PR comment with the Prowler Documentation URI
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          comment-id: ${{ steps.find-comment.outputs.comment-id }}
+          issue-number: ${{ env.PR_NUMBER }}
+          body: |
+            <!-- prowler-docs-link -->
+            You can check the documentation for this PR here -> [Prowler Documentation](https://prowler-prowler-docs--${{ env.PR_NUMBER }}.com.readthedocs.build/projects/prowler-open-source/en/${{ env.PR_NUMBER }}/)
+          edit-mode: replace
@@ -1,31 +1,23 @@
-name: 'Tools: Conventional Commit'
+name: Prowler - Conventional Commit

 on:
  pull_request:
-    branches:
-      - 'master'
-      - 'v3'
-      - 'v4.*'
-      - 'v5.*'
    types:
-      - 'opened'
-      - 'edited'
-      - 'synchronize'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+      - "opened"
+      - "edited"
+      - "synchronize"
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"

 jobs:
  conventional-commit-check:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: read
-
    steps:
-      - name: Check PR title format
+      - name: conventional-commit-check
+        id: conventional-commit-check
        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
        with:
-          pr-title-regex: '^(feat|fix|docs|style|refactor|perf|test|chore|build|ci|revert)(\([^)]+\))?!?: .+'
+            pr-title-regex: '^([^\s(]+)(?:\(([^)]+)\))?: (.+)'
@@ -1,70 +1,67 @@
-name: 'Tools: Backport Label'
+name: Prowler - Create Backport Label

 on:
  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
-
-env:
-  BACKPORT_LABEL_PREFIX: backport-to-
-  BACKPORT_LABEL_COLOR: B60205
+    types: [published]

 jobs:
-  create-label:
+  create_label:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
-      contents: read
+      contents: write
      issues: write
-
    steps:
-      - name: Create backport label for minor releases
+      - name: Create backport label
        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_TAG: ${{ github.event.release.tag_name }}
+          OWNER_REPO: ${{ github.repository }}
        run: |
-          RELEASE_TAG="${{ github.event.release.tag_name }}"
-
-          if [ -z "$RELEASE_TAG" ]; then
-            echo "Error: No release tag provided"
-            exit 1
-          fi
-
-          echo "Processing release tag: $RELEASE_TAG"
-
-          # Remove 'v' prefix if present (e.g., v3.2.0 -> 3.2.0)
-          VERSION_ONLY="${RELEASE_TAG#v}"
+          VERSION_ONLY=${RELEASE_TAG#v} # Remove 'v' prefix if present (e.g., v3.2.0 -> 3.2.0)

          # Check if it's a minor version (X.Y.0)
-          if [[ "$VERSION_ONLY" =~ ^([0-9]+)\.([0-9]+)\.0$ ]]; then
-            echo "Release $RELEASE_TAG (version $VERSION_ONLY) is a minor version. Proceeding to create backport label."
+          if [[ "$VERSION_ONLY" =~ ^[0-9]+\.[0-9]+\.0$ ]]; then
+            echo "Release ${RELEASE_TAG} (version ${VERSION_ONLY}) is a minor version. Proceeding to create backport label."

-            # Extract X.Y from X.Y.0 (e.g., 5.6 from 5.6.0)
-            MAJOR="${BASH_REMATCH[1]}"
-            MINOR="${BASH_REMATCH[2]}"
-            TWO_DIGIT_VERSION="${MAJOR}.${MINOR}"
+            TWO_DIGIT_VERSION=${VERSION_ONLY%.0} # Extract X.Y from X.Y.0 (e.g., 5.6 from 5.6.0)

-            LABEL_NAME="${BACKPORT_LABEL_PREFIX}v${TWO_DIGIT_VERSION}"
-            LABEL_DESC="Backport PR to the v${TWO_DIGIT_VERSION} branch"
-            LABEL_COLOR="$BACKPORT_LABEL_COLOR"
+            FINAL_LABEL_NAME="backport-to-v${TWO_DIGIT_VERSION}"
+            FINAL_DESCRIPTION="Backport PR to the v${TWO_DIGIT_VERSION} branch"

-            echo "Label name: $LABEL_NAME"
-            echo "Label description: $LABEL_DESC"
+            echo "Effective label name will be: ${FINAL_LABEL_NAME}"
+            echo "Effective description will be: ${FINAL_DESCRIPTION}"

-            # Check if label already exists
-            if gh label list --repo ${{ github.repository }} --limit 1000 | grep -q "^${LABEL_NAME}[[:space:]]"; then
-              echo "Label '$LABEL_NAME' already exists."
+            # Check if the label already exists
+            STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${OWNER_REPO}/labels/${FINAL_LABEL_NAME}")
+
+            if [ "${STATUS_CODE}" -eq 200 ]; then
+              echo "Label '${FINAL_LABEL_NAME}' already exists."
+            elif [ "${STATUS_CODE}" -eq 404 ]; then
+              echo "Label '${FINAL_LABEL_NAME}' does not exist. Creating it..."
+              # Prepare JSON data payload
+              JSON_DATA=$(printf '{"name":"%s","description":"%s","color":"B60205"}' "${FINAL_LABEL_NAME}" "${FINAL_DESCRIPTION}")
+
+              CREATE_STATUS_CODE=$(curl -s -o /tmp/curl_create_response.json -w "%{http_code}" -X POST \
+              -H "Accept: application/vnd.github.v3+json" \
+              -H "Authorization: token ${GITHUB_TOKEN}" \
+              --data "${JSON_DATA}" \
+              "https://api.github.com/repos/${OWNER_REPO}/labels")
+
+              CREATE_RESPONSE_BODY=$(cat /tmp/curl_create_response.json)
+              rm -f /tmp/curl_create_response.json
+
+              if [ "$CREATE_STATUS_CODE" -eq 201 ]; then
+                echo "Label '${FINAL_LABEL_NAME}' created successfully."
+              else
+                echo "Error creating label '${FINAL_LABEL_NAME}'. Status: $CREATE_STATUS_CODE"
+                echo "Response: $CREATE_RESPONSE_BODY"
+                exit 1
+              fi
            else
-              echo "Label '$LABEL_NAME' does not exist. Creating it..."
-              gh label create "$LABEL_NAME" \
-                --description "$LABEL_DESC" \
-                --color "$LABEL_COLOR" \
-                --repo ${{ github.repository }}
-              echo "Label '$LABEL_NAME' created successfully."
+              echo "Error checking for label '${FINAL_LABEL_NAME}'. HTTP Status: ${STATUS_CODE}"
+              exit 1
            fi
          else
-            echo "Release $RELEASE_TAG (version $VERSION_ONLY) is not a minor version. Skipping backport label creation."
+            echo "Release ${RELEASE_TAG} (version ${VERSION_ONLY}) is not a minor version. Skipping backport label creation."
+            exit 0
          fi
@@ -1,33 +1,19 @@
-name: 'Tools: TruffleHog'
+name: Prowler - Find secrets

-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+on: pull_request

 jobs:
-  scan-secrets:
+  trufflehog:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
-
-      - name: Scan for secrets with TruffleHog
-        uses: trufflesecurity/trufflehog@ad6fc8fb446b8fafbf7ea8193d2d6bfd42f45690 # v3.90.11
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@a05cf0859455b5b16317ee22d809887a4043cdf0 # v3.90.2
        with:
-          extra_args: '--results=verified,unknown'
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --only-verified
@@ -1,45 +0,0 @@
-name: Community PR labelling
-
-on:
-  # We need "write" permissions on the PR to be able to add a label.
-  pull_request_target: # We need this to have labelling permissions. There are no user inputs here, so we should be fine.
-    types:
-      - opened
-
-permissions: {}
-
-jobs:
-  label-if-community:
-    name: Add 'community' label if the PR is from a community contributor
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Check if author is org member
-        id: check_membership
-        env:
-          GH_TOKEN: ${{ github.token }}
-          AUTHOR: ${{ github.event.pull_request.user.login }}
-          ORG: ${{ github.repository_owner }}
-        run: |
-          echo "Checking if $AUTHOR is a member of $ORG"
-          if gh api --method GET "orgs/$ORG/members/$AUTHOR" >/dev/null 2>&1; then
-            echo "is_member=true" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is an organization member"
-          else
-            echo "is_member=false" >> $GITHUB_OUTPUT
-            echo "$AUTHOR is not an organization member"
-          fi
-
-      - name: Add community label
-        if: steps.check_membership.outputs.is_member == 'false'
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          echo "Adding 'community' label to PR #$PR_NUMBER"
-          gh api /repos/${{ github.repository }}/issues/${{ github.event.number }}/labels \
-            -X POST \
-            -f labels[]='community'
@@ -1,29 +1,17 @@
-name: 'Tools: PR Labeler'
+name: Prowler - PR Labeler

 on:
-  pull_request_target:
-    branches:
-      - 'master'
-      - 'v5.*'
-    types:
-      - 'opened'
-      - 'reopened'
-      - 'synchronize'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    pull_request_target:
+      branches:
+        - "master"
+        - "v3"
+        - "v4.*"

 jobs:
  labeler:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: write
-
+    runs-on: ubuntu-latest
    steps:
-      - name: Apply labels to PR
-        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
-        with:
-          sync-labels: true
+    - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
@@ -1,148 +0,0 @@
-name: 'MCP: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'mcp_server/**'
-      - '.github/workflows/mcp-container-build-push.yml'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./mcp_server
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-mcp
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push MCP container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
-          labels: |
-            org.opencontainers.image.title=Prowler MCP Server
-            org.opencontainers.image.description=Model Context Protocol server for Prowler
-            org.opencontainers.image.vendor=ProwlerPro, Inc.
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.created=${{ github.event.head_commit.timestamp }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push MCP container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          labels: |
-            org.opencontainers.image.title=Prowler MCP Server
-            org.opencontainers.image.description=Model Context Protocol server for Prowler
-            org.opencontainers.image.vendor=ProwlerPro, Inc.
-            org.opencontainers.image.version=${{ env.RELEASE_TAG }}
-            org.opencontainers.image.source=https://github.com/${{ github.repository }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.created=${{ github.event.release.published_at }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: MCP
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger MCP deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: mcp-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,87 +0,0 @@
-name: 'MCP: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  MCP_WORKING_DIR: ./mcp_server
-  IMAGE_NAME: prowler-mcp
-
-jobs:
-  mcp-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: mcp_server/Dockerfile
-
-  mcp-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for MCP changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: mcp_server/**
-          files_ignore: |
-            mcp_server/README.md
-            mcp_server/CHANGELOG.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build MCP container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.MCP_WORKING_DIR }}
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan MCP container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -1,103 +0,0 @@
-name: 'Tools: Check Changelog'
-
-on:
-  pull_request:
-    types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
-      - 'labeled'
-      - 'unlabeled'
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  check-changelog:
-    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    env:
-      MONITORED_FOLDERS: 'api ui prowler mcp_server'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          fetch-depth: 0
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            api/**
-            ui/**
-            prowler/**
-            mcp_server/**
-
-      - name: Check for folder changes and changelog presence
-        id: check-folders
-        run: |
-          missing_changelogs=""
-
-          # Check api folder
-          if [[ "${{ steps.changed-files.outputs.any_changed }}" == "true" ]]; then
-            for folder in $MONITORED_FOLDERS; do
-              # Get files changed in this folder
-              changed_in_folder=$(echo "${{ steps.changed-files.outputs.all_changed_files }}" | tr ' ' '\n' | grep "^${folder}/" || true)
-
-              if [ -n "$changed_in_folder" ]; then
-                echo "Detected changes in ${folder}/"
-
-                # Check if CHANGELOG.md was updated
-                if ! echo "$changed_in_folder" | grep -q "^${folder}/CHANGELOG.md$"; then
-                  echo "No changelog update found for ${folder}/"
-                  missing_changelogs="${missing_changelogs}- \`${folder}\`"$'\n'
-                fi
-              fi
-            done
-          fi
-
-          {
-            echo "missing_changelogs<<EOF"
-            echo -e "${missing_changelogs}"
-            echo "EOF"
-          } >> $GITHUB_OUTPUT
-
-      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        id: find-comment
-        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- changelog-check -->'
-
-      - name: Update PR comment with changelog status
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          edit-mode: replace
-          body: |
-            <!-- changelog-check -->
-            ${{ steps.check-folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
-
-            {0}
-
-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check-folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated.' }}
-
-      - name: Fail if changelog is missing
-        if: steps.check-folders.outputs.missing_changelogs != ''
-        run: |
-          echo "::error::Missing changelog updates in some folders"
-          exit 1
@@ -1,40 +1,41 @@
-name: 'Tools: PR Conflict Checker'
+name: Prowler - PR Conflict Checker

 on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+    branches:
+      - "master"
+      - "v5.*"
  pull_request_target:
    types:
-      - 'opened'
-      - 'synchronize'
-      - 'reopened'
+      - opened
+      - synchronize
+      - reopened
    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+      - "master"
+      - "v5.*"

 jobs:
-  check-conflicts:
+  conflict-checker:
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: write
      issues: write

    steps:
-      - name: Checkout PR head
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get changed files
        id: changed-files
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
        with:
-          files: '**'
+          files: |
+            **

      - name: Check for conflict markers
        id: conflict-check
@@ -49,10 +50,10 @@ jobs:
            if [ -f "$file" ]; then
              echo "Checking file: $file"

-              # Look for conflict markers (more precise regex)
-              if grep -qE '^(<<<<<<<|=======|>>>>>>>)' "$file" 2>/dev/null; then
+              # Look for conflict markers
+              if grep -l "^<<<<<<<\|^=======\|^>>>>>>>" "$file" 2>/dev/null; then
                echo "Conflict markers found in: $file"
-                CONFLICT_FILES="${CONFLICT_FILES}- \`${file}\`"$'\n'
+                CONFLICT_FILES="$CONFLICT_FILES$file "
                HAS_CONFLICTS=true
              fi
            fi
@@ -60,64 +61,108 @@ jobs:

          if [ "$HAS_CONFLICTS" = true ]; then
            echo "has_conflicts=true" >> $GITHUB_OUTPUT
-            {
-              echo "conflict_files<<EOF"
-              echo "$CONFLICT_FILES"
-              echo "EOF"
-            } >> $GITHUB_OUTPUT
-            echo "Conflict markers detected"
+            echo "conflict_files=$CONFLICT_FILES" >> $GITHUB_OUTPUT
+            echo "Conflict markers detected in files: $CONFLICT_FILES"
          else
            echo "has_conflicts=false" >> $GITHUB_OUTPUT
            echo "No conflict markers found in changed files"
          fi

-      - name: Manage conflict label
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          HAS_CONFLICTS: ${{ steps.conflict-check.outputs.has_conflicts }}
-        run: |
-          LABEL_NAME="has-conflicts"
+      - name: Add conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });

-          # Add or remove label based on conflict status
-          if [ "$HAS_CONFLICTS" = "true" ]; then
-            echo "Adding conflict label to PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --add-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          else
-            echo "Removing conflict label from PR #${PR_NUMBER}..."
-            gh pr edit "$PR_NUMBER" --remove-label "$LABEL_NAME" --repo ${{ github.repository }} || true
-          fi
+            const hasConflictLabel = labels.some(label => label.name === 'has-conflicts');

-      - name: Find existing comment
-        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
+            if (!hasConflictLabel) {
+              await github.rest.issues.addLabels({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                labels: ['has-conflicts']
+              });
+              console.log('Added has-conflicts label');
+            } else {
+              console.log('has-conflicts label already exists');
+            }
+
+      - name: Remove conflict label
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          script: |
+            try {
+              await github.rest.issues.removeLabel({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                name: 'has-conflicts'
+              });
+              console.log('Removed has-conflicts label');
+            } catch (error) {
+              if (error.status === 404) {
+                console.log('has-conflicts label was not present');
+              } else {
+                throw error;
+              }
+            }
+
+      - name: Find existing conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
        id: find-comment
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- conflict-checker-comment -->'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'

-      - name: Create or update comment
+      - name: Create or update conflict comment
+        if: steps.conflict-check.outputs.has_conflicts == 'true'
        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ github.event.pull_request.number }}
          edit-mode: replace
          body: |
-            <!-- conflict-checker-comment -->
-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && '⚠️ **Conflict Markers Detected**' || '✅ **Conflict Markers Resolved**' }}
+            ⚠️ **Conflict Markers Detected**

-            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && format('This pull request contains unresolved conflict markers in the following files:
-
-            {0}
+            This pull request contains unresolved conflict markers in the following files:
+            ```
+            ${{ steps.conflict-check.outputs.conflict_files }}
+            ```

            Please resolve these conflicts by:
            1. Locating the conflict markers: `<<<<<<<`, `=======`, and `>>>>>>>`
            2. Manually editing the files to resolve the conflicts
            3. Removing all conflict markers
-            4. Committing and pushing the changes', steps.conflict-check.outputs.conflict_files) || 'All conflict markers have been successfully resolved in this pull request.' }}
+            4. Committing and pushing the changes

-      - name: Fail workflow if conflicts detected
-        if: steps.conflict-check.outputs.has_conflicts == 'true'
-        run: |
-          echo "::error::Workflow failed due to conflict markers detected in the PR"
-          exit 1
+      - name: Find existing conflict comment when resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false'
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
+        id: find-resolved-comment
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-regex: '(⚠️ \*\*Conflict Markers Detected\*\*|✅ \*\*Conflict Markers Resolved\*\*)'
+
+      - name: Update comment when conflicts resolved
+        if: steps.conflict-check.outputs.has_conflicts == 'false' && steps.find-resolved-comment.outputs.comment-id != ''
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          comment-id: ${{ steps.find-resolved-comment.outputs.comment-id }}
+          issue-number: ${{ github.event.pull_request.number }}
+          edit-mode: replace
+          body: |
+            ✅ **Conflict Markers Resolved**
+
+            All conflict markers have been successfully resolved in this pull request.
@@ -1,6 +1,6 @@
-name: 'Tools: Prepare Release'
+name: Prowler - Release Preparation

-run-name: 'Prepare Release for Prowler ${{ inputs.prowler_version }}'
+run-name: Prowler Release Preparation for ${{ inputs.prowler_version }}

 on:
  workflow_dispatch:
@@ -10,42 +10,37 @@ on:
        required: true
        type: string

-concurrency:
-  group: ${{ github.workflow }}-${{ inputs.prowler_version }}
-  cancel-in-progress: false
-
 env:
-  PROWLER_VERSION: ${{ inputs.prowler_version }}
+  PROWLER_VERSION: ${{ github.event.inputs.prowler_version }}

 jobs:
  prepare-release:
-    if: github.event_name == 'workflow_dispatch' && github.repository == 'prowler-cloud/prowler'
+    if: github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      contents: write
      pull-requests: write
    steps:
-    - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        fetch-depth: 0
        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}

    - name: Set up Python
-      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
      with:
        python-version: '3.12'

    - name: Install Poetry
      run: |
-        python3 -m pip install --user poetry==2.1.1
+        python3 -m pip install --user poetry
        echo "$HOME/.local/bin" >> $GITHUB_PATH

    - name: Configure Git
      run: |
-        git config --global user.name 'prowler-bot'
-        git config --global user.email '179230569+prowler-bot@users.noreply.github.com'
+        git config --global user.name "prowler-bot"
+        git config --global user.email "179230569+prowler-bot@users.noreply.github.com"

    - name: Parse version and determine branch
      run: |
@@ -64,17 +59,29 @@ jobs:
          BRANCH_NAME="v${MAJOR_VERSION}.${MINOR_VERSION}"
          echo "BRANCH_NAME=${BRANCH_NAME}" >> "${GITHUB_ENV}"

+          # Calculate UI version (1.X.X format - matches Prowler minor version)
+          UI_VERSION="1.${MINOR_VERSION}.${PATCH_VERSION}"
+          echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
+
+          # Calculate API version (1.X.X format - one minor version ahead)
+          API_MINOR_VERSION=$((MINOR_VERSION + 1))
+          API_VERSION="1.${API_MINOR_VERSION}.${PATCH_VERSION}"
+          echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
+
          echo "Prowler version: $PROWLER_VERSION"
          echo "Branch name: $BRANCH_NAME"
+          echo "UI version: $UI_VERSION"
+          echo "API version: $API_VERSION"
          echo "Is minor release: $([ $PATCH_VERSION -eq 0 ] && echo 'true' || echo 'false')"
        else
          echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
          exit 1
        fi

-    - name: Checkout release branch
+    - name: Checkout existing branch for patch release
+      if: ${{ env.PATCH_VERSION != '0' }}
      run: |
-        echo "Checking out branch $BRANCH_NAME for release $PROWLER_VERSION..."
+        echo "Patch release detected, checking out existing branch $BRANCH_NAME..."
        if git show-ref --verify --quiet "refs/heads/$BRANCH_NAME"; then
          echo "Branch $BRANCH_NAME exists locally, checking out..."
          git checkout "$BRANCH_NAME"
@@ -82,66 +89,139 @@ jobs:
          echo "Branch $BRANCH_NAME exists remotely, checking out..."
          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
        else
-          echo "ERROR: Branch $BRANCH_NAME does not exist. For minor releases (X.Y.0), create it manually first. For patch releases (X.Y.Z), the branch should already exist."
+          echo "ERROR: Branch $BRANCH_NAME should exist for patch release $PROWLER_VERSION"
          exit 1
        fi

-    - name: Read changelog versions from release branch
+    - name: Verify version in pyproject.toml
      run: |
-        # Function to extract the latest version from changelog
-        extract_latest_version() {
-          local changelog_file="$1"
-          if [ -f "$changelog_file" ]; then
-            # Extract the first version entry (most recent) from changelog
-            # Format: ## [version] (1.2.3) or ## [vversion] (v1.2.3)
-            local version=$(grep -m 1 '^## \[' "$changelog_file" | sed 's/^## \[\(.*\)\].*/\1/' | sed 's/^v//' | tr -d '[:space:]')
-            echo "$version"
-          else
-            echo ""
-          fi
-        }
+        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
+        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
+        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
+          echo "ERROR: Version mismatch in pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
+          exit 1
+        fi
+        echo "✓ pyproject.toml version: $CURRENT_VERSION"

-        # Read actual versions from changelogs (source of truth)
-        UI_VERSION=$(extract_latest_version "ui/CHANGELOG.md")
-        API_VERSION=$(extract_latest_version "api/CHANGELOG.md")
-        SDK_VERSION=$(extract_latest_version "prowler/CHANGELOG.md")
-        MCP_VERSION=$(extract_latest_version "mcp_server/CHANGELOG.md")
+    - name: Verify version in prowler/config/config.py
+      run: |
+        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
+        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
+        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
+          echo "ERROR: Version mismatch in prowler/config/config.py (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
+          exit 1
+        fi
+        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"

-        echo "UI_VERSION=${UI_VERSION}" >> "${GITHUB_ENV}"
-        echo "API_VERSION=${API_VERSION}" >> "${GITHUB_ENV}"
-        echo "SDK_VERSION=${SDK_VERSION}" >> "${GITHUB_ENV}"
-        echo "MCP_VERSION=${MCP_VERSION}" >> "${GITHUB_ENV}"
+    - name: Verify version in api/pyproject.toml
+      run: |
+        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
+        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
+        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
+          echo "ERROR: API version mismatch in api/pyproject.toml (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
+          exit 1
+        fi
+        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"

-        if [ -n "$UI_VERSION" ]; then
-          echo "Read UI version from changelog: $UI_VERSION"
+    - name: Verify prowler dependency in api/pyproject.toml
+      if: ${{ env.PATCH_VERSION != '0' }}
+      run: |
+        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
+        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
+        if [ "$CURRENT_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
+          echo "ERROR: Prowler dependency mismatch in api/pyproject.toml (expected: '$BRANCH_NAME_TRIMMED', found: '$CURRENT_PROWLER_REF')"
+          exit 1
+        fi
+        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
+
+    - name: Verify version in api/src/backend/api/v1/views.py
+      run: |
+        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
+        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
+        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
+          echo "ERROR: API version mismatch in views.py (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
+          exit 1
+        fi
+        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
+
+    - name: Checkout existing release branch for minor release
+      if: ${{ env.PATCH_VERSION == '0' }}
+      run: |
+        echo "Minor release detected (patch = 0), checking out existing branch $BRANCH_NAME..."
+        if git show-ref --verify --quiet "refs/remotes/origin/$BRANCH_NAME"; then
+          echo "Branch $BRANCH_NAME exists remotely, checking out..."
+          git checkout -b "$BRANCH_NAME" "origin/$BRANCH_NAME"
        else
-          echo "Warning: No UI version found in ui/CHANGELOG.md"
+          echo "ERROR: Branch $BRANCH_NAME should exist for minor release $PROWLER_VERSION. Please create it manually first."
+          exit 1
        fi

-        if [ -n "$API_VERSION" ]; then
-          echo "Read API version from changelog: $API_VERSION"
-        else
-          echo "Warning: No API version found in api/CHANGELOG.md"
+    - name: Prepare prowler dependency update for minor release
+      if: ${{ env.PATCH_VERSION == '0' }}
+      run: |
+        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
+        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
+
+        # Create a temporary branch for the PR
+        TEMP_BRANCH="update-api-dependency-$BRANCH_NAME_TRIMMED-$(date +%s)"
+        echo "TEMP_BRANCH=$TEMP_BRANCH" >> $GITHUB_ENV
+
+        # Switch back to master and create temp branch
+        git checkout master
+        git checkout -b "$TEMP_BRANCH"
+
+        # Minor release: update the dependency to use the release branch
+        echo "Updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
+        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
+
+        # Verify the change was made
+        UPDATED_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
+        if [ "$UPDATED_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
+          echo "ERROR: Failed to update prowler dependency in api/pyproject.toml"
+          exit 1
        fi

-        if [ -n "$SDK_VERSION" ]; then
-          echo "Read SDK version from changelog: $SDK_VERSION"
-        else
-          echo "Warning: No SDK version found in prowler/CHANGELOG.md"
-        fi
+        # Update poetry lock file
+        echo "Updating poetry.lock file..."
+        cd api
+        poetry lock
+        cd ..

-        if [ -n "$MCP_VERSION" ]; then
-          echo "Read MCP version from changelog: $MCP_VERSION"
-        else
-          echo "Warning: No MCP version found in mcp_server/CHANGELOG.md"
-        fi
+        # Commit and push the temporary branch
+        git add api/pyproject.toml api/poetry.lock
+        git commit -m "chore(api): update prowler dependency to $BRANCH_NAME_TRIMMED for release $PROWLER_VERSION"
+        git push origin "$TEMP_BRANCH"

-        echo "UI version: $UI_VERSION"
-        echo "API version: $API_VERSION"
-        echo "SDK version: $SDK_VERSION"
-        echo "MCP version: $MCP_VERSION"
+        echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"

-    - name: Extract and combine changelog entries
+    - name: Create Pull Request against release branch
+      if: ${{ env.PATCH_VERSION == '0' }}
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+      with:
+        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+        branch: ${{ env.TEMP_BRANCH }}
+        base: ${{ env.BRANCH_NAME }}
+        title: "chore(api): Update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}"
+        body: |
+          ### Description
+
+          Updates the API prowler dependency for release ${{ env.PROWLER_VERSION }}.
+
+          **Changes:**
+          - Updates `api/pyproject.toml` prowler dependency from `@master` to `@${{ env.BRANCH_NAME }}`
+          - Updates `api/poetry.lock` file with resolved dependencies
+
+          This PR should be merged into the `${{ env.BRANCH_NAME }}` release branch.
+
+          ### License
+
+          By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+        author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+        labels: |
+          component/api
+          no-changelog
+
+    - name: Extract changelog entries
      run: |
        set -e

@@ -167,232 +247,54 @@ jobs:
          # Remove --- separators
          sed -i '/^---$/d' "$output_file"

-          # Remove only trailing empty lines (not all empty lines)
-          sed -i -e :a -e '/^\s*$/d;N;ba' "$output_file"
+          # Remove trailing empty lines
+          sed -i '/^$/d' "$output_file"
        }

-        # Calculate expected versions for this release
-        if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-          EXPECTED_UI_VERSION="1.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}"
-          EXPECTED_API_VERSION="1.$((${BASH_REMATCH[2]} + 1)).${BASH_REMATCH[3]}"
+        # Extract changelogs
+        echo "Extracting changelog entries..."
+        extract_changelog "prowler/CHANGELOG.md" "$PROWLER_VERSION" "prowler_changelog.md"
+        extract_changelog "api/CHANGELOG.md" "$API_VERSION" "api_changelog.md"
+        extract_changelog "ui/CHANGELOG.md" "$UI_VERSION" "ui_changelog.md"

-          echo "Expected UI version for this release: $EXPECTED_UI_VERSION"
-          echo "Expected API version for this release: $EXPECTED_API_VERSION"
-        fi
-
-        # Determine if components have changes for this specific release
-        # UI has changes if its current version matches what we expect for this release
-        if [ -n "$UI_VERSION" ] && [ "$UI_VERSION" = "$EXPECTED_UI_VERSION" ]; then
-          echo "HAS_UI_CHANGES=true" >> $GITHUB_ENV
-          echo "✓ UI changes detected - version matches expected: $UI_VERSION"
-          extract_changelog "ui/CHANGELOG.md" "$UI_VERSION" "ui_changelog.md"
-        else
-          echo "HAS_UI_CHANGES=false" >> $GITHUB_ENV
-          echo "ℹ No UI changes for this release (current: $UI_VERSION, expected: $EXPECTED_UI_VERSION)"
-          touch "ui_changelog.md"
-        fi
-
-        # API has changes if its current version matches what we expect for this release
-        if [ -n "$API_VERSION" ] && [ "$API_VERSION" = "$EXPECTED_API_VERSION" ]; then
-          echo "HAS_API_CHANGES=true" >> $GITHUB_ENV
-          echo "✓ API changes detected - version matches expected: $API_VERSION"
-          extract_changelog "api/CHANGELOG.md" "$API_VERSION" "api_changelog.md"
-        else
-          echo "HAS_API_CHANGES=false" >> $GITHUB_ENV
-          echo "ℹ No API changes for this release (current: $API_VERSION, expected: $EXPECTED_API_VERSION)"
-          touch "api_changelog.md"
-        fi
-
-        # SDK has changes if its current version matches the input version
-        if [ -n "$SDK_VERSION" ] && [ "$SDK_VERSION" = "$PROWLER_VERSION" ]; then
-          echo "HAS_SDK_CHANGES=true" >> $GITHUB_ENV
-          echo "✓ SDK changes detected - version matches input: $SDK_VERSION"
-          extract_changelog "prowler/CHANGELOG.md" "$PROWLER_VERSION" "prowler_changelog.md"
-        else
-          echo "HAS_SDK_CHANGES=false" >> $GITHUB_ENV
-          echo "ℹ No SDK changes for this release (current: $SDK_VERSION, input: $PROWLER_VERSION)"
-          touch "prowler_changelog.md"
-        fi
-
-        # MCP has changes if the changelog references this Prowler version
-        # Check if the changelog contains "(Prowler X.Y.Z)" or "(Prowler UNRELEASED)"
-        if [ -f "mcp_server/CHANGELOG.md" ]; then
-          MCP_PROWLER_REF=$(grep -m 1 "^## \[.*\] (Prowler" mcp_server/CHANGELOG.md | sed -E 's/.*\(Prowler ([^)]+)\).*/\1/' | tr -d '[:space:]')
-          if [ "$MCP_PROWLER_REF" = "$PROWLER_VERSION" ] || [ "$MCP_PROWLER_REF" = "UNRELEASED" ]; then
-            echo "HAS_MCP_CHANGES=true" >> $GITHUB_ENV
-            echo "✓ MCP changes detected - Prowler reference: $MCP_PROWLER_REF (version: $MCP_VERSION)"
-            extract_changelog "mcp_server/CHANGELOG.md" "$MCP_VERSION" "mcp_changelog.md"
-          else
-            echo "HAS_MCP_CHANGES=false" >> $GITHUB_ENV
-            echo "ℹ No MCP changes for this release (Prowler reference: $MCP_PROWLER_REF, input: $PROWLER_VERSION)"
-            touch "mcp_changelog.md"
-          fi
-        else
-          echo "HAS_MCP_CHANGES=false" >> $GITHUB_ENV
-          echo "ℹ No MCP changelog found"
-          touch "mcp_changelog.md"
-        fi
-
-        # Combine changelogs in order: UI, API, SDK, MCP
+        # Combine changelogs in order: UI, API, SDK
        > combined_changelog.md

-        if [ "$HAS_UI_CHANGES" = "true" ] && [ -s "ui_changelog.md" ]; then
+        if [ -s "ui_changelog.md" ]; then
          echo "## UI" >> combined_changelog.md
          echo "" >> combined_changelog.md
          cat ui_changelog.md >> combined_changelog.md
          echo "" >> combined_changelog.md
        fi

-        if [ "$HAS_API_CHANGES" = "true" ] && [ -s "api_changelog.md" ]; then
+        if [ -s "api_changelog.md" ]; then
          echo "## API" >> combined_changelog.md
          echo "" >> combined_changelog.md
          cat api_changelog.md >> combined_changelog.md
          echo "" >> combined_changelog.md
        fi

-        if [ "$HAS_SDK_CHANGES" = "true" ] && [ -s "prowler_changelog.md" ]; then
+        if [ -s "prowler_changelog.md" ]; then
          echo "## SDK" >> combined_changelog.md
          echo "" >> combined_changelog.md
          cat prowler_changelog.md >> combined_changelog.md
          echo "" >> combined_changelog.md
        fi

-        if [ "$HAS_MCP_CHANGES" = "true" ] && [ -s "mcp_changelog.md" ]; then
-          echo "## MCP" >> combined_changelog.md
-          echo "" >> combined_changelog.md
-          cat mcp_changelog.md >> combined_changelog.md
-          echo "" >> combined_changelog.md
-        fi
-
-        # Add fallback message if no changelogs were added
-        if [ ! -s combined_changelog.md ]; then
-          echo "No component changes detected for this release." >> combined_changelog.md
-        fi
-
        echo "Combined changelog preview:"
        cat combined_changelog.md

-    - name: Verify SDK version in pyproject.toml
-      run: |
-        CURRENT_VERSION=$(grep '^version = ' pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in pyproject.toml (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ pyproject.toml version: $CURRENT_VERSION"
-
-    - name: Verify SDK version in prowler/config/config.py
-      run: |
-        CURRENT_VERSION=$(grep '^prowler_version = ' prowler/config/config.py | sed -E 's/prowler_version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        PROWLER_VERSION_TRIMMED=$(echo "$PROWLER_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_VERSION" != "$PROWLER_VERSION_TRIMMED" ]; then
-          echo "ERROR: Version mismatch in prowler/config/config.py (expected: '$PROWLER_VERSION_TRIMMED', found: '$CURRENT_VERSION')"
-          exit 1
-        fi
-        echo "✓ prowler/config/config.py version: $CURRENT_VERSION"
-
-    - name: Verify API version in api/pyproject.toml
-      if: ${{ env.HAS_API_CHANGES == 'true' }}
-      run: |
-        CURRENT_API_VERSION=$(grep '^version = ' api/pyproject.toml | sed -E 's/version = "([^"]+)"/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in api/pyproject.toml (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml version: $CURRENT_API_VERSION"
-
-    - name: Verify API prowler dependency in api/pyproject.toml
-      if: ${{ env.PATCH_VERSION != '0' && env.HAS_API_CHANGES == 'true' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-        if [ "$CURRENT_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Prowler dependency mismatch in api/pyproject.toml (expected: '$BRANCH_NAME_TRIMMED', found: '$CURRENT_PROWLER_REF')"
-          exit 1
-        fi
-        echo "✓ api/pyproject.toml prowler dependency: $CURRENT_PROWLER_REF"
-
-    - name: Verify API version in api/src/backend/api/v1/views.py
-      if: ${{ env.HAS_API_CHANGES == 'true' }}
-      run: |
-        CURRENT_API_VERSION=$(grep 'spectacular_settings.VERSION = ' api/src/backend/api/v1/views.py | sed -E 's/.*spectacular_settings.VERSION = "([^"]+)".*/\1/' | tr -d '[:space:]')
-        API_VERSION_TRIMMED=$(echo "$API_VERSION" | tr -d '[:space:]')
-        if [ "$CURRENT_API_VERSION" != "$API_VERSION_TRIMMED" ]; then
-          echo "ERROR: API version mismatch in views.py (expected: '$API_VERSION_TRIMMED', found: '$CURRENT_API_VERSION')"
-          exit 1
-        fi
-        echo "✓ api/src/backend/api/v1/views.py version: $CURRENT_API_VERSION"
-
-    - name: Update API prowler dependency for minor release
-      if: ${{ env.PATCH_VERSION == '0' }}
-      run: |
-        CURRENT_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        BRANCH_NAME_TRIMMED=$(echo "$BRANCH_NAME" | tr -d '[:space:]')
-
-        # Minor release: update the dependency to use the release branch
-        echo "Updating prowler dependency from '$CURRENT_PROWLER_REF' to '$BRANCH_NAME_TRIMMED'"
-        sed -i "s|prowler @ git+https://github.com/prowler-cloud/prowler.git@[^\"]*\"|prowler @ git+https://github.com/prowler-cloud/prowler.git@$BRANCH_NAME_TRIMMED\"|" api/pyproject.toml
-
-        # Verify the change was made
-        UPDATED_PROWLER_REF=$(grep 'prowler @ git+https://github.com/prowler-cloud/prowler.git@' api/pyproject.toml | sed -E 's/.*@([^"]+)".*/\1/' | tr -d '[:space:]')
-        if [ "$UPDATED_PROWLER_REF" != "$BRANCH_NAME_TRIMMED" ]; then
-          echo "ERROR: Failed to update prowler dependency in api/pyproject.toml"
-          exit 1
-        fi
-
-        # Update poetry lock file
-        echo "Updating poetry.lock file..."
-        cd api
-        poetry lock
-        cd ..
-
-        echo "✓ Prepared prowler dependency update to: $UPDATED_PROWLER_REF"
-
-    - name: Create PR for API dependency update
-      if: ${{ env.PATCH_VERSION == '0' }}
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-      with:
-        token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-        commit-message: 'chore(api): update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}'
-        branch: update-api-dependency-${{ env.BRANCH_NAME }}-${{ github.run_number }}
-        base: ${{ env.BRANCH_NAME }}
-        add-paths: |
-          api/pyproject.toml
-          api/poetry.lock
-        title: "chore(api): Update prowler dependency to ${{ env.BRANCH_NAME }} for release ${{ env.PROWLER_VERSION }}"
-        body: |
-          ### Description
-
-          Updates the API prowler dependency for release ${{ env.PROWLER_VERSION }}.
-
-          **Changes:**
-          - Updates `api/pyproject.toml` prowler dependency from `@master` to `@${{ env.BRANCH_NAME }}`
-          - Updates `api/poetry.lock` file with resolved dependencies
-
-          This PR should be merged into the `${{ env.BRANCH_NAME }}` release branch.
-
-          ### License
-
-          By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-        author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-        labels: |
-          component/api
-          no-changelog
-
    - name: Create draft release
-      uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+      uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
      with:
        tag_name: ${{ env.PROWLER_VERSION }}
        name: Prowler ${{ env.PROWLER_VERSION }}
        body_path: combined_changelog.md
        draft: true
-        target_commitish: ${{ env.BRANCH_NAME }}
+        target_commitish: ${{ env.PATCH_VERSION == '0' && 'master' || env.BRANCH_NAME }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Clean up temporary files
-      if: always()
      run: |
-        rm -f prowler_changelog.md api_changelog.md ui_changelog.md mcp_changelog.md combined_changelog.md
+        rm -f prowler_changelog.md api_changelog.md ui_changelog.md combined_changelog.md
@@ -0,0 +1,77 @@
+name: Prowler - Check Changelog
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+jobs:
+  check-changelog:
+    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    env:
+      MONITORED_FOLDERS: "api ui prowler dashboard"
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Get list of changed files
+        id: changed_files
+        run: |
+          git fetch origin ${{ github.base_ref }}
+          git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt
+          cat changed_files.txt
+
+      - name: Check for folder changes and changelog presence
+        id: check_folders
+        run: |
+          missing_changelogs=""
+
+          for folder in $MONITORED_FOLDERS; do
+            if grep -q "^${folder}/" changed_files.txt; then
+              echo "Detected changes in ${folder}/"
+              if ! grep -q "^${folder}/CHANGELOG.md$" changed_files.txt; then
+                echo "No changelog update found for ${folder}/"
+                missing_changelogs="${missing_changelogs}- \`${folder}\`\n"
+              fi
+            fi
+          done
+
+          echo "missing_changelogs<<EOF" >> $GITHUB_OUTPUT
+          echo -e "${missing_changelogs}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Find existing changelog comment
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        id: find_comment
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e #v3.1.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: '<!-- changelog-check -->'
+
+      - name: Update PR comment with changelog status
+        if: github.event.pull_request.head.repo.full_name == github.repository
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.find_comment.outputs.comment-id }}
+          edit-mode: replace
+          body: |
+            <!-- changelog-check -->
+            ${{ steps.check_folders.outputs.missing_changelogs != '' && format('⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
+
+            {0}
+
+            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.', steps.check_folders.outputs.missing_changelogs) || '✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉' }}
+
+      - name: Fail if changelog is missing
+        if: steps.check_folders.outputs.missing_changelogs != ''
+        run: |
+          echo "ERROR: Missing changelog updates in some folders."
+          exit 1
@@ -1,32 +1,28 @@
-name: 'Tools: PR Merged'
+name: Prowler - Merged Pull Request

 on:
  pull_request_target:
-    branches:
-      - 'master'
-    types:
-      - 'closed'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: false
+    branches: ['master']
+    types: ['closed']

 jobs:
  trigger-cloud-pull-request:
+    name: Trigger Cloud Pull Request
    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
    steps:
-      - name: Calculate short commit SHA
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
+
+      - name: Set short git commit SHA
        id: vars
        run: |
-          SHORT_SHA="${{ github.event.pull_request.merge_commit_sha }}"
-          echo "SHORT_SHA=${SHORT_SHA::7}" >> $GITHUB_ENV
+          shortSha=$(git rev-parse --short ${{ github.event.pull_request.merge_commit_sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV

-      - name: Trigger Cloud repository pull request
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
+      - name: Trigger pull request
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
        with:
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          repository: ${{ secrets.CLOUD_DISPATCH }}
@@ -35,12 +31,8 @@ jobs:
            {
              "PROWLER_COMMIT_SHA": "${{ github.event.pull_request.merge_commit_sha }}",
              "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-              "PROWLER_PR_NUMBER": "${{ github.event.pull_request.number }}",
              "PROWLER_PR_TITLE": ${{ toJson(github.event.pull_request.title) }},
              "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
              "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }},
-              "PROWLER_PR_MERGED_BY": "${{ github.event.pull_request.merged_by.login }}",
-              "PROWLER_PR_BASE_BRANCH": "${{ github.event.pull_request.base.ref }}",
-              "PROWLER_PR_HEAD_BRANCH": "${{ github.event.pull_request.head.ref }}"
+              "PROWLER_PR_URL": ${{ toJson(github.event.pull_request.html_url) }}
            }
@@ -0,0 +1,202 @@
+name: SDK - Build and Push containers
+
+on:
+  push:
+    branches:
+      # For `v3-latest`
+      - "v3"
+      # For `v4-latest`
+      - "v4.6"
+      # For `latest`
+      - "master"
+    paths-ignore:
+      - ".github/**"
+      - "README.md"
+      - "docs/**"
+      - "ui/**"
+      - "api/**"
+
+  release:
+    types: [published]
+
+env:
+  # AWS Configuration
+  AWS_REGION_STG: eu-west-1
+  AWS_REGION_PLATFORM: eu-west-1
+  AWS_REGION: us-east-1
+
+  # Container's configuration
+  IMAGE_NAME: prowler
+  DOCKERFILE_PATH: ./Dockerfile
+
+  # Tags
+  LATEST_TAG: latest
+  STABLE_TAG: stable
+  # The RELEASE_TAG is set during runtime in releases
+  RELEASE_TAG: ""
+  # The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
+  PROWLER_VERSION: ""
+  PROWLER_VERSION_MAJOR: ""
+  # TEMPORARY_TAG: temporary
+
+  # Python configuration
+  PYTHON_VERSION: 3.12
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
+
+jobs:
+  # Build Prowler OSS container
+  container-build-push:
+    # needs: dockerfile-linter
+    runs-on: ubuntu-latest
+    outputs:
+      prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
+      prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install Poetry
+        run: |
+          pipx install poetry==2.*
+          pipx inject poetry poetry-bumpversion
+
+      - name: Get Prowler version
+        id: get-prowler-version
+        run: |
+          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
+
+          # Store prowler version major just for the release
+          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
+          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
+
+          case ${PROWLER_VERSION_MAJOR} in
+          3)
+              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
+              ;;
+
+
+          4)
+              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
+              ;;
+
+          5)
+              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
+              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
+              ;;
+
+          *)
+              # Fallback if any other version is present
+              echo "Releasing another Prowler major version, aborting..."
+              exit 1
+              ;;
+          esac
+
+      - name: Login to DockerHub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: public.ecr.aws
+          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
+        env:
+          AWS_REGION: ${{ env.AWS_REGION }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          # Use local context to get changes
+          # https://github.com/docker/build-push-action#path-context
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
+            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          file: ${{ env.DOCKERFILE_PATH }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+#      - name: Push README to Docker Hub (toniblyx)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}
+#          readme-filepath: ./README.md
+#
+#      - name: Push README to Docker Hub (prowlercloud)
+#        uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_TOKEN }}
+#          repository: ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}
+#          readme-filepath: ./README.md
+
+  dispatch-action:
+    needs: container-build-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get latest commit info (latest)
+        if: github.event_name == 'push'
+        run: |
+          LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
+          echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
+
+      - name: Dispatch event (latest)
+        if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
+
+      - name: Dispatch event (release)
+        if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
+        run: |
+          curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            --data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
@@ -1,218 +1,146 @@
-name: 'SDK: Bump Version'
+name: SDK - Bump Version

 on:
  release:
-    types:
-      - 'published'
+    types: [published]

-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false

 env:
  PROWLER_VERSION: ${{ github.event.release.tag_name }}
  BASE_BRANCH: master

 jobs:
-  detect-release-type:
+  bump-version:
+    name: Bump Version
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-    outputs:
-      is_minor: ${{ steps.detect.outputs.is_minor }}
-      is_patch: ${{ steps.detect.outputs.is_patch }}
-      major_version: ${{ steps.detect.outputs.major_version }}
-      minor_version: ${{ steps.detect.outputs.minor_version }}
-      patch_version: ${{ steps.detect.outputs.patch_version }}
    steps:
-      - name: Detect release type and parse version
-        id: detect
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Prowler version
+        shell: bash
        run: |
          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
            MAJOR_VERSION=${BASH_REMATCH[1]}
            MINOR_VERSION=${BASH_REMATCH[2]}
-            PATCH_VERSION=${BASH_REMATCH[3]}
+            FIX_VERSION=${BASH_REMATCH[3]}

-            echo "major_version=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "minor_version=${MINOR_VERSION}" >> "${GITHUB_OUTPUT}"
-            echo "patch_version=${PATCH_VERSION}" >> "${GITHUB_OUTPUT}"
+            # Export version components to GitHub environment
+            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"

-            if (( MAJOR_VERSION != 5 )); then
-              echo "::error::Releasing another Prowler major version, aborting..."
-              exit 1
-            fi
+            if (( MAJOR_VERSION == 5 )); then
+                if (( FIX_VERSION == 0 )); then
+                  echo "Minor Release: $PROWLER_VERSION"

-            if (( PATCH_VERSION == 0 )); then
-              echo "is_minor=true" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=false" >> "${GITHUB_OUTPUT}"
-              echo "✓ Minor release detected: $PROWLER_VERSION"
+                  # Set up next minor version for master
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=${BASE_BRANCH}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  # Set up patch version for version branch
+                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
+                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
+                else
+                  echo "Patch Release: $PROWLER_VERSION"
+
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                fi
            else
-              echo "is_minor=false" >> "${GITHUB_OUTPUT}"
-              echo "is_patch=true" >> "${GITHUB_OUTPUT}"
-              echo "✓ Patch release detected: $PROWLER_VERSION"
+                echo "Releasing another Prowler major version, aborting..."
+                exit 1
            fi
          else
-            echo "::error::Invalid version syntax: '$PROWLER_VERSION' (must be X.Y.Z)"
+            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
            exit 1
          fi

-  bump-minor-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_minor == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next minor version
+      - name: Bump versions in files
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"

-          NEXT_MINOR_VERSION=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).0
-          echo "NEXT_MINOR_VERSION=${NEXT_MINOR_VERSION}" >> "${GITHUB_ENV}"
+            set -e

-          echo "Current version: $PROWLER_VERSION"
-          echo "Next minor version: $NEXT_MINOR_VERSION"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml

-      - name: Bump versions in files for master
-        run: |
-          set -e
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_MINOR_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_MINOR_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_MINOR_VERSION}|" .env
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env

-          echo "Files modified:"
-          git --no-pager diff
+            git --no-pager diff

-      - name: Create PR for next minor version to master
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: master
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_MINOR_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_MINOR_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.TARGET_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.NEXT_MINOR_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

-      - name: Checkout version branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: v${{ needs.detect-release-type.outputs.major_version }}.${{ needs.detect-release-type.outputs.minor_version }}
-
-      - name: Calculate first patch version
+      - name: Handle patch version for minor release
+        if: env.FIX_VERSION == '0'
        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"

-          FIRST_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.1
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+            set -e

-          echo "FIRST_PATCH_VERSION=${FIRST_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml

-          echo "First patch version: $FIRST_PATCH_VERSION"
-          echo "Version branch: $VERSION_BRANCH"
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py

-      - name: Bump versions in files for version branch
-        run: |
-          set -e
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env

-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${FIRST_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${FIRST_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${FIRST_PATCH_VERSION}|" .env
+            git --no-pager diff

-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for first patch version to version branch
+      - name: Create Pull Request for patch version
+        if: env.FIX_VERSION == '0'
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.FIRST_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.FIRST_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.VERSION_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            labels: no-changelog
+            body: |
+              ### Description

-            Bump Prowler version to v${{ env.FIRST_PATCH_VERSION }} in version branch after releasing v${{ env.PROWLER_VERSION }}.
+              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}

-            ### License
+              ### License

-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-  bump-patch-version:
-    needs: detect-release-type
-    if: needs.detect-release-type.outputs.is_patch == 'true'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Calculate next patch version
-        run: |
-          MAJOR_VERSION=${{ needs.detect-release-type.outputs.major_version }}
-          MINOR_VERSION=${{ needs.detect-release-type.outputs.minor_version }}
-          PATCH_VERSION=${{ needs.detect-release-type.outputs.patch_version }}
-
-          NEXT_PATCH_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.$((PATCH_VERSION + 1))
-          VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-
-          echo "NEXT_PATCH_VERSION=${NEXT_PATCH_VERSION}" >> "${GITHUB_ENV}"
-          echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-          echo "Current version: $PROWLER_VERSION"
-          echo "Next patch version: $NEXT_PATCH_VERSION"
-          echo "Target branch: $VERSION_BRANCH"
-
-      - name: Bump versions in files for version branch
-        run: |
-          set -e
-
-          sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${NEXT_PATCH_VERSION}\"|" pyproject.toml
-          sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${NEXT_PATCH_VERSION}\"|" prowler/config/config.py
-          sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${NEXT_PATCH_VERSION}|" .env
-
-          echo "Files modified:"
-          git --no-pager diff
-
-      - name: Create PR for next patch version to version branch
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          base: ${{ env.VERSION_BRANCH }}
-          commit-message: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          branch: version-bump-to-v${{ env.NEXT_PATCH_VERSION }}
-          title: 'chore(release): Bump version to v${{ env.NEXT_PATCH_VERSION }}'
-          labels: no-changelog
-          body: |
-            ### Description
-
-            Bump Prowler version to v${{ env.NEXT_PATCH_VERSION }} after releasing v${{ env.PROWLER_VERSION }}.
-
-            ### License
-
-            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -1,90 +0,0 @@
-name: 'SDK: Code Quality'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-code-quality:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: |
-          poetry install --no-root
-          poetry run pip list
-
-      - name: Check Poetry lock file
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry check --lock
-
-      - name: Lint with flake8
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
-
-      - name: Check format with black
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run black --exclude api ui --check .
-
-      - name: Lint with pylint
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
@@ -1,41 +1,44 @@
-name: 'SDK: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: SDK - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
-    paths:
-      - 'prowler/**'
-      - 'tests/**'
-      - 'pyproject.toml'
-      - '.github/workflows/sdk-codeql.yml'
-      - '.github/codeql/sdk-codeql-config.yml'
-      - '!prowler/CHANGELOG.md'
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+    paths-ignore:
+      - 'ui/**'
+      - 'api/**'
+      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
-  sdk-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -44,20 +47,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'python'
+        language: [ 'python' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - name: Checkout repository
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-        with:
-          languages: ${{ matrix.language }}
-          config-file: ./.github/codeql/sdk-codeql-config.yml
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/sdk-codeql-config.yml

-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
-        with:
-          category: '/language:${{ matrix.language }}'
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      with:
+        category: "/language:${{matrix.language}}"
@@ -1,217 +0,0 @@
-name: 'SDK: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'v3'      # For v3-latest
-      - 'v4.6'    # For v4-latest
-      - 'master'  # For latest
-    paths-ignore:
-      - '.github/**'
-      - '!.github/workflows/sdk-container-build-push.yml'
-      - 'README.md'
-      - 'docs/**'
-      - 'ui/**'
-      - 'api/**'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Container configuration
-  IMAGE_NAME: prowler
-  DOCKERFILE_PATH: ./Dockerfile
-
-  # Python configuration
-  PYTHON_VERSION: '3.12'
-
-  # Tags (dynamically set based on version)
-  LATEST_TAG: latest
-  STABLE_TAG: stable
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler
-
-  # AWS configuration (for ECR)
-  AWS_REGION: us-east-1
-
-jobs:
-  container-build-push:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-    permissions:
-      contents: read
-      packages: write
-    outputs:
-      prowler_version: ${{ steps.get-prowler-version.outputs.prowler_version }}
-      prowler_version_major: ${{ steps.get-prowler-version.outputs.prowler_version_major }}
-    env:
-      POETRY_VIRTUALENVS_CREATE: 'false'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        run: |
-          pipx install poetry==2.1.1
-          pipx inject poetry poetry-bumpversion
-
-      - name: Get Prowler version and set tags
-        id: get-prowler-version
-        run: |
-          PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
-          echo "prowler_version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
-
-          # Extract major version
-          PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
-          echo "prowler_version_major=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
-          echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
-
-          # Set version-specific tags
-          case ${PROWLER_VERSION_MAJOR} in
-            3)
-              echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v3 detected - tags: v3-latest, v3-stable"
-              ;;
-            4)
-              echo "LATEST_TAG=v4-latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=v4-stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v4 detected - tags: v4-latest, v4-stable"
-              ;;
-            5)
-              echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
-              echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
-              echo "✓ Prowler v5 detected - tags: latest, stable"
-              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${PROWLER_VERSION_MAJOR}"
-              exit 1
-              ;;
-          esac
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Public ECR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
-        env:
-          AWS_REGION: ${{ env.AWS_REGION }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push SDK container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push SDK container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          file: ${{ env.DOCKERFILE_PATH }}
-          push: true
-          tags: |
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
-            ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.PROWLER_VERSION }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: SDK
-          RELEASE_TAG: ${{ env.PROWLER_VERSION }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  dispatch-v3-deployment:
-    if: needs.container-build-push.outputs.prowler_version_major == '3'
-    needs: container-build-push
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Calculate short SHA
-        id: short-sha
-        run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-      - name: Dispatch v3 deployment (latest)
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"v3-latest","tag":"${{ steps.short-sha.outputs.short_sha }}"}'
-
-      - name: Dispatch v3 deployment (release)
-        if: github.event_name == 'release'
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}
-          event-type: dispatch
-          client-payload: '{"version":"release","tag":"${{ needs.container-build-push.outputs.prowler_version }}"}'
@@ -1,103 +0,0 @@
-name: 'SDK: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  IMAGE_NAME: prowler
-
-jobs:
-  sdk-dockerfile-lint:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: Dockerfile
-          ignore: DL3013
-
-  sdk-container-build-and-scan:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build SDK container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: .
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan SDK container with Trivy
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -0,0 +1,271 @@
+name: SDK - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+  pull_request:
+    branches:
+      - "master"
+      - "v3"
+      - "v4.*"
+      - "v5.*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Test if changes are in not ignored paths
+        id: are-non-ignored-files-changed
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: ./**
+          files_ignore: |
+            .github/**
+            docs/**
+            permissions/**
+            api/**
+            ui/**
+            prowler/CHANGELOG.md
+            README.md
+            mkdocs.yml
+            .backportrc.json
+            .env
+            docker-compose*
+            examples/**
+            .gitignore
+
+      - name: Install poetry
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          python -m pip install --upgrade pip
+          pipx install poetry==2.1.1
+
+      - name: Set up Python ${{ matrix.python-version }}
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry install --no-root
+          poetry run pip list
+          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
+            grep '"tag_name":' | \
+            sed -E 's/.*"v([^"]+)".*/\1/' \
+            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
+            && chmod +x /tmp/hadolint
+
+      - name: Poetry check
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry check --lock
+
+      - name: Lint with flake8
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api
+
+      - name: Checking format with black
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run black --exclude api ui --check .
+
+      - name: Lint with pylint
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
+
+      - name: Bandit
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
+
+      - name: Safety
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run safety check --ignore 70612 -r pyproject.toml
+
+      - name: Vulture
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
+
+      - name: Dockerfile - Check if Dockerfile has changed
+        id: dockerfile-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            Dockerfile
+
+      - name: Hadolint
+        if: steps.dockerfile-changed-files.outputs.any_changed == 'true'
+        run: |
+          /tmp/hadolint Dockerfile --ignore=DL3013
+
+      # Test AWS
+      - name: AWS - Check if any file has changed
+        id: aws-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/aws/**
+            ./tests/providers/aws/**
+            ./poetry.lock
+
+      - name: AWS - Test
+        if: steps.aws-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
+
+      # Test Azure
+      - name: Azure - Check if any file has changed
+        id: azure-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/azure/**
+            ./tests/providers/azure/**
+            ./poetry.lock
+
+      - name: Azure - Test
+        if: steps.azure-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
+
+      # Test GCP
+      - name: GCP - Check if any file has changed
+        id: gcp-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/gcp/**
+            ./tests/providers/gcp/**
+            ./poetry.lock
+
+      - name: GCP - Test
+        if: steps.gcp-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
+
+      # Test Kubernetes
+      - name: Kubernetes - Check if any file has changed
+        id: kubernetes-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/kubernetes/**
+            ./tests/providers/kubernetes/**
+            ./poetry.lock
+
+      - name: Kubernetes - Test
+        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
+
+      # Test GitHub
+      - name: GitHub - Check if any file has changed
+        id: github-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/github/**
+            ./tests/providers/github/**
+            ./poetry.lock
+
+      - name: GitHub - Test
+        if: steps.github-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
+
+      # Test NHN
+      - name: NHN - Check if any file has changed
+        id: nhn-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/nhn/**
+            ./tests/providers/nhn/**
+            ./poetry.lock
+
+      - name: NHN - Test
+        if: steps.nhn-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
+
+      # Test M365
+      - name: M365 - Check if any file has changed
+        id: m365-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/m365/**
+            ./tests/providers/m365/**
+            ./poetry.lock
+
+      - name: M365 - Test
+        if: steps.m365-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
+
+      # Test IaC
+      - name: IaC - Check if any file has changed
+        id: iac-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/iac/**
+            ./tests/providers/iac/**
+            ./poetry.lock
+
+      - name: IaC - Test
+        if: steps.iac-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
+
+      # Test MongoDB Atlas
+      - name: MongoDB Atlas - Check if any file has changed
+        id: mongodb-atlas-changed-files
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        with:
+          files: |
+            ./prowler/providers/mongodbatlas/**
+            ./tests/providers/mongodbatlas/**
+            .poetry.lock
+
+      - name: MongoDB Atlas - Test
+        if: steps.mongodb-atlas-changed-files.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodb_atlas_coverage.xml tests/providers/mongodbatlas
+
+      # Common Tests
+      - name: Lib - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
+
+      - name: Config - Test
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
+
+      # Codecov
+      - name: Upload coverage reports to Codecov
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          flags: prowler
+          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./github_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./lib_coverage.xml,./config_coverage.xml
@@ -1,119 +1,98 @@
-name: 'SDK: PyPI Release'
+name: SDK - PyPI release

 on:
  release:
-    types:
-      - 'published'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.release.tag_name }}
-  cancel-in-progress: false
+    types: [published]

 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  PYTHON_VERSION: '3.12'
+  PYTHON_VERSION: 3.11
+  # CACHE: "poetry"

 jobs:
-  validate-release:
-    if: github.repository == 'prowler-cloud/prowler'
+  repository-check:
+    name: Repository check
    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
    outputs:
-      prowler_version: ${{ steps.parse-version.outputs.version }}
-      major_version: ${{ steps.parse-version.outputs.major }}
-
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
    steps:
-      - name: Parse and validate version
-        id: parse-version
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  release-prowler-job:
+    runs-on: ubuntu-latest
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    env:
+      POETRY_VIRTUALENVS_CREATE: "false"
+    name: Release Prowler to PyPI
+    steps:
+      - name: Repository check
+        working-directory: /tmp
+        run: |
+              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
+                  echo "This action only runs for prowler-cloud/prowler"
+                  exit 1
+              fi
+
+      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
-          echo "version=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"

-          # Extract major version
-          MAJOR_VERSION="${PROWLER_VERSION%%.*}"
-          echo "major=${MAJOR_VERSION}" >> "${GITHUB_OUTPUT}"
-
-          # Validate major version
-          case ${MAJOR_VERSION} in
-            3|4|5)
-              echo "✓ Releasing Prowler v${MAJOR_VERSION} with tag ${PROWLER_VERSION}"
+          case ${PROWLER_VERSION%%.*} in
+          3)
+              echo "Releasing Prowler v3 with tag ${PROWLER_VERSION}"
              ;;
-            *)
-              echo "::error::Unsupported Prowler major version: ${MAJOR_VERSION}"
+          4)
+              echo "Releasing Prowler v4 with tag ${PROWLER_VERSION}"
+              ;;
+          5)
+              echo "Releasing Prowler v5 with tag ${PROWLER_VERSION}"
+              ;;
+          *)
+              echo "Releasing another Prowler major version, aborting..."
              exit 1
              ;;
          esac

-  publish-prowler:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler
-      url: https://pypi.org/project/prowler/${{ needs.validate-release.outputs.prowler_version }}/
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Install dependencies
+        run: |
+          pipx install poetry==2.1.1

-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - name: Setup Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
+          # cache: ${{ env.CACHE }}

      - name: Build Prowler package
-        run: poetry build
+        run: |
+          poetry build

      - name: Publish Prowler package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
-
-  publish-prowler-cloud:
-    needs: validate-release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-      id-token: write
-    environment:
-      name: pypi-prowler-cloud
-      url: https://pypi.org/project/prowler-cloud/${{ needs.validate-release.outputs.prowler_version }}/
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Install Poetry
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'poetry'
-
-      - name: Install toml package
-        run: pip install toml
-
-      - name: Replicate PyPI package for prowler-cloud
        run: |
-          rm -rf ./dist ./build prowler.egg-info
-          python util/replicate_pypi_package.py
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish

-      - name: Build prowler-cloud package
-        run: poetry build
+      - name: Replicate PyPI package
+        run: |
+          rm -rf ./dist && rm -rf ./build && rm -rf prowler.egg-info
+          pip install toml
+          python util/replicate_pypi_package.py
+          poetry build

      - name: Publish prowler-cloud package to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          print-hash: true
+        run: |
+          poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }}
+          poetry publish
@@ -1,90 +1,68 @@
-name: 'SDK: Refresh AWS Regions'
+# This is a basic workflow to help you get started with Actions
+
+name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: '0 9 * * 1' # Every Monday at 09:00 UTC
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}
-  cancel-in-progress: false
+    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday

 env:
-  PYTHON_VERSION: '3.12'
-  AWS_REGION: 'us-east-1'
+  GITHUB_BRANCH: "master"
+  AWS_REGION_DEV: us-east-1

+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  refresh-aws-regions:
-    if: github.repository == 'prowler-cloud/prowler'
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
    runs-on: ubuntu-latest
-    timeout-minutes: 15
    permissions:
      id-token: write
      pull-requests: write
      contents: write
-
+    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
-          ref: 'master'
+          ref: ${{ env.GITHUB_BRANCH }}

-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - name: setup python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: 'pip'
+          python-version: 3.9 #install the python needed

      - name: Install dependencies
-        run: pip install boto3
+        run: |
+          python -m pip install --upgrade pip
+          pip install boto3

-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+      - name: Configure AWS Credentials -- DEV
+        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
        with:
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
-          role-session-name: prowler-refresh-aws-regions
+          role-session-name: refresh-AWS-regions-dev

-      - name: Update AWS services regions
-        run: python util/update_aws_services_regions.py
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: python3 util/update_aws_services_regions.py

-      - name: Create pull request
-        id: create-pr
+      # Create pull request
+      - name: Create Pull Request
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
+          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          author: 'prowler-bot <179230569+prowler-bot@users.noreply.github.com>'
-          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
-          commit-message: 'feat(aws): update regions for AWS services'
-          branch: 'aws-regions-update-${{ github.run_number }}'
-          title: 'feat(aws): Update regions for AWS services'
-          labels: |
-            status/waiting-for-revision
-            severity/low
-            provider/aws
-            no-changelog
+          commit-message: "feat(regions_update): Update regions for AWS services"
+          branch: "aws-services-regions-updated-${{ github.sha }}"
+          labels: "status/waiting-for-revision, severity/low, provider/aws, no-changelog"
+          title: "chore(regions_update): Changes in regions for AWS services"
          body: |
            ### Description

-            Automated update of AWS service regions from the official AWS IP ranges.
-
-            **Trigger:** ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || github.event_name == 'workflow_dispatch' && 'Manual' || 'Workflow update' }}
-            **Run:** [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
-
-            ### Checklist
-
-            - [x] This is an automated update from AWS official sources
-            - [x] No manual review of region data required
+            This PR updates the regions for AWS services.

            ### License

            By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: PR creation result
-        run: |
-          if [[ "${{ steps.create-pr.outputs.pull-request-number }}" ]]; then
-            echo "✓ Pull request #${{ steps.create-pr.outputs.pull-request-number }} created successfully"
-            echo "URL: ${{ steps.create-pr.outputs.pull-request-url }}"
-          else
-            echo "✓ No changes detected - AWS regions are up to date"
-          fi
@@ -1,77 +0,0 @@
-name: 'SDK: Security'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-security-scans:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python 3.12
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: '3.12'
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      - name: Security scan with Bandit
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run bandit -q -lll -x '*_test.py,./contrib/,./api/,./ui' -r .
-
-      - name: Security scan with Safety
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run safety check --ignore 70612 -r pyproject.toml
-
-      - name: Dead code detection with Vulture
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry run vulture --exclude "contrib,api,ui" --min-confidence 100 .
@@ -1,360 +0,0 @@
-name: 'SDK: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  sdk-tests:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    permissions:
-      contents: read
-    strategy:
-      matrix:
-        python-version:
-          - '3.9'
-          - '3.10'
-          - '3.11'
-          - '3.12'
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for SDK changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ./**
-          files_ignore: |
-            .github/**
-            prowler/CHANGELOG.md
-            docs/**
-            permissions/**
-            api/**
-            ui/**
-            dashboard/**
-            mcp_server/**
-            README.md
-            mkdocs.yml
-            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore
-            contrib/**
-
-      - name: Install Poetry
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: pipx install poetry==2.1.1
-
-      - name: Set up Python ${{ matrix.python-version }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: poetry install --no-root
-
-      # AWS Provider
-      - name: Check if AWS files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-aws
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/aws/**
-            ./tests/**/aws/**
-            ./poetry.lock
-
-      - name: Run AWS tests
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
-
-      - name: Upload AWS coverage to Codecov
-        if: steps.changed-aws.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-aws
-          files: ./aws_coverage.xml
-
-      # Azure Provider
-      - name: Check if Azure files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-azure
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/azure/**
-            ./tests/**/azure/**
-            ./poetry.lock
-
-      - name: Run Azure tests
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
-
-      - name: Upload Azure coverage to Codecov
-        if: steps.changed-azure.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-azure
-          files: ./azure_coverage.xml
-
-      # GCP Provider
-      - name: Check if GCP files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-gcp
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/gcp/**
-            ./tests/**/gcp/**
-            ./poetry.lock
-
-      - name: Run GCP tests
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
-
-      - name: Upload GCP coverage to Codecov
-        if: steps.changed-gcp.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-gcp
-          files: ./gcp_coverage.xml
-
-      # Kubernetes Provider
-      - name: Check if Kubernetes files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-kubernetes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/kubernetes/**
-            ./tests/**/kubernetes/**
-            ./poetry.lock
-
-      - name: Run Kubernetes tests
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
-
-      - name: Upload Kubernetes coverage to Codecov
-        if: steps.changed-kubernetes.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-kubernetes
-          files: ./kubernetes_coverage.xml
-
-      # GitHub Provider
-      - name: Check if GitHub files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-github
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/github/**
-            ./tests/**/github/**
-            ./poetry.lock
-
-      - name: Run GitHub tests
-        if: steps.changed-github.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
-
-      - name: Upload GitHub coverage to Codecov
-        if: steps.changed-github.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-github
-          files: ./github_coverage.xml
-
-      # NHN Provider
-      - name: Check if NHN files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-nhn
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/nhn/**
-            ./tests/**/nhn/**
-            ./poetry.lock
-
-      - name: Run NHN tests
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
-
-      - name: Upload NHN coverage to Codecov
-        if: steps.changed-nhn.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-nhn
-          files: ./nhn_coverage.xml
-
-      # M365 Provider
-      - name: Check if M365 files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-m365
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/m365/**
-            ./tests/**/m365/**
-            ./poetry.lock
-
-      - name: Run M365 tests
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
-
-      - name: Upload M365 coverage to Codecov
-        if: steps.changed-m365.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-m365
-          files: ./m365_coverage.xml
-
-      # IaC Provider
-      - name: Check if IaC files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-iac
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/iac/**
-            ./tests/**/iac/**
-            ./poetry.lock
-
-      - name: Run IaC tests
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/iac --cov-report=xml:iac_coverage.xml tests/providers/iac
-
-      - name: Upload IaC coverage to Codecov
-        if: steps.changed-iac.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-iac
-          files: ./iac_coverage.xml
-
-      # MongoDB Atlas Provider
-      - name: Check if MongoDB Atlas files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-mongodbatlas
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/mongodbatlas/**
-            ./tests/**/mongodbatlas/**
-            ./poetry.lock
-
-      - name: Run MongoDB Atlas tests
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/mongodbatlas --cov-report=xml:mongodbatlas_coverage.xml tests/providers/mongodbatlas
-
-      - name: Upload MongoDB Atlas coverage to Codecov
-        if: steps.changed-mongodbatlas.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-mongodbatlas
-          files: ./mongodbatlas_coverage.xml
-
-      # OCI Provider
-      - name: Check if OCI files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-oraclecloud
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/**/oraclecloud/**
-            ./tests/**/oraclecloud/**
-            ./poetry.lock
-
-      - name: Run OCI tests
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/providers/oraclecloud --cov-report=xml:oraclecloud_coverage.xml tests/providers/oraclecloud
-
-      - name: Upload OCI coverage to Codecov
-        if: steps.changed-oraclecloud.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-oraclecloud
-          files: ./oraclecloud_coverage.xml
-
-      # Lib
-      - name: Check if Lib files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-lib
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/lib/**
-            ./tests/lib/**
-            ./poetry.lock
-
-      - name: Run Lib tests
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
-
-      - name: Upload Lib coverage to Codecov
-        if: steps.changed-lib.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-lib
-          files: ./lib_coverage.xml
-
-      # Config
-      - name: Check if Config files changed
-        if: steps.check-changes.outputs.any_changed == 'true'
-        id: changed-config
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ./prowler/config/**
-            ./tests/config/**
-            ./poetry.lock
-
-      - name: Run Config tests
-        if: steps.changed-config.outputs.any_changed == 'true'
-        run: poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
-
-      - name: Upload Config coverage to Codecov
-        if: steps.changed-config.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          flags: prowler-py${{ matrix.python-version }}-config
-          files: ./config_coverage.xml
@@ -0,0 +1,121 @@
+name: UI - Build and Push containers
+
+on:
+  push:
+    branches:
+      - "master"
+    paths:
+      - "ui/**"
+      - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  # Uncomment the below code to test this action on PRs
+  # pull_request:
+  #   branches:
+  #     - "master"
+  #   paths:
+  #     - "ui/**"
+  #     - ".github/workflows/ui-build-lint-push-containers.yml"
+
+  release:
+    types: [published]
+
+env:
+  # Tags
+  LATEST_TAG: latest
+  RELEASE_TAG: ${{ github.event.release.tag_name }}
+  STABLE_TAG: stable
+
+  WORKING_DIRECTORY: ./ui
+
+  # Container Registries
+  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
+  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
+  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
+
+jobs:
+  repository-check:
+    name: Repository check
+    runs-on: ubuntu-latest
+    outputs:
+      is_repo: ${{ steps.repository_check.outputs.is_repo }}
+    steps:
+      - name: Repository check
+        id: repository_check
+        working-directory: /tmp
+        run: |
+          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
+          then
+            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "This action only runs for prowler-cloud/prowler"
+            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
+          fi
+
+  # Build Prowler OSS container
+  container-build-push:
+    needs: repository-check
+    if: needs.repository-check.outputs.is_repo == 'true'
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Login to DockerHub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Build and push container image (latest)
+        # Comment the following line for testing
+        if: github.event_name == 'push'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          # Set push: false for testing
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push container image (release)
+        if: github.event_name == 'release'
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.WORKING_DIRECTORY }}
+          build-args: |
+            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
+            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
+          push: true
+          tags: |
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
+            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Trigger deployment
+        if: github.event_name == 'push'
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-ui-deploy
+          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
@@ -1,37 +1,36 @@
-name: 'UI: CodeQL'
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: UI - CodeQL

 on:
  push:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  pull_request:
    branches:
-      - 'master'
-      - 'v5.*'
+      - "master"
+      - "v5.*"
    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-codeql.yml'
-      - '.github/codeql/ui-codeql-config.yml'
-      - '!ui/CHANGELOG.md'
+      - "ui/**"
  schedule:
-    - cron: '00 12 * * *'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+    - cron: "00 12 * * *"

 jobs:
-  ui-analyze:
-    if: github.repository == 'prowler-cloud/prowler'
-    name: CodeQL Security Analysis
+  analyze:
+    name: Analyze
    runs-on: ubuntu-latest
-    timeout-minutes: 30
    permissions:
      actions: read
      contents: read
@@ -40,20 +39,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        language:
-          - 'javascript-typescript'
+        language: ["javascript"]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

+      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
        with:
-          category: '/language:${{ matrix.language }}'
+          category: "/language:${{matrix.language}}"
@@ -1,143 +0,0 @@
-name: 'UI: Container Build and Push'
-
-on:
-  push:
-    branches:
-      - 'master'
-    paths:
-      - 'ui/**'
-      - '.github/workflows/ui-container-build-push.yml'
-  release:
-    types:
-      - 'published'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-env:
-  # Tags
-  LATEST_TAG: latest
-  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable
-  WORKING_DIRECTORY: ./ui
-
-  # Container registries
-  PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud
-  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui
-
-  # Build args
-  NEXT_PUBLIC_API_BASE_URL: http://prowler-api:8080/api/v1
-
-jobs:
-  setup:
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    outputs:
-      short-sha: ${{ steps.set-short-sha.outputs.short-sha }}
-    steps:
-      - name: Calculate short SHA
-        id: set-short-sha
-        run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
-
-  container-build-push:
-    needs: setup
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build and push UI container (latest)
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ needs.setup.outputs.short-sha }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push started
-        if: github.event_name == 'release'
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-started.json"
-
-      - name: Build and push UI container (release)
-        if: github.event_name == 'release'
-        id: container-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
-            NEXT_PUBLIC_API_BASE_URL=${{ env.NEXT_PUBLIC_API_BASE_URL }}
-          push: true
-          tags: |
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Notify container push completed
-        if: github.event_name == 'release' && always()
-        uses: ./.github/actions/slack-notification
-        env:
-          SLACK_CHANNEL_ID: ${{ secrets.SLACK_PLATFORM_DEPLOYMENTS }}
-          COMPONENT: UI
-          RELEASE_TAG: ${{ env.RELEASE_TAG }}
-          GITHUB_SERVER_URL: ${{ github.server_url }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-        with:
-          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
-          payload-file-path: "./.github/scripts/slack-messages/container-release-completed.json"
-          step-outcome: ${{ steps.container-push.outcome }}
-
-  trigger-deployment:
-    if: github.event_name == 'push'
-    needs: [setup, container-build-push]
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    permissions:
-      contents: read
-
-    steps:
-      - name: Trigger UI deployment
-        uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: ui-prowler-deployment
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}'
@@ -1,91 +0,0 @@
-name: 'UI: Container Checks'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  IMAGE_NAME: prowler-ui
-
-jobs:
-  ui-dockerfile-lint:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check if Dockerfile changed
-        id: dockerfile-changed
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/Dockerfile
-
-      - name: Lint Dockerfile with Hadolint
-        if: steps.dockerfile-changed.outputs.any_changed == 'true'
-        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: ui/Dockerfile
-          ignore: DL3018
-
-  ui-container-build-and-scan:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: ui/**
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Set up Docker Buildx
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Build UI container
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          context: ${{ env.UI_WORKING_DIR }}
-          target: prod
-          push: false
-          load: true
-          tags: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
-
-      - name: Scan UI container with Trivy
-        if: github.repository == 'prowler-cloud/prowler' && steps.check-changes.outputs.any_changed == 'true'
-        uses: ./.github/actions/trivy-scan
-        with:
-          image-name: ${{ env.IMAGE_NAME }}
-          image-tag: ${{ github.sha }}
-          fail-on-critical: 'false'
-          severity: 'CRITICAL'
@@ -18,25 +18,9 @@ jobs:
      AUTH_TRUST_HOST: true
      NEXTAUTH_URL: 'http://localhost:3000'
      NEXT_PUBLIC_API_BASE_URL: 'http://localhost:8080/api/v1'
-      E2E_ADMIN_USER: ${{ secrets.E2E_ADMIN_USER }}
-      E2E_ADMIN_PASSWORD: ${{ secrets.E2E_ADMIN_PASSWORD }}
-      E2E_AWS_PROVIDER_ACCOUNT_ID: ${{ secrets.E2E_AWS_PROVIDER_ACCOUNT_ID }}
-      E2E_AWS_PROVIDER_ACCESS_KEY: ${{ secrets.E2E_AWS_PROVIDER_ACCESS_KEY }}
-      E2E_AWS_PROVIDER_SECRET_KEY: ${{ secrets.E2E_AWS_PROVIDER_SECRET_KEY }}
-      E2E_AWS_PROVIDER_ROLE_ARN: ${{ secrets.E2E_AWS_PROVIDER_ROLE_ARN }}
-      E2E_AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_AZURE_SUBSCRIPTION_ID }}
-      E2E_AZURE_CLIENT_ID: ${{ secrets.E2E_AZURE_CLIENT_ID }}
-      E2E_AZURE_SECRET_ID: ${{ secrets.E2E_AZURE_SECRET_ID }}
-      E2E_AZURE_TENANT_ID: ${{ secrets.E2E_AZURE_TENANT_ID }}
-      E2E_M365_DOMAIN_ID: ${{ secrets.E2E_M365_DOMAIN_ID }}
-      E2E_M365_CLIENT_ID: ${{ secrets.E2E_M365_CLIENT_ID }}
-      E2E_M365_SECRET_ID: ${{ secrets.E2E_M365_SECRET_ID }}
-      E2E_M365_TENANT_ID: ${{ secrets.E2E_M365_TENANT_ID }}
-      E2E_M365_CERTIFICATE_CONTENT: ${{ secrets.E2E_M365_CERTIFICATE_CONTENT }}
-      E2E_NEW_PASSWORD: ${{ secrets.E2E_NEW_PASSWORD }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Fix API data directory permissions
        run: docker run --rm -v $(pwd)/_data/api:/data alpine chown -R 1000:1000 /data
      - name: Start API services
@@ -75,7 +59,7 @@ jobs:
            echo "All database fixtures loaded successfully!"
          '
      - name: Setup Node.js environment
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: '20.x'
          cache: 'npm'
@@ -87,7 +71,7 @@ jobs:
        working-directory: ./ui
        run: npm run build
      - name: Cache Playwright browsers
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        id: playwright-cache
        with:
          path: ~/.cache/ms-playwright
@@ -0,0 +1,65 @@
+name: UI - Pull Request
+
+on:
+  push:
+    branches:
+      - "master"
+      - "v5.*"
+    paths:
+      - ".github/workflows/ui-pull-request.yml"
+      - "ui/**"
+  pull_request:
+    branches:
+      - master
+      - "v5.*"
+    paths:
+      - 'ui/**'
+env:
+  UI_WORKING_DIR: ./ui
+  IMAGE_NAME: prowler-ui
+
+jobs:
+  test-and-coverage:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        node-version: [20.x]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+          cache-dependency-path: './ui/package-lock.json'
+      - name: Install dependencies
+        working-directory: ./ui
+        run: npm ci
+      - name: Run Healthcheck
+        working-directory: ./ui
+        run: npm run healthcheck
+      - name: Build the application
+        working-directory: ./ui
+        run: npm run build
+
+  test-container-build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Build Container
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          context: ${{ env.UI_WORKING_DIR }}
+          # Always build using `prod` target
+          target: prod
+          push: false
+          tags: ${{ env.IMAGE_NAME }}:latest
+          outputs: type=docker
+          build-args: |
+            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
@@ -1,64 +0,0 @@
-name: 'UI: Tests'
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'v5.*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'v5.*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  UI_WORKING_DIR: ./ui
-  NODE_VERSION: '20.x'
-
-jobs:
-  ui-tests:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: ./ui
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Check for UI changes
-        id: check-changes
-        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
-        with:
-          files: |
-            ui/**
-            .github/workflows/ui-tests.yml
-          files_ignore: |
-            ui/CHANGELOG.md
-            ui/README.md
-
-      - name: Setup Node.js ${{ env.NODE_VERSION }}
-        if: steps.check-changes.outputs.any_changed == 'true'
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: 'npm'
-          cache-dependency-path: './ui/package-lock.json'
-
-      - name: Install dependencies
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm ci
-
-      - name: Run healthcheck
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run healthcheck
-
-      - name: Build application
-        if: steps.check-changes.outputs.any_changed == 'true'
-        run: npm run build
@@ -80,9 +80,9 @@ _data/
 # Claude
 CLAUDE.md

+# LLM's (Until we have a standard one)
+AGENTS.md
+
 # MCP Server
 mcp_server/prowler_mcp_server/prowler_app/server.py
 mcp_server/prowler_mcp_server/prowler_app/utils/schema.yaml
-
-# Compliance report
-*.pdf
@@ -6,7 +6,6 @@ repos:
      - id: check-merge-conflict
      - id: check-yaml
        args: ["--unsafe"]
-        exclude: prowler/config/llm_config.yaml
      - id: check-json
      - id: end-of-file-fixer
      - id: trailing-whitespace
@@ -1,110 +0,0 @@
-# Repository Guidelines
-
-## How to Use This Guide
-
- Start here for cross-project norms, Prowler is a monorepo with several components. Every component should have an `AGENTS.md` file that contains the guidelines for the agents in that component. The file is located beside the code you are touching (e.g. `api/AGENTS.md`, `ui/AGENTS.md`, `prowler/AGENTS.md`).
- Follow the stricter rule when guidance conflicts; component docs override this file for their scope.
- Keep instructions synchronized. When you add new workflows or scripts, update both, the relevant component `AGENTS.md` and this file if they apply broadly.
-
-## Project Overview
-
-Prowler is an open-source cloud security assessment tool that supports multiple cloud providers (AWS, Azure, GCP, Kubernetes, GitHub, M365, etc.). The project consists in a monorepo with the following main components:
-
- **Prowler SDK**: Python SDK, includes the Prowler CLI, providers, services, checks, compliances, config, etc. (`prowler/`)
- **Prowler API**: Django-based REST API backend (`api/`)
- **Prowler UI**: Next.js frontend application (`ui/`)
- **Prowler MCP Server**: Model Context Protocol server that gives access to the entire Prowler ecosystem for LLMs (`mcp_server/`)
- **Prowler Dashboard**: Prowler CLI feature that allows to visualize the results of the scans in a simple dashboard (`dashboard/`)
-
-### Project Structure (Key Folders & Files)
-
- `prowler/`: Main source code for Prowler SDK (CLI, providers, services, checks, compliances, config, etc.)
- `api/`: Django-based REST API backend components
- `ui/`: Next.js frontend application
- `mcp_server/`: Model Context Protocol server that gives access to the entire Prowler ecosystem for LLMs
- `dashboard/`: Prowler CLI feature that allows to visualize the results of the scans in a simple dashboard
- `docs/`: Documentation
- `examples/`: Example output formats for providers and scripts
- `permissions/`: Permission-related files and policies
- `contrib/`: Community-contributed scripts or modules
- `tests/`: Prowler SDK test suite
- `docker-compose.yml`: Docker compose file to run the Prowler App (API + UI) production environment
- `docker-compose-dev.yml`: Docker compose file to run the Prowler App (API + UI) development environment
- `pyproject.toml`: Poetry Prowler SDK project file
- `.pre-commit-config.yaml`: Pre-commit hooks configuration
- `Makefile`: Makefile to run the project
- `LICENSE`: License file
- `README.md`: README file
- `CONTRIBUTING.md`: Contributing guide
-
-## Python Development
-
-Most of the code is written in Python, so the main files in the root are focused on Python code.
-
-### Poetry Dev Environment
-
-For developing in Python we recommend using `poetry` to manage the dependencies. The minimal version is `2.1.1`. So it is recommended to run all commands using `poetry run ...`.
-
-To install the core dependencies to develop it is needed to run `poetry install --with dev`.
-
-### Pre-commit hooks
-
-The project has pre-commit hooks to lint and format the code. They are installed by running `poetry run pre-commit install`.
-
-When commiting a change, the hooks will be run automatically. Some of them are:
-
- Code formatting (black, isort)
- Linting (flake8, pylint)
- Security checks (bandit, safety, trufflehog)
- YAML/JSON validation
- Poetry lock file validation
-
-
-### Linting and Formatting
-
-We use the following tools to lint and format the code:
-
- `flake8`: for linting the code
- `black`: for formatting the code
- `pylint`: for linting the code
-
-You can run all using the `make` command:
-```bash
-poetry run make lint
-poetry run make format
-```
-
-Or they will be run automatically when you commit your changes using pre-commit hooks.
-
-## Commit & Pull Request Guidelines
-
-For the commit messages and pull requests name follow the conventional-commit style.
-
-Befire creating a pull request, complete the checklist in `.github/pull_request_template.md`. Summaries should explain deployment impact, highlight review steps, and note changelog or permission updates. Run all relevant tests and linters before requesting review and link screenshots for UI or dashboard changes.
-
-### Conventional Commit Style
-
-The Conventional Commits specification is a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of.
-
-The commit message should be structured as follows:
-
-```
-<type>[optional scope]: <description>
-<BLANK LINE>
-[optional body]
-<BLANK LINE>
-[optional footer(s)]
-```
-
-Any line of the commit message cannot be longer 100 characters! This allows the message to be easier to read on GitHub as well as in various git tools
-
-#### Commit Types
-
- **feat**: code change introuce new functionality to the application
- **fix**: code change that solve a bug in the codebase
- **docs**: documentation only changes
- **chore**: changes related to the build process or auxiliary tools and libraries, that do not affect the application's functionality
- **perf**: code change that improves performance
- **refactor**: code change that neither fixes a bug nor adds a feature
- **style**: changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
- **test**: adding missing tests or correcting existing tests
@@ -45,15 +45,3 @@ pypi-upload: ## Upload package
 help:     ## Show this help.
 	@echo "Prowler Makefile"
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
-
-##@ Build no cache
-build-no-cache-dev: 
-	docker compose -f docker-compose-dev.yml build --no-cache api-dev worker-dev worker-beat
-
-##@ Development Environment
-run-api-dev: ## Start development environment with API, PostgreSQL, Valkey, and workers 
-	docker compose -f docker-compose-dev.yml up api-dev postgres valkey worker-dev worker-beat
-
-##@ Development Environment
-build-and-run-api-dev: build-no-cache-dev run-api-dev
-
@@ -82,16 +82,14 @@ prowler dashboard

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) | Support | Stage | Interface |
 |---|---|---|---|---|---|---|---|
-| AWS | 576 | 82 | 38 | 10 | Official | Stable | UI, API, CLI |
-| GCP | 79 | 13 | 11 | 3 | Official | Stable | UI, API, CLI |
-| Azure | 162 | 19 | 12 | 4 | Official | Stable | UI, API, CLI |
+| AWS | 576 | 82 | 36 | 10 | Official | Stable | UI, API, CLI |
+| GCP | 79 | 13 | 10 | 3 | Official | Stable | UI, API, CLI |
+| Azure | 162 | 19 | 11 | 4 | Official | Stable | UI, API, CLI |
 | Kubernetes | 83 | 7 | 5 | 7 | Official | Stable | UI, API, CLI |
 | GitHub | 17 | 2 | 1 | 0 | Official | Stable | UI, API, CLI |
 | M365 | 70 | 7 | 3 | 2 | Official | Stable | UI, API, CLI |
-| OCI | 51 | 13 | 1 | 10 | Official | Stable | CLI |
 | IaC | [See `trivy` docs.](https://trivy.dev/latest/docs/coverage/iac/) | N/A | N/A | N/A | Official | Beta | CLI |
 | MongoDB Atlas | 10 | 3 | 0 | 0 | Official | Beta | CLI |
-| LLM | [See `promptfoo` docs.](https://www.promptfoo.dev/docs/red-team/plugins/) | N/A | N/A | N/A | Official | Beta | CLI |
 | NHN | 6 | 2 | 1 | 0 | Unofficial | Beta | CLI |

 > [!Note]
@@ -2,44 +2,16 @@

 All notable changes to the **Prowler API** are documented in this file.

-## [1.14.1] (Prowler 5.13.1)
-
-### Fixed
- `/api/v1/overviews/providers` collapses data by provider type so the UI receives a single aggregated record per cloud family even when multiple accounts exist [(#9053)](https://github.com/prowler-cloud/prowler/pull/9053)
- Added retry logic to database transactions to handle Aurora read replica connection failures during scale-down events [(#9064)](https://github.com/prowler-cloud/prowler/pull/9064)
- Security Hub integrations stop failing when they read relationships via the replica by allowing replica relations and saving updates through the primary [(#9080)](https://github.com/prowler-cloud/prowler/pull/9080)
-
---
-
-## [1.14.0] (Prowler 5.13.0)
+## [1.14.0] (Prowler UNRELEASED)

 ### Added
 - Default JWT keys are generated and stored if they are missing from configuration [(#8655)](https://github.com/prowler-cloud/prowler/pull/8655)
 - `compliance_name` for each compliance [(#7920)](https://github.com/prowler-cloud/prowler/pull/7920)
- Support C5 compliance framework for the AWS provider [(#8830)](https://github.com/prowler-cloud/prowler/pull/8830)
- Support for M365 Certificate authentication [(#8538)](https://github.com/prowler-cloud/prowler/pull/8538)
- API Key support [(#8805)](https://github.com/prowler-cloud/prowler/pull/8805)
- SAML role mapping protection for single-admin tenants to prevent accidental lockout [(#8882)](https://github.com/prowler-cloud/prowler/pull/8882)
- Support for `passed_findings` and `total_findings` fields in compliance requirement overview for accurate Prowler ThreatScore calculation [(#8582)](https://github.com/prowler-cloud/prowler/pull/8582)
- PDF reporting for Prowler ThreatScore [(#8867)](https://github.com/prowler-cloud/prowler/pull/8867)
- Database read replica support [(#8869)](https://github.com/prowler-cloud/prowler/pull/8869)
- Support Common Cloud Controls for AWS, Azure and GCP [(#8000)](https://github.com/prowler-cloud/prowler/pull/8000)
- Add `provider_id__in` filter support to findings and findings severity overview endpoints [(#8951)](https://github.com/prowler-cloud/prowler/pull/8951)

 ### Changed
 - Now the MANAGE_ACCOUNT permission is required to modify or read user permissions instead of MANAGE_USERS [(#8281)](https://github.com/prowler-cloud/prowler/pull/8281)
 - Now at least one user with MANAGE_ACCOUNT permission is required in the tenant [(#8729)](https://github.com/prowler-cloud/prowler/pull/8729)

-### Security
- Django updated to the latest 5.1 security release, 5.1.13, due to problems with potential [SQL injection](https://github.com/prowler-cloud/prowler/security/dependabot/104) and [directory traversals](https://github.com/prowler-cloud/prowler/security/dependabot/103) [(#8842)](https://github.com/prowler-cloud/prowler/pull/8842)
-
---
-
-## [1.13.2] (Prowler 5.12.3)
-
-### Fixed
- 500 error when deleting user [(#8731)](https://github.com/prowler-cloud/prowler/pull/8731)
-
 ---

 ## [1.13.1] (Prowler 5.12.2)
@@ -18,11 +18,11 @@ Valkey exposes a Redis 7.2 compliant API. Any service that exposes the Redis API

 # Modify environment variables

-Under the root path of the project, you can find a file called `.env`. This file shows all the environment variables that the project uses. You should review it and set the values for the variables you want to change.
+Under the root path of the project, you can find a file called `.env.example`. This file shows all the environment variables that the project uses. You *must* create a new file called `.env` and set the values for the variables.

-If you don’t set `DJANGO_TOKEN_SIGNING_KEY` or `DJANGO_TOKEN_VERIFYING_KEY`, the API will generate them at `~/.config/prowler-api/` with `0600` and `0644` permissions; back up these files to persist identity across redeploys.
+If you don't set `DJANGO_TOKEN_SIGNING_KEY` or `DJANGO_TOKEN_VERIFYING_KEY`, the API will generate them at `~/.config/prowler-api/` with `0600` and `0644` permissions; back up these files to persist identity across redeploys.

-**Important note**: Every Prowler version (or repository branches and tags) could have different variables set in its `.env` file. Please use the `.env` file that corresponds with each version.
+**Important:** When using the production Docker Compose profile (`docker compose --profile prod`), you **must** set both `DJANGO_TOKEN_SIGNING_KEY` and `DJANGO_TOKEN_VERIFYING_KEY` in your `.env` file, as automatic key generation is not available in this deployment mode.

 ## Local deployment
 Keep in mind if you export the `.env` file to use it with local deployment that you will have to do it within the context of the Poetry interpreter, not before. Otherwise, variables will not be loaded properly.
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.1.4 and should not be changed by hand.

 [[package]]
 name = "about-time"
@@ -273,14 +273,14 @@ tests-mypy = ["mypy (>=1.11.1) ; platform_python_implementation == \"CPython\" a

 [[package]]
 name = "authlib"
-version = "1.6.5"
+version = "1.6.1"
 description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
 optional = false
 python-versions = ">=3.9"
 groups = ["dev"]
 files = [
-    {file = "authlib-1.6.5-py2.py3-none-any.whl", hash = "sha256:3e0e0507807f842b02175507bdee8957a1d5707fd4afb17c32fb43fee90b6e3a"},
-    {file = "authlib-1.6.5.tar.gz", hash = "sha256:6aaf9c79b7cc96c900f0b284061691c5d4e61221640a948fe690b556a6d6d10b"},
+    {file = "authlib-1.6.1-py2.py3-none-any.whl", hash = "sha256:e9d2031c34c6309373ab845afc24168fe9e93dc52d252631f52642f21f5ed06e"},
+    {file = "authlib-1.6.1.tar.gz", hash = "sha256:4dffdbb1460ba6ec8c17981a4c67af7d8af131231b5a36a88a1e8c80c111cdfd"},
 ]

 [package.dependencies]
@@ -383,24 +383,6 @@ cryptography = ">=2.1.4"
 isodate = ">=0.6.1"
 typing-extensions = ">=4.0.1"

-[[package]]
-name = "azure-mgmt-apimanagement"
-version = "5.0.0"
-description = "Microsoft Azure API Management Client Library for Python"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "azure_mgmt_apimanagement-5.0.0-py3-none-any.whl", hash = "sha256:b88c42a392333b60722fb86f15d092dfc19a8d67510dccd15c217381dff4e6ec"},
-    {file = "azure_mgmt_apimanagement-5.0.0.tar.gz", hash = "sha256:0ab7fe17e70fe3154cd840ff47d19d7a4610217003eaa7c21acf3511a6e57999"},
-]
-
-[package.dependencies]
-azure-common = ">=1.1"
-azure-mgmt-core = ">=1.3.2"
-isodate = ">=0.6.1"
-typing-extensions = ">=4.6.0"
-
 [[package]]
 name = "azure-mgmt-applicationinsights"
 version = "4.1.0"
@@ -558,23 +540,6 @@ azure-mgmt-core = ">=1.3.2"
 isodate = ">=0.6.1"
 typing-extensions = ">=4.6.0"

-[[package]]
-name = "azure-mgmt-loganalytics"
-version = "12.0.0"
-description = "Microsoft Azure Log Analytics Management Client Library for Python"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "azure-mgmt-loganalytics-12.0.0.zip", hash = "sha256:da128a7e0291be7fa2063848df92a9180cf5c16d42adc09d2bc2efd711536bfb"},
-    {file = "azure_mgmt_loganalytics-12.0.0-py2.py3-none-any.whl", hash = "sha256:75ac1d47dd81179905c40765be8834643d8994acff31056ddc1863017f3faa02"},
-]
-
-[package.dependencies]
-azure-common = ">=1.1,<2.0"
-azure-mgmt-core = ">=1.2.0,<2.0.0"
-msrest = ">=0.6.21"
-
 [[package]]
 name = "azure-mgmt-monitor"
 version = "6.0.2"
@@ -785,23 +750,6 @@ azure-mgmt-core = ">=1.3.2"
 isodate = ">=0.6.1"
 typing-extensions = ">=4.6.0"

-[[package]]
-name = "azure-monitor-query"
-version = "2.0.0"
-description = "Microsoft Corporation Azure Monitor Query Client Library for Python"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "azure_monitor_query-2.0.0-py3-none-any.whl", hash = "sha256:8f52d581271d785e12f49cd5aaa144b8910fb843db2373855a7ef94c7fc462ea"},
-    {file = "azure_monitor_query-2.0.0.tar.gz", hash = "sha256:7b05f2fcac4fb67fc9f77a7d4c5d98a0f3099fb73b57c69ec1b080773994671b"},
-]
-
-[package.dependencies]
-azure-core = ">=1.30.0"
-isodate = ">=0.6.1"
-typing-extensions = ">=4.6.0"
-
 [[package]]
 name = "azure-storage-blob"
 version = "12.24.1"
@@ -1164,18 +1112,6 @@ files = [
    {file = "charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14"},
 ]

-[[package]]
-name = "circuitbreaker"
-version = "2.1.3"
-description = "Python Circuit Breaker pattern implementation"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "circuitbreaker-2.1.3-py3-none-any.whl", hash = "sha256:87ba6a3ed03fdc7032bc175561c2b04d52ade9d5faf94ca2b035fbdc5e6b1dd1"},
-    {file = "circuitbreaker-2.1.3.tar.gz", hash = "sha256:1a4baee510f7bea3c91b194dcce7c07805fe96c4423ed5594b75af438531d084"},
-]
-
 [[package]]
 name = "click"
 version = "8.2.1"
@@ -1268,98 +1204,6 @@ files = [
    {file = "contextlib2-21.6.0.tar.gz", hash = "sha256:ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869"},
 ]

-[[package]]
-name = "contourpy"
-version = "1.3.3"
-description = "Python library for calculating contours of 2D quadrilateral grids"
-optional = false
-python-versions = ">=3.11"
-groups = ["main"]
-files = [
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:709a48ef9a690e1343202916450bc48b9e51c049b089c7f79a267b46cffcdaa1"},
-    {file = "contourpy-1.3.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:23416f38bfd74d5d28ab8429cc4d63fa67d5068bd711a85edb1c3fb0c3e2f381"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:929ddf8c4c7f348e4c0a5a3a714b5c8542ffaa8c22954862a46ca1813b667ee7"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:9e999574eddae35f1312c2b4b717b7885d4edd6cb46700e04f7f02db454e67c1"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:0bf67e0e3f482cb69779dd3061b534eb35ac9b17f163d851e2a547d56dba0a3a"},
-    {file = "contourpy-1.3.3-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:51e79c1f7470158e838808d4a996fa9bac72c498e93d8ebe5119bc1e6becb0db"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:598c3aaece21c503615fd59c92a3598b428b2f01bfb4b8ca9c4edeecc2438620"},
-    {file = "contourpy-1.3.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:322ab1c99b008dad206d406bb61d014cf0174df491ae9d9d0fac6a6fda4f977f"},
-    {file = "contourpy-1.3.3-cp311-cp311-win32.whl", hash = "sha256:fd907ae12cd483cd83e414b12941c632a969171bf90fc937d0c9f268a31cafff"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_amd64.whl", hash = "sha256:3519428f6be58431c56581f1694ba8e50626f2dd550af225f82fb5f5814d2a42"},
-    {file = "contourpy-1.3.3-cp311-cp311-win_arm64.whl", hash = "sha256:15ff10bfada4bf92ec8b31c62bf7c1834c244019b4a33095a68000d7075df470"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b08a32ea2f8e42cf1d4be3169a98dd4be32bafe4f22b6c4cb4ba810fa9e5d2cb"},
-    {file = "contourpy-1.3.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:556dba8fb6f5d8742f2923fe9457dbdd51e1049c4a43fd3986a0b14a1d815fc6"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92d9abc807cf7d0e047b95ca5d957cf4792fcd04e920ca70d48add15c1a90ea7"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:b2e8faa0ed68cb29af51edd8e24798bb661eac3bd9f65420c1887b6ca89987c8"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:626d60935cf668e70a5ce6ff184fd713e9683fb458898e4249b63be9e28286ea"},
-    {file = "contourpy-1.3.3-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4d00e655fcef08aba35ec9610536bfe90267d7ab5ba944f7032549c55a146da1"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:451e71b5a7d597379ef572de31eeb909a87246974d960049a9848c3bc6c41bf7"},
-    {file = "contourpy-1.3.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:459c1f020cd59fcfe6650180678a9993932d80d44ccde1fa1868977438f0b411"},
-    {file = "contourpy-1.3.3-cp312-cp312-win32.whl", hash = "sha256:023b44101dfe49d7d53932be418477dba359649246075c996866106da069af69"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_amd64.whl", hash = "sha256:8153b8bfc11e1e4d75bcb0bff1db232f9e10b274e0929de9d608027e0d34ff8b"},
-    {file = "contourpy-1.3.3-cp312-cp312-win_arm64.whl", hash = "sha256:07ce5ed73ecdc4a03ffe3e1b3e3c1166db35ae7584be76f65dbbe28a7791b0cc"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:177fb367556747a686509d6fef71d221a4b198a3905fe824430e5ea0fda54eb5"},
-    {file = "contourpy-1.3.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d002b6f00d73d69333dac9d0b8d5e84d9724ff9ef044fd63c5986e62b7c9e1b1"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:348ac1f5d4f1d66d3322420f01d42e43122f43616e0f194fc1c9f5d830c5b286"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:655456777ff65c2c548b7c454af9c6f33f16c8884f11083244b5819cc214f1b5"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:644a6853d15b2512d67881586bd03f462c7ab755db95f16f14d7e238f2852c67"},
-    {file = "contourpy-1.3.3-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4debd64f124ca62069f313a9cb86656ff087786016d76927ae2cf37846b006c9"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:a15459b0f4615b00bbd1e91f1b9e19b7e63aea7483d03d804186f278c0af2659"},
-    {file = "contourpy-1.3.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:ca0fdcd73925568ca027e0b17ab07aad764be4706d0a925b89227e447d9737b7"},
-    {file = "contourpy-1.3.3-cp313-cp313-win32.whl", hash = "sha256:b20c7c9a3bf701366556e1b1984ed2d0cedf999903c51311417cf5f591d8c78d"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_amd64.whl", hash = "sha256:1cadd8b8969f060ba45ed7c1b714fe69185812ab43bd6b86a9123fe8f99c3263"},
-    {file = "contourpy-1.3.3-cp313-cp313-win_arm64.whl", hash = "sha256:fd914713266421b7536de2bfa8181aa8c699432b6763a0ea64195ebe28bff6a9"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:88df9880d507169449d434c293467418b9f6cbe82edd19284aa0409e7fdb933d"},
-    {file = "contourpy-1.3.3-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:d06bb1f751ba5d417047db62bca3c8fde202b8c11fb50742ab3ab962c81e8216"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e4e6b05a45525357e382909a4c1600444e2a45b4795163d3b22669285591c1ae"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ab3074b48c4e2cf1a960e6bbeb7f04566bf36b1861d5c9d4d8ac04b82e38ba20"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:6c3d53c796f8647d6deb1abe867daeb66dcc8a97e8455efa729516b997b8ed99"},
-    {file = "contourpy-1.3.3-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:50ed930df7289ff2a8d7afeb9603f8289e5704755c7e5c3bbd929c90c817164b"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:4feffb6537d64b84877da813a5c30f1422ea5739566abf0bd18065ac040e120a"},
-    {file = "contourpy-1.3.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2b7e9480ffe2b0cd2e787e4df64270e3a0440d9db8dc823312e2c940c167df7e"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win32.whl", hash = "sha256:283edd842a01e3dcd435b1c5116798d661378d83d36d337b8dde1d16a5fc9ba3"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_amd64.whl", hash = "sha256:87acf5963fc2b34825e5b6b048f40e3635dd547f590b04d2ab317c2619ef7ae8"},
-    {file = "contourpy-1.3.3-cp313-cp313t-win_arm64.whl", hash = "sha256:3c30273eb2a55024ff31ba7d052dde990d7d8e5450f4bbb6e913558b3d6c2301"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:fde6c716d51c04b1c25d0b90364d0be954624a0ee9d60e23e850e8d48353d07a"},
-    {file = "contourpy-1.3.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:cbedb772ed74ff5be440fa8eee9bd49f64f6e3fc09436d9c7d8f1c287b121d77"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:22e9b1bd7a9b1d652cd77388465dc358dafcd2e217d35552424aa4f996f524f5"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a22738912262aa3e254e4f3cb079a95a67132fc5a063890e224393596902f5a4"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:afe5a512f31ee6bd7d0dda52ec9864c984ca3d66664444f2d72e0dc4eb832e36"},
-    {file = "contourpy-1.3.3-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f64836de09927cba6f79dcd00fdd7d5329f3fccc633468507079c829ca4db4e3"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:1fd43c3be4c8e5fd6e4f2baeae35ae18176cf2e5cced681cca908addf1cdd53b"},
-    {file = "contourpy-1.3.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:6afc576f7b33cf00996e5c1102dc2a8f7cc89e39c0b55df93a0b78c1bd992b36"},
-    {file = "contourpy-1.3.3-cp314-cp314-win32.whl", hash = "sha256:66c8a43a4f7b8df8b71ee1840e4211a3c8d93b214b213f590e18a1beca458f7d"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_amd64.whl", hash = "sha256:cf9022ef053f2694e31d630feaacb21ea24224be1c3ad0520b13d844274614fd"},
-    {file = "contourpy-1.3.3-cp314-cp314-win_arm64.whl", hash = "sha256:95b181891b4c71de4bb404c6621e7e2390745f887f2a026b2d99e92c17892339"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:33c82d0138c0a062380332c861387650c82e4cf1747aaa6938b9b6516762e772"},
-    {file = "contourpy-1.3.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:ea37e7b45949df430fe649e5de8351c423430046a2af20b1c1961cae3afcda77"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d304906ecc71672e9c89e87c4675dc5c2645e1f4269a5063b99b0bb29f232d13"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:ca658cd1a680a5c9ea96dc61cdbae1e85c8f25849843aa799dfd3cb370ad4fbe"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_26_s390x.manylinux_2_28_s390x.whl", hash = "sha256:ab2fd90904c503739a75b7c8c5c01160130ba67944a7b77bbf36ef8054576e7f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b7301b89040075c30e5768810bc96a8e8d78085b47d8be6e4c3f5a0b4ed478a0"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:2a2a8b627d5cc6b7c41a4beff6c5ad5eb848c88255fda4a8745f7e901b32d8e4"},
-    {file = "contourpy-1.3.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:fd6ec6be509c787f1caf6b247f0b1ca598bef13f4ddeaa126b7658215529ba0f"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win32.whl", hash = "sha256:e74a9a0f5e3fff48fb5a7f2fd2b9b70a3fe014a67522f79b7cca4c0c7e43c9ae"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_amd64.whl", hash = "sha256:13b68d6a62db8eafaebb8039218921399baf6e47bf85006fd8529f2a08ef33fc"},
-    {file = "contourpy-1.3.3-cp314-cp314t-win_arm64.whl", hash = "sha256:b7448cb5a725bb1e35ce88771b86fba35ef418952474492cf7c764059933ff8b"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:cd5dfcaeb10f7b7f9dc8941717c6c2ade08f587be2226222c12b25f0483ed497"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:0c1fc238306b35f246d61a1d416a627348b5cf0648648a031e14bb8705fcdfe8"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:70f9aad7de812d6541d29d2bbf8feb22ff7e1c299523db288004e3157ff4674e"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5ed3657edf08512fc3fe81b510e35c2012fbd3081d2e26160f27ca28affec989"},
-    {file = "contourpy-1.3.3-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:3d1a3799d62d45c18bafd41c5fa05120b96a28079f2393af559b843d1a966a77"},
-    {file = "contourpy-1.3.3.tar.gz", hash = "sha256:083e12155b210502d0bca491432bb04d56dc3432f95a979b429f2848c3dbe880"},
-]
-
-[package.dependencies]
-numpy = ">=1.25"
-
-[package.extras]
-bokeh = ["bokeh", "selenium"]
-docs = ["furo", "sphinx (>=7.2)", "sphinx-copybutton"]
-mypy = ["bokeh", "contourpy[bokeh,docs]", "docutils-stubs", "mypy (==1.17.0)", "types-Pillow"]
-test = ["Pillow", "contourpy[test-no-images]", "matplotlib"]
-test-no-images = ["pytest", "pytest-cov", "pytest-rerunfailures", "pytest-xdist", "wurlitzer"]
-
 [[package]]
 name = "coverage"
 version = "7.5.4"
@@ -1494,22 +1338,6 @@ ssh = ["bcrypt (>=3.1.5)"]
 test = ["certifi (>=2024)", "cryptography-vectors (==44.0.1)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]

-[[package]]
-name = "cycler"
-version = "0.12.1"
-description = "Composable style cycles"
-optional = false
-python-versions = ">=3.8"
-groups = ["main"]
-files = [
-    {file = "cycler-0.12.1-py3-none-any.whl", hash = "sha256:85cef7cff222d8644161529808465972e51340599459b8ac3ccbac5a854e0d30"},
-    {file = "cycler-0.12.1.tar.gz", hash = "sha256:88bb128f02ba341da8ef447245a9e138fae777f6a23943da4540077d3601eb1c"},
-]
-
-[package.extras]
-docs = ["ipython", "matplotlib", "numpydoc", "sphinx"]
-tests = ["pytest", "pytest-cov", "pytest-xdist"]
-
 [[package]]
 name = "dash"
 version = "3.1.1"
@@ -1683,14 +1511,14 @@ with-social = ["django-allauth[socialaccount] (>=64.0.0)"]

 [[package]]
 name = "django"
-version = "5.1.13"
+version = "5.1.12"
 description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design."
 optional = false
 python-versions = ">=3.10"
 groups = ["main", "dev"]
 files = [
-    {file = "django-5.1.13-py3-none-any.whl", hash = "sha256:06f257f79dc4c17f3f9e23b106a4c5ed1335abecbe731e83c598c941d14fbeed"},
-    {file = "django-5.1.13.tar.gz", hash = "sha256:543ff21679f15e80edfc01fe7ea35f8291b6d4ea589433882913626a7c1cf929"},
+    {file = "django-5.1.12-py3-none-any.whl", hash = "sha256:9eb695636cea3601b65690f1596993c042206729afb320ca0960b55f8ed4477b"},
+    {file = "django-5.1.12.tar.gz", hash = "sha256:8a8991b1ec052ef6a44fefd1ef336ab8daa221287bcb91a4a17d5e1abec5bbcc"},
 ]

 [package.dependencies]
@@ -2044,27 +1872,6 @@ files = [
 Django = ">=4.2"
 djangorestframework = ">=3.15.0"

-[[package]]
-name = "drf-simple-apikey"
-version = "2.2.1"
-description = "API Key authentication and permissions for Django REST."
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "drf_simple_apikey-2.2.1-py2.py3-none-any.whl", hash = "sha256:2a60b35676d14f907c47dee179dd0fa7425a84c34d6ff5b48d08d3b87ff32809"},
-    {file = "drf_simple_apikey-2.2.1.tar.gz", hash = "sha256:e5a52804bbac12c8db80c10a3d51a8514fc59fc8385b5e751099a2bc944ad25d"},
-]
-
-[package.dependencies]
-cryptography = ">=38.0.4"
-django = ">=4.2"
-djangorestframework = ">=3.14.0"
-
-[package.extras]
-test = ["coverage", "pytest", "pytest-django"]
-tooling = ["black (==22.3.0)", "bump2version", "pylint"]
-
 [[package]]
 name = "drf-spectacular"
 version = "0.27.2"
@@ -2240,87 +2047,6 @@ werkzeug = ">=3.1.0"
 async = ["asgiref (>=3.2)"]
 dotenv = ["python-dotenv"]

-[[package]]
-name = "fonttools"
-version = "4.60.1"
-description = "Tools to manipulate font files"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:9a52f254ce051e196b8fe2af4634c2d2f02c981756c6464dc192f1b6050b4e28"},
-    {file = "fonttools-4.60.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:c7420a2696a44650120cdd269a5d2e56a477e2bfa9d95e86229059beb1c19e15"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee0c0b3b35b34f782afc673d503167157094a16f442ace7c6c5e0ca80b08f50c"},
-    {file = "fonttools-4.60.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:282dafa55f9659e8999110bd8ed422ebe1c8aecd0dc396550b038e6c9a08b8ea"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:4ba4bd646e86de16160f0fb72e31c3b9b7d0721c3e5b26b9fa2fc931dfdb2652"},
-    {file = "fonttools-4.60.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0b0835ed15dd5b40d726bb61c846a688f5b4ce2208ec68779bc81860adb5851a"},
-    {file = "fonttools-4.60.1-cp310-cp310-win32.whl", hash = "sha256:1525796c3ffe27bb6268ed2a1bb0dcf214d561dfaf04728abf01489eb5339dce"},
-    {file = "fonttools-4.60.1-cp310-cp310-win_amd64.whl", hash = "sha256:268ecda8ca6cb5c4f044b1fb9b3b376e8cd1b361cef275082429dc4174907038"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:7b4c32e232a71f63a5d00259ca3d88345ce2a43295bb049d21061f338124246f"},
-    {file = "fonttools-4.60.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3630e86c484263eaac71d117085d509cbcf7b18f677906824e4bace598fb70d2"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5c1015318e4fec75dd4943ad5f6a206d9727adf97410d58b7e32ab644a807914"},
-    {file = "fonttools-4.60.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:e6c58beb17380f7c2ea181ea11e7db8c0ceb474c9dd45f48e71e2cb577d146a1"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec3681a0cb34c255d76dd9d865a55f260164adb9fa02628415cdc2d43ee2c05d"},
-    {file = "fonttools-4.60.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f4b5c37a5f40e4d733d3bbaaef082149bee5a5ea3156a785ff64d949bd1353fa"},
-    {file = "fonttools-4.60.1-cp311-cp311-win32.whl", hash = "sha256:398447f3d8c0c786cbf1209711e79080a40761eb44b27cdafffb48f52bcec258"},
-    {file = "fonttools-4.60.1-cp311-cp311-win_amd64.whl", hash = "sha256:d066ea419f719ed87bc2c99a4a4bfd77c2e5949cb724588b9dd58f3fd90b92bf"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:7b0c6d57ab00dae9529f3faf187f2254ea0aa1e04215cf2f1a8ec277c96661bc"},
-    {file = "fonttools-4.60.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:839565cbf14645952d933853e8ade66a463684ed6ed6c9345d0faf1f0e868877"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:8177ec9676ea6e1793c8a084a90b65a9f778771998eb919d05db6d4b1c0b114c"},
-    {file = "fonttools-4.60.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:996a4d1834524adbb423385d5a629b868ef9d774670856c63c9a0408a3063401"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:a46b2f450bc79e06ef3b6394f0c68660529ed51692606ad7f953fc2e448bc903"},
-    {file = "fonttools-4.60.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6ec722ee589e89a89f5b7574f5c45604030aa6ae24cb2c751e2707193b466fed"},
-    {file = "fonttools-4.60.1-cp312-cp312-win32.whl", hash = "sha256:b2cf105cee600d2de04ca3cfa1f74f1127f8455b71dbad02b9da6ec266e116d6"},
-    {file = "fonttools-4.60.1-cp312-cp312-win_amd64.whl", hash = "sha256:992775c9fbe2cf794786fa0ffca7f09f564ba3499b8fe9f2f80bd7197db60383"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:6f68576bb4bbf6060c7ab047b1574a1ebe5c50a17de62830079967b211059ebb"},
-    {file = "fonttools-4.60.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:eedacb5c5d22b7097482fa834bda0dafa3d914a4e829ec83cdea2a01f8c813c4"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:b33a7884fabd72bdf5f910d0cf46be50dce86a0362a65cfc746a4168c67eb96c"},
-    {file = "fonttools-4.60.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:2409d5fb7b55fd70f715e6d34e7a6e4f7511b8ad29a49d6df225ee76da76dd77"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c8651e0d4b3bdeda6602b85fdc2abbefc1b41e573ecb37b6779c4ca50753a199"},
-    {file = "fonttools-4.60.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:145daa14bf24824b677b9357c5e44fd8895c2a8f53596e1b9ea3496081dc692c"},
-    {file = "fonttools-4.60.1-cp313-cp313-win32.whl", hash = "sha256:2299df884c11162617a66b7c316957d74a18e3758c0274762d2cc87df7bc0272"},
-    {file = "fonttools-4.60.1-cp313-cp313-win_amd64.whl", hash = "sha256:a3db56f153bd4c5c2b619ab02c5db5192e222150ce5a1bc10f16164714bc39ac"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:a884aef09d45ba1206712c7dbda5829562d3fea7726935d3289d343232ecb0d3"},
-    {file = "fonttools-4.60.1-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8a44788d9d91df72d1a5eac49b31aeb887a5f4aab761b4cffc4196c74907ea85"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:e852d9dda9f93ad3651ae1e3bb770eac544ec93c3807888798eccddf84596537"},
-    {file = "fonttools-4.60.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:154cb6ee417e417bf5f7c42fe25858c9140c26f647c7347c06f0cc2d47eff003"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:5664fd1a9ea7f244487ac8f10340c4e37664675e8667d6fee420766e0fb3cf08"},
-    {file = "fonttools-4.60.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:583b7f8e3c49486e4d489ad1deacfb8d5be54a8ef34d6df824f6a171f8511d99"},
-    {file = "fonttools-4.60.1-cp314-cp314-win32.whl", hash = "sha256:66929e2ea2810c6533a5184f938502cfdaea4bc3efb7130d8cc02e1c1b4108d6"},
-    {file = "fonttools-4.60.1-cp314-cp314-win_amd64.whl", hash = "sha256:f3d5be054c461d6a2268831f04091dc82753176f6ea06dc6047a5e168265a987"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:b6379e7546ba4ae4b18f8ae2b9bc5960936007a1c0e30b342f662577e8bc3299"},
-    {file = "fonttools-4.60.1-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:9d0ced62b59e0430b3690dbc5373df1c2aa7585e9a8ce38eff87f0fd993c5b01"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:875cb7764708b3132637f6c5fb385b16eeba0f7ac9fa45a69d35e09b47045801"},
-    {file = "fonttools-4.60.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a184b2ea57b13680ab6d5fbde99ccef152c95c06746cb7718c583abd8f945ccc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:026290e4ec76583881763fac284aca67365e0be9f13a7fb137257096114cb3bc"},
-    {file = "fonttools-4.60.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:f0e8817c7d1a0c2eedebf57ef9a9896f3ea23324769a9a2061a80fe8852705ed"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win32.whl", hash = "sha256:1410155d0e764a4615774e5c2c6fc516259fe3eca5882f034eb9bfdbee056259"},
-    {file = "fonttools-4.60.1-cp314-cp314t-win_amd64.whl", hash = "sha256:022beaea4b73a70295b688f817ddc24ed3e3418b5036ffcd5658141184ef0d0c"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:122e1a8ada290423c493491d002f622b1992b1ab0b488c68e31c413390dc7eb2"},
-    {file = "fonttools-4.60.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a140761c4ff63d0cb9256ac752f230460ee225ccef4ad8f68affc723c88e2036"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0eae96373e4b7c9e45d099d7a523444e3554360927225c1cdae221a58a45b856"},
-    {file = "fonttools-4.60.1-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:596ecaca36367027d525b3b426d8a8208169d09edcf8c7506aceb3a38bfb55c7"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2ee06fc57512144d8b0445194c2da9f190f61ad51e230f14836286470c99f854"},
-    {file = "fonttools-4.60.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b42d86938e8dda1cd9a1a87a6d82f1818eaf933348429653559a458d027446da"},
-    {file = "fonttools-4.60.1-cp39-cp39-win32.whl", hash = "sha256:8b4eb332f9501cb1cd3d4d099374a1e1306783ff95489a1026bde9eb02ccc34a"},
-    {file = "fonttools-4.60.1-cp39-cp39-win_amd64.whl", hash = "sha256:7473a8ed9ed09aeaa191301244a5a9dbe46fe0bf54f9d6cd21d83044c3321217"},
-    {file = "fonttools-4.60.1-py3-none-any.whl", hash = "sha256:906306ac7afe2156fcf0042173d6ebbb05416af70f6b370967b47f8f00103bbb"},
-    {file = "fonttools-4.60.1.tar.gz", hash = "sha256:ef00af0439ebfee806b25f24c8f92109157ff3fac5731dc7867957812e87b8d9"},
-]
-
-[package.extras]
-all = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "lxml (>=4.0)", "lz4 (>=1.7.4.2)", "matplotlib", "munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\"", "skia-pathops (>=0.5.0)", "sympy", "uharfbuzz (>=0.23.0)", "unicodedata2 (>=15.1.0) ; python_version <= \"3.12\"", "xattr ; sys_platform == \"darwin\"", "zopfli (>=0.1.4)"]
-graphite = ["lz4 (>=1.7.4.2)"]
-interpolatable = ["munkres ; platform_python_implementation == \"PyPy\"", "pycairo", "scipy ; platform_python_implementation != \"PyPy\""]
-lxml = ["lxml (>=4.0)"]
-pathops = ["skia-pathops (>=0.5.0)"]
-plot = ["matplotlib"]
-repacker = ["uharfbuzz (>=0.23.0)"]
-symfont = ["sympy"]
-type1 = ["xattr ; sys_platform == \"darwin\""]
-unicode = ["unicodedata2 (>=15.1.0) ; python_version <= \"3.12\""]
-woff = ["brotli (>=1.0.1) ; platform_python_implementation == \"CPython\"", "brotlicffi (>=0.8.0) ; platform_python_implementation != \"CPython\"", "zopfli (>=0.1.4)"]
-
 [[package]]
 name = "freezegun"
 version = "1.5.1"
@@ -2988,117 +2714,6 @@ files = [
 [package.dependencies]
 referencing = ">=0.31.0"

-[[package]]
-name = "kiwisolver"
-version = "1.4.9"
-description = "A fast implementation of the Cassowary constraint solver"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:b4b4d74bda2b8ebf4da5bd42af11d02d04428b2c32846e4c2c93219df8a7987b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:fb3b8132019ea572f4611d770991000d7f58127560c4889729248eb5852a102f"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:84fd60810829c27ae375114cd379da1fa65e6918e1da405f356a775d49a62bcf"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b78efa4c6e804ecdf727e580dbb9cba85624d2e1c6b5cb059c66290063bd99a9"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d4efec7bcf21671db6a3294ff301d2fc861c31faa3c8740d1a94689234d1b415"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:90f47e70293fc3688b71271100a1a5453aa9944a81d27ff779c108372cf5567b"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:8fdca1def57a2e88ef339de1737a1449d6dbf5fab184c54a1fca01d541317154"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9cf554f21be770f5111a1690d42313e140355e687e05cf82cb23d0a721a64a48"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fc1795ac5cd0510207482c3d1d3ed781143383b8cfd36f5c645f3897ce066220"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:ccd09f20ccdbbd341b21a67ab50a119b64a403b09288c27481575105283c1586"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:540c7c72324d864406a009d72f5d6856f49693db95d1fbb46cf86febef873634"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_amd64.whl", hash = "sha256:ede8c6d533bc6601a47ad4046080d36b8fc99f81e6f1c17b0ac3c2dc91ac7611"},
-    {file = "kiwisolver-1.4.9-cp310-cp310-win_arm64.whl", hash = "sha256:7b4da0d01ac866a57dd61ac258c5607b4cd677f63abaec7b148354d2b2cdd536"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:eb14a5da6dc7642b0f3a18f13654847cd8b7a2550e2645a5bda677862b03ba16"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:39a219e1c81ae3b103643d2aedb90f1ef22650deb266ff12a19e7773f3e5f089"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2405a7d98604b87f3fc28b1716783534b1b4b8510d8142adca34ee0bc3c87543"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:dc1ae486f9abcef254b5618dfb4113dd49f94c68e3e027d03cf0143f3f772b61"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8a1f570ce4d62d718dce3f179ee78dac3b545ac16c0c04bb363b7607a949c0d1"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:cb27e7b78d716c591e88e0a09a2139c6577865d7f2e152488c2cc6257f460872"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:15163165efc2f627eb9687ea5f3a28137217d217ac4024893d753f46bce9de26"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:bdee92c56a71d2b24c33a7d4c2856bd6419d017e08caa7802d2963870e315028"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:412f287c55a6f54b0650bd9b6dce5aceddb95864a1a90c87af16979d37c89771"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:2c93f00dcba2eea70af2be5f11a830a742fe6b579a1d4e00f47760ef13be247a"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f117e1a089d9411663a3207ba874f31be9ac8eaa5b533787024dc07aeb74f464"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_amd64.whl", hash = "sha256:be6a04e6c79819c9a8c2373317d19a96048e5a3f90bec587787e86a1153883c2"},
-    {file = "kiwisolver-1.4.9-cp311-cp311-win_arm64.whl", hash = "sha256:0ae37737256ba2de764ddc12aed4956460277f00c4996d51a197e72f62f5eec7"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:ac5a486ac389dddcc5bef4f365b6ae3ffff2c433324fb38dd35e3fab7c957999"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:f2ba92255faa7309d06fe44c3a4a97efe1c8d640c2a79a5ef728b685762a6fd2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:4a2899935e724dd1074cb568ce7ac0dce28b2cd6ab539c8e001a8578eb106d14"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f6008a4919fdbc0b0097089f67a1eb55d950ed7e90ce2cc3e640abadd2757a04"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:67bb8b474b4181770f926f7b7d2f8c0248cbcb78b660fdd41a47054b28d2a752"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:2327a4a30d3ee07d2fbe2e7933e8a37c591663b96ce42a00bc67461a87d7df77"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:7a08b491ec91b1d5053ac177afe5290adacf1f0f6307d771ccac5de30592d198"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d8fc5c867c22b828001b6a38d2eaeb88160bf5783c6cb4a5e440efc981ce286d"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:3b3115b2581ea35bb6d1f24a4c90af37e5d9b49dcff267eeed14c3893c5b86ab"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:858e4c22fb075920b96a291928cb7dea5644e94c0ee4fcd5af7e865655e4ccf2"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ed0fecd28cc62c54b262e3736f8bb2512d8dcfdc2bcf08be5f47f96bf405b145"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_amd64.whl", hash = "sha256:f68208a520c3d86ea51acf688a3e3002615a7f0238002cccc17affecc86a8a54"},
-    {file = "kiwisolver-1.4.9-cp312-cp312-win_arm64.whl", hash = "sha256:2c1a4f57df73965f3f14df20b80ee29e6a7930a57d2d9e8491a25f676e197c60"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:a5d0432ccf1c7ab14f9949eec60c5d1f924f17c037e9f8b33352fa05799359b8"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efb3a45b35622bb6c16dbfab491a8f5a391fe0e9d45ef32f4df85658232ca0e2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1a12cf6398e8a0a001a059747a1cbf24705e18fe413bc22de7b3d15c67cffe3f"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b67e6efbf68e077dd71d1a6b37e43e1a99d0bff1a3d51867d45ee8908b931098"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5656aa670507437af0207645273ccdfee4f14bacd7f7c67a4306d0dcaeaf6eed"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:bfc08add558155345129c7803b3671cf195e6a56e7a12f3dde7c57d9b417f525"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:40092754720b174e6ccf9e845d0d8c7d8e12c3d71e7fc35f55f3813e96376f78"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:497d05f29a1300d14e02e6441cf0f5ee81c1ff5a304b0d9fb77423974684e08b"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:bdd1a81a1860476eb41ac4bc1e07b3f07259e6d55bbf739b79c8aaedcf512799"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:e6b93f13371d341afee3be9f7c5964e3fe61d5fa30f6a30eb49856935dfe4fc3"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d75aa530ccfaa593da12834b86a0724f58bff12706659baa9227c2ccaa06264c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_amd64.whl", hash = "sha256:dd0a578400839256df88c16abddf9ba14813ec5f21362e1fe65022e00c883d4d"},
-    {file = "kiwisolver-1.4.9-cp313-cp313-win_arm64.whl", hash = "sha256:d4188e73af84ca82468f09cadc5ac4db578109e52acb4518d8154698d3a87ca2"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:5a0f2724dfd4e3b3ac5a82436a8e6fd16baa7d507117e4279b660fe8ca38a3a1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:1b11d6a633e4ed84fc0ddafd4ebfd8ea49b3f25082c04ad12b8315c11d504dc1"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61874cdb0a36016354853593cffc38e56fc9ca5aa97d2c05d3dcf6922cd55a11"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:60c439763a969a6af93b4881db0eed8fadf93ee98e18cbc35bc8da868d0c4f0c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:92a2f997387a1b79a75e7803aa7ded2cfbe2823852ccf1ba3bcf613b62ae3197"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:a31d512c812daea6d8b3be3b2bfcbeb091dbb09177706569bcfc6240dcf8b41c"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:52a15b0f35dad39862d376df10c5230155243a2c1a436e39eb55623ccbd68185"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a30fd6fdef1430fd9e1ba7b3398b5ee4e2887783917a687d86ba69985fb08748"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_ppc64le.whl", hash = "sha256:cc9617b46837c6468197b5945e196ee9ca43057bb7d9d1ae688101e4e1dddf64"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_s390x.whl", hash = "sha256:0ab74e19f6a2b027ea4f845a78827969af45ce790e6cb3e1ebab71bdf9f215ff"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:dba5ee5d3981160c28d5490f0d1b7ed730c22470ff7f6cc26cfcfaacb9896a07"},
-    {file = "kiwisolver-1.4.9-cp313-cp313t-win_arm64.whl", hash = "sha256:0749fd8f4218ad2e851e11cc4dc05c7cbc0cbc4267bdfdb31782e65aace4ee9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:9928fe1eb816d11ae170885a74d074f57af3a0d65777ca47e9aeb854a1fba386"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d0005b053977e7b43388ddec89fa567f43d4f6d5c2c0affe57de5ebf290dc552"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:2635d352d67458b66fd0667c14cb1d4145e9560d503219034a18a87e971ce4f3"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:767c23ad1c58c9e827b649a9ab7809fd5fd9db266a9cf02b0e926ddc2c680d58"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:72d0eb9fba308b8311685c2268cf7d0a0639a6cd027d8128659f72bdd8a024b4"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:f68e4f3eeca8fb22cc3d731f9715a13b652795ef657a13df1ad0c7dc0e9731df"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:d84cd4061ae292d8ac367b2c3fa3aad11cb8625a95d135fe93f286f914f3f5a6"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:a60ea74330b91bd22a29638940d115df9dc00af5035a9a2a6ad9399ffb4ceca5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:ce6a3a4e106cf35c2d9c4fa17c05ce0b180db622736845d4315519397a77beaf"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:77937e5e2a38a7b48eef0585114fe7930346993a88060d0bf886086d2aa49ef5"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:24c175051354f4a28c5d6a31c93906dc653e2bf234e8a4bbfb964892078898ce"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_amd64.whl", hash = "sha256:0763515d4df10edf6d06a3c19734e2566368980d21ebec439f33f9eb936c07b7"},
-    {file = "kiwisolver-1.4.9-cp314-cp314-win_arm64.whl", hash = "sha256:0e4e2bf29574a6a7b7f6cb5fa69293b9f96c928949ac4a53ba3f525dffb87f9c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_universal2.whl", hash = "sha256:d976bbb382b202f71c67f77b0ac11244021cfa3f7dfd9e562eefcea2df711548"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:2489e4e5d7ef9a1c300a5e0196e43d9c739f066ef23270607d45aba368b91f2d"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:e2ea9f7ab7fbf18fffb1b5434ce7c69a07582f7acc7717720f1d69f3e806f90c"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b34e51affded8faee0dfdb705416153819d8ea9250bbbf7ea1b249bdeb5f1122"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d8aacd3d4b33b772542b2e01beb50187536967b514b00003bdda7589722d2a64"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:7cf974dd4e35fa315563ac99d6287a1024e4dc2077b8a7d7cd3d2fb65d283134"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-manylinux_2_24_s390x.manylinux_2_28_s390x.whl", hash = "sha256:85bd218b5ecfbee8c8a82e121802dcb519a86044c9c3b2e4aef02fa05c6da370"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:0856e241c2d3df4efef7c04a1e46b1936b6120c9bcf36dd216e3acd84bc4fb21"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_ppc64le.whl", hash = "sha256:9af39d6551f97d31a4deebeac6f45b156f9755ddc59c07b402c148f5dbb6482a"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_s390x.whl", hash = "sha256:bb4ae2b57fc1d8cbd1cf7b1d9913803681ffa903e7488012be5b76dedf49297f"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:aedff62918805fb62d43a4aa2ecd4482c380dc76cd31bd7c8878588a61bd0369"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_amd64.whl", hash = "sha256:1fa333e8b2ce4d9660f2cda9c0e1b6bafcfb2457a9d259faa82289e73ec24891"},
-    {file = "kiwisolver-1.4.9-cp314-cp314t-win_arm64.whl", hash = "sha256:4a48a2ce79d65d363597ef7b567ce3d14d68783d2b2263d98db3d9477805ba32"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:4d1d9e582ad4d63062d34077a9a1e9f3c34088a2ec5135b1f7190c07cf366527"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:deed0c7258ceb4c44ad5ec7d9918f9f14fd05b2be86378d86cf50e63d1e7b771"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:0a590506f303f512dff6b7f75fd2fd18e16943efee932008fe7140e5fa91d80e"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e09c2279a4d01f099f52d5c4b3d9e208e91edcbd1a175c9662a8b16e000fece9"},
-    {file = "kiwisolver-1.4.9-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:c9e7cdf45d594ee04d5be1b24dd9d49f3d1590959b2271fb30b5ca2b262c00fb"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:720e05574713db64c356e86732c0f3c5252818d05f9df320f0ad8380641acea5"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:17680d737d5335b552994a2008fab4c851bcd7de33094a82067ef3a576ff02fa"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:85b5352f94e490c028926ea567fc569c52ec79ce131dadb968d3853e809518c2"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:464415881e4801295659462c49461a24fb107c140de781d55518c4b80cb6790f"},
-    {file = "kiwisolver-1.4.9-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:fb940820c63a9590d31d88b815e7a3aa5915cad3ce735ab45f0c730b39547de1"},
-    {file = "kiwisolver-1.4.9.tar.gz", hash = "sha256:c3b22c26c6fd6811b0ae8363b95ca8ce4ea3c202d3d0975b2914310ceb1bcc4d"},
-]
-
 [[package]]
 name = "kombu"
 version = "5.5.4"
@@ -3449,85 +3064,6 @@ dev = ["marshmallow[tests]", "pre-commit (>=3.5,<5.0)", "tox"]
 docs = ["autodocsumm (==0.2.14)", "furo (==2024.8.6)", "sphinx (==8.1.3)", "sphinx-copybutton (==0.5.2)", "sphinx-issues (==5.0.0)", "sphinxext-opengraph (==0.9.1)"]
 tests = ["pytest", "simplejson"]

-[[package]]
-name = "matplotlib"
-version = "3.10.6"
-description = "Python plotting package"
-optional = false
-python-versions = ">=3.10"
-groups = ["main"]
-files = [
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:bc7316c306d97463a9866b89d5cc217824e799fa0de346c8f68f4f3d27c8693d"},
-    {file = "matplotlib-3.10.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:d00932b0d160ef03f59f9c0e16d1e3ac89646f7785165ce6ad40c842db16cc2e"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8fa4c43d6bfdbfec09c733bca8667de11bfa4970e8324c471f3a3632a0301c15"},
-    {file = "matplotlib-3.10.6-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ea117a9c1627acaa04dbf36265691921b999cbf515a015298e54e1a12c3af837"},
-    {file = "matplotlib-3.10.6-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:08fc803293b4e1694ee325896030de97f74c141ccff0be886bb5915269247676"},
-    {file = "matplotlib-3.10.6-cp310-cp310-win_amd64.whl", hash = "sha256:2adf92d9b7527fbfb8818e050260f0ebaa460f79d61546374ce73506c9421d09"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:905b60d1cb0ee604ce65b297b61cf8be9f4e6cfecf95a3fe1c388b5266bc8f4f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7bac38d816637343e53d7185d0c66677ff30ffb131044a81898b5792c956ba76"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:942a8de2b5bfff1de31d95722f702e2966b8a7e31f4e68f7cd963c7cd8861cf6"},
-    {file = "matplotlib-3.10.6-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:a3276c85370bc0dfca051ec65c5817d1e0f8f5ce1b7787528ec8ed2d524bbc2f"},
-    {file = "matplotlib-3.10.6-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9df5851b219225731f564e4b9e7f2ac1e13c9e6481f941b5631a0f8e2d9387ce"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_amd64.whl", hash = "sha256:abb5d9478625dd9c9eb51a06d39aae71eda749ae9b3138afb23eb38824026c7e"},
-    {file = "matplotlib-3.10.6-cp311-cp311-win_arm64.whl", hash = "sha256:886f989ccfae63659183173bb3fced7fd65e9eb793c3cc21c273add368536951"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:31ca662df6a80bd426f871105fdd69db7543e28e73a9f2afe80de7e531eb2347"},
-    {file = "matplotlib-3.10.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1678bb61d897bb4ac4757b5ecfb02bfb3fddf7f808000fb81e09c510712fda75"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:56cd2d20842f58c03d2d6e6c1f1cf5548ad6f66b91e1e48f814e4fb5abd1cb95"},
-    {file = "matplotlib-3.10.6-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:662df55604a2f9a45435566d6e2660e41efe83cd94f4288dfbf1e6d1eae4b0bb"},
-    {file = "matplotlib-3.10.6-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:08f141d55148cd1fc870c3387d70ca4df16dee10e909b3b038782bd4bda6ea07"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_amd64.whl", hash = "sha256:590f5925c2d650b5c9d813c5b3b5fc53f2929c3f8ef463e4ecfa7e052044fb2b"},
-    {file = "matplotlib-3.10.6-cp312-cp312-win_arm64.whl", hash = "sha256:f44c8d264a71609c79a78d50349e724f5d5fc3684ead7c2a473665ee63d868aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:819e409653c1106c8deaf62e6de6b8611449c2cd9939acb0d7d4e57a3d95cc7a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:59c8ac8382fefb9cb71308dde16a7c487432f5255d8f1fd32473523abecfecdf"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:84e82d9e0fd70c70bc55739defbd8055c54300750cbacf4740c9673a24d6933a"},
-    {file = "matplotlib-3.10.6-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:25f7a3eb42d6c1c56e89eacd495661fc815ffc08d9da750bca766771c0fd9110"},
-    {file = "matplotlib-3.10.6-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f9c862d91ec0b7842920a4cfdaaec29662195301914ea54c33e01f1a28d014b2"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_amd64.whl", hash = "sha256:1b53bd6337eba483e2e7d29c5ab10eee644bc3a2491ec67cc55f7b44583ffb18"},
-    {file = "matplotlib-3.10.6-cp313-cp313-win_arm64.whl", hash = "sha256:cbd5eb50b7058b2892ce45c2f4e92557f395c9991f5c886d1bb74a1582e70fd6"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:acc86dd6e0e695c095001a7fccff158c49e45e0758fdf5dcdbb0103318b59c9f"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:e228cd2ffb8f88b7d0b29e37f68ca9aaf83e33821f24a5ccc4f082dd8396bc27"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:658bc91894adeab669cf4bb4a186d049948262987e80f0857216387d7435d833"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8913b7474f6dd83ac444c9459c91f7f0f2859e839f41d642691b104e0af056aa"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:091cea22e059b89f6d7d1a18e2c33a7376c26eee60e401d92a4d6726c4e12706"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_amd64.whl", hash = "sha256:491e25e02a23d7207629d942c666924a6b61e007a48177fdd231a0097b7f507e"},
-    {file = "matplotlib-3.10.6-cp313-cp313t-win_arm64.whl", hash = "sha256:3d80d60d4e54cda462e2cd9a086d85cd9f20943ead92f575ce86885a43a565d5"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:70aaf890ce1d0efd482df969b28a5b30ea0b891224bb315810a3940f67182899"},
-    {file = "matplotlib-3.10.6-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:1565aae810ab79cb72e402b22facfa6501365e73ebab70a0fdfb98488d2c3c0c"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f3b23315a01981689aa4e1a179dbf6ef9fbd17143c3eea77548c2ecfb0499438"},
-    {file = "matplotlib-3.10.6-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:30fdd37edf41a4e6785f9b37969de57aea770696cb637d9946eb37470c94a453"},
-    {file = "matplotlib-3.10.6-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:bc31e693da1c08012c764b053e702c1855378e04102238e6a5ee6a7117c53a47"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_amd64.whl", hash = "sha256:05be9bdaa8b242bc6ff96330d18c52f1fc59c6fb3a4dd411d953d67e7e1baf98"},
-    {file = "matplotlib-3.10.6-cp314-cp314-win_arm64.whl", hash = "sha256:f56a0d1ab05d34c628592435781d185cd99630bdfd76822cd686fb5a0aecd43a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:94f0b4cacb23763b64b5dace50d5b7bfe98710fed5f0cef5c08135a03399d98b"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:cc332891306b9fb39462673d8225d1b824c89783fee82840a709f96714f17a5c"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee1d607b3fb1590deb04b69f02ea1d53ed0b0bf75b2b1a5745f269afcbd3cdd3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:376a624a218116461696b27b2bbf7a8945053e6d799f6502fc03226d077807bf"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:83847b47f6524c34b4f2d3ce726bb0541c48c8e7692729865c3df75bfa0f495a"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c7e0518e0d223683532a07f4b512e2e0729b62674f1b3a1a69869f98e6b1c7e3"},
-    {file = "matplotlib-3.10.6-cp314-cp314t-win_arm64.whl", hash = "sha256:4dd83e029f5b4801eeb87c64efd80e732452781c16a9cf7415b7b63ec8f374d7"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:13fcd07ccf17e354398358e0307a1f53f5325dca22982556ddb9c52837b5af41"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:470fc846d59d1406e34fa4c32ba371039cd12c2fe86801159a965956f2575bd1"},
-    {file = "matplotlib-3.10.6-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f7173f8551b88f4ef810a94adae3128c2530e0d07529f7141be7f8d8c365f051"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:f2d684c3204fa62421bbf770ddfebc6b50130f9cad65531eeba19236d73bb488"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:6f4a69196e663a41d12a728fab8751177215357906436804217d6d9cf0d4d6cf"},
-    {file = "matplotlib-3.10.6-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:4d6ca6ef03dfd269f4ead566ec6f3fb9becf8dab146fb999022ed85ee9f6b3eb"},
-    {file = "matplotlib-3.10.6.tar.gz", hash = "sha256:ec01b645840dd1996df21ee37f208cd8ba57644779fa20464010638013d3203c"},
-]
-
-[package.dependencies]
-contourpy = ">=1.0.1"
-cycler = ">=0.10"
-fonttools = ">=4.22.0"
-kiwisolver = ">=1.3.1"
-numpy = ">=1.23"
-packaging = ">=20.0"
-pillow = ">=8"
-pyparsing = ">=2.3.1"
-python-dateutil = ">=2.7"
-
-[package.extras]
-dev = ["meson-python (>=0.13.1,<0.17.0)", "pybind11 (>=2.13.2,!=2.13.3)", "setuptools (>=64)", "setuptools_scm (>=7)"]
-
 [[package]]
 name = "mccabe"
 version = "0.7.0"
@@ -4058,29 +3594,6 @@ rsa = ["cryptography (>=3.0.0)"]
 signals = ["blinker (>=1.4.0)"]
 signedtoken = ["cryptography (>=3.0.0)", "pyjwt (>=2.0.0,<3)"]

-[[package]]
-name = "oci"
-version = "2.160.3"
-description = "Oracle Cloud Infrastructure Python SDK"
-optional = false
-python-versions = "*"
-groups = ["main"]
-files = [
-    {file = "oci-2.160.3-py3-none-any.whl", hash = "sha256:858bff3e697098bdda44833d2476bfb4632126f0182178e7dbde4dbd156d71f0"},
-    {file = "oci-2.160.3.tar.gz", hash = "sha256:57514889be3b713a8385d86e3ba8a33cf46e3563c2a7e29a93027fb30b8a2537"},
-]
-
-[package.dependencies]
-certifi = "*"
-circuitbreaker = {version = ">=1.3.1,<3.0.0", markers = "python_version >= \"3.7\""}
-cryptography = ">=3.2.1,<46.0.0"
-pyOpenSSL = ">=17.5.0,<25.0.0"
-python-dateutil = ">=2.5.3,<3.0.0"
-pytz = ">=2016.10"
-
-[package.extras]
-adk = ["docstring-parser (>=0.16) ; python_version >= \"3.10\" and python_version < \"4\"", "mcp (>=1.6.0) ; python_version >= \"3.10\" and python_version < \"4\"", "pydantic (>=2.10.6) ; python_version >= \"3.10\" and python_version < \"4\"", "rich (>=13.9.4) ; python_version >= \"3.10\" and python_version < \"4\""]
-
 [[package]]
 name = "openai"
 version = "1.101.0"
@@ -4271,131 +3784,6 @@ files = [
 [package.dependencies]
 setuptools = "*"

-[[package]]
-name = "pillow"
-version = "11.3.0"
-description = "Python Imaging Library (Fork)"
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "pillow-11.3.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860"},
-    {file = "pillow-11.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9"},
-    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:040a5b691b0713e1f6cbe222e0f4f74cd233421e105850ae3b3c0ceda520f42e"},
-    {file = "pillow-11.3.0-cp310-cp310-win32.whl", hash = "sha256:89bd777bc6624fe4115e9fac3352c79ed60f3bb18651420635f26e643e3dd1f6"},
-    {file = "pillow-11.3.0-cp310-cp310-win_amd64.whl", hash = "sha256:19d2ff547c75b8e3ff46f4d9ef969a06c30ab2d4263a9e287733aa8b2429ce8f"},
-    {file = "pillow-11.3.0-cp310-cp310-win_arm64.whl", hash = "sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722"},
-    {file = "pillow-11.3.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e"},
-    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:932c754c2d51ad2b2271fd01c3d121daaa35e27efae2a616f77bf164bc0b3e94"},
-    {file = "pillow-11.3.0-cp311-cp311-win32.whl", hash = "sha256:b4b8f3efc8d530a1544e5962bd6b403d5f7fe8b9e08227c6b255f98ad82b4ba0"},
-    {file = "pillow-11.3.0-cp311-cp311-win_amd64.whl", hash = "sha256:1a992e86b0dd7aeb1f053cd506508c0999d710a8f07b4c791c63843fc6a807ac"},
-    {file = "pillow-11.3.0-cp311-cp311-win_arm64.whl", hash = "sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4"},
-    {file = "pillow-11.3.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809"},
-    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6be31e3fc9a621e071bc17bb7de63b85cbe0bfae91bb0363c893cbe67247780d"},
-    {file = "pillow-11.3.0-cp312-cp312-win32.whl", hash = "sha256:7b161756381f0918e05e7cb8a371fff367e807770f8fe92ecb20d905d0e1c149"},
-    {file = "pillow-11.3.0-cp312-cp312-win_amd64.whl", hash = "sha256:a6444696fce635783440b7f7a9fc24b3ad10a9ea3f0ab66c5905be1c19ccf17d"},
-    {file = "pillow-11.3.0-cp312-cp312-win_arm64.whl", hash = "sha256:2aceea54f957dd4448264f9bf40875da0415c83eb85f55069d89c0ed436e3542"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphoneos.whl", hash = "sha256:1c627742b539bba4309df89171356fcb3cc5a9178355b2727d1b74a6cf155fbd"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_arm64_iphonesimulator.whl", hash = "sha256:30b7c02f3899d10f13d7a48163c8969e4e653f8b43416d23d13d1bbfdc93b9f8"},
-    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c"},
-    {file = "pillow-11.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2"},
-    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:45dfc51ac5975b938e9809451c51734124e73b04d0f0ac621649821a63852e7b"},
-    {file = "pillow-11.3.0-cp313-cp313-win32.whl", hash = "sha256:a4d336baed65d50d37b88ca5b60c0fa9d81e3a87d4a7930d3880d1624d5b31f3"},
-    {file = "pillow-11.3.0-cp313-cp313-win_amd64.whl", hash = "sha256:0bce5c4fd0921f99d2e858dc4d4d64193407e1b99478bc5cacecba2311abde51"},
-    {file = "pillow-11.3.0-cp313-cp313-win_arm64.whl", hash = "sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e"},
-    {file = "pillow-11.3.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe"},
-    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:83e1b0161c9d148125083a35c1c5a89db5b7054834fd4387499e06552035236c"},
-    {file = "pillow-11.3.0-cp313-cp313t-win32.whl", hash = "sha256:2a3117c06b8fb646639dce83694f2f9eac405472713fcb1ae887469c0d4f6788"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_amd64.whl", hash = "sha256:857844335c95bea93fb39e0fa2726b4d9d758850b34075a7e3ff4f4fa3aa3b31"},
-    {file = "pillow-11.3.0-cp313-cp313t-win_arm64.whl", hash = "sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12"},
-    {file = "pillow-11.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874"},
-    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:98a9afa7b9007c67ed84c57c9e0ad86a6000da96eaa638e4f8abe5b65ff83f0a"},
-    {file = "pillow-11.3.0-cp314-cp314-win32.whl", hash = "sha256:02a723e6bf909e7cea0dac1b0e0310be9d7650cd66222a5f1c571455c0a45214"},
-    {file = "pillow-11.3.0-cp314-cp314-win_amd64.whl", hash = "sha256:a418486160228f64dd9e9efcd132679b7a02a5f22c982c78b6fc7dab3fefb635"},
-    {file = "pillow-11.3.0-cp314-cp314-win_arm64.whl", hash = "sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae"},
-    {file = "pillow-11.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50"},
-    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:a1bc6ba083b145187f648b667e05a2534ecc4b9f2784c2cbe3089e44868f2b9b"},
-    {file = "pillow-11.3.0-cp314-cp314t-win32.whl", hash = "sha256:118ca10c0d60b06d006be10a501fd6bbdfef559251ed31b794668ed569c87e12"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8924748b688aa210d79883357d102cd64690e56b923a186f35a82cbc10f997db"},
-    {file = "pillow-11.3.0-cp314-cp314t-win_arm64.whl", hash = "sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f"},
-    {file = "pillow-11.3.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978"},
-    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:97afb3a00b65cc0804d1c7abddbf090a81eaac02768af58cbdcaaa0a931e0b6d"},
-    {file = "pillow-11.3.0-cp39-cp39-win32.whl", hash = "sha256:ea944117a7974ae78059fcc1800e5d3295172bb97035c0c1d9345fca1419da71"},
-    {file = "pillow-11.3.0-cp39-cp39-win_amd64.whl", hash = "sha256:e5c5858ad8ec655450a7c7df532e9842cf8df7cc349df7225c60d5d348c8aada"},
-    {file = "pillow-11.3.0-cp39-cp39-win_arm64.whl", hash = "sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8"},
-    {file = "pillow-11.3.0.tar.gz", hash = "sha256:3828ee7586cd0b2091b6209e5ad53e20d0649bbe87164a459d0676e035e8f523"},
-]
-
-[package.extras]
-docs = ["furo", "olefile", "sphinx (>=8.2)", "sphinx-autobuild", "sphinx-copybutton", "sphinx-inline-tabs", "sphinxext-opengraph"]
-fpx = ["olefile"]
-mic = ["olefile"]
-test-arrow = ["pyarrow"]
-tests = ["check-manifest", "coverage (>=7.4.2)", "defusedxml", "markdown2", "olefile", "packaging", "pyroma", "pytest", "pytest-cov", "pytest-timeout", "pytest-xdist", "trove-classifiers (>=2024.10.12)"]
-typing = ["typing-extensions ; python_version < \"3.10\""]
-xmp = ["defusedxml"]
-
 [[package]]
 name = "platformdirs"
 version = "4.3.8"
@@ -4615,7 +4003,7 @@ files = [

 [[package]]
 name = "prowler"
-version = "5.13.0"
+version = "5.11.0"
 description = "Prowler is an Open Source security tool to perform AWS, GCP and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks."
 optional = false
 python-versions = ">3.9.1,<3.13"
@@ -4628,7 +4016,6 @@ alive-progress = "3.3.0"
 awsipranges = "0.3.3"
 azure-identity = "1.21.0"
 azure-keyvault-keys = "4.10.0"
-azure-mgmt-apimanagement = "5.0.0"
 azure-mgmt-applicationinsights = "4.1.0"
 azure-mgmt-authorization = "4.0.0"
 azure-mgmt-compute = "34.0.0"
@@ -4637,7 +4024,6 @@ azure-mgmt-containerservice = "34.1.0"
 azure-mgmt-cosmosdb = "9.7.0"
 azure-mgmt-databricks = "2.0.0"
 azure-mgmt-keyvault = "10.3.1"
-azure-mgmt-loganalytics = "12.0.0"
 azure-mgmt-monitor = "6.0.2"
 azure-mgmt-network = "28.1.0"
 azure-mgmt-rdbms = "10.1.0"
@@ -4650,7 +4036,6 @@ azure-mgmt-sql = "3.0.1"
 azure-mgmt-storage = "22.1.1"
 azure-mgmt-subscription = "3.1.1"
 azure-mgmt-web = "8.0.0"
-azure-monitor-query = "2.0.0"
 azure-storage-blob = "12.24.1"
 boto3 = "1.39.15"
 botocore = "1.39.15"
@@ -4662,14 +4047,11 @@ detect-secrets = "1.5.0"
 dulwich = "0.23.0"
 google-api-python-client = "2.163.0"
 google-auth-httplib2 = ">=0.1,<0.3"
-h2 = "4.3.0"
 jsonschema = "4.23.0"
 kubernetes = "32.0.1"
-markdown = "3.9.0"
 microsoft-kiota-abstractions = "1.9.2"
 msgraph-sdk = "1.23.0"
 numpy = "2.0.2"
-oci = "2.160.3"
 pandas = "2.2.3"
 py-iam-expand = "0.1.0"
 py-ocsf-models = "0.5.0"
@@ -4686,8 +4068,8 @@ tzlocal = "5.3.1"
 [package.source]
 type = "git"
 url = "https://github.com/prowler-cloud/prowler.git"
-reference = "v5.13"
-resolved_reference = "b1856e42f0143a64e8cc26c7aa3c7643bd1083d3"
+reference = "master"
+resolved_reference = "525f152e51f82de2110ed158c8dc489e42c289cf"

 [[package]]
 name = "psutil"
@@ -5172,25 +4554,6 @@ cffi = ">=1.4.1"
 docs = ["sphinx (>=1.6.5)", "sphinx-rtd-theme"]
 tests = ["hypothesis (>=3.27.0)", "pytest (>=3.2.1,!=3.3.0)"]

-[[package]]
-name = "pyopenssl"
-version = "24.3.0"
-description = "Python wrapper module around the OpenSSL library"
-optional = false
-python-versions = ">=3.7"
-groups = ["main"]
-files = [
-    {file = "pyOpenSSL-24.3.0-py3-none-any.whl", hash = "sha256:e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a"},
-    {file = "pyopenssl-24.3.0.tar.gz", hash = "sha256:49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36"},
-]
-
-[package.dependencies]
-cryptography = ">=41.0.5,<45"
-
-[package.extras]
-docs = ["sphinx (!=5.2.0,!=5.2.0.post0,!=7.2.5)", "sphinx_rtd_theme"]
-test = ["pretend", "pytest (>=3.0.1)", "pytest-rerunfailures"]
-
 [[package]]
 name = "pyparsing"
 version = "3.2.3"
@@ -5575,29 +4938,6 @@ attrs = ">=22.2.0"
 rpds-py = ">=0.7.0"
 typing-extensions = {version = ">=4.4.0", markers = "python_version < \"3.13\""}

-[[package]]
-name = "reportlab"
-version = "4.4.4"
-description = "The Reportlab Toolkit"
-optional = false
-python-versions = "<4,>=3.9"
-groups = ["main"]
-files = [
-    {file = "reportlab-4.4.4-py3-none-any.whl", hash = "sha256:299b3b0534e7202bb94ed2ddcd7179b818dcda7de9d8518a57c85a58a1ebaadb"},
-    {file = "reportlab-4.4.4.tar.gz", hash = "sha256:cb2f658b7f4a15be2cc68f7203aa67faef67213edd4f2d4bdd3eb20dab75a80d"},
-]
-
-[package.dependencies]
-charset-normalizer = "*"
-pillow = ">=9.0.0"
-
-[package.extras]
-accel = ["rl_accel (>=0.9.0,<1.1)"]
-bidi = ["rlbidi"]
-pycairo = ["freetype-py (>=2.3.0,<2.4)", "rlPyCairo (>=0.2.0,<1)"]
-renderpm = ["rl_renderPM (>=4.0.3,<4.1)"]
-shaping = ["uharfbuzz"]
-
 [[package]]
 name = "requests"
 version = "2.32.5"
@@ -6841,4 +6181,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.1"
 python-versions = ">=3.11,<3.13"
-content-hash = "8fcb616e55530e7940019d3da33e955b026b9105e1216a3c5f39b411c015b6d7"
+content-hash = "91058a14382b76136a82f45624a30aece7a6d77c8b36c290bb4c40ea60c8850b"
@@ -7,7 +7,7 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django (==5.1.13)",
+  "django (==5.1.12)",
  "django-allauth[saml] (>=65.8.0,<66.0.0)",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
@@ -24,7 +24,7 @@ dependencies = [
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
  "lxml==5.3.2",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.13",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@master",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
@@ -32,10 +32,7 @@ dependencies = [
  "openai (>=1.82.0,<2.0.0)",
  "xmlsec==1.3.14",
  "h2 (==4.3.0)",
-  "markdown (>=3.9,<4.0)",
-  "drf-simple-apikey (==2.2.1)",
-  "matplotlib (>=3.10.6,<4.0.0)",
-  "reportlab (>=4.4.4,<5.0.0)"
+  "markdown (>=3.9,<4.0)"
 ]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
@@ -43,7 +40,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.14.1"
+version = "1.14.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -1,12 +1,14 @@
 import logging
 import os
-import sys
+
 from pathlib import Path
+import sys
+
+from django.apps import AppConfig
+from django.conf import settings

 from config.custom_logging import BackendLogger
 from config.env import env
-from django.apps import AppConfig
-from django.conf import settings

 logger = logging.getLogger(BackendLogger.API)

@@ -28,7 +30,6 @@ class ApiConfig(AppConfig):
    name = "api"

    def ready(self):
-        from api import schema_extensions  # noqa: F401
        from api import signals  # noqa: F401
        from api.compliance import load_prowler_compliance

@@ -1,95 +0,0 @@
-from typing import Optional, Tuple
-from uuid import UUID
-
-from cryptography.fernet import InvalidToken
-from django.utils import timezone
-from drf_simple_apikey.backends import APIKeyAuthentication as BaseAPIKeyAuth
-from drf_simple_apikey.crypto import get_crypto
-from rest_framework.authentication import BaseAuthentication
-from rest_framework.exceptions import AuthenticationFailed
-from rest_framework.request import Request
-from rest_framework_simplejwt.authentication import JWTAuthentication
-
-from api.db_router import MainRouter
-from api.models import TenantAPIKey, TenantAPIKeyManager
-
-
-class TenantAPIKeyAuthentication(BaseAPIKeyAuth):
-    model = TenantAPIKey
-
-    def __init__(self):
-        self.key_crypto = get_crypto()
-
-    def _authenticate_credentials(self, request, key):
-        """
-        Override to use admin connection, bypassing RLS during authentication.
-        Delegates to parent after temporarily routing model queries to admin DB.
-        """
-        # Temporarily point the model's manager to admin database
-        original_objects = self.model.objects
-        self.model.objects = self.model.objects.using(MainRouter.admin_db)
-
-        try:
-            # Call parent method which will now use admin database
-            return super()._authenticate_credentials(request, key)
-        finally:
-            # Restore original manager
-            self.model.objects = original_objects
-
-    def authenticate(self, request: Request):
-        prefixed_key = self.get_key(request)
-
-        # Split prefix from key (format: pk_xxxxxxxx.encrypted_key)
-        try:
-            prefix, key = prefixed_key.split(TenantAPIKeyManager.separator, 1)
-        except ValueError:
-            raise AuthenticationFailed("Invalid API Key.")
-
-        try:
-            entity, _ = self._authenticate_credentials(request, key)
-        except InvalidToken:
-            raise AuthenticationFailed("Invalid API Key.")
-
-        # Get the API key instance to update last_used_at and retrieve tenant info
-        # We need to decrypt again to get the pk (already validated by _authenticate_credentials)
-        payload = self.key_crypto.decrypt(key)
-        api_key_pk = payload["_pk"]
-
-        # Convert string UUID back to UUID object for lookup
-        if isinstance(api_key_pk, str):
-            api_key_pk = UUID(api_key_pk)
-
-        try:
-            api_key_instance = TenantAPIKey.objects.using(MainRouter.admin_db).get(
-                id=api_key_pk, prefix=prefix
-            )
-        except TenantAPIKey.DoesNotExist:
-            raise AuthenticationFailed("Invalid API Key.")
-
-        # Update last_used_at
-        api_key_instance.last_used_at = timezone.now()
-        api_key_instance.save(update_fields=["last_used_at"], using=MainRouter.admin_db)
-
-        return entity, {
-            "tenant_id": str(api_key_instance.tenant_id),
-            "sub": str(api_key_instance.entity.id),
-            "api_key_prefix": prefix,
-        }
-
-
-class CombinedJWTOrAPIKeyAuthentication(BaseAuthentication):
-    jwt_auth = JWTAuthentication()
-    api_key_auth = TenantAPIKeyAuthentication()
-
-    def authenticate(self, request: Request) -> Optional[Tuple[object, dict]]:
-        auth_header = request.headers.get("Authorization", "")
-
-        # Prioritize JWT authentication if both are present
-        if auth_header.startswith("Bearer "):
-            return self.jwt_auth.authenticate(request)
-
-        if auth_header.startswith("Api-Key "):
-            return self.api_key_auth.authenticate(request)
-
-        # Default fallback
-        return self.jwt_auth.authenticate(request)
@@ -1,15 +1,13 @@
-from django.conf import settings
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
 from rest_framework.filters import SearchFilter
-from rest_framework.permissions import SAFE_METHODS
 from rest_framework_json_api import filters
 from rest_framework_json_api.views import ModelViewSet
+from rest_framework_simplejwt.authentication import JWTAuthentication

-from api.authentication import CombinedJWTOrAPIKeyAuthentication
-from api.db_router import MainRouter, reset_read_db_alias, set_read_db_alias
+from api.db_router import MainRouter
 from api.db_utils import POSTGRES_USER_VAR, rls_transaction
 from api.filters import CustomDjangoFilterBackend
 from api.models import Role, Tenant
@@ -17,7 +15,7 @@ from api.rbac.permissions import HasPermissions


 class BaseViewSet(ModelViewSet):
-    authentication_classes = [CombinedJWTOrAPIKeyAuthentication]
+    authentication_classes = [JWTAuthentication]
    required_permissions = []
    permission_classes = [permissions.IsAuthenticated, HasPermissions]
    filter_backends = [
@@ -33,20 +31,6 @@ class BaseViewSet(ModelViewSet):
    ordering_fields = "__all__"
    ordering = ["id"]

-    def _get_request_db_alias(self, request):
-        if request is None:
-            return MainRouter.default_db
-
-        read_alias = (
-            MainRouter.replica_db
-            if request.method in SAFE_METHODS
-            and MainRouter.replica_db in settings.DATABASES
-            else None
-        )
-        if read_alias:
-            return read_alias
-        return MainRouter.default_db
-
    def initial(self, request, *args, **kwargs):
        """
        Sets required_permissions before permissions are checked.
@@ -64,21 +48,8 @@ class BaseViewSet(ModelViewSet):

 class BaseRLSViewSet(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
-        self.db_alias = self._get_request_db_alias(request)
-        alias_token = None
-        try:
-            if self.db_alias != MainRouter.default_db:
-                alias_token = set_read_db_alias(self.db_alias)
-
-            if request is not None:
-                request.db_alias = self.db_alias
-
-            with transaction.atomic(using=self.db_alias):
-                return super().dispatch(request, *args, **kwargs)
-        finally:
-            if alias_token is not None:
-                reset_read_db_alias(alias_token)
-            self.db_alias = MainRouter.default_db
+        with transaction.atomic():
+            return super().dispatch(request, *args, **kwargs)

    def initial(self, request, *args, **kwargs):
        # Ideally, this logic would be in the `.setup()` method but DRF view sets don't call it
@@ -90,9 +61,7 @@ class BaseRLSViewSet(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(
-            tenant_id, using=getattr(self, "db_alias", MainRouter.default_db)
-        ):
+        with rls_transaction(tenant_id):
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)

@@ -104,33 +73,18 @@ class BaseRLSViewSet(BaseViewSet):

 class BaseTenantViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
-        self.db_alias = self._get_request_db_alias(request)
-        alias_token = None
+        with transaction.atomic():
+            tenant = super().dispatch(request, *args, **kwargs)
+
        try:
-            if self.db_alias != MainRouter.default_db:
-                alias_token = set_read_db_alias(self.db_alias)
+            # If the request is a POST, create the admin role
+            if request.method == "POST":
+                isinstance(tenant, dict) and self._create_admin_role(tenant.data["id"])
+        except Exception as e:
+            self._handle_creation_error(e, tenant)
+            raise

-            if request is not None:
-                request.db_alias = self.db_alias
-
-            with transaction.atomic(using=self.db_alias):
-                tenant = super().dispatch(request, *args, **kwargs)
-
-            try:
-                # If the request is a POST, create the admin role
-                if request.method == "POST":
-                    isinstance(tenant, dict) and self._create_admin_role(
-                        tenant.data["id"]
-                    )
-            except Exception as e:
-                self._handle_creation_error(e, tenant)
-                raise
-
-            return tenant
-        finally:
-            if alias_token is not None:
-                reset_read_db_alias(alias_token)
-            self.db_alias = MainRouter.default_db
+        return tenant

    def _create_admin_role(self, tenant_id):
        Role.objects.using(MainRouter.admin_db).create(
@@ -163,31 +117,14 @@ class BaseTenantViewset(BaseViewSet):
            raise NotAuthenticated("Tenant ID is not present in token")

        user_id = str(request.user.id)
-        with rls_transaction(
-            value=user_id,
-            parameter=POSTGRES_USER_VAR,
-            using=getattr(self, "db_alias", MainRouter.default_db),
-        ):
+        with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
            return super().initial(request, *args, **kwargs)


 class BaseUserViewset(BaseViewSet):
    def dispatch(self, request, *args, **kwargs):
-        self.db_alias = self._get_request_db_alias(request)
-        alias_token = None
-        try:
-            if self.db_alias != MainRouter.default_db:
-                alias_token = set_read_db_alias(self.db_alias)
-
-            if request is not None:
-                request.db_alias = self.db_alias
-
-            with transaction.atomic(using=self.db_alias):
-                return super().dispatch(request, *args, **kwargs)
-        finally:
-            if alias_token is not None:
-                reset_read_db_alias(alias_token)
-            self.db_alias = MainRouter.default_db
+        with transaction.atomic():
+            return super().dispatch(request, *args, **kwargs)

    def initial(self, request, *args, **kwargs):
        # TODO refactor after improving RLS on users
@@ -200,8 +137,6 @@ class BaseUserViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(
-            tenant_id, using=getattr(self, "db_alias", MainRouter.default_db)
-        ):
+        with rls_transaction(tenant_id):
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)
@@ -150,16 +150,12 @@ def generate_scan_compliance(
                requirement["checks"][check_id] = status
                requirement["checks_status"][status.lower()] += 1

-                if requirement["status"] != "FAIL" and any(
-                    value == "FAIL" for value in requirement["checks"].values()
-                ):
-                    requirement["status"] = "FAIL"
-                    compliance_overview[compliance_id]["requirements_status"][
-                        "passed"
-                    ] -= 1
-                    compliance_overview[compliance_id]["requirements_status"][
-                        "failed"
-                    ] += 1
+            if requirement["status"] != "FAIL" and any(
+                value == "FAIL" for value in requirement["checks"].values()
+            ):
+                requirement["status"] = "FAIL"
+                compliance_overview[compliance_id]["requirements_status"]["passed"] -= 1
+                compliance_overview[compliance_id]["requirements_status"]["failed"] += 1


 def generate_compliance_overview_template(prowler_compliance: dict):
@@ -1,31 +1,9 @@
-from contextvars import ContextVar
-
-from django.conf import settings
-
 ALLOWED_APPS = ("django", "socialaccount", "account", "authtoken", "silk")

-_read_db_alias = ContextVar("read_db_alias", default=None)
-
-
-def set_read_db_alias(alias: str | None):
-    if not alias:
-        return None
-    return _read_db_alias.set(alias)
-
-
-def get_read_db_alias() -> str | None:
-    return _read_db_alias.get()
-
-
-def reset_read_db_alias(token) -> None:
-    if token is not None:
-        _read_db_alias.reset(token)
-

 class MainRouter:
    default_db = "default"
    admin_db = "admin"
-    replica_db = "replica"

    def db_for_read(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
@@ -33,9 +11,6 @@ class MainRouter:
            model_table_name.startswith(f"{app}_") for app in ALLOWED_APPS
        ):
            return self.admin_db
-        read_alias = get_read_db_alias()
-        if read_alias:
-            return read_alias
        return None

    def db_for_write(self, model, **hints):  # noqa: F841
@@ -48,13 +23,7 @@ class MainRouter:
        return db == self.admin_db

    def allow_relation(self, obj1, obj2, **hints):  # noqa: F841
-        # Allow relations when both objects originate from allowed connectors
-        allowed_dbs = {self.default_db, self.admin_db, self.replica_db}
-        if {obj1._state.db, obj2._state.db} <= allowed_dbs:
+        # Allow relations if both objects are in either "default" or "admin" db connectors
+        if {obj1._state.db, obj2._state.db} <= {self.default_db, self.admin_db}:
            return True
        return None
-
-
-READ_REPLICA_ALIAS = (
-    MainRouter.replica_db if MainRouter.replica_db in settings.DATABASES else None
-)
@@ -1,36 +1,17 @@
 import re
 import secrets
-import time
 import uuid
 from contextlib import contextmanager
 from datetime import datetime, timedelta, timezone

-from celery.utils.log import get_task_logger
-from config.env import env
 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
-from django.db import (
-    DEFAULT_DB_ALIAS,
-    OperationalError,
-    connection,
-    connections,
-    models,
-    transaction,
-)
+from django.db import connection, models, transaction
 from django_celery_beat.models import PeriodicTask
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
 from rest_framework_json_api.serializers import ValidationError

-from api.db_router import (
-    READ_REPLICA_ALIAS,
-    get_read_db_alias,
-    reset_read_db_alias,
-    set_read_db_alias,
-)
-
-logger = get_task_logger(__name__)
-
 DB_USER = settings.DATABASES["default"]["USER"] if not settings.TESTING else "test"
 DB_PASSWORD = (
    settings.DATABASES["default"]["PASSWORD"] if not settings.TESTING else "test"
@@ -45,9 +26,6 @@ TASK_RUNNER_DB_TABLE = "django_celery_results_taskresult"
 POSTGRES_TENANT_VAR = "api.tenant_id"
 POSTGRES_USER_VAR = "api.user_id"

-REPLICA_MAX_ATTEMPTS = env.int("POSTGRES_REPLICA_MAX_ATTEMPTS", default=3)
-REPLICA_RETRY_BASE_DELAY = env.float("POSTGRES_REPLICA_RETRY_BASE_DELAY", default=0.5)
-
 SET_CONFIG_QUERY = "SELECT set_config(%s, %s::text, TRUE);"


@@ -71,11 +49,7 @@ def psycopg_connection(database_alias: str):


@contextmanager
-def rls_transaction(
-    value: str,
-    parameter: str = POSTGRES_TENANT_VAR,
-    using: str | None = None,
-):
+def rls_transaction(value: str, parameter: str = POSTGRES_TENANT_VAR):
    """
    Creates a new database transaction setting the given configuration value for Postgres RLS. It validates the
    if the value is a valid UUID.
@@ -83,59 +57,16 @@ def rls_transaction(
    Args:
        value (str): Database configuration parameter value.
        parameter (str): Database configuration parameter name, by default is 'api.tenant_id'.
-        using (str | None): Optional database alias to run the transaction against. Defaults to the
-            active read alias (if any) or Django's default connection.
    """
-    requested_alias = using or get_read_db_alias()
-    db_alias = requested_alias or DEFAULT_DB_ALIAS
-    if db_alias not in connections:
-        db_alias = DEFAULT_DB_ALIAS
-
-    alias = db_alias
-    is_replica = READ_REPLICA_ALIAS and alias == READ_REPLICA_ALIAS
-    max_attempts = REPLICA_MAX_ATTEMPTS if is_replica else 1
-
-    for attempt in range(1, max_attempts + 1):
-        router_token = None
-
-        # On final attempt, fallback to primary
-        if attempt == max_attempts and is_replica:
-            logger.warning(
-                f"RLS transaction failed after {attempt - 1} attempts on replica, "
-                f"falling back to primary DB"
-            )
-            alias = DEFAULT_DB_ALIAS
-
-        conn = connections[alias]
-        try:
-            if alias != DEFAULT_DB_ALIAS:
-                router_token = set_read_db_alias(alias)
-
-            with transaction.atomic(using=alias):
-                with conn.cursor() as cursor:
-                    try:
-                        # just in case the value is a UUID object
-                        uuid.UUID(str(value))
-                    except ValueError:
-                        raise ValidationError("Must be a valid UUID")
-                    cursor.execute(SET_CONFIG_QUERY, [parameter, value])
-                    yield cursor
-            return
-        except OperationalError as e:
-            # If on primary or max attempts reached, raise
-            if not is_replica or attempt == max_attempts:
-                raise
-
-            # Retry with exponential backoff
-            delay = REPLICA_RETRY_BASE_DELAY * (2 ** (attempt - 1))
-            logger.info(
-                f"RLS transaction failed on replica (attempt {attempt}/{max_attempts}), "
-                f"retrying in {delay}s. Error: {e}"
-            )
-            time.sleep(delay)
-        finally:
-            if router_token is not None:
-                reset_read_db_alias(router_token)
+    with transaction.atomic():
+        with connection.cursor() as cursor:
+            try:
+                # just in case the value is an UUID object
+                uuid.UUID(str(value))
+            except ValueError:
+                raise ValidationError("Must be a valid UUID")
+            cursor.execute(SET_CONFIG_QUERY, [parameter, value])
+            yield cursor


 class CustomUserManager(BaseUserManager):
@@ -503,12 +434,6 @@ def drop_index_on_partitions(
        schema_editor.execute(sql)


-def generate_api_key_prefix():
-    """Generate a random 8-character prefix for API keys (e.g., 'pk_abc123de')."""
-    random_chars = generate_random_token(length=8)
-    return f"pk_{random_chars}"
-
-
 # Postgres enum definition for member role


@@ -1,10 +1,6 @@
 from django.core.exceptions import ValidationError as django_validation_error
 from rest_framework import status
-from rest_framework.exceptions import (
-    APIException,
-    AuthenticationFailed,
-    NotAuthenticated,
-)
+from rest_framework.exceptions import APIException
 from rest_framework_json_api.exceptions import exception_handler
 from rest_framework_json_api.serializers import ValidationError
 from rest_framework_simplejwt.exceptions import InvalidToken, TokenError
@@ -72,18 +68,15 @@ def custom_exception_handler(exc, context):
            exc = ValidationError(exc.message_dict)
        else:
            exc = ValidationError(detail=exc.messages[0], code=exc.code)
-    # Force 401 status for AuthenticationFailed exceptions regardless of the authentication backend
-    elif isinstance(exc, (AuthenticationFailed, NotAuthenticated, TokenError)):
-        exc.status_code = status.HTTP_401_UNAUTHORIZED
-        if isinstance(exc, (TokenError, InvalidToken)):
-            if (
-                hasattr(exc, "detail")
-                and isinstance(exc.detail, dict)
-                and "messages" in exc.detail
-            ):
-                exc.detail["messages"] = [
-                    message_item["message"] for message_item in exc.detail["messages"]
-                ]
+    elif isinstance(exc, (TokenError, InvalidToken)):
+        if (
+            hasattr(exc, "detail")
+            and isinstance(exc.detail, dict)
+            and "messages" in exc.detail
+        ):
+            exc.detail["messages"] = [
+                message_item["message"] for message_item in exc.detail["messages"]
+            ]
    return exception_handler(exc, context)


@@ -43,7 +43,6 @@ from api.models import (
    StateChoices,
    StatusChoices,
    Task,
-    TenantAPIKey,
    User,
 )
 from api.rls import Tenant
@@ -220,31 +219,10 @@ class MembershipFilter(FilterSet):


 class ProviderFilter(FilterSet):
-    inserted_at = DateFilter(
-        field_name="inserted_at",
-        lookup_expr="date",
-        help_text="""Filter by date when the provider was added
-        (format: YYYY-MM-DD)""",
-    )
-    updated_at = DateFilter(
-        field_name="updated_at",
-        lookup_expr="date",
-        help_text="""Filter by date when the provider was updated
-        (format: YYYY-MM-DD)""",
-    )
-    connected = BooleanFilter(
-        help_text="""Filter by connection status. Set to True to return only
-        connected providers, or False to return only providers with failed
-        connections. If not specified, both connected and failed providers are
-        included. Providers with no connection attempt (status is null) are
-        excluded from this filter."""
-    )
+    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
+    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
+    connected = BooleanFilter()
    provider = ChoiceFilter(choices=Provider.ProviderChoices.choices)
-    provider__in = ChoiceInFilter(
-        field_name="provider",
-        choices=Provider.ProviderChoices.choices,
-        lookup_expr="in",
-    )

    class Meta:
        model = Provider
@@ -670,16 +648,8 @@ class LatestFindingFilter(CommonFindingFilters):


 class ProviderSecretFilter(FilterSet):
-    inserted_at = DateFilter(
-        field_name="inserted_at",
-        lookup_expr="date",
-        help_text="Filter by date when the secret was added (format: YYYY-MM-DD)",
-    )
-    updated_at = DateFilter(
-        field_name="updated_at",
-        lookup_expr="date",
-        help_text="Filter by date when the secret was updated (format: YYYY-MM-DD)",
-    )
+    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
+    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
    provider = UUIDFilter(field_name="provider__id", lookup_expr="exact")

    class Meta:
@@ -765,7 +735,6 @@ class ComplianceOverviewFilter(FilterSet):
 class ScanSummaryFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    provider_id = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider_id__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
    provider_type = ChoiceFilter(
        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
    )
@@ -911,20 +880,3 @@ class IntegrationJiraFindingsFilter(FilterSet):
                }
            )
        return super().filter_queryset(queryset)
-
-
-class TenantApiKeyFilter(FilterSet):
-    inserted_at = DateFilter(field_name="created", lookup_expr="date")
-    inserted_at__gte = DateFilter(field_name="created", lookup_expr="gte")
-    inserted_at__lte = DateFilter(field_name="created", lookup_expr="lte")
-    expires_at = DateFilter(field_name="expiry_date", lookup_expr="date")
-    expires_at__gte = DateFilter(field_name="expiry_date", lookup_expr="gte")
-    expires_at__lte = DateFilter(field_name="expiry_date", lookup_expr="lte")
-
-    class Meta:
-        model = TenantAPIKey
-        fields = {
-            "prefix": ["exact", "icontains"],
-            "revoked": ["exact"],
-            "name": ["exact", "icontains"],
-        }
@@ -8,14 +8,9 @@ def extract_auth_info(request) -> dict:
    if getattr(request, "auth", None) is not None:
        tenant_id = request.auth.get("tenant_id", "N/A")
        user_id = request.auth.get("sub", "N/A")
-        api_key_prefix = request.auth.get("api_key_prefix", "N/A")
    else:
-        tenant_id, user_id, api_key_prefix = "N/A", "N/A", "N/A"
-    return {
-        "tenant_id": tenant_id,
-        "user_id": user_id,
-        "api_key_prefix": api_key_prefix,
-    }
+        tenant_id, user_id = "N/A", "N/A"
+    return {"tenant_id": tenant_id, "user_id": user_id}


 class APILoggingMiddleware:
@@ -43,7 +38,6 @@ class APILoggingMiddleware:
            extra={
                "user_id": auth_info["user_id"],
                "tenant_id": auth_info["tenant_id"],
-                "api_key_prefix": auth_info["api_key_prefix"],
                "method": request.method,
                "path": request.path,
                "query_params": request.GET.dict(),
@@ -1,136 +0,0 @@
-# Generated by Django 5.1.12 on 2025-09-30 13:10
-
-import uuid
-
-import django.core.validators
-import django.db.models.deletion
-import drf_simple_apikey.models
-from django.conf import settings
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0047_remove_integration_unique_configuration_per_tenant"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="TenantAPIKey",
-            fields=[
-                (
-                    "name",
-                    models.CharField(
-                        max_length=100,
-                        validators=[django.core.validators.MinLengthValidator(3)],
-                    ),
-                ),
-                (
-                    "expiry_date",
-                    models.DateTimeField(
-                        default=drf_simple_apikey.models._expiry_date,
-                        help_text="Once API key expires, entities cannot use it anymore.",
-                        verbose_name="Expires",
-                    ),
-                ),
-                (
-                    "revoked",
-                    models.BooleanField(
-                        blank=True,
-                        default=False,
-                        help_text="If the API key is revoked, entities cannot use it anymore. (This cannot be undone.)",
-                    ),
-                ),
-                ("created", models.DateTimeField(auto_now_add=True, editable=False)),
-                (
-                    "whitelisted_ips",
-                    models.JSONField(
-                        blank=True,
-                        help_text="List of allowed IP addresses for this API key.",
-                        null=True,
-                    ),
-                ),
-                (
-                    "blacklisted_ips",
-                    models.JSONField(
-                        blank=True,
-                        help_text="List of denied IP addresses for this API key.",
-                        null=True,
-                    ),
-                ),
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                (
-                    "prefix",
-                    models.CharField(
-                        default=api.db_utils.generate_api_key_prefix,
-                        editable=False,
-                        help_text="Unique prefix to identify the API key",
-                        max_length=11,
-                        unique=True,
-                    ),
-                ),
-                (
-                    "last_used_at",
-                    models.DateTimeField(
-                        blank=True,
-                        help_text="Last time this API key was used for authentication",
-                        null=True,
-                    ),
-                ),
-                (
-                    "entity",
-                    models.ForeignKey(
-                        blank=True,
-                        null=True,
-                        on_delete=django.db.models.deletion.SET_NULL,
-                        related_name="user_api_keys",
-                        to=settings.AUTH_USER_MODEL,
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "api_keys",
-                "abstract": False,
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "prefix"],
-                        name="api_keys_tenant_prefix_idx",
-                    )
-                ],
-                "constraints": [
-                    models.UniqueConstraint(
-                        fields=("tenant_id", "prefix"), name="unique_api_key_prefixes"
-                    ),
-                    models.UniqueConstraint(
-                        fields=("tenant_id", "name"),
-                        name="unique_api_key_name_per_tenant",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="tenantapikey",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_tenantapikey",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
@@ -1,21 +0,0 @@
-# Generated by Django 5.1.12 on 2025-10-07 10:41
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0048_api_key"),
-    ]
-    operations = [
-        migrations.AddField(
-            model_name="compliancerequirementoverview",
-            name="passed_findings",
-            field=models.IntegerField(default=0),
-        ),
-        migrations.AddField(
-            model_name="compliancerequirementoverview",
-            name="total_findings",
-            field=models.IntegerField(default=0),
-        ),
-    ]
@@ -22,8 +22,6 @@ from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
 from django_celery_beat.models import PeriodicTask
 from django_celery_results.models import TaskResult
-from drf_simple_apikey.crypto import get_crypto
-from drf_simple_apikey.models import AbstractAPIKey, AbstractAPIKeyManager
 from psqlextra.manager import PostgresManager
 from psqlextra.models import PostgresPartitionedModel
 from psqlextra.types import PostgresPartitioningMethod
@@ -44,7 +42,6 @@ from api.db_utils import (
    StateEnumField,
    StatusEnumField,
    enum_to_choices,
-    generate_api_key_prefix,
    generate_random_token,
    one_week_from_now,
 )
@@ -128,17 +125,6 @@ class ActiveProviderPartitionedManager(PostgresManager, ActiveProviderManager):
        return super().get_queryset().filter(self.active_provider_filter())


-class TenantAPIKeyManager(AbstractAPIKeyManager):
-    separator = "."
-
-    def assign_api_key(self, obj) -> str:
-        payload = {"_pk": str(obj.pk), "_exp": obj.expiry_date.timestamp()}
-        key = get_crypto().generate(payload)
-
-        prefixed_key = f"{obj.prefix}{self.separator}{key}"
-        return prefixed_key
-
-
 class User(AbstractBaseUser):
    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
    name = models.CharField(max_length=150, validators=[MinLengthValidator(3)])
@@ -218,61 +204,6 @@ class Membership(models.Model):
        resource_name = "memberships"


-class TenantAPIKey(AbstractAPIKey, RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    name = models.CharField(max_length=100, validators=[MinLengthValidator(3)])
-    created = models.DateTimeField(auto_now_add=True, editable=False)
-    prefix = models.CharField(
-        max_length=11,
-        unique=True,
-        default=generate_api_key_prefix,
-        editable=False,
-        help_text="Unique prefix to identify the API key",
-    )
-    last_used_at = models.DateTimeField(
-        null=True,
-        blank=True,
-        help_text="Last time this API key was used for authentication",
-    )
-    entity = models.ForeignKey(
-        settings.AUTH_USER_MODEL,
-        on_delete=models.SET_NULL,
-        null=True,
-        blank=True,
-        related_name="user_api_keys",
-    )
-
-    objects = TenantAPIKeyManager()
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "api_keys"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-            models.UniqueConstraint(
-                fields=("tenant_id", "prefix"),
-                name="unique_api_key_prefixes",
-            ),
-            models.UniqueConstraint(
-                fields=("tenant_id", "name"),
-                name="unique_api_key_name_per_tenant",
-            ),
-        ]
-
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "prefix"], name="api_keys_tenant_prefix_idx"
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "api-keys"
-
-
 class Provider(RowLevelSecurityProtectedModel):
    objects = ActiveProviderManager()
    all_objects = models.Manager()
@@ -1299,8 +1230,6 @@ class ComplianceRequirementOverview(RowLevelSecurityProtectedModel):
    passed_checks = models.IntegerField(default=0)
    failed_checks = models.IntegerField(default=0)
    total_checks = models.IntegerField(default=0)
-    passed_findings = models.IntegerField(default=0)
-    total_findings = models.IntegerField(default=0)

    scan = models.ForeignKey(
        Scan,
@@ -11,12 +11,11 @@ class APIJSONRenderer(JSONRenderer):
    def render(self, data, accepted_media_type=None, renderer_context=None):
        request = renderer_context.get("request")
        tenant_id = getattr(request, "tenant_id", None) if request else None
-        db_alias = getattr(request, "db_alias", None) if request else None
        include_param_present = "include" in request.query_params if request else False

        # Use rls_transaction if needed for included resources, otherwise do nothing
        context_manager = (
-            rls_transaction(tenant_id, using=db_alias)
+            rls_transaction(tenant_id)
            if tenant_id and include_param_present
            else nullcontext()
        )
@@ -1,16 +0,0 @@
-from drf_spectacular.extensions import OpenApiAuthenticationExtension
-from drf_spectacular.openapi import AutoSchema
-
-
-class CombinedJWTOrAPIKeyAuthenticationScheme(OpenApiAuthenticationExtension):
-    target_class = "api.authentication.CombinedJWTOrAPIKeyAuthentication"
-    name = "JWT or API Key"
-
-    def get_security_definition(self, auto_schema: AutoSchema):  # noqa: F841
-        return {
-            "type": "http",
-            "scheme": "bearer",
-            "bearerFormat": "JWT",
-            "description": "Supports both JWT Bearer tokens and API Key authentication. "
-            "Use `Bearer <token>` for JWT or `Api-Key <key>` for API keys.",
-        }
@@ -1,12 +1,12 @@
 from celery import states
 from celery.signals import before_task_publish
 from config.celery import celery_app
-from django.db.models.signals import post_delete, pre_delete
+from django.db.models.signals import post_delete
 from django.dispatch import receiver
 from django_celery_results.backends.database import DatabaseBackend

 from api.db_utils import delete_related_daily_task
-from api.models import Membership, Provider, TenantAPIKey, User
+from api.models import Provider


 def create_task_result_on_publish(sender=None, headers=None, **kwargs):  # noqa: F841
@@ -32,27 +32,3 @@ before_task_publish.connect(
 def delete_provider_scan_task(sender, instance, **kwargs):  # noqa: F841
    # Delete the associated periodic task when the provider is deleted
    delete_related_daily_task(instance.id)
-
-
-@receiver(pre_delete, sender=User)
-def revoke_user_api_keys(sender, instance, **kwargs):  # noqa: F841
-    """
-    Revoke all API keys associated with a user before deletion.
-
-    The entity field will be set to NULL by on_delete=SET_NULL,
-    but we explicitly revoke the keys to prevent further use.
-    """
-    TenantAPIKey.objects.filter(entity=instance).update(revoked=True)
-
-
-@receiver(post_delete, sender=Membership)
-def revoke_membership_api_keys(sender, instance, **kwargs):  # noqa: F841
-    """
-    Revoke all API keys when a user is removed from a tenant.
-
-    When a membership is deleted, all API keys created by that user
-    in that tenant should be revoked to prevent further access.
-    """
-    TenantAPIKey.objects.filter(
-        entity=instance.user, tenant_id=instance.tenant.id
-    ).update(revoked=True)
@@ -1,39 +0,0 @@
-"""Tests for rls_transaction retry and fallback logic."""
-
-import pytest
-from django.db import DEFAULT_DB_ALIAS
-from rest_framework_json_api.serializers import ValidationError
-
-from api.db_utils import rls_transaction
-
-
-@pytest.mark.django_db
-class TestRLSTransaction:
-    """Simple integration tests for rls_transaction using real DB."""
-
-    @pytest.fixture
-    def tenant(self, tenants_fixture):
-        return tenants_fixture[0]
-
-    def test_success_on_primary(self, tenant):
-        """Basic: transaction succeeds on primary database."""
-        with rls_transaction(str(tenant.id), using=DEFAULT_DB_ALIAS) as cursor:
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result == (1,)
-
-    def test_invalid_uuid_raises_validation_error(self):
-        """Invalid UUID raises ValidationError before DB operations."""
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction("not-a-uuid", using=DEFAULT_DB_ALIAS):
-                pass
-
-    def test_custom_parameter_name(self, tenant):
-        """Test custom RLS parameter name."""
-        custom_param = "api.custom_id"
-        with rls_transaction(
-            str(tenant.id), parameter=custom_param, using=DEFAULT_DB_ALIAS
-        ) as cursor:
-            cursor.execute("SELECT current_setting(%s, true)", [custom_param])
-            result = cursor.fetchone()
-            assert result == (str(tenant.id),)
@@ -1,384 +0,0 @@
-import time
-from datetime import datetime, timedelta, timezone
-from unittest.mock import patch
-from uuid import uuid4
-
-import pytest
-from django.test import RequestFactory
-from rest_framework.exceptions import AuthenticationFailed
-
-from api.authentication import TenantAPIKeyAuthentication
-from api.db_router import MainRouter
-from api.models import TenantAPIKey
-
-
-@pytest.mark.django_db
-class TestTenantAPIKeyAuthentication:
-    @pytest.fixture
-    def auth_backend(self):
-        """Create an instance of TenantAPIKeyAuthentication."""
-        return TenantAPIKeyAuthentication()
-
-    @pytest.fixture
-    def request_factory(self):
-        """Create a Django request factory."""
-        return RequestFactory()
-
-    def test_authenticate_credentials_uses_admin_database(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that _authenticate_credentials routes queries to admin database."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        # Extract the encrypted key part (after the prefix and separator)
-        _, encrypted_key = raw_key.split(TenantAPIKey.objects.separator, 1)
-
-        # Create a mock request
-        request = request_factory.get("/")
-
-        # Call the method
-        entity, auth_dict = auth_backend._authenticate_credentials(
-            request, encrypted_key
-        )
-
-        # Verify that the entity is the user associated with the API key
-        assert entity == api_key.entity
-        assert entity.id == api_key.entity.id
-
-    def test_authenticate_credentials_restores_manager_on_success(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that the manager is restored after successful authentication."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-        _, encrypted_key = raw_key.split(TenantAPIKey.objects.separator, 1)
-
-        # Store the original manager
-        original_manager = TenantAPIKey.objects
-
-        request = request_factory.get("/")
-
-        # Call the method
-        auth_backend._authenticate_credentials(request, encrypted_key)
-
-        # Verify the manager was restored
-        assert TenantAPIKey.objects == original_manager
-
-    def test_authenticate_credentials_restores_manager_on_exception(
-        self, auth_backend, request_factory
-    ):
-        """Test that the manager is restored even when an exception occurs."""
-        # Store the original manager
-        original_manager = TenantAPIKey.objects
-
-        request = request_factory.get("/")
-
-        # Try to authenticate with an invalid key that will raise an exception
-        with pytest.raises(Exception):
-            auth_backend._authenticate_credentials(request, "invalid_encrypted_key")
-
-        # Verify the manager was restored despite the exception
-        assert TenantAPIKey.objects == original_manager
-
-    def test_authenticate_valid_api_key(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test successful authentication with a valid API key."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        # Create a request with the API key in the Authorization header
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # Authenticate
-        entity, auth_dict = auth_backend.authenticate(request)
-
-        # Verify the entity and auth dict
-        assert entity == api_key.entity
-        assert auth_dict["tenant_id"] == str(api_key.tenant_id)
-        assert auth_dict["sub"] == str(api_key.entity.id)
-        assert auth_dict["api_key_prefix"] == api_key.prefix
-
-        # Verify that last_used_at was updated
-        api_key.refresh_from_db()
-        assert api_key.last_used_at is not None
-        assert (datetime.now(timezone.utc) - api_key.last_used_at).seconds < 5
-
-    def test_authenticate_valid_api_key_uses_admin_database(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that authenticate uses admin database for API key lookup."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # Mock the manager's using method to verify it's called with admin_db
-        with patch.object(
-            TenantAPIKey.objects, "using", wraps=TenantAPIKey.objects.using
-        ) as mock_using:
-            auth_backend.authenticate(request)
-
-            # Verify that .using('admin') was called
-            mock_using.assert_called_with(MainRouter.admin_db)
-
-    def test_authenticate_invalid_key_format_missing_separator(
-        self, auth_backend, request_factory
-    ):
-        """Test authentication fails with invalid API key format (no separator)."""
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = "Api-Key invalid_key_no_separator"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "Invalid API Key."
-
-    def test_authenticate_invalid_key_format_empty_prefix(
-        self, auth_backend, request_factory
-    ):
-        """Test authentication fails with empty prefix."""
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = "Api-Key .encrypted_part"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "Invalid API Key."
-
-    def test_authenticate_invalid_encrypted_key(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test authentication fails with invalid encrypted key."""
-        api_key = api_keys_fixture[0]
-
-        # Create an invalid key with valid prefix but invalid encryption
-        invalid_key = f"{api_key.prefix}.invalid_encrypted_data"
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {invalid_key}"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "Invalid API Key."
-
-    def test_authenticate_revoked_api_key(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test authentication fails with a revoked API key."""
-        # Use the revoked API key (index 2 from fixture)
-        api_key = api_keys_fixture[2]
-        raw_key = api_key._raw_key
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # The revoked key should fail during credential validation
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "This API Key has been revoked."
-
-    def test_authenticate_expired_api_key(
-        self, auth_backend, create_test_user, tenants_fixture, request_factory
-    ):
-        """Test authentication fails with an expired API key."""
-        tenant = tenants_fixture[0]
-        user = create_test_user
-
-        # Create an expired API key
-        api_key, raw_key = TenantAPIKey.objects.create_api_key(
-            name="Expired API Key",
-            tenant_id=tenant.id,
-            entity=user,
-            expiry_date=datetime.now(timezone.utc) - timedelta(days=1),
-        )
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "API Key has already expired."
-
-    def test_authenticate_nonexistent_api_key(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test authentication fails when API key doesn't exist in database."""
-        # Create a valid-looking encrypted key with a non-existent UUID
-        api_key = api_keys_fixture[0]
-        non_existent_uuid = str(uuid4())
-
-        # Manually create an encrypted key with a non-existent ID
-        payload = {
-            "_pk": non_existent_uuid,
-            "_exp": (datetime.now(timezone.utc) + timedelta(days=30)).timestamp(),
-        }
-        encrypted_key = auth_backend.key_crypto.generate(payload)
-        fake_key = f"{api_key.prefix}.{encrypted_key}"
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {fake_key}"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "No entity matching this api key."
-
-    def test_authenticate_updates_last_used_at(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that last_used_at is updated on successful authentication."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        # Store the original last_used_at
-        original_last_used = api_key.last_used_at
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # Authenticate
-        auth_backend.authenticate(request)
-
-        # Refresh from database
-        api_key.refresh_from_db()
-
-        # Verify last_used_at was updated
-        assert api_key.last_used_at is not None
-        if original_last_used:
-            assert api_key.last_used_at > original_last_used
-
-    def test_authenticate_saves_to_admin_database(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that the API key save operation uses admin database."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # Mock the save method to verify it's called with using='admin'
-        with patch.object(TenantAPIKey, "save") as mock_save:
-            auth_backend.authenticate(request)
-
-            # Verify save was called with using=admin_db
-            mock_save.assert_called_once_with(
-                update_fields=["last_used_at"], using=MainRouter.admin_db
-            )
-
-    def test_authenticate_returns_correct_auth_dict(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that the auth dict contains all required fields."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        entity, auth_dict = auth_backend.authenticate(request)
-
-        # Verify all required fields are present
-        assert "tenant_id" in auth_dict
-        assert "sub" in auth_dict
-        assert "api_key_prefix" in auth_dict
-
-        # Verify values are correct
-        assert auth_dict["tenant_id"] == str(api_key.tenant_id)
-        assert auth_dict["sub"] == str(api_key.entity.id)
-        assert auth_dict["api_key_prefix"] == api_key.prefix
-
-    def test_authenticate_with_multiple_api_keys_same_tenant(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test that authentication works correctly with multiple API keys for the same tenant."""
-        # Test with first API key
-        api_key1 = api_keys_fixture[0]
-        raw_key1 = api_key1._raw_key
-
-        request1 = request_factory.get("/")
-        request1.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key1}"
-
-        entity1, auth_dict1 = auth_backend.authenticate(request1)
-
-        assert entity1 == api_key1.entity
-        assert auth_dict1["api_key_prefix"] == api_key1.prefix
-
-        # Test with second API key
-        api_key2 = api_keys_fixture[1]
-        raw_key2 = api_key2._raw_key
-
-        request2 = request_factory.get("/")
-        request2.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key2}"
-
-        entity2, auth_dict2 = auth_backend.authenticate(request2)
-
-        assert entity2 == api_key2.entity
-        assert auth_dict2["api_key_prefix"] == api_key2.prefix
-
-        # Verify they're different keys but same tenant
-        assert auth_dict1["api_key_prefix"] != auth_dict2["api_key_prefix"]
-        assert auth_dict1["tenant_id"] == auth_dict2["tenant_id"]
-
-    def test_authenticate_with_wrong_prefix_in_db(
-        self, auth_backend, api_keys_fixture, request_factory
-    ):
-        """Test authentication fails when prefix doesn't match database."""
-        api_key = api_keys_fixture[0]
-        raw_key = api_key._raw_key
-
-        # Extract the encrypted part and combine with wrong prefix
-        _, encrypted_part = raw_key.split(TenantAPIKey.objects.separator, 1)
-        wrong_key = f"pk_wrong123.{encrypted_part}"
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {wrong_key}"
-
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "Invalid API Key."
-
-    def test_authenticate_credentials_exception_handling(
-        self, auth_backend, request_factory
-    ):
-        """Test that exceptions in _authenticate_credentials are properly handled."""
-        request = request_factory.get("/")
-
-        # Test with completely invalid data that will cause InvalidToken
-        with pytest.raises(Exception):
-            auth_backend._authenticate_credentials(request, "completely_invalid")
-
-    def test_authenticate_with_expired_timestamp(
-        self, auth_backend, create_test_user, tenants_fixture, request_factory
-    ):
-        """Test that expired timestamp in encrypted key causes authentication failure."""
-        tenant = tenants_fixture[0]
-        user = create_test_user
-
-        # Create an API key with a very short expiry
-        api_key, raw_key = TenantAPIKey.objects.create_api_key(
-            name="Short-lived API Key",
-            tenant_id=tenant.id,
-            entity=user,
-            expiry_date=datetime.now(timezone.utc) + timedelta(seconds=1),
-        )
-
-        # Wait for the key to expire
-        time.sleep(2)
-
-        request = request_factory.get("/")
-        request.META["HTTP_AUTHORIZATION"] = f"Api-Key {raw_key}"
-
-        # Should fail with expired key
-        with pytest.raises(AuthenticationFailed) as exc_info:
-            auth_backend.authenticate(request)
-
-        assert str(exc_info.value.detail) == "API Key has already expired."
@@ -1,38 +1,23 @@
 from datetime import datetime, timezone
 from enum import Enum
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch

 import pytest
 from django.conf import settings
-from django.db import DEFAULT_DB_ALIAS, OperationalError
 from freezegun import freeze_time
-from rest_framework_json_api.serializers import ValidationError

 from api.db_utils import (
-    POSTGRES_TENANT_VAR,
    _should_create_index_on_partition,
    batch_delete,
    create_objects_in_batches,
    enum_to_choices,
-    generate_api_key_prefix,
    generate_random_token,
    one_week_from_now,
-    rls_transaction,
    update_objects_in_batches,
 )
 from api.models import Provider


-@pytest.fixture
-def enable_read_replica():
-    """
-    Fixture to enable READ_REPLICA_ALIAS for tests that need replica functionality.
-    This avoids polluting the global test configuration.
-    """
-    with patch("api.db_utils.READ_REPLICA_ALIAS", "replica"):
-        yield "replica"
-
-
 class TestEnumToChoices:
    def test_enum_to_choices_simple(self):
        class Color(Enum):
@@ -328,523 +313,3 @@ class TestUpdateObjectsInBatches:

        qs = Provider.objects.filter(tenant=tenant, uid__endswith="_upd")
        assert qs.count() == total
-
-
-class TestGenerateApiKeyPrefix:
-    def test_prefix_format(self):
-        """Test that generated prefix starts with 'pk_'."""
-        prefix = generate_api_key_prefix()
-        assert prefix.startswith("pk_")
-
-    def test_prefix_length(self):
-        """Test that prefix has correct length (pk_ + 8 random chars = 11)."""
-        prefix = generate_api_key_prefix()
-        assert len(prefix) == 11
-
-    def test_prefix_uniqueness(self):
-        """Test that multiple generations produce unique prefixes."""
-        prefixes = {generate_api_key_prefix() for _ in range(100)}
-        assert len(prefixes) == 100
-
-    def test_prefix_character_set(self):
-        """Test that random part uses only allowed characters."""
-        allowed_chars = "23456789ABCDEFGHJKMNPQRSTVWXYZ"
-        for _ in range(50):
-            prefix = generate_api_key_prefix()
-            random_part = prefix[3:]  # Strip 'pk_'
-            assert all(char in allowed_chars for char in random_part)
-
-
-@pytest.mark.django_db
-class TestRlsTransaction:
-    def test_rls_transaction_valid_uuid_string(self, tenants_fixture):
-        """Test rls_transaction with valid UUID string."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_valid_uuid_object(self, tenants_fixture):
-        """Test rls_transaction with UUID object."""
-        tenant = tenants_fixture[0]
-
-        with rls_transaction(tenant.id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == str(tenant.id)
-
-    def test_rls_transaction_invalid_uuid_raises_validation_error(self):
-        """Test rls_transaction raises ValidationError for invalid UUID."""
-        invalid_uuid = "not-a-valid-uuid"
-
-        with pytest.raises(ValidationError, match="Must be a valid UUID"):
-            with rls_transaction(invalid_uuid):
-                pass
-
-    def test_rls_transaction_uses_default_database_when_no_alias(self, tenants_fixture):
-        """Test rls_transaction uses DEFAULT_DB_ALIAS when no alias specified."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_uses_specified_alias(self, tenants_fixture):
-        """Test rls_transaction uses specified database alias via using parameter."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_connections.__getitem__.assert_called_with(custom_alias)
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_uses_read_replica_from_router(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test rls_transaction uses read replica alias from router."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            mock_set_alias.return_value = "test_token"
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_connections.__getitem__.assert_called()
-                            mock_set_alias.assert_called_once()
-                            mock_reset_alias.assert_called_once()
-
-    def test_rls_transaction_fallback_to_default_when_alias_not_in_connections(
-        self, tenants_fixture
-    ):
-        """Test rls_transaction falls back to DEFAULT_DB_ALIAS when alias not in connections."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        invalid_alias = "nonexistent_db"
-
-        with patch("api.db_utils.get_read_db_alias", return_value=invalid_alias):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-
-                def contains_check(alias):
-                    return alias == DEFAULT_DB_ALIAS
-
-                mock_connections.__contains__.side_effect = contains_check
-                mock_connections.__getitem__.return_value = mock_conn
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with rls_transaction(tenant_id):
-                        pass
-
-                    mock_connections.__getitem__.assert_called_with(DEFAULT_DB_ALIAS)
-
-    def test_rls_transaction_successful_execution_on_replica_no_retries(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test successful execution on replica without retries."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias", return_value="token"):
-                        with patch("api.db_utils.reset_read_db_alias"):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            assert mock_cursor.execute.call_count == 1
-
-    def test_rls_transaction_retry_with_exponential_backoff_on_operational_error(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test retry with exponential backoff on OperationalError on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Connection error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_sleep.call_count == 2
-                                    mock_sleep.assert_any_call(0.5)
-                                    mock_sleep.assert_any_call(1.0)
-                                    assert mock_logger.info.call_count == 2
-
-    def test_rls_transaction_max_three_attempts_for_replica(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test maximum 3 attempts for replica database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Persistent error")
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                assert mock_atomic.call_count == 3
-
-    def test_rls_transaction_only_one_attempt_for_primary(self, tenants_fixture):
-        """Test only 1 attempt for primary database."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with pytest.raises(OperationalError):
-                        with rls_transaction(tenant_id):
-                            pass
-
-                    assert mock_atomic.call_count == 1
-
-    def test_rls_transaction_fallback_to_primary_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test fallback to primary DB after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    mock_logger.warning.assert_called_once()
-                                    warning_msg = mock_logger.warning.call_args[0][0]
-                                    assert "falling back to primary DB" in warning_msg
-
-    def test_rls_transaction_logger_warning_on_fallback(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test logger warnings are emitted on fallback to primary."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                call_count = 0
-
-                def atomic_side_effect(*args, **kwargs):
-                    nonlocal call_count
-                    call_count += 1
-                    if call_count < 3:
-                        raise OperationalError("Replica error")
-                    return MagicMock(
-                        __enter__=MagicMock(return_value=None),
-                        __exit__=MagicMock(return_value=False),
-                    )
-
-                with patch(
-                    "api.db_utils.transaction.atomic", side_effect=atomic_side_effect
-                ):
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with patch("api.db_utils.logger") as mock_logger:
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-                                    assert mock_logger.info.call_count == 2
-                                    assert mock_logger.warning.call_count == 1
-
-    def test_rls_transaction_operational_error_raised_immediately_on_primary(
-        self, tenants_fixture
-    ):
-        """Test OperationalError raised immediately on primary without retry."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError("Primary error")
-
-                    with patch("api.db_utils.time.sleep") as mock_sleep:
-                        with pytest.raises(OperationalError):
-                            with rls_transaction(tenant_id):
-                                pass
-
-                        mock_sleep.assert_not_called()
-
-    def test_rls_transaction_operational_error_raised_after_max_attempts(
-        self, tenants_fixture, enable_read_replica
-    ):
-        """Test OperationalError raised after max attempts on replica."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=enable_read_replica):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                    mock_atomic.side_effect = OperationalError(
-                        "Persistent replica error"
-                    )
-
-                    with patch("api.db_utils.time.sleep"):
-                        with patch(
-                            "api.db_utils.set_read_db_alias", return_value="token"
-                        ):
-                            with patch("api.db_utils.reset_read_db_alias"):
-                                with pytest.raises(OperationalError):
-                                    with rls_transaction(tenant_id):
-                                        pass
-
-    def test_rls_transaction_router_token_set_for_non_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is set when using non-default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic"):
-                with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        mock_set_alias.return_value = "test_token"
-                        with rls_transaction(tenant_id, using=custom_alias):
-                            pass
-
-                        mock_set_alias.assert_called_once_with(custom_alias)
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_reset_in_finally_block(self, tenants_fixture):
-        """Test router token is reset in finally block even on error."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_alias = "custom_db"
-
-        with patch("api.db_utils.connections") as mock_connections:
-            mock_conn = MagicMock()
-            mock_cursor = MagicMock()
-            mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-            mock_connections.__getitem__.return_value = mock_conn
-            mock_connections.__contains__.return_value = True
-
-            with patch("api.db_utils.transaction.atomic") as mock_atomic:
-                mock_atomic.side_effect = Exception("Unexpected error")
-
-                with patch("api.db_utils.set_read_db_alias", return_value="test_token"):
-                    with patch("api.db_utils.reset_read_db_alias") as mock_reset_alias:
-                        with pytest.raises(Exception):
-                            with rls_transaction(tenant_id, using=custom_alias):
-                                pass
-
-                        mock_reset_alias.assert_called_once_with("test_token")
-
-    def test_rls_transaction_router_token_not_set_for_default_alias(
-        self, tenants_fixture
-    ):
-        """Test router token is not set when using default alias."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with patch("api.db_utils.get_read_db_alias", return_value=None):
-            with patch("api.db_utils.connections") as mock_connections:
-                mock_conn = MagicMock()
-                mock_cursor = MagicMock()
-                mock_conn.cursor.return_value.__enter__.return_value = mock_cursor
-                mock_connections.__getitem__.return_value = mock_conn
-                mock_connections.__contains__.return_value = True
-
-                with patch("api.db_utils.transaction.atomic"):
-                    with patch("api.db_utils.set_read_db_alias") as mock_set_alias:
-                        with patch(
-                            "api.db_utils.reset_read_db_alias"
-                        ) as mock_reset_alias:
-                            with rls_transaction(tenant_id):
-                                pass
-
-                            mock_set_alias.assert_not_called()
-                            mock_reset_alias.assert_not_called()
-
-    def test_rls_transaction_set_config_query_executed_with_correct_params(
-        self, tenants_fixture
-    ):
-        """Test SET_CONFIG_QUERY executed with correct parameters."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [POSTGRES_TENANT_VAR])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_custom_parameter(self, tenants_fixture):
-        """Test rls_transaction with custom parameter name."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-        custom_param = "api.user_id"
-
-        with rls_transaction(tenant_id, parameter=custom_param) as cursor:
-            cursor.execute("SELECT current_setting(%s)", [custom_param])
-            result = cursor.fetchone()
-            assert result[0] == tenant_id
-
-    def test_rls_transaction_cursor_yielded_correctly(self, tenants_fixture):
-        """Test cursor is yielded correctly."""
-        tenant = tenants_fixture[0]
-        tenant_id = str(tenant.id)
-
-        with rls_transaction(tenant_id) as cursor:
-            assert cursor is not None
-            cursor.execute("SELECT 1")
-            result = cursor.fetchone()
-            assert result[0] == 1
@@ -24,7 +24,6 @@ def test_api_logging_middleware_logging(mock_logger):
        mock_extract_auth_info.return_value = {
            "user_id": "user123",
            "tenant_id": "tenant456",
-            "api_key_prefix": "pk_test",
        }

        with patch("api.middleware.logging.getLogger") as mock_get_logger:
@@ -45,7 +44,6 @@ def test_api_logging_middleware_logging(mock_logger):
                expected_extra = {
                    "user_id": "user123",
                    "tenant_id": "tenant456",
-                    "api_key_prefix": "pk_test",
                    "method": "GET",
                    "path": "/test-path",
                    "query_params": {"param1": "value1", "param2": "value2"},
@@ -105,25 +105,23 @@ from rest_framework_json_api import serializers
                        "type": "string",
                        "description": "The Azure application (client) ID for authentication in Azure AD.",
                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
                    "client_secret": {
                        "type": "string",
                        "description": "The client secret associated with the application (client) ID, providing "
                        "secure access.",
                    },
+                    "tenant_id": {
+                        "type": "string",
+                        "description": "The Azure tenant ID, representing the directory where the application is "
+                        "registered.",
+                    },
                    "user": {
                        "type": "email",
                        "description": "User microsoft email address.",
-                        "deprecated": True,
                    },
                    "password": {
                        "type": "string",
                        "description": "User password.",
-                        "deprecated": True,
                    },
                },
                "required": [
@@ -134,30 +132,6 @@ from rest_framework_json_api import serializers
                    "password",
                ],
            },
-            {
-                "type": "object",
-                "title": "M365 Certificate Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                    "certificate_content": {
-                        "type": "string",
-                        "description": "The certificate content in base64 format for certificate-based authentication.",
-                    },
-                },
-                "required": [
-                    "client_id",
-                    "tenant_id",
-                    "certificate_content",
-                ],
-            },
            {
                "type": "object",
                "title": "GCP Static Credentials",
@@ -1,4 +1,3 @@
-import base64
 import json
 from datetime import datetime, timedelta, timezone

@@ -40,7 +39,6 @@ from api.models import (
    StateChoices,
    StatusChoices,
    Task,
-    TenantAPIKey,
    User,
    UserRoleRelationship,
 )
@@ -318,23 +316,6 @@ class UserSerializer(BaseSerializerV1):
        )


-class UserIncludeSerializer(UserSerializer):
-    class Meta:
-        model = User
-        fields = [
-            "id",
-            "name",
-            "email",
-            "company_name",
-            "date_joined",
-            "roles",
-        ]
-
-    included_serializers = {
-        "roles": "api.v1.serializers.RoleIncludeSerializer",
-    }
-
-
 class UserCreateSerializer(BaseWriteSerializer):
    password = serializers.CharField(write_only=True)
    company_name = serializers.CharField(required=False)
@@ -927,17 +908,6 @@ class ProviderCreateSerializer(RLSSerializer, BaseWriteSerializer):
            "uid",
            # "scanner_args"
        ]
-        extra_kwargs = {
-            "alias": {
-                "help_text": "Human readable name to identify the provider, e.g. 'Production AWS Account', 'Dev Environment'",
-            },
-            "provider": {
-                "help_text": "Type of provider to create.",
-            },
-            "uid": {
-                "help_text": "Unique identifier for the provider, set by the provider, e.g. AWS account ID, Azure subscription ID, GCP project ID, etc.",
-            },
-        }


 class ProviderUpdateSerializer(BaseWriteSerializer):
@@ -952,11 +922,6 @@ class ProviderUpdateSerializer(BaseWriteSerializer):
            "alias",
            # "scanner_args"
        ]
-        extra_kwargs = {
-            "alias": {
-                "help_text": "Human readable name to identify the provider, e.g. 'Production AWS Account', 'Dev Environment'",
-            }
-        }


 # Scans
@@ -1396,38 +1361,10 @@ class AzureProviderSecret(serializers.Serializer):

 class M365ProviderSecret(serializers.Serializer):
    client_id = serializers.CharField()
-    client_secret = serializers.CharField(required=False)
+    client_secret = serializers.CharField()
    tenant_id = serializers.CharField()
    user = serializers.EmailField(required=False)
    password = serializers.CharField(required=False)
-    certificate_content = serializers.CharField(required=False)
-
-    def validate(self, attrs):
-        if attrs.get("client_secret") and attrs.get("certificate_content"):
-            raise serializers.ValidationError(
-                "You cannot provide both client_secret and certificate_content."
-            )
-        if not attrs.get("client_secret") and not attrs.get("certificate_content"):
-            raise serializers.ValidationError(
-                "You must provide either client_secret or certificate_content."
-            )
-        return super().validate(attrs)
-
-    def validate_certificate_content(self, certificate_content):
-        """Validate that M365 certificate content is valid base64 encoded data."""
-        if certificate_content:
-            try:
-                base64.b64decode(certificate_content, validate=True)
-            except Exception as e:
-                raise ValidationError(
-                    {
-                        "certificate_content": [
-                            f"The provided certificate content is not valid base64 encoded data: {str(e)}"
-                        ]
-                    },
-                    code="m365-certificate-content",
-                )
-        return certificate_content

    class Meta:
        resource_name = "provider-secrets"
@@ -2020,17 +1957,6 @@ class ComplianceOverviewDetailSerializer(serializers.Serializer):
        resource_name = "compliance-requirements-details"


-class ComplianceOverviewDetailThreatscoreSerializer(ComplianceOverviewDetailSerializer):
-    """
-    Serializer for detailed compliance requirement information for Threatscore.
-
-    Includes additional fields specific to the Threatscore framework.
-    """
-
-    passed_findings = serializers.IntegerField()
-    total_findings = serializers.IntegerField()
-
-
 class ComplianceOverviewAttributesSerializer(serializers.Serializer):
    id = serializers.CharField()
    compliance_name = serializers.CharField()
@@ -2809,125 +2735,3 @@ class LighthouseConfigUpdateSerializer(BaseWriteSerializer):
            instance.api_key_decoded = api_key
            instance.save()
        return instance
-
-
-# API Keys
-
-
-class TenantApiKeySerializer(RLSSerializer):
-    """
-    Serializer for the TenantApiKey model.
-    """
-
-    # Map database field names to API field names for consistency
-    expires_at = serializers.DateTimeField(source="expiry_date", read_only=True)
-    inserted_at = serializers.DateTimeField(source="created", read_only=True)
-
-    class Meta:
-        model = TenantAPIKey
-        fields = [
-            "id",
-            "name",
-            "prefix",
-            "expires_at",
-            "revoked",
-            "inserted_at",
-            "last_used_at",
-            "entity",
-        ]
-
-    included_serializers = {
-        "entity": "api.v1.serializers.UserIncludeSerializer",
-    }
-
-
-class TenantApiKeyCreateSerializer(RLSSerializer, BaseWriteSerializer):
-    """Serializer for creating new API keys."""
-
-    # Map database field names to API field names for consistency
-    expires_at = serializers.DateTimeField(source="expiry_date", required=False)
-    inserted_at = serializers.DateTimeField(source="created", read_only=True)
-    api_key = serializers.SerializerMethodField()
-
-    class Meta:
-        model = TenantAPIKey
-        fields = [
-            "id",
-            "name",
-            "prefix",
-            "expires_at",
-            "revoked",
-            "entity",
-            "inserted_at",
-            "last_used_at",
-            "api_key",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "prefix": {"read_only": True},
-            "revoked": {"read_only": True},
-            "entity": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "last_used_at": {"read_only": True},
-            "api_key": {"read_only": True},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant."""
-        tenant_id = self.context.get("tenant_id")
-        if TenantAPIKey.objects.filter(tenant_id=tenant_id, name=value).exists():
-            raise ValidationError("An API key with this name already exists.")
-        return value
-
-    def get_api_key(self, obj):
-        """Return the raw API key if it was stored during creation."""
-        return getattr(obj, "_raw_api_key", None)
-
-    def create(self, validated_data):
-        instance, raw_api_key = TenantAPIKey.objects.create_api_key(
-            **validated_data,
-            tenant_id=self.context.get("tenant_id"),
-            entity=self.context.get("request").user,
-        )
-        # Store the raw API key temporarily on the instance for the serializer
-        instance._raw_api_key = raw_api_key
-        return instance
-
-
-class TenantApiKeyUpdateSerializer(RLSSerializer, BaseWriteSerializer):
-    """Serializer for updating API keys - only allows changing the name."""
-
-    # Map database field names to API field names for consistency
-    expires_at = serializers.DateTimeField(source="expiry_date", read_only=True)
-    inserted_at = serializers.DateTimeField(source="created", read_only=True)
-
-    class Meta:
-        model = TenantAPIKey
-        fields = [
-            "id",
-            "name",
-            "prefix",
-            "expires_at",
-            "entity",
-            "inserted_at",
-            "last_used_at",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "prefix": {"read_only": True},
-            "entity": {"read_only": True},
-            "expires_at": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "last_used_at": {"read_only": True},
-        }
-
-    def validate_name(self, value):
-        """Validate that the name is unique within the tenant, excluding current instance."""
-        tenant_id = self.context.get("tenant_id")
-        if (
-            TenantAPIKey.objects.filter(tenant_id=tenant_id, name=value)
-            .exclude(id=self.instance.id)
-            .exists()
-        ):
-            raise ValidationError("An API key with this name already exists.")
-        return value
@@ -39,7 +39,6 @@ from api.v1.views import (
    TenantViewSet,
    UserRoleRelationshipView,
    UserViewSet,
-    TenantApiKeyViewSet,
 )

 router = routers.DefaultRouter(trailing_slash=False)
@@ -66,7 +65,6 @@ router.register(
    LighthouseConfigViewSet,
    basename="lighthouseconfiguration",
 )
-router.register(r"api-keys", TenantApiKeyViewSet, basename="api-key")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -1,4 +1,3 @@
-import fnmatch
 import glob
 import logging
 import os
@@ -96,7 +95,6 @@ from api.filters import (
    ScanSummarySeverityFilter,
    ServiceOverviewFilter,
    TaskFilter,
-    TenantApiKeyFilter,
    TenantFilter,
    UserFilter,
 )
@@ -126,7 +124,6 @@ from api.models import (
    SeverityChoices,
    StateChoices,
    Task,
-    TenantAPIKey,
    User,
    UserRoleRelationship,
 )
@@ -143,7 +140,6 @@ from api.v1.mixins import PaginateByPkMixin, TaskManagementMixin
 from api.v1.serializers import (
    ComplianceOverviewAttributesSerializer,
    ComplianceOverviewDetailSerializer,
-    ComplianceOverviewDetailThreatscoreSerializer,
    ComplianceOverviewMetadataSerializer,
    ComplianceOverviewSerializer,
    FindingDynamicFilterSerializer,
@@ -193,9 +189,6 @@ from api.v1.serializers import (
    ScanUpdateSerializer,
    ScheduleDailyCreateSerializer,
    TaskSerializer,
-    TenantApiKeyCreateSerializer,
-    TenantApiKeySerializer,
-    TenantApiKeyUpdateSerializer,
    TenantSerializer,
    TokenRefreshSerializer,
    TokenSerializer,
@@ -307,7 +300,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.14.1"
+        spectacular_settings.VERSION = "1.14.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -394,11 +387,6 @@ class SchemaView(SpectacularAPIView):
                "description": "Endpoints for Single Sign-On authentication management via SAML for seamless user "
                "authentication.",
            },
-            {
-                "name": "API Keys",
-                "description": "Endpoints for API keys management. These can be used as an alternative to JWT "
-                "authorization.",
-            },
        ]
        return super().get(request, *args, **kwargs)

@@ -667,48 +655,36 @@ class TenantFinishACSView(FinishACSView):
            .get(email_domain=email_domain)
            .tenant
        )
-
-        # Check if tenant has only one user with MANAGE_ACCOUNT role
-        users_with_manage_account = (
-            UserRoleRelationship.objects.using(MainRouter.admin_db)
-            .filter(role__manage_account=True, tenant_id=tenant.id)
-            .values("user")
-            .distinct()
-            .count()
+        role_name = (
+            extra.get("userType", ["no_permissions"])[0].strip()
+            if extra.get("userType")
+            else "no_permissions"
        )
-
-        # Only apply role mapping from userType if tenant does NOT have exactly one user with MANAGE_ACCOUNT
-        if users_with_manage_account != 1:
-            role_name = (
-                extra.get("userType", ["no_permissions"])[0].strip()
-                if extra.get("userType")
-                else "no_permissions"
+        try:
+            role = Role.objects.using(MainRouter.admin_db).get(
+                name=role_name, tenant=tenant
            )
-            try:
-                role = Role.objects.using(MainRouter.admin_db).get(
-                    name=role_name, tenant=tenant
-                )
-            except Role.DoesNotExist:
-                role = Role.objects.using(MainRouter.admin_db).create(
-                    name=role_name,
-                    tenant=tenant,
-                    manage_users=False,
-                    manage_account=False,
-                    manage_billing=False,
-                    manage_providers=False,
-                    manage_integrations=False,
-                    manage_scans=False,
-                    unlimited_visibility=False,
-                )
-            UserRoleRelationship.objects.using(MainRouter.admin_db).filter(
-                user=user,
-                tenant_id=tenant.id,
-            ).delete()
-            UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-                user=user,
-                role=role,
-                tenant_id=tenant.id,
+        except Role.DoesNotExist:
+            role = Role.objects.using(MainRouter.admin_db).create(
+                name=role_name,
+                tenant=tenant,
+                manage_users=False,
+                manage_account=False,
+                manage_billing=False,
+                manage_providers=False,
+                manage_integrations=False,
+                manage_scans=False,
+                unlimited_visibility=False,
            )
+        UserRoleRelationship.objects.using(MainRouter.admin_db).filter(
+            user=user,
+            tenant_id=tenant.id,
+        ).delete()
+        UserRoleRelationship.objects.using(MainRouter.admin_db).create(
+            user=user,
+            role=role,
+            tenant_id=tenant.id,
+        )
        membership, _ = Membership.objects.using(MainRouter.admin_db).get_or_create(
            user=user,
            tenant=tenant,
@@ -835,9 +811,7 @@ class UserViewSet(BaseUserViewset):
        if kwargs["pk"] != str(self.request.user.id):
            raise ValidationError("Only the current user can be deleted.")

-        user = self.get_object()
-        user.delete(using=MainRouter.admin_db)
-        return Response(status=status.HTTP_204_NO_CONTENT)
+        return super().destroy(request, *args, **kwargs)

    @extend_schema(
        parameters=[
@@ -1594,25 +1568,6 @@ class ProviderViewSet(BaseRLSViewSet):
        },
        request=None,
    ),
-    threatscore=extend_schema(
-        tags=["Scan"],
-        summary="Retrieve threatscore report",
-        description="Download a specific threatscore report (e.g., 'prowler_threatscore_aws') as a PDF file.",
-        request=None,
-        responses={
-            200: OpenApiResponse(
-                description="PDF file containing the threatscore report"
-            ),
-            202: OpenApiResponse(description="The task is in progress"),
-            401: OpenApiResponse(
-                description="API key missing or user not Authenticated"
-            ),
-            403: OpenApiResponse(description="There is a problem with credentials"),
-            404: OpenApiResponse(
-                description="The scan has no threatscore reports, or the threatscore report generation task has not started yet"
-            ),
-        },
-    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
@@ -1669,9 +1624,6 @@ class ScanViewSet(BaseRLSViewSet):
            if hasattr(self, "response_serializer_class"):
                return self.response_serializer_class
            return ScanComplianceReportSerializer
-        elif self.action == "threatscore":
-            if hasattr(self, "response_serializer_class"):
-                return self.response_serializer_class
        return super().get_serializer_class()

    def partial_update(self, request, *args, **kwargs):
@@ -1776,18 +1728,7 @@ class ScanViewSet(BaseRLSViewSet):
                        status=status.HTTP_502_BAD_GATEWAY,
                    )
                contents = resp.get("Contents", [])
-                keys = []
-                for obj in contents:
-                    key = obj["Key"]
-                    key_basename = os.path.basename(key)
-                    if any(ch in suffix for ch in ("*", "?", "[")):
-                        if fnmatch.fnmatch(key_basename, suffix):
-                            keys.append(key)
-                    elif key_basename == suffix:
-                        keys.append(key)
-                    elif key.endswith(suffix):
-                        # Backward compatibility if suffix already includes directories
-                        keys.append(key)
+                keys = [obj["Key"] for obj in contents if obj["Key"].endswith(suffix)]
                if not keys:
                    return Response(
                        {
@@ -1914,45 +1855,6 @@ class ScanViewSet(BaseRLSViewSet):
        content, filename = loader
        return self._serve_file(content, filename, "text/csv")

-    @action(
-        detail=True,
-        methods=["get"],
-        url_name="threatscore",
-    )
-    def threatscore(self, request, pk=None):
-        scan = self.get_object()
-        running_resp = self._get_task_status(scan)
-        if running_resp:
-            return running_resp
-
-        if not scan.output_location:
-            return Response(
-                {
-                    "detail": "The scan has no reports, or the threatscore report generation task has not started yet."
-                },
-                status=status.HTTP_404_NOT_FOUND,
-            )
-
-        if scan.output_location.startswith("s3://"):
-            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
-            prefix = os.path.join(
-                os.path.dirname(key_prefix),
-                "threatscore",
-                "*_threatscore_report.pdf",
-            )
-            loader = self._load_file(prefix, s3=True, bucket=bucket, list_objects=True)
-        else:
-            base = os.path.dirname(scan.output_location)
-            pattern = os.path.join(base, "threatscore", "*_threatscore_report.pdf")
-            loader = self._load_file(pattern, s3=False)
-
-        if isinstance(loader, Response):
-            return loader
-
-        content, filename = loader
-        return self._serve_file(content, filename, "application/pdf")
-
    def create(self, request, *args, **kwargs):
        input_serializer = self.get_serializer(data=request.data)
        input_serializer.is_valid(raise_exception=True)
@@ -3522,16 +3424,15 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
            )
        filtered_queryset = self.filter_queryset(self.get_queryset())

-        all_requirements = filtered_queryset.values(
-            "requirement_id",
-            "framework",
-            "version",
-            "description",
-        ).annotate(
-            total_instances=Count("id"),
-            manual_count=Count("id", filter=Q(requirement_status="MANUAL")),
-            passed_findings_sum=Sum("passed_findings"),
-            total_findings_sum=Sum("total_findings"),
+        all_requirements = (
+            filtered_queryset.values(
+                "requirement_id", "framework", "version", "description"
+            )
+            .distinct()
+            .annotate(
+                total_instances=Count("id"),
+                manual_count=Count("id", filter=Q(requirement_status="MANUAL")),
+            )
        )

        passed_instances = (
@@ -3550,8 +3451,6 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
            total_instances = requirement["total_instances"]
            passed_count = passed_counts.get(requirement_id, 0)
            is_manual = requirement["manual_count"] == total_instances
-            passed_findings = requirement["passed_findings_sum"] or 0
-            total_findings = requirement["total_findings_sum"] or 0
            if is_manual:
                requirement_status = "MANUAL"
            elif passed_count == total_instances:
@@ -3566,19 +3465,10 @@ class ComplianceOverviewViewSet(BaseRLSViewSet, TaskManagementMixin):
                    "version": requirement["version"],
                    "description": requirement["description"],
                    "status": requirement_status,
-                    "passed_findings": passed_findings,
-                    "total_findings": total_findings,
                }
            )

-        # Use different serializer for threatscore framework
-        if "threatscore" not in compliance_id:
-            serializer = self.get_serializer(requirements_summary, many=True)
-        else:
-            serializer = ComplianceOverviewDetailThreatscoreSerializer(
-                requirements_summary, many=True
-            )
-
+        serializer = self.get_serializer(requirements_summary, many=True)
        return Response(serializer.data, status=status.HTTP_200_OK)

    @action(detail=False, methods=["get"], url_name="attributes")
@@ -3776,7 +3666,10 @@ class OverviewViewSet(BaseRLSViewSet):

        findings_aggregated = (
            queryset.filter(scan_id__in=latest_scan_ids)
-            .values(provider=F("scan__provider__provider"))
+            .values(
+                "scan__provider_id",
+                provider=F("scan__provider__provider"),
+            )
            .annotate(
                findings_passed=Coalesce(Sum("_pass"), 0),
                findings_failed=Coalesce(Sum("fail"), 0),
@@ -3785,16 +3678,13 @@ class OverviewViewSet(BaseRLSViewSet):
            )
        )

-        resources_queryset = Resource.all_objects.filter(tenant_id=tenant_id)
-        if hasattr(self, "allowed_providers"):
-            resources_queryset = resources_queryset.filter(
-                provider__in=self.allowed_providers
-            )
-        resources_aggregated = resources_queryset.values(
-            provider_type=F("provider__provider")
-        ).annotate(total_resources=Count("id"))
+        resources_aggregated = (
+            Resource.all_objects.filter(tenant_id=tenant_id)
+            .values("provider_id")
+            .annotate(total_resources=Count("id"))
+        )
        resource_map = {
-            row["provider_type"]: row["total_resources"] for row in resources_aggregated
+            row["provider_id"]: row["total_resources"] for row in resources_aggregated
        }

        overview = []
@@ -3802,7 +3692,7 @@ class OverviewViewSet(BaseRLSViewSet):
            overview.append(
                {
                    "provider": row["provider"],
-                    "total_resources": resource_map.get(row["provider"], 0),
+                    "total_resources": resource_map.get(row["scan__provider_id"], 0),
                    "total_findings": row["total_findings"],
                    "findings_passed": row["findings_passed"],
                    "findings_failed": row["findings_failed"],
@@ -4298,84 +4188,3 @@ class ProcessorViewSet(BaseRLSViewSet):
        elif self.action == "partial_update":
            return ProcessorUpdateSerializer
        return super().get_serializer_class()
-
-
-@extend_schema_view(
-    list=extend_schema(
-        tags=["API Keys"],
-        summary="List API keys",
-        description="Retrieve a list of API keys for the tenant, with filtering support.",
-    ),
-    retrieve=extend_schema(
-        tags=["API Keys"],
-        summary="Retrieve API key details",
-        description="Fetch detailed information about a specific API key by its ID.",
-    ),
-    create=extend_schema(
-        tags=["API Keys"],
-        summary="Create a new API key",
-        description="Create a new API key for the tenant.",
-    ),
-    partial_update=extend_schema(
-        tags=["API Keys"],
-        summary="Partially update an API key",
-        description="Modify certain fields of an existing API key without affecting other settings.",
-    ),
-    revoke=extend_schema(
-        tags=["API Keys"],
-        summary="Revoke an API key",
-        description="Revoke an API key by its ID. This action is irreversible and will prevent the key from being "
-        "used.",
-        request=None,
-        responses={
-            200: OpenApiResponse(
-                response=TenantApiKeySerializer,
-                description="API key was successfully revoked",
-            )
-        },
-    ),
-)
-class TenantApiKeyViewSet(BaseRLSViewSet):
-    queryset = TenantAPIKey.objects.all()
-    serializer_class = TenantApiKeySerializer
-    filterset_class = TenantApiKeyFilter
-    http_method_names = ["get", "post", "patch", "delete"]
-    ordering = ["revoked", "-created"]
-    ordering_fields = ["name", "prefix", "revoked", "inserted_at", "expires_at"]
-    # RBAC required permissions
-    required_permissions = [Permissions.MANAGE_ACCOUNT]
-
-    def get_queryset(self):
-        queryset = TenantAPIKey.objects.filter(
-            tenant_id=self.request.tenant_id
-        ).annotate(inserted_at=F("created"), expires_at=F("expiry_date"))
-        return queryset
-
-    def get_serializer_class(self):
-        if self.action == "create":
-            return TenantApiKeyCreateSerializer
-        elif self.action == "partial_update":
-            return TenantApiKeyUpdateSerializer
-        return super().get_serializer_class()
-
-    @extend_schema(exclude=True)
-    def destroy(self, request, *args, **kwargs):
-        raise MethodNotAllowed(method="DESTROY")
-
-    @action(detail=True, methods=["delete"])
-    def revoke(self, request, *args, **kwargs):
-        instance = self.get_object()
-
-        # Check if already revoked
-        if instance.revoked:
-            raise ValidationError(
-                {
-                    "detail": "API key is already revoked",
-                }
-            )
-
-        TenantAPIKey.objects.revoke_api_key(instance.pk)
-        instance.refresh_from_db()
-
-        serializer = self.get_serializer(instance)
-        return Response(data=serializer.data, status=status.HTTP_200_OK)
@@ -48,10 +48,6 @@ class NDJSONFormatter(logging.Formatter):
            log_record["user_id"] = record.user_id
        if hasattr(record, "tenant_id"):
            log_record["tenant_id"] = record.tenant_id
-        if hasattr(record, "api_key_prefix"):
-            log_record["api_key_prefix"] = (
-                record.api_key_prefix if record.api_key_prefix != "N/A" else None
-            )
        if hasattr(record, "method"):
            log_record["method"] = record.method
        if hasattr(record, "path"):
@@ -94,9 +90,6 @@ class HumanReadableFormatter(logging.Formatter):
        # Add REST API extra fields
        if hasattr(record, "user_id"):
            log_components.append(f"({record.user_id})")
-        if hasattr(record, "api_key_prefix"):
-            if record.api_key_prefix != "N/A":
-                log_components.append(f"(API-Key {record.api_key_prefix})")
        if hasattr(record, "tenant_id"):
            log_components.append(f"[{record.tenant_id}]")
        if hasattr(record, "method"):
@@ -43,7 +43,6 @@ INSTALLED_APPS = [
    "allauth.socialaccount.providers.saml",
    "dj_rest_auth.registration",
    "rest_framework.authtoken",
-    "drf_simple_apikey",
 ]

 MIDDLEWARE = [
@@ -85,7 +84,7 @@ TEMPLATES = [
 REST_FRAMEWORK = {
    "DEFAULT_SCHEMA_CLASS": "drf_spectacular_jsonapi.schemas.openapi.JsonApiAutoSchema",
    "DEFAULT_AUTHENTICATION_CLASSES": (
-        "api.authentication.CombinedJWTOrAPIKeyAuthentication",
+        "rest_framework_simplejwt.authentication.JWTAuthentication",
    ),
    "PAGE_SIZE": 10,
    "EXCEPTION_HANDLER": "api.exceptions.custom_exception_handler",
@@ -221,8 +220,7 @@ SIMPLE_JWT = {
    "JTI_CLAIM": "jti",
    "USER_ID_FIELD": "id",
    "USER_ID_CLAIM": "sub",
-    # Issuer and Audience claims, for the moment we will keep these values as default values, they may change in the
-    # future.
+    # Issuer and Audience claims, for the moment we will keep these values as default values, they may change in the future.
    "AUDIENCE": env.str("DJANGO_JWT_AUDIENCE", "https://api.prowler.com"),
    "ISSUER": env.str("DJANGO_JWT_ISSUER", "https://api.prowler.com"),
    # Additional security settings
@@ -231,13 +229,6 @@ SIMPLE_JWT = {

 SECRETS_ENCRYPTION_KEY = env.str("DJANGO_SECRETS_ENCRYPTION_KEY", "")

-# DRF Simple API Key settings
-DRF_API_KEY = {
-    "FERNET_SECRET": SECRETS_ENCRYPTION_KEY,
-    "API_KEY_LIFETIME": 365,
-    "AUTHENTICATION_KEYWORD_HEADER": "Api-Key",
-}
-
 # Internationalization
 # https://docs.djangoproject.com/en/5.0/topics/i18n/

@@ -5,39 +5,24 @@ DEBUG = env.bool("DJANGO_DEBUG", default=True)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["*"])

 # Database
-default_db_name = env("POSTGRES_DB", default="prowler_db")
-default_db_user = env("POSTGRES_USER", default="prowler_user")
-default_db_password = env("POSTGRES_PASSWORD", default="prowler")
-default_db_host = env("POSTGRES_HOST", default="postgres-db")
-default_db_port = env("POSTGRES_PORT", default="5432")
-
 DATABASES = {
    "prowler_user": {
        "ENGINE": "psqlextra.backend",
-        "NAME": default_db_name,
-        "USER": default_db_user,
-        "PASSWORD": default_db_password,
-        "HOST": default_db_host,
-        "PORT": default_db_port,
+        "NAME": env("POSTGRES_DB", default="prowler_db"),
+        "USER": env("POSTGRES_USER", default="prowler_user"),
+        "PASSWORD": env("POSTGRES_PASSWORD", default="prowler"),
+        "HOST": env("POSTGRES_HOST", default="postgres-db"),
+        "PORT": env("POSTGRES_PORT", default="5432"),
    },
    "admin": {
        "ENGINE": "psqlextra.backend",
-        "NAME": default_db_name,
+        "NAME": env("POSTGRES_DB", default="prowler_db"),
        "USER": env("POSTGRES_ADMIN_USER", default="prowler"),
        "PASSWORD": env("POSTGRES_ADMIN_PASSWORD", default="S3cret"),
-        "HOST": default_db_host,
-        "PORT": default_db_port,
-    },
-    "replica": {
-        "ENGINE": "psqlextra.backend",
-        "NAME": env("POSTGRES_REPLICA_DB", default=default_db_name),
-        "USER": env("POSTGRES_REPLICA_USER", default=default_db_user),
-        "PASSWORD": env("POSTGRES_REPLICA_PASSWORD", default=default_db_password),
-        "HOST": env("POSTGRES_REPLICA_HOST", default=default_db_host),
-        "PORT": env("POSTGRES_REPLICA_PORT", default=default_db_port),
+        "HOST": env("POSTGRES_HOST", default="postgres-db"),
+        "PORT": env("POSTGRES_PORT", default="5432"),
    },
 }
-
 DATABASES["default"] = DATABASES["prowler_user"]

 REST_FRAMEWORK["DEFAULT_RENDERER_CLASSES"] = tuple(  # noqa: F405
@@ -6,37 +6,22 @@ ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.

 # Database
 # TODO Use Django database routers https://docs.djangoproject.com/en/5.0/topics/db/multi-db/#automatic-database-routing
-default_db_name = env("POSTGRES_DB")
-default_db_user = env("POSTGRES_USER")
-default_db_password = env("POSTGRES_PASSWORD")
-default_db_host = env("POSTGRES_HOST")
-default_db_port = env("POSTGRES_PORT")
-
 DATABASES = {
    "prowler_user": {
-        "ENGINE": "psqlextra.backend",
-        "NAME": default_db_name,
-        "USER": default_db_user,
-        "PASSWORD": default_db_password,
-        "HOST": default_db_host,
-        "PORT": default_db_port,
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": env("POSTGRES_DB"),
+        "USER": env("POSTGRES_USER"),
+        "PASSWORD": env("POSTGRES_PASSWORD"),
+        "HOST": env("POSTGRES_HOST"),
+        "PORT": env("POSTGRES_PORT"),
    },
    "admin": {
        "ENGINE": "psqlextra.backend",
-        "NAME": default_db_name,
+        "NAME": env("POSTGRES_DB"),
        "USER": env("POSTGRES_ADMIN_USER"),
        "PASSWORD": env("POSTGRES_ADMIN_PASSWORD"),
-        "HOST": default_db_host,
-        "PORT": default_db_port,
-    },
-    "replica": {
-        "ENGINE": "psqlextra.backend",
-        "NAME": env("POSTGRES_REPLICA_DB", default=default_db_name),
-        "USER": env("POSTGRES_REPLICA_USER", default=default_db_user),
-        "PASSWORD": env("POSTGRES_REPLICA_PASSWORD", default=default_db_password),
-        "HOST": env("POSTGRES_REPLICA_HOST", default=default_db_host),
-        "PORT": env("POSTGRES_REPLICA_PORT", default=default_db_port),
+        "HOST": env("POSTGRES_HOST"),
+        "PORT": env("POSTGRES_PORT"),
    },
 }
-
 DATABASES["default"] = DATABASES["prowler_user"]
@@ -20,13 +20,6 @@ DATABASE_ROUTERS = []
 TESTING = True
 SECRETS_ENCRYPTION_KEY = "ZMiYVo7m4Fbe2eXXPyrwxdJss2WSalXSv3xHBcJkPl0="

-# DRF Simple API Key settings
-DRF_API_KEY = {
-    "FERNET_SECRET": SECRETS_ENCRYPTION_KEY,
-    "API_KEY_LIFETIME": 365,
-    "AUTHENTICATION_KEYWORD_HEADER": "Api-Key",
-}
-
 # JWT

 SIMPLE_JWT["ALGORITHM"] = "HS256"  # noqa: F405
@@ -38,7 +38,6 @@ from api.models import (
    StateChoices,
    StatusChoices,
    Task,
-    TenantAPIKey,
    User,
    UserRoleRelationship,
 )
@@ -1369,56 +1368,6 @@ def saml_sociallogin(users_fixture):
    return sociallogin


-@pytest.fixture
-def api_keys_fixture(tenants_fixture, create_test_user):
-    """Create test API keys for testing."""
-    tenant = tenants_fixture[0]
-    user = create_test_user
-
-    # Create and assign role to user for API key authentication
-    role = Role.objects.create(
-        tenant_id=tenant.id,
-        name="Test API Key Role",
-        unlimited_visibility=True,
-        manage_account=True,
-    )
-    UserRoleRelationship.objects.create(
-        user=user,
-        role=role,
-        tenant_id=tenant.id,
-    )
-
-    # Create API keys with different states
-    api_key1, raw_key1 = TenantAPIKey.objects.create_api_key(
-        name="Test API Key 1",
-        tenant_id=tenant.id,
-        entity=user,
-    )
-
-    api_key2, raw_key2 = TenantAPIKey.objects.create_api_key(
-        name="Test API Key 2",
-        tenant_id=tenant.id,
-        entity=user,
-        expiry_date=datetime.now(timezone.utc) + timedelta(days=60),
-    )
-
-    # Revoked API key
-    api_key3, raw_key3 = TenantAPIKey.objects.create_api_key(
-        name="Revoked API Key",
-        tenant_id=tenant.id,
-        entity=user,
-    )
-    api_key3.revoked = True
-    api_key3.save()
-
-    # Store raw keys on instances for testing
-    api_key1._raw_key = raw_key1
-    api_key2._raw_key = raw_key2
-    api_key3._raw_key = raw_key3
-
-    return [api_key1, api_key2, api_key3]
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

--- a/Show More
+++ b/Show More