WIP: add change role to the user's invitations

chore: add change role to the user's invitations
Merge branch 'master' into PRWLR-4669-Roles-Page-API-UI
2026-03-27 18:38:52 +00:00 · 2024-12-15 10:37:51 +01:00 · 2024-12-13 12:38:08 +01:00 · 2024-12-13 06:02:29 +01:00 · 2024-12-11 08:30:12 +01:00 · 2024-12-10 18:14:57 +01:00
2963 changed files with 38150 additions and 238054 deletions
--- a/.env
+++ b/.env
@@ -3,17 +3,16 @@
 # For production, it is recommended to use a secure method to store these variables and change the default secret keys.

 #### Prowler UI Configuration ####
-PROWLER_UI_VERSION="stable"
-AUTH_URL=http://localhost:3000
+PROWLER_UI_VERSION="latest"
+SITE_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="

 #### Prowler API Configuration ####
-PROWLER_API_VERSION="stable"
+PROWLER_API_VERSION="latest"
 # PostgreSQL settings
 # If running Django and celery on host, use 'localhost', else use 'postgres-db'
 POSTGRES_HOST=postgres-db
@@ -30,30 +29,6 @@ VALKEY_HOST=valkey
 VALKEY_PORT=6379
 VALKEY_DB=0

-# API scan settings
-
-# The path to the directory where scan output should be stored
-DJANGO_TMP_OUTPUT_DIRECTORY="/tmp/prowler_api_output"
-
-# The maximum number of findings to process in a single batch
-DJANGO_FINDINGS_BATCH_SIZE=1000
-
-# The AWS access key to be used when uploading scan output to an S3 bucket
-# If left empty, default AWS credentials resolution behavior will be used
-DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID=""
-
-# The AWS secret key to be used when uploading scan output to an S3 bucket
-DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY=""
-
-# An optional AWS session token
-DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN=""
-
-# The AWS region where your S3 bucket is located (e.g., "us-east-1")
-DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION=""
-
-# The name of the S3 bucket where scan output should be stored
-DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET=""
-
 # Django settings
 DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,prowler-api
 DJANGO_BIND_ADDRESS=0.0.0.0
@@ -65,12 +40,9 @@ DJANGO_LOGGING_FORMATTER=human_readable
 # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
 # Applies to both Django and Celery Workers
 DJANGO_LOGGING_LEVEL=INFO
-# Defaults to the maximum available based on CPU cores if not set.
-DJANGO_WORKERS=4
-# Token lifetime is in minutes
-DJANGO_ACCESS_TOKEN_LIFETIME=30
-# Token lifetime is in minutes
-DJANGO_REFRESH_TOKEN_LIFETIME=1440
+DJANGO_WORKERS=4 # Defaults to the maximum available based on CPU cores if not set.
+DJANGO_ACCESS_TOKEN_LIFETIME=30 # Token lifetime is in minutes
+DJANGO_REFRESH_TOKEN_LIFETIME=1440 # Token lifetime is in minutes
 DJANGO_CACHE_MAX_AGE=3600
 DJANGO_STALE_WHILE_REVALIDATE=60
 DJANGO_MANAGE_DB_PARTITIONS=True
@@ -115,21 +87,3 @@ jQIDAQAB
 -----END PUBLIC KEY-----"
 # openssl rand -base64 32
 DJANGO_SECRETS_ENCRYPTION_KEY="oE/ltOhp/n1TdbHjVmzcjDPLcLA41CVI/4Rk+UB5ESc="
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_SENTRY_DSN=
-
-# Sentry settings
-SENTRY_ENVIRONMENT=local
-SENTRY_RELEASE=local
-
-#### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.5.1
-
-# Social login credentials
-SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
-SOCIAL_GOOGLE_OAUTH_CLIENT_ID=""
-SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET=""
-
-SOCIAL_GITHUB_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/github"
-SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
-SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,112 +9,75 @@ updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "daily"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
      - "pip"

-  # Dependabot Updates are temporary disabled - 2025/03/19
-  # - package-ecosystem: "pip"
-  #   directory: "/api"
-  #   schedule:
-  #     interval: "daily"
-  #   open-pull-requests-limit: 10
-  #   target-branch: master
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "component/api"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "daily"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
      - "github_actions"

-  # Dependabot Updates are temporary disabled - 2025/03/19
-  # - package-ecosystem: "npm"
-  #   directory: "/ui"
-  #   schedule:
-  #     interval: "daily"
-  #   open-pull-requests-limit: 10
-  #   target-branch: master
-  #   labels:
-  #     - "dependencies"
-  #     - "npm"
-  #     - "component/ui"
-
-  - package-ecosystem: "docker"
+  - package-ecosystem: "npm"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "daily"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
-      - "docker"
+      - "npm"

-  # Dependabot Updates are temporary disabled - 2025/04/15
  # v4.6
-  # - package-ecosystem: "pip"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "v4"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v4"

-  # - package-ecosystem: "github-actions"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "github_actions"
-  #     - "v4"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v4"

-  # - package-ecosystem: "docker"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "docker"
-  #     - "v4"
-
-  # Dependabot Updates are temporary disabled - 2025/03/19
  # v3
-  # - package-ecosystem: "pip"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "monthly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v3
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "v3"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+    target-branch: v3
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v3"

-  # - package-ecosystem: "github-actions"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "monthly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v3
-  #   labels:
-  #     - "dependencies"
-  #     - "github_actions"
-  #     - "v3"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+    target-branch: v3
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v3"
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -22,11 +22,6 @@ provider/kubernetes:
      - any-glob-to-any-file: "prowler/providers/kubernetes/**"
      - any-glob-to-any-file: "tests/providers/kubernetes/**"

-provider/github:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/providers/github/**"
-      - any-glob-to-any-file: "tests/providers/github/**"
-
 github_actions:
  - changed-files:
      - any-glob-to-any-file: ".github/workflows/*"
@@ -92,13 +87,3 @@ component/api:
 component/ui:
  - changed-files:
      - any-glob-to-any-file: "ui/**"
-
-compliance:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/compliance/**"
-      - any-glob-to-any-file: "prowler/lib/outputs/compliance/**"
-      - any-glob-to-any-file: "tests/lib/outputs/compliance/**"
-
-review-django-migrations:
-  - changed-files:
-      - any-glob-to-any-file: "api/src/backend/api/migrations/**"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -15,13 +15,7 @@ Please include a summary of the change and which issue is fixed. List any depend
 - [ ] Review if the code is being covered by tests.
 - [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
 - [ ] Review if backport is needed.
- [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)
-
-#### API
- [ ] Verify if API specs need to be regenerated.
- [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
- [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/api/CHANGELOG.md), if applicable.

 ### License

-By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/api-build-lint-push-containers.yml
+++ b/.github/workflows/api-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./api

@@ -32,83 +31,51 @@ env:
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  # Build Prowler OSS container
  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.WORKING_DIRECTORY }}

    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set short git commit SHA
-        id: vars
+      - name: Repository check
+        working-directory: /tmp
        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
+
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-api-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/api-codeql.yml
+++ b/.github/workflows/api-codeql.yml
@@ -15,12 +15,16 @@ on:
  push:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
  pull_request:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
@@ -44,16 +48,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/api-pull-request.yml
+++ b/.github/workflows/api-pull-request.yml
@@ -4,17 +4,15 @@ on:
  push:
    branches:
      - "master"
-      - "v5.*"
    paths:
-      - ".github/workflows/api-pull-request.yml"
      - "api/**"
  pull_request:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"

+
 env:
  POSTGRES_HOST: localhost
  POSTGRES_PORT: 5432
@@ -26,8 +24,7 @@ env:
  VALKEY_HOST: localhost
  VALKEY_PORT: 6379
  VALKEY_DB: 0
-  API_WORKING_DIR: ./api
-  IMAGE_NAME: prowler-api
+

 jobs:
  test:
@@ -71,11 +68,11 @@ jobs:
          --health-retries 5

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@v45
        with:
          files: api/**
          files_ignore: |
@@ -85,30 +82,16 @@ jobs:
            api/README.md
            api/mkdocs.yml

-      - name: Replace @master with current branch in pyproject.toml
-        working-directory: ./api
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
-          echo "Using branch: $BRANCH_NAME"
-          sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
-
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==2.1.1
-
-      - name: Update poetry.lock after the branch name change
-        working-directory: ./api
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          poetry lock
+          pipx install poetry

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -117,7 +100,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install --no-root
+          poetry install
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -129,7 +112,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
+          poetry lock --check

      - name: Lint with ruff
        working-directory: ./api
@@ -159,7 +142,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run safety check --ignore 70612,66963,74429
+          poetry run safety check --ignore 70612,66963

      - name: Vulture
        working-directory: ./api
@@ -181,23 +164,8 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
          flags: api
-  test-container-build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-      - name: Build Container
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
-        with:
-          context: ${{ env.API_WORKING_DIR }}
-          push: false
-          tags: ${{ env.IMAGE_NAME }}:latest
-          outputs: type=docker
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Check labels
        id: preview_label_check
-        uses: agilepathway/label-checker@c3d16ad512e7cea5961df85ff2486bb774caf3c5 # v1.6.65
+        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
        with:
          allow_failure: true
          prefix_mode: true
@@ -33,7 +33,7 @@ jobs:

      - name: Backport Action
        if: steps.preview_label_check.outputs.label_check == 'success'
-        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
+        uses: sorenlouv/backport-github-action@v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
--- a/.github/workflows/build-documentation-on-pr.yml
+++ b/.github/workflows/build-documentation-on-pr.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Leave PR comment with the Prowler Documentation URI
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@v4
        with:
          issue-number: ${{ env.PR_NUMBER }}
          body: |
--- a/.github/workflows/conventional-commit.yml
+++ b/.github/workflows/conventional-commit.yml
@@ -1,23 +0,0 @@
-name: Prowler - Conventional Commit
-
-on:
-  pull_request:
-    types:
-      - "opened"
-      - "edited"
-      - "synchronize"
-    branches:
-      - "master"
-      - "v3"
-      - "v4.*"
-      - "v5.*"
-
-jobs:
-  conventional-commit-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: conventional-commit-check
-        id: conventional-commit-check
-        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
-        with:
-            pr-title-regex: '^([^\s(]+)(?:\(([^)]+)\))?: (.+)'
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -7,11 +7,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@b06f6d72a3791308bb7ba59c2b8cb7a083bd17e4 # v3.88.26
+        uses: trufflesecurity/trufflehog@v3.86.1
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -14,4 +14,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+    - uses: actions/labeler@v5
--- a/.github/workflows/pull-request-merged.yml
+++ b/.github/workflows/pull-request-merged.yml
@@ -1,34 +0,0 @@
-name: Prowler - Merged Pull Request
-
-on:
-  pull_request_target:
-    branches: ['master']
-    types: ['closed']
-
-jobs:
-  trigger-cloud-pull-request:
-    name: Trigger Cloud Pull Request
-    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set short git commit SHA
-        id: vars
-        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
-
-      - name: Trigger pull request
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-pull-request-merged
-          client-payload: '{
-            "PROWLER_COMMIT_SHA": "${{ github.sha }}",
-            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
-            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
-            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }}
-          }'
--- a/.github/workflows/sdk-build-lint-push-containers.yml
+++ b/.github/workflows/sdk-build-lint-push-containers.yml
@@ -59,16 +59,16 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4

      - name: Setup Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}

      - name: Install Poetry
        run: |
-          pipx install poetry==2.*
+          pipx install poetry
          pipx inject poetry poetry-bumpversion

      - name: Get Prowler version
@@ -108,13 +108,13 @@ jobs:
          esac

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -123,11 +123,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
--- a/.github/workflows/sdk-bump-version.yml
+++ b/.github/workflows/sdk-bump-version.yml
@@ -1,145 +0,0 @@
-name: SDK - Bump Version
-
-on:
-  release:
-    types: [published]
-
-
-env:
-  PROWLER_VERSION: ${{ github.event.release.tag_name }}
-  BASE_BRANCH: master
-
-jobs:
-  bump-version:
-    name: Bump Version
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get Prowler version
-        shell: bash
-        run: |
-          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            MAJOR_VERSION=${BASH_REMATCH[1]}
-            MINOR_VERSION=${BASH_REMATCH[2]}
-            FIX_VERSION=${BASH_REMATCH[3]}
-
-            # Export version components to GitHub environment
-            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"
-
-            if (( MAJOR_VERSION == 5 )); then
-                if (( FIX_VERSION == 0 )); then
-                  echo "Minor Release: $PROWLER_VERSION"
-
-                  # Set up next minor version for master
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=${BASE_BRANCH}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  # Set up patch version for version branch
-                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
-                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
-                else
-                  echo "Patch Release: $PROWLER_VERSION"
-
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                fi
-            else
-                echo "Releasing another Prowler major version, aborting..."
-                exit 1
-            fi
-          else
-            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
-            exit 1
-          fi
-
-      - name: Bump versions in files
-        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"
-
-            set -e
-
-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml
-
-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py
-
-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env
-
-            git --no-pager diff
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.TARGET_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            body: |
-              ### Description
-
-              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}
-
-              ### License
-
-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: Handle patch version for minor release
-        if: env.FIX_VERSION == '0'
-        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"
-
-            set -e
-
-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml
-
-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py
-
-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env
-
-            git --no-pager diff
-
-      - name: Create Pull Request for patch version
-        if: env.FIX_VERSION == '0'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.VERSION_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            body: |
-              ### Description
-
-              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}
-
-              ### License
-
-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/sdk-codeql.yml
+++ b/.github/workflows/sdk-codeql.yml
@@ -17,21 +17,17 @@ on:
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
-      - '.github/**'
  pull_request:
    branches:
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
-      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

@@ -52,16 +48,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/sdk-pull-request.yml
+++ b/.github/workflows/sdk-pull-request.yml
@@ -21,11 +21,11 @@ jobs:
        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@v45
        with:
          files: ./**
          files_ignore: |
@@ -34,24 +34,19 @@ jobs:
            permissions/**
            api/**
            ui/**
-            prowler/CHANGELOG.md
            README.md
            mkdocs.yml
            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore

      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==2.1.1
+          pipx install poetry

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -59,7 +54,7 @@ jobs:
      - name: Install dependencies
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install --no-root
+          poetry install
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -70,7 +65,7 @@ jobs:
      - name: Poetry check
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
+          poetry lock --check

      - name: Lint with flake8
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -107,113 +102,15 @@ jobs:
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013

-      # Test AWS
-      - name: AWS - Check if any file has changed
-        id: aws-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/aws/**
-            ./tests/providers/aws/**
-            .poetry.lock
-
-      - name: AWS - Test
-        if: steps.aws-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
-
-      # Test Azure
-      - name: Azure - Check if any file has changed
-        id: azure-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/azure/**
-            ./tests/providers/azure/**
-            .poetry.lock
-
-      - name: Azure - Test
-        if: steps.azure-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
-
-      # Test GCP
-      - name: GCP - Check if any file has changed
-        id: gcp-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/gcp/**
-            ./tests/providers/gcp/**
-            .poetry.lock
-
-      - name: GCP - Test
-        if: steps.gcp-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
-
-      # Test Kubernetes
-      - name: Kubernetes - Check if any file has changed
-        id: kubernetes-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/kubernetes/**
-            ./tests/providers/kubernetes/**
-            .poetry.lock
-
-      - name: Kubernetes - Test
-        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
-
-      # Test NHN
-      - name: NHN - Check if any file has changed
-        id: nhn-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/nhn/**
-            ./tests/providers/nhn/**
-            .poetry.lock
-
-      - name: NHN - Test
-        if: steps.nhn-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
-
-      # Test M365
-      - name: M365 - Check if any file has changed
-        id: m365-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/m365/**
-            ./tests/providers/m365/**
-            .poetry.lock
-
-      - name: M365 - Test
-        if: steps.m365-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
-
-      # Common Tests
-      - name: Lib - Test
+      - name: Test with pytest
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
+          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests

-      - name: Config - Test
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
-
-      # Codecov
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
          flags: prowler
-          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./lib_coverage.xml,./config_coverage.xml
--- a/.github/workflows/sdk-pypi-release.yml
+++ b/.github/workflows/sdk-pypi-release.yml
@@ -7,43 +7,15 @@ on:
 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
  PYTHON_VERSION: 3.11
-  # CACHE: "poetry"
+  CACHE: "poetry"

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  release-prowler-job:
    runs-on: ubuntu-latest
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    env:
      POETRY_VIRTUALENVS_CREATE: "false"
    name: Release Prowler to PyPI
    steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
-                  echo "This action only runs for prowler-cloud/prowler"
-                  exit 1
-              fi
-
      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
@@ -64,17 +36,17 @@ jobs:
              ;;
          esac

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Install dependencies
        run: |
-          pipx install poetry==2.1.1
+          pipx install poetry

      - name: Setup Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          # cache: ${{ env.CACHE }}
+          cache: ${{ env.CACHE }}

      - name: Build Prowler package
        run: |
--- a/.github/workflows/sdk-refresh-aws-services-regions.yml
+++ b/.github/workflows/sdk-refresh-aws-services-regions.yml
@@ -4,7 +4,7 @@ name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday
+    - cron: "0 9 * * *" #runs at 09:00 UTC everyday

 env:
  GITHUB_BRANCH: "master"
@@ -23,12 +23,12 @@ jobs:
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: 3.9 #install the python needed

@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,13 +50,12 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@v7
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services"
          branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws"
+          labels: "status/waiting-for-revision, severity/low, provider/aws, backport-to-v3"
          title: "chore(regions_update): Changes in regions for AWS services"
          body: |
            ### Description
--- a/.github/workflows/ui-build-lint-push-containers.yml
+++ b/.github/workflows/ui-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./ui

@@ -32,87 +31,51 @@ env:
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  # Build Prowler OSS container
  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.WORKING_DIRECTORY }}

    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set short git commit SHA
-        id: vars
+      - name: Repository check
+        working-directory: /tmp
        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
+
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
          # Set push: false for testing
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-ui-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -15,12 +15,14 @@ on:
  push:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
  pull_request:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
@@ -44,16 +46,16 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/ui-pull-request.yml
+++ b/.github/workflows/ui-pull-request.yml
@@ -1,22 +1,11 @@
 name: UI - Pull Request

 on:
-  push:
-    branches:
-      - "master"
-      - "v5.*"
-    paths:
-      - ".github/workflows/ui-pull-request.yml"
-      - "ui/**"
  pull_request:
    branches:
      - master
-      - "v5.*"
    paths:
      - 'ui/**'
-env:
-  UI_WORKING_DIR: ./ui
-  IMAGE_NAME: prowler-ui

 jobs:
  test-and-coverage:
@@ -27,11 +16,11 @@ jobs:
        node-version: [20.x]
    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
@@ -43,20 +32,3 @@ jobs:
      - name: Build the application
        working-directory: ./ui
        run: npm run build
-  test-container-build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-      - name: Build Container
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
-        with:
-          context: ${{ env.UI_WORKING_DIR }}
-          # Always build using `prod` target
-          target: prod
-          push: false
-          tags: ${{ env.IMAGE_NAME }}:latest
-          outputs: type=docker
-          build-args: |
-            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
--- a/.gitignore
+++ b/.gitignore
@@ -31,7 +31,7 @@ tags
 *.DS_Store

 # Prowler output
-/output
+output/

 # Prowler found secrets
 secrets-*/
@@ -42,18 +42,13 @@ junit-reports/
 # VSCode files
 .vscode/

-# Cursor files
-.cursorignore
-
 # Terraform
 .terraform*
 *.tfstate
-*.tfstate.*

 # .env
 ui/.env*
 api/.env*
-.env.local

 # Coverage
 .coverage*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,7 +27,6 @@ repos:
    hooks:
      - id: shellcheck
        exclude: contrib
-
  ## PYTHON
  - repo: https://github.com/myint/autoflake
    rev: v2.3.1
@@ -59,28 +58,11 @@ repos:
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
-    rev: 2.1.1
+    rev: 1.8.0
    hooks:
      - id: poetry-check
-        name: API - poetry-check
-        args: ["--directory=./api"]
-        pass_filenames: false
-
      - id: poetry-lock
-        name: API - poetry-lock
-        args: ["--directory=./api"]
-        pass_filenames: false
-
-      - id: poetry-check
-        name: SDK - poetry-check
-        args: ["--directory=./"]
-        pass_filenames: false
-
-      - id: poetry-lock
-        name: SDK - poetry-lock
-        args: ["--directory=./"]
-        pass_filenames: false
-
+        args: ["--no-update"]

  - repo: https://github.com/hadolint/hadolint
    rev: v2.13.0-beta
@@ -108,19 +90,20 @@ repos:
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
-        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
        language: system
        files: '.*\.py'

      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'safety check --ignore 70612,66963,74429'
+        entry: bash -c 'safety check --ignore 70612,66963'
        language: system

      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
-        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
+        entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
+        exclude: 'api/src/backend/'
        language: system
        files: '.*\.py'
--- a/64
+++ b/64
@@ -1,64 +1,38 @@
-FROM python:3.12.10-slim-bookworm AS build
+FROM python:3.12.8-alpine3.20

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
-LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"

-ARG POWERSHELL_VERSION=7.5.0
-
-# hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install PowerShell
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
-    else \
-        echo "Unsupported architecture: $ARCH" && exit 1 ; \
-    fi && \
-    mkdir -p /opt/microsoft/powershell/7 && \
-    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
-    chmod +x /opt/microsoft/powershell/7/pwsh && \
-    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
-    rm /tmp/powershell.tar.gz
-
-# Add prowler user
-RUN addgroup --gid 1000 prowler && \
-    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
+# Update system dependencies and install essential tools
+#hadolint ignore=DL3018
+RUN apk --no-cache upgrade && apk --no-cache add curl git

+# Create non-root user
+RUN mkdir -p /home/prowler && \
+    echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
+    echo 'prowler:x:1000:' > /etc/group && \
+    chown -R prowler:prowler /home/prowler
 USER prowler

-WORKDIR /home/prowler
-
 # Copy necessary files
+WORKDIR /home/prowler
 COPY prowler/  /home/prowler/prowler/
 COPY dashboard/ /home/prowler/dashboard/
 COPY pyproject.toml /home/prowler
-COPY README.md /home/prowler/
-COPY prowler/providers/m365/lib/powershell/m365_powershell.py /home/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py
+COPY README.md /home/prowler

 # Install Python dependencies
 ENV HOME='/home/prowler'
-ENV PATH="${HOME}/.local/bin:${PATH}"
-#hadolint ignore=DL3013
-RUN pip install --no-cache-dir --upgrade pip && \
-    pip install --no-cache-dir poetry
-
-# By default poetry does not compile Python source files to bytecode during installation.
-# This speeds up the installation process, but the first execution may take a little more
-# time because Python then compiles source files to bytecode automatically. If you want to
-# compile source files to bytecode during installation, you can use the --compile option
-RUN poetry install --compile && \
-    rm -rf ~/.cache/pip
-
-# Install PowerShell modules
-RUN poetry run python prowler/providers/m365/lib/powershell/m365_powershell.py
+ENV PATH="$HOME/.local/bin:$PATH"
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    pip install --no-cache-dir .

 # Remove deprecated dash dependencies
 RUN pip uninstall dash-html-components -y && \
    pip uninstall dash-core-components -y

+# Remove Prowler directory and build files
+USER 0
+RUN rm -rf /home/prowler/prowler /home/prowler/pyproject.toml /home/prowler/README.md /home/prowler/build /home/prowler/prowler.egg-info
+
 USER prowler
-ENTRYPOINT ["poetry", "run", "prowler"]
+ENTRYPOINT ["prowler"]
--- a/README.md
+++ b/README.md
@@ -71,14 +71,10 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 564 | 82 | 33 | 10 |
-| GCP | 78 | 13 | 7 | 3 |
-| Azure | 140 | 18 | 7 | 3 |
-| Kubernetes | 83 | 7 | 4 | 7 |
-| M365 | 44 | 2 | 1 | 0 |
-| NHN (Unofficial) | 6 | 2 | 1 | 0 |
-
-> You can list the checks, services, compliance frameworks and categories with `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.
+| AWS | 561 | 81 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 3 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 139 | 18 -> `prowler azure --list-services` | 4 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |

 # 💻 Installation

@@ -102,7 +98,6 @@ curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/mast
 docker compose up -d
 ```

-> Containers are built for `linux/amd64`. If your workstation's architecture is different, please set `DOCKER_DEFAULT_PLATFORM=linux/amd64` in your environment or use the `--platform linux/amd64` flag in the docker command.
 > Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

 ### From GitHub
@@ -110,7 +105,7 @@ docker compose up -d
 **Requirements**

 * `git` installed.
-* `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation).
+* `poetry` installed: [poetry installation](https://python-poetry.org/docs/#installation).
 * `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
 * `Docker Compose` installed: https://docs.docker.com/compose/install/.

@@ -120,7 +115,7 @@ docker compose up -d
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 docker compose up postgres valkey -d
@@ -128,11 +123,6 @@ cd src/backend
 python manage.py migrate --database admin
 gunicorn -c config/guniconf.py config.wsgi:application
 ```
-> [!IMPORTANT]
-> Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
->
-> If your poetry version is below 2.0.0 you must keep using `poetry shell` to activate your environment.
-> In case you have any doubts, consult the Poetry environment activation guide: https://python-poetry.org/docs/managing-environments/#activating-the-environment

 > Now, you can access the API documentation at http://localhost:8080/api/v1/docs.

@@ -142,7 +132,7 @@ gunicorn -c config/guniconf.py config.wsgi:application
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 cd src/backend
@@ -155,7 +145,7 @@ python -m celery -A config.celery worker -l info -E
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 cd src/backend
@@ -176,7 +166,7 @@ npm start

 ## Prowler CLI
 ### Pip package
-Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python > 3.9.1, < 3.13:
+Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:

 ```console
 pip install prowler
@@ -206,21 +196,15 @@ The container images are available here:

 ### From GitHub

-Python > 3.9.1, < 3.13 is required with pip and poetry:
+Python >= 3.9, < 3.13 is required with pip and poetry:

 ``` console
 git clone https://github.com/prowler-cloud/prowler
 cd prowler
-eval $(poetry env activate)
+poetry shell
 poetry install
-python prowler-cli.py -v
+python prowler.py -v
 ```
-> [!IMPORTANT]
-> Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
->
-> If your poetry version is below 2.0.0 you must keep using `poetry shell` to activate your environment.
-> In case you have any doubts, consult the Poetry environment activation guide: https://python-poetry.org/docs/managing-environments/#activating-the-environment
-
 > If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
 # 📐✏️ High level architecture

--- a/api/.env.example
+++ b/api/.env.example
@@ -22,8 +22,6 @@ DJANGO_SECRETS_ENCRYPTION_KEY=""
 # Decide whether to allow Django manage database table partitions
 DJANGO_MANAGE_DB_PARTITIONS=[True|False]
 DJANGO_CELERY_DEADLOCK_ATTEMPTS=5
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_SENTRY_DSN=

 # PostgreSQL settings
 # If running django and celery on host, use 'localhost', else use 'postgres-db'
@@ -40,19 +38,3 @@ POSTGRES_DB=prowler_db
 VALKEY_HOST=[localhost|valkey]
 VALKEY_PORT=6379
 VALKEY_DB=0
-
-# Sentry settings
-SENTRY_ENVIRONMENT=local
-SENTRY_RELEASE=local
-
-# Social login credentials
-DJANGO_GOOGLE_OAUTH_CLIENT_ID=""
-DJANGO_GOOGLE_OAUTH_CLIENT_SECRET=""
-DJANGO_GOOGLE_OAUTH_CALLBACK_URL=""
-
-DJANGO_GITHUB_OAUTH_CLIENT_ID=""
-DJANGO_GITHUB_OAUTH_CLIENT_SECRET=""
-DJANGO_GITHUB_OAUTH_CALLBACK_URL=""
-
-# Deletion Task Batch Size
-DJANGO_DELETION_BATCH_SIZE=5000
--- a/api/.pre-commit-config.yaml
+++ b/api/.pre-commit-config.yaml
@@ -80,7 +80,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429'
+        entry: bash -c 'poetry run safety check --ignore 70612,66963'
        language: system

      - id: vulture
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -1,84 +0,0 @@
-# Prowler API Changelog
-
-All notable changes to the **Prowler API** are documented in this file.
-
-
-## [v1.7.0] (Prowler v5.6.0)
-
-### Added
-
- Added M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563).
- Added a `compliance/` folder and ZIP‐export functionality for all compliance reports.[(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
- Added a new API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
-
---
-
-## [v1.6.0] (Prowler v5.5.0)
-
-### Added
-
- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
- HTTP Security Headers [(#7289)](https://github.com/prowler-cloud/prowler/pull/7289).
- New endpoint to get the compliance overviews metadata [(#7333)](https://github.com/prowler-cloud/prowler/pull/7333).
- Support for muted findings [(#7378)](https://github.com/prowler-cloud/prowler/pull/7378).
- Added missing fields to API findings and resources [(#7318)](https://github.com/prowler-cloud/prowler/pull/7318).
-
---
-
-## [v1.5.4] (Prowler v5.4.4)
-
-### Fixed
- Fixed a bug with periodic tasks when trying to delete a provider ([#7466])(https://github.com/prowler-cloud/prowler/pull/7466).
-
---
-
-## [v1.5.3] (Prowler v5.4.3)
-
-### Fixed
- Added duplicated scheduled scans handling ([#7401])(https://github.com/prowler-cloud/prowler/pull/7401).
- Added environment variable to configure the deletion task batch size ([#7423])(https://github.com/prowler-cloud/prowler/pull/7423).
-
---
-
-## [v1.5.2] (Prowler v5.4.2)
-
-### Changed
- Refactored deletion logic and implemented retry mechanism for deletion tasks [(#7349)](https://github.com/prowler-cloud/prowler/pull/7349).
-
---
-
-## [v1.5.1] (Prowler v5.4.1)
-
-### Fixed
- Added a handled response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183).
- Fixed a race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172).
- Handled exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283).
-
-
-### Added
-
- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
-
---
-
-## [v1.5.0] (Prowler v5.4.0)
-
-### Added
- Social login integration with Google and GitHub [(#6906)](https://github.com/prowler-cloud/prowler/pull/6906)
- Add API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats [(#6878)](https://github.com/prowler-cloud/prowler/pull/6878).
- Configurable Sentry integration [(#6874)](https://github.com/prowler-cloud/prowler/pull/6874)
-
-### Changed
- Optimized `GET /findings` endpoint to improve response time and size [(#7019)](https://github.com/prowler-cloud/prowler/pull/7019).
-
---
-
-## [v1.4.0] (Prowler v5.3.0)
-
-### Changed
- Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700).
- Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800).
- Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863).
- Increased the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869).
-
---
--- a/api/Dockerfile
+++ b/api/Dockerfile
@@ -1,33 +1,13 @@
-FROM python:3.12.10-slim-bookworm AS build
+FROM python:3.12-alpine AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

-ARG POWERSHELL_VERSION=7.5.0
-ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
-
-# hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install PowerShell
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
-    else \
-        echo "Unsupported architecture: $ARCH" && exit 1 ; \
-    fi && \
-    mkdir -p /opt/microsoft/powershell/7 && \
-    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
-    chmod +x /opt/microsoft/powershell/7/pwsh && \
-    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
-    rm /tmp/powershell.tar.gz
-
-# Add prowler user
-RUN addgroup --gid 1000 prowler && \
-    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
+# hadolint ignore=DL3018
+RUN apk --no-cache add gcc python3-dev musl-dev linux-headers curl-dev

+RUN apk --no-cache upgrade && \
+    addgroup -g 1000 prowler && \
+    adduser -D -u 1000 -G prowler prowler
 USER prowler

 WORKDIR /home/prowler
@@ -37,23 +17,27 @@ COPY pyproject.toml ./
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

-COPY src/backend/ ./backend/
+COPY src/backend/  ./backend/

 ENV PATH="/home/prowler/.local/bin:$PATH"

-# Add `--no-root` to avoid installing the current project as a package
-RUN poetry install --no-root && \
+RUN poetry install && \
    rm -rf ~/.cache/pip

 COPY docker-entrypoint.sh ./docker-entrypoint.sh

-RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"
-
 WORKDIR /home/prowler/backend

 # Development image
+# hadolint ignore=DL3006
 FROM build AS dev

+USER 0
+# hadolint ignore=DL3018
+RUN apk --no-cache add curl vim
+
+USER prowler
+
 ENTRYPOINT ["../docker-entrypoint.sh", "dev"]

 # Production image
--- a/api/README.md
+++ b/api/README.md
@@ -235,7 +235,6 @@ To view the logs for any component (e.g., Django, Celery worker), you can use th

 ```console
 docker logs -f $(docker ps --format "{{.Names}}" | grep 'api-')
-```

 ## Applying migrations

@@ -270,66 +269,3 @@ poetry shell
 cd src/backend
 pytest
 ```
-
-# Custom commands
-
-Django provides a way to create custom commands that can be run from the command line.
-
-> These commands can be found in: ```prowler/api/src/backend/api/management/commands```
-
-To run a custom command, you need to be in the `prowler/api/src/backend` directory and run:
-
-```console
-poetry shell
-python manage.py <command_name>
-```
-
-## Generate dummy data
-
-```console
-python manage.py findings --tenant
-<TENANT_ID> --findings <NUM_FINDINGS> --re
-sources <NUM_RESOURCES> --batch <TRANSACTION_BATCH_SIZE> --alias <ALIAS>
-```
-
-This command creates, for a given tenant, a provider, scan and a set of findings and resources related altogether.
-
-> Scan progress and state are updated in real time.
-> - 0-33%: Create resources.
-> - 33-66%: Create findings.
-> - 66%: Create resource-finding mapping.
->
-> The last step is required to access the findings details, since the UI needs that to print all the information.
-
-### Example
-
-```console
-~/backend $ poetry run python manage.py findings --tenant
-fffb1893-3fc7-4623-a5d9-fae47da1c528 --findings 25000 --re
-sources 1000 --batch 5000 --alias test-script
-
-Starting data population
-	Tenant: fffb1893-3fc7-4623-a5d9-fae47da1c528
-	Alias: test-script
-	Resources: 1000
-	Findings: 25000
-	Batch size: 5000
-
-
-Creating resources...
-100%|███████████████████████| 1/1 [00:00<00:00,  7.72it/s]
-Resources created successfully.
-
-
-Creating findings...
-100%|███████████████████████| 5/5 [00:05<00:00,  1.09s/it]
-Findings created successfully.
-
-
-Creating resource-finding mappings...
-100%|███████████████████████| 5/5 [00:02<00:00,  1.81it/s]
-Resource-finding mappings created successfully.
-
-
-Successfully populated test data.
-```
--- a/api/docker-entrypoint.sh
+++ b/api/docker-entrypoint.sh
@@ -28,7 +28,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans -E
 }

 start_worker_beat() {
--- a/api/poetry.lock
+++ b/api/poetry.lock
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -2,51 +2,43 @@
 build-backend = "poetry.core.masonry.api"
 requires = ["poetry-core"]

-[project]
-authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
-dependencies = [
-  "celery[pytest] (>=5.4.0,<6.0.0)",
-  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django==5.1.8",
-  "django-allauth==65.4.1",
-  "django-celery-beat (>=2.7.0,<3.0.0)",
-  "django-celery-results (>=2.5.1,<3.0.0)",
-  "django-cors-headers==4.4.0",
-  "django-environ==0.11.2",
-  "django-filter==24.3",
-  "django-guid==3.5.0",
-  "django-postgres-extra (>=2.0.8,<3.0.0)",
-  "djangorestframework==3.15.2",
-  "djangorestframework-jsonapi==7.0.2",
-  "djangorestframework-simplejwt (>=5.3.1,<6.0.0)",
-  "drf-nested-routers (>=0.94.1,<1.0.0)",
-  "drf-spectacular==0.27.2",
-  "drf-spectacular-jsonapi==0.5.1",
-  "gunicorn==23.0.0",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.6",
-  "psycopg2-binary==2.9.9",
-  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
-  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
-  "uuid6==2024.7.10"
-]
+[tool.poetry]
+authors = ["Prowler Team"]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
 name = "prowler-api"
 package-mode = false
-# Needed for the SDK compatibility
-requires-python = ">=3.11,<3.13"
-version = "1.7.0"
+version = "1.0.0"

-[project.scripts]
-celery = "src.backend.config.settings.celery"
+[tool.poetry.dependencies]
+celery = {extras = ["pytest"], version = "^5.4.0"}
+django = "5.1.1"
+django-celery-beat = "^2.7.0"
+django-celery-results = "^2.5.1"
+django-cors-headers = "4.4.0"
+django-environ = "0.11.2"
+django-filter = "24.3"
+django-guid = "3.5.0"
+django-postgres-extra = "^2.0.8"
+djangorestframework = "3.15.2"
+djangorestframework-jsonapi = "7.0.2"
+djangorestframework-simplejwt = "^5.3.1"
+drf-nested-routers = "^0.94.1"
+drf-spectacular = "0.27.2"
+drf-spectacular-jsonapi = "0.5.1"
+gunicorn = "23.0.0"
+prowler = {git = "https://github.com/prowler-cloud/prowler.git", tag = "5.0.0"}
+psycopg2-binary = "2.9.9"
+pytest-celery = {extras = ["redis"], version = "^1.0.1"}
+# Needed for prowler compatibility
+python = ">=3.11,<3.13"
+uuid6 = "2024.7.10"

 [tool.poetry.group.dev.dependencies]
 bandit = "1.7.9"
 coverage = "7.5.4"
-django-silk = "5.3.2"
 docker = "7.1.0"
 freezegun = "1.5.1"
-marshmallow = ">=3.15.0,<4.0.0"
 mypy = "1.10.1"
 pylint = "3.2.5"
 pytest = "8.2.2"
@@ -56,6 +48,8 @@ pytest-env = "1.1.3"
 pytest-randomly = "3.15.0"
 pytest-xdist = "3.6.1"
 ruff = "0.5.0"
-safety = "3.2.9"
-tqdm = "4.67.1"
-vulture = "2.14"
+safety = "3.2.3"
+vulture = "2.11"
+
+[tool.poetry.scripts]
+celery = "src.backend.config.settings.celery"
--- a/api/src/backend/api/adapters.py
+++ b/api/src/backend/api/adapters.py
@@ -1,61 +0,0 @@
-from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
-from django.db import transaction
-
-from api.db_router import MainRouter
-from api.db_utils import rls_transaction
-from api.models import Membership, Role, Tenant, User, UserRoleRelationship
-
-
-class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
-    @staticmethod
-    def get_user_by_email(email: str):
-        try:
-            return User.objects.get(email=email)
-        except User.DoesNotExist:
-            return None
-
-    def pre_social_login(self, request, sociallogin):
-        # Link existing accounts with the same email address
-        email = sociallogin.account.extra_data.get("email")
-        if email:
-            existing_user = self.get_user_by_email(email)
-            if existing_user:
-                sociallogin.connect(request, existing_user)
-
-    def save_user(self, request, sociallogin, form=None):
-        """
-        Called after the user data is fully populated from the provider
-        and is about to be saved to the DB for the first time.
-        """
-        with transaction.atomic(using=MainRouter.admin_db):
-            user = super().save_user(request, sociallogin, form)
-            user.save(using=MainRouter.admin_db)
-            social_account_name = sociallogin.account.extra_data.get("name")
-            if social_account_name:
-                user.name = social_account_name
-                user.save(using=MainRouter.admin_db)
-
-            tenant = Tenant.objects.using(MainRouter.admin_db).create(
-                name=f"{user.email.split('@')[0]} default tenant"
-            )
-            with rls_transaction(str(tenant.id)):
-                Membership.objects.using(MainRouter.admin_db).create(
-                    user=user, tenant=tenant, role=Membership.RoleChoices.OWNER
-                )
-                role = Role.objects.using(MainRouter.admin_db).create(
-                    name="admin",
-                    tenant_id=tenant.id,
-                    manage_users=True,
-                    manage_account=True,
-                    manage_billing=True,
-                    manage_providers=True,
-                    manage_integrations=True,
-                    manage_scans=True,
-                    unlimited_visibility=True,
-                )
-                UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-                    user=user,
-                    role=role,
-                    tenant_id=tenant.id,
-                )
-        return user
--- a/api/src/backend/api/base_views.py
+++ b/api/src/backend/api/base_views.py
@@ -1,23 +1,23 @@
+import uuid
+
 from django.core.exceptions import ObjectDoesNotExist
-from django.db import transaction
+from django.db import connection, transaction
 from rest_framework import permissions
 from rest_framework.exceptions import NotAuthenticated
 from rest_framework.filters import SearchFilter
 from rest_framework_json_api import filters
+from rest_framework_json_api.serializers import ValidationError
 from rest_framework_json_api.views import ModelViewSet
 from rest_framework_simplejwt.authentication import JWTAuthentication

-from api.db_router import MainRouter
-from api.db_utils import POSTGRES_USER_VAR, rls_transaction
 from api.filters import CustomDjangoFilterBackend
 from api.models import Role, Tenant
-from api.rbac.permissions import HasPermissions
+from api.db_router import MainRouter


 class BaseViewSet(ModelViewSet):
    authentication_classes = [JWTAuthentication]
-    required_permissions = []
-    permission_classes = [permissions.IsAuthenticated, HasPermissions]
+    permission_classes = [permissions.IsAuthenticated]
    filter_backends = [
        filters.QueryParameterValidationFilter,
        filters.OrderingFilter,
@@ -31,17 +31,6 @@ class BaseViewSet(ModelViewSet):
    ordering_fields = "__all__"
    ordering = ["id"]

-    def initial(self, request, *args, **kwargs):
-        """
-        Sets required_permissions before permissions are checked.
-        """
-        self.set_required_permissions()
-        super().initial(request, *args, **kwargs)
-
-    def set_required_permissions(self):
-        """This is an abstract method that must be implemented by subclasses."""
-        NotImplemented
-
    def get_queryset(self):
        raise NotImplementedError

@@ -61,7 +50,13 @@ class BaseRLSViewSet(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)

@@ -115,7 +110,8 @@ class BaseTenantViewset(BaseViewSet):
        ):
            user_id = str(request.user.id)

-            with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
+            with connection.cursor() as cursor:
+                cursor.execute(f"SELECT set_config('api.user_id', '{user_id}', TRUE);")
                return super().initial(request, *args, **kwargs)

        # TODO: DRY this when we have time
@@ -126,7 +122,13 @@ class BaseTenantViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)

@@ -147,6 +149,12 @@ class BaseUserViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        with rls_transaction(tenant_id):
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)
--- a/api/src/backend/api/compliance.py
+++ b/api/src/backend/api/compliance.py
@@ -1,38 +1,12 @@
 from types import MappingProxyType

-from api.models import Provider
-from prowler.config.config import get_available_compliance_frameworks
 from prowler.lib.check.compliance_models import Compliance
 from prowler.lib.check.models import CheckMetadata

+from api.models import Provider
+
 PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
 PROWLER_CHECKS = {}
-AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
-
-
-def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
-    """
-    Retrieve and cache the list of available compliance frameworks for a specific cloud provider.
-
-    This function lazily loads and caches the available compliance frameworks (e.g., CIS, MITRE, ISO)
-    for each provider type (AWS, Azure, GCP, etc.) on first access. Subsequent calls for the same
-    provider will return the cached result.
-
-    Args:
-        provider_type (Provider.ProviderChoices): The cloud provider type for which to retrieve
-            available compliance frameworks (e.g., "aws", "azure", "gcp", "m365").
-
-    Returns:
-        list[str]: A list of framework identifiers (e.g., "cis_1.4_aws", "mitre_attack_azure") available
-        for the given provider.
-    """
-    global AVAILABLE_COMPLIANCE_FRAMEWORKS
-    if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
-        AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
-            get_available_compliance_frameworks(provider_type)
-        )
-
-    return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]


 def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
--- a/api/src/backend/api/db_router.py
+++ b/api/src/backend/api/db_router.py
@@ -1,29 +1,18 @@
-ALLOWED_APPS = ("django", "socialaccount", "account", "authtoken", "silk")
-
-
 class MainRouter:
    default_db = "default"
    admin_db = "admin"

    def db_for_read(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if model_table_name.startswith("django_") or any(
-            model_table_name.startswith(f"{app}_") for app in ALLOWED_APPS
-        ):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

    def db_for_write(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if any(model_table_name.startswith(f"{app}_") for app in ALLOWED_APPS):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

    def allow_migrate(self, db, app_label, model_name=None, **hints):  # noqa: F841
        return db == self.admin_db
-
-    def allow_relation(self, obj1, obj2, **hints):  # noqa: F841
-        # Allow relations if both objects are in either "default" or "admin" db connectors
-        if {obj1._state.db, obj2._state.db} <= {self.default_db, self.admin_db}:
-            return True
-        return None
--- a/api/src/backend/api/db_utils.py
+++ b/api/src/backend/api/db_utils.py
@@ -1,15 +1,13 @@
 import secrets
-import uuid
 from contextlib import contextmanager
 from datetime import datetime, timedelta, timezone

 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
+from django.core.paginator import Paginator
 from django.db import connection, models, transaction
-from django_celery_beat.models import PeriodicTask
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
-from rest_framework_json_api.serializers import ValidationError

 DB_USER = settings.DATABASES["default"]["USER"] if not settings.TESTING else "test"
 DB_PASSWORD = (
@@ -25,8 +23,6 @@ TASK_RUNNER_DB_TABLE = "django_celery_results_taskresult"
 POSTGRES_TENANT_VAR = "api.tenant_id"
 POSTGRES_USER_VAR = "api.user_id"

-SET_CONFIG_QUERY = "SELECT set_config(%s, %s::text, TRUE);"
-

@contextmanager
 def psycopg_connection(database_alias: str):
@@ -48,23 +44,10 @@ def psycopg_connection(database_alias: str):


@contextmanager
-def rls_transaction(value: str, parameter: str = POSTGRES_TENANT_VAR):
-    """
-    Creates a new database transaction setting the given configuration value for Postgres RLS. It validates the
-    if the value is a valid UUID.
-
-    Args:
-        value (str): Database configuration parameter value.
-        parameter (str): Database configuration parameter name, by default is 'api.tenant_id'.
-    """
+def tenant_transaction(tenant_id: str):
    with transaction.atomic():
        with connection.cursor() as cursor:
-            try:
-                # just in case the value is an UUID object
-                uuid.UUID(str(value))
-            except ValueError:
-                raise ValidationError("Must be a valid UUID")
-            cursor.execute(SET_CONFIG_QUERY, [parameter, value])
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            yield cursor


@@ -106,12 +89,11 @@ def generate_random_token(length: int = 14, symbols: str | None = None) -> str:
    return "".join(secrets.choice(symbols or _symbols) for _ in range(length))


-def batch_delete(tenant_id, queryset, batch_size=settings.DJANGO_DELETION_BATCH_SIZE):
+def batch_delete(queryset, batch_size=5000):
    """
    Deletes objects in batches and returns the total number of deletions and a summary.

    Args:
-        tenant_id (str): Tenant ID the queryset belongs to.
        queryset (QuerySet): The queryset of objects to delete.
        batch_size (int): The number of objects to delete in each batch.

@@ -121,37 +103,21 @@ def batch_delete(tenant_id, queryset, batch_size=settings.DJANGO_DELETION_BATCH_
    total_deleted = 0
    deletion_summary = {}

-    while True:
-        with rls_transaction(tenant_id, POSTGRES_TENANT_VAR):
-            # Get a batch of IDs to delete
-            batch_ids = set(
-                queryset.values_list("id", flat=True).order_by("id")[:batch_size]
-            )
-            if not batch_ids:
-                # No more objects to delete
-                break
+    paginator = Paginator(queryset.order_by("id").only("id"), batch_size)

-            deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()
+    for page_num in paginator.page_range:
+        batch_ids = [obj.id for obj in paginator.page(page_num).object_list]
+
+        deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()

        total_deleted += deleted_count
+
        for model_label, count in deleted_info.items():
            deletion_summary[model_label] = deletion_summary.get(model_label, 0) + count

    return total_deleted, deletion_summary


-def delete_related_daily_task(provider_id: str):
-    """
-    Deletes the periodic task associated with a specific provider.
-
-    Args:
-        provider_id (str): The unique identifier for the provider
-                           whose related periodic task should be deleted.
-    """
-    task_name = f"scan-perform-scheduled-{provider_id}"
-    PeriodicTask.objects.filter(name=task_name).delete()
-
-
 # Postgres Enums


@@ -333,15 +299,3 @@ class InvitationStateEnum(EnumType):
 class InvitationStateEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("invitation_state", *args, **kwargs)
-
-
-# Postgres enum definition for Integration type
-
-
-class IntegrationTypeEnum(EnumType):
-    enum_type_name = "integration_type"
-
-
-class IntegrationTypeEnumField(PostgresEnumField):
-    def __init__(self, *args, **kwargs):
-        super().__init__("integration_type", *args, **kwargs)
--- a/api/src/backend/api/decorators.py
+++ b/api/src/backend/api/decorators.py
@@ -1,13 +1,9 @@
-import uuid
 from functools import wraps

 from django.db import connection, transaction
-from rest_framework_json_api.serializers import ValidationError
-
-from api.db_utils import POSTGRES_TENANT_VAR, SET_CONFIG_QUERY


-def set_tenant(func=None, *, keep_tenant=False):
+def set_tenant(func):
    """
    Decorator to set the tenant context for a Celery task based on the provided tenant_id.

@@ -35,34 +31,22 @@ def set_tenant(func=None, *, keep_tenant=False):
            pass

        # When calling the task
-        some_task.delay(arg1, tenant_id="8db7ca86-03cc-4d42-99f6-5e480baf6ab5")
+        some_task.delay(arg1, tenant_id="1234-abcd-5678")

        # The tenant context will be set before the task logic executes.
    """

-    def decorator(func):
-        @wraps(func)
-        @transaction.atomic
-        def wrapper(*args, **kwargs):
-            try:
-                if not keep_tenant:
-                    tenant_id = kwargs.pop("tenant_id")
-                else:
-                    tenant_id = kwargs["tenant_id"]
-            except KeyError:
-                raise KeyError("This task requires the tenant_id")
-            try:
-                uuid.UUID(tenant_id)
-            except ValueError:
-                raise ValidationError("Tenant ID must be a valid UUID")
-            with connection.cursor() as cursor:
-                cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
+    @wraps(func)
+    @transaction.atomic
+    def wrapper(*args, **kwargs):
+        try:
+            tenant_id = kwargs.pop("tenant_id")
+        except KeyError:
+            raise KeyError("This task requires the tenant_id")

-            return func(*args, **kwargs)
+        with connection.cursor() as cursor:
+            cursor.execute(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")

-        return wrapper
+        return func(*args, **kwargs)

-    if func is None:
-        return decorator
-    else:
-        return decorator(func)
+    return wrapper
--- a/api/src/backend/api/filters.py
+++ b/api/src/backend/api/filters.py
@@ -1,4 +1,4 @@
-from datetime import date, datetime, timedelta, timezone
+from datetime import date, datetime, timezone

 from django.conf import settings
 from django.db.models import Q
@@ -22,23 +22,21 @@ from api.db_utils import (
    StatusEnumField,
 )
 from api.models import (
-    ComplianceOverview,
    Finding,
-    Integration,
-    Invitation,
    Membership,
-    PermissionChoices,
    Provider,
    ProviderGroup,
-    ProviderSecret,
    Resource,
    ResourceTag,
-    Role,
    Scan,
    ScanSummary,
    SeverityChoices,
    StateChoices,
    StatusChoices,
+    ProviderSecret,
+    Invitation,
+    Role,
+    ComplianceOverview,
    Task,
    User,
 )
@@ -287,9 +285,6 @@ class FindingFilter(FilterSet):
    status = ChoiceFilter(choices=StatusChoices.choices)
    severity = ChoiceFilter(choices=SeverityChoices)
    impact = ChoiceFilter(choices=SeverityChoices)
-    muted = BooleanFilter(
-        help_text="If this filter is not provided, muted and non-muted findings will be returned."
-    )

    resources = UUIDInFilter(field_name="resource__id", lookup_expr="in")

@@ -323,41 +318,13 @@ class FindingFilter(FilterSet):
        field_name="resources__type", lookup_expr="icontains"
    )

-    # Temporarily disabled until we implement tag filtering in the UI
-    # resource_tag_key = CharFilter(field_name="resources__tags__key")
-    # resource_tag_key__in = CharInFilter(
-    #     field_name="resources__tags__key", lookup_expr="in"
-    # )
-    # resource_tag_key__icontains = CharFilter(
-    #     field_name="resources__tags__key", lookup_expr="icontains"
-    # )
-    # resource_tag_value = CharFilter(field_name="resources__tags__value")
-    # resource_tag_value__in = CharInFilter(
-    #     field_name="resources__tags__value", lookup_expr="in"
-    # )
-    # resource_tag_value__icontains = CharFilter(
-    #     field_name="resources__tags__value", lookup_expr="icontains"
-    # )
-    # resource_tags = CharInFilter(
-    #     method="filter_resource_tag",
-    #     lookup_expr="in",
-    #     help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
-    #     "separated by commas.",
-    # )
-
    scan = UUIDFilter(method="filter_scan_id")
    scan__in = UUIDInFilter(method="filter_scan_id_in")

    inserted_at = DateFilter(method="filter_inserted_at", lookup_expr="date")
    inserted_at__date = DateFilter(method="filter_inserted_at", lookup_expr="date")
-    inserted_at__gte = DateFilter(
-        method="filter_inserted_at_gte",
-        help_text=f"Maximum date range is {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-    )
-    inserted_at__lte = DateFilter(
-        method="filter_inserted_at_lte",
-        help_text=f"Maximum date range is {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-    )
+    inserted_at__gte = DateFilter(method="filter_inserted_at_gte")
+    inserted_at__lte = DateFilter(method="filter_inserted_at_lte")

    class Meta:
        model = Finding
@@ -385,52 +352,6 @@ class FindingFilter(FilterSet):
            },
        }

-    def filter_queryset(self, queryset):
-        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
-            self.data.get("inserted_at")
-            or self.data.get("inserted_at__date")
-            or self.data.get("inserted_at__gte")
-            or self.data.get("inserted_at__lte")
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": "At least one date filter is required: filter[inserted_at], filter[inserted_at.gte], "
-                        "or filter[inserted_at.lte].",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/inserted_at"},
-                        "code": "required",
-                    }
-                ]
-            )
-
-        gte_date = (
-            datetime.strptime(self.data.get("inserted_at__gte"), "%Y-%m-%d").date()
-            if self.data.get("inserted_at__gte")
-            else datetime.now(timezone.utc).date()
-        )
-        lte_date = (
-            datetime.strptime(self.data.get("inserted_at__lte"), "%Y-%m-%d").date()
-            if self.data.get("inserted_at__lte")
-            else datetime.now(timezone.utc).date()
-        )
-
-        if abs(lte_date - gte_date) > timedelta(
-            days=settings.FINDINGS_MAX_DAYS_IN_RANGE
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"The date range cannot exceed {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/inserted_at"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        return super().filter_queryset(queryset)
-
    #  Convert filter values to UUIDv7 values for use with partitioning
    def filter_scan_id(self, queryset, name, value):
        try:
@@ -451,7 +372,9 @@ class FindingFilter(FilterSet):
            )

        return (
-            queryset.filter(id__gte=start).filter(id__lt=end).filter(scan_id=value_uuid)
+            queryset.filter(id__gte=start)
+            .filter(id__lt=end)
+            .filter(scan__id=value_uuid)
        )

    def filter_scan_id_in(self, queryset, name, value):
@@ -476,42 +399,31 @@ class FindingFilter(FilterSet):
                ]
            )
        if start == end:
-            return queryset.filter(id__gte=start).filter(scan_id__in=uuid_list)
+            return queryset.filter(id__gte=start).filter(scan__id__in=uuid_list)
        else:
            return (
                queryset.filter(id__gte=start)
                .filter(id__lt=end)
-                .filter(scan_id__in=uuid_list)
+                .filter(scan__id__in=uuid_list)
            )

    def filter_inserted_at(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        start = uuid7_start(datetime_to_uuid7(datetime_value))
-        end = uuid7_start(datetime_to_uuid7(datetime_value + timedelta(days=1)))
+        value = self.maybe_date_to_datetime(value)
+        start = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__gte=start, id__lt=end)
+        return queryset.filter(id__gte=start).filter(inserted_at__date=value)

    def filter_inserted_at_gte(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        start = uuid7_start(datetime_to_uuid7(datetime_value))
+        value = self.maybe_date_to_datetime(value)
+        start = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__gte=start)
+        return queryset.filter(id__gte=start).filter(inserted_at__gte=value)

    def filter_inserted_at_lte(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        end = uuid7_start(datetime_to_uuid7(datetime_value + timedelta(days=1)))
+        value = self.maybe_date_to_datetime(value)
+        end = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__lt=end)
-
-    def filter_resource_tag(self, queryset, name, value):
-        overall_query = Q()
-        for key_value_pair in value:
-            tag_key, tag_value = key_value_pair.split(":", 1)
-            overall_query |= Q(
-                resources__tags__key__icontains=tag_key,
-                resources__tags__value__icontains=tag_value,
-            )
-        return queryset.filter(overall_query).distinct()
+        return queryset.filter(id__lte=end).filter(inserted_at__lte=value)

    @staticmethod
    def maybe_date_to_datetime(value):
@@ -573,12 +485,29 @@ class UserFilter(FilterSet):
 class RoleFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-    permission_state = ChoiceFilter(
-        choices=PermissionChoices.choices, method="filter_permission_state"
-    )
+    permission_state = CharFilter(method="filter_permission_state")

    def filter_permission_state(self, queryset, name, value):
-        return Role.filter_by_permission_state(queryset, value)
+        permission_fields = [
+            "manage_users",
+            "manage_account",
+            "manage_billing",
+            "manage_providers",
+            "manage_integrations",
+            "manage_scans",
+        ]
+
+        q_all_true = Q(**{field: True for field in permission_fields})
+        q_all_false = Q(**{field: False for field in permission_fields})
+
+        if value == "unlimited":
+            return queryset.filter(q_all_true)
+        elif value == "none":
+            return queryset.filter(q_all_false)
+        elif value == "limited":
+            return queryset.exclude(q_all_true | q_all_false)
+        else:
+            return queryset.none()

    class Meta:
        model = Role
@@ -617,6 +546,12 @@ class ScanSummaryFilter(FilterSet):
        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
    )
    region = CharFilter(field_name="region")
+    muted_findings = BooleanFilter(method="filter_muted_findings")
+
+    def filter_muted_findings(self, queryset, name, value):
+        if not value:
+            return queryset.exclude(muted__gt=0)
+        return queryset

    class Meta:
        model = ScanSummary
@@ -624,39 +559,3 @@ class ScanSummaryFilter(FilterSet):
            "inserted_at": ["date", "gte", "lte"],
            "region": ["exact", "icontains", "in"],
        }
-
-
-class ServiceOverviewFilter(ScanSummaryFilter):
-    def is_valid(self):
-        # Check if at least one of the inserted_at filters is present
-        inserted_at_filters = [
-            self.data.get("inserted_at"),
-            self.data.get("inserted_at__gte"),
-            self.data.get("inserted_at__lte"),
-        ]
-        if not any(inserted_at_filters):
-            raise ValidationError(
-                {
-                    "inserted_at": [
-                        "At least one of filter[inserted_at], filter[inserted_at__gte], or "
-                        "filter[inserted_at__lte] is required."
-                    ]
-                }
-            )
-        return super().is_valid()
-
-
-class IntegrationFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    integration_type = ChoiceFilter(choices=Integration.IntegrationChoices.choices)
-    integration_type__in = ChoiceInFilter(
-        choices=Integration.IntegrationChoices.choices,
-        field_name="integration_type",
-        lookup_expr="in",
-    )
-
-    class Meta:
-        model = Integration
-        fields = {
-            "inserted_at": ["date", "gte", "lte"],
-        }
--- a/api/src/backend/api/fixtures/dev/2_dev_providers.json
+++ b/api/src/backend/api/fixtures/dev/2_dev_providers.json
@@ -122,22 +122,6 @@
      "scanner_args": {}
    }
  },
-  {
-    "model": "api.provider",
-    "pk": "7791914f-d646-4fe2-b2ed-73f2c6499a36",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "inserted_at": "2024-10-18T10:45:26.352Z",
-      "updated_at": "2024-10-18T11:16:23.533Z",
-      "provider": "kubernetes",
-      "uid": "gke_lucky-coast-419309_us-central1_autopilot-cluster-2",
-      "alias": "k8s_testing_2",
-      "connected": true,
-      "connection_last_checked_at": "2024-10-18T11:16:23.503Z",
-      "metadata": {},
-      "scanner_args": {}
-    }
-  },
  {
    "model": "api.providersecret",
    "pk": "11491b47-75ae-4f71-ad8d-3e630a72182e",
--- a/api/src/backend/api/fixtures/dev/3_dev_scans.json
+++ b/api/src/backend/api/fixtures/dev/3_dev_scans.json
@@ -11,7 +11,9 @@
      "unique_resource_count": 1,
      "duration": 5,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-01T17:25:27.050Z",
      "started_at": "2024-09-01T17:25:27.050Z",
@@ -31,7 +33,9 @@
      "unique_resource_count": 1,
      "duration": 20,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-02T17:24:27.050Z",
      "started_at": "2024-09-02T17:24:27.050Z",
@@ -51,7 +55,9 @@
      "unique_resource_count": 10,
      "duration": 10,
      "scanner_args": {
-        "checks_to_execute": ["cloudsql_instance_automated_backups"]
+        "checks_to_execute": [
+          "cloudsql_instance_automated_backups"
+        ]
      },
      "inserted_at": "2024-09-02T19:26:27.050Z",
      "started_at": "2024-09-02T19:26:27.050Z",
@@ -71,7 +77,9 @@
      "unique_resource_count": 1,
      "duration": 35,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-02T19:27:27.050Z",
      "started_at": "2024-09-02T19:27:27.050Z",
@@ -89,7 +97,9 @@
      "name": "test scheduled aws scan",
      "state": "available",
      "scanner_args": {
-        "checks_to_execute": ["cloudformation_stack_outputs_find_secrets"]
+        "checks_to_execute": [
+          "cloudformation_stack_outputs_find_secrets"
+        ]
      },
      "scheduled_at": "2030-09-02T19:20:27.050Z",
      "inserted_at": "2024-09-02T19:24:27.050Z",
@@ -168,7 +178,9 @@
      "unique_resource_count": 19,
      "progress": 100,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "duration": 7,
      "scheduled_at": null,
@@ -178,56 +190,6 @@
      "completed_at": "2024-10-18T10:46:05.127Z"
    }
  },
-  {
-    "model": "api.scan",
-    "pk": "6dd8925f-a52d-48de-a546-d2d90db30ab1",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "real scan azure",
-      "provider": "1b59e032-3eb6-4694-93a5-df84cd9b3ce2",
-      "trigger": "manual",
-      "state": "completed",
-      "unique_resource_count": 20,
-      "progress": 100,
-      "scanner_args": {
-        "checks_to_execute": [
-          "accessanalyzer_enabled",
-          "account_security_contact_information_is_registered"
-        ]
-      },
-      "duration": 4,
-      "scheduled_at": null,
-      "inserted_at": "2024-10-18T11:16:21.358Z",
-      "updated_at": "2024-10-18T11:16:26.060Z",
-      "started_at": "2024-10-18T11:16:21.593Z",
-      "completed_at": "2024-10-18T11:16:26.060Z"
-    }
-  },
-  {
-    "model": "api.scan",
-    "pk": "4ca7ce89-3236-41a8-a369-8937bc152af5",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "real scan k8s",
-      "provider": "7791914f-d646-4fe2-b2ed-73f2c6499a36",
-      "trigger": "manual",
-      "state": "completed",
-      "unique_resource_count": 20,
-      "progress": 100,
-      "scanner_args": {
-        "checks_to_execute": [
-          "accessanalyzer_enabled",
-          "account_security_contact_information_is_registered"
-        ]
-      },
-      "duration": 4,
-      "scheduled_at": null,
-      "inserted_at": "2024-10-18T11:16:21.358Z",
-      "updated_at": "2024-10-18T11:16:26.060Z",
-      "started_at": "2024-10-18T11:16:21.593Z",
-      "completed_at": "2024-10-18T11:16:26.060Z"
-    }
-  },
  {
    "model": "api.scan",
    "pk": "01929f57-c0ee-7553-be0b-cbde006fb6f7",
--- a/api/src/backend/api/fixtures/dev/5_dev_findings.json
+++ b/api/src/backend/api/fixtures/dev/5_dev_findings.json
@@ -6,7 +6,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.823Z",
      "updated_at": "2024-10-18T10:46:04.841Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -62,7 +61,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.855Z",
      "updated_at": "2024-10-18T10:46:04.858Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -118,7 +116,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.869Z",
      "updated_at": "2024-10-18T10:46:04.876Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -174,7 +171,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.888Z",
      "updated_at": "2024-10-18T10:46:04.892Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -230,7 +226,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.901Z",
      "updated_at": "2024-10-18T10:46:04.905Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -286,7 +281,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.915Z",
      "updated_at": "2024-10-18T10:46:04.919Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -342,7 +336,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.929Z",
      "updated_at": "2024-10-18T10:46:04.934Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -398,7 +391,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.944Z",
      "updated_at": "2024-10-18T10:46:04.947Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -454,7 +446,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.957Z",
      "updated_at": "2024-10-18T10:46:04.962Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": "new",
      "status": "PASS",
@@ -510,7 +501,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.971Z",
      "updated_at": "2024-10-18T10:46:04.975Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -566,7 +556,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.984Z",
      "updated_at": "2024-10-18T10:46:04.989Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -622,7 +611,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.999Z",
      "updated_at": "2024-10-18T10:46:05.003Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -678,7 +666,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.013Z",
      "updated_at": "2024-10-18T10:46:05.018Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -734,7 +721,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.029Z",
      "updated_at": "2024-10-18T10:46:05.033Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -790,7 +776,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.045Z",
      "updated_at": "2024-10-18T10:46:05.050Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -846,7 +831,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.061Z",
      "updated_at": "2024-10-18T10:46:05.065Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -902,7 +886,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.080Z",
      "updated_at": "2024-10-18T10:46:05.085Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -958,7 +941,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.099Z",
      "updated_at": "2024-10-18T10:46:05.104Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1014,7 +996,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.115Z",
      "updated_at": "2024-10-18T10:46:05.121Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1070,7 +1051,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.489Z",
      "updated_at": "2024-10-18T11:16:24.506Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1126,7 +1106,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.518Z",
      "updated_at": "2024-10-18T11:16:24.521Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1182,7 +1161,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.526Z",
      "updated_at": "2024-10-18T11:16:24.529Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1238,7 +1216,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.535Z",
      "updated_at": "2024-10-18T11:16:24.538Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1294,7 +1271,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.544Z",
      "updated_at": "2024-10-18T11:16:24.546Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1350,7 +1326,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.551Z",
      "updated_at": "2024-10-18T11:16:24.554Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1406,7 +1381,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.560Z",
      "updated_at": "2024-10-18T11:16:24.562Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1462,7 +1436,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.567Z",
      "updated_at": "2024-10-18T11:16:24.569Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1518,7 +1491,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.573Z",
      "updated_at": "2024-10-18T11:16:24.575Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": null,
      "status": "PASS",
@@ -1574,7 +1546,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.580Z",
      "updated_at": "2024-10-18T11:16:24.582Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1630,7 +1601,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.587Z",
      "updated_at": "2024-10-18T11:16:24.589Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1686,7 +1656,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.595Z",
      "updated_at": "2024-10-18T11:16:24.597Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1742,7 +1711,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.602Z",
      "updated_at": "2024-10-18T11:16:24.604Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1798,7 +1766,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.610Z",
      "updated_at": "2024-10-18T11:16:24.612Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1854,7 +1821,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.617Z",
      "updated_at": "2024-10-18T11:16:24.620Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1910,7 +1876,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.625Z",
      "updated_at": "2024-10-18T11:16:24.627Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1966,7 +1931,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.632Z",
      "updated_at": "2024-10-18T11:16:24.634Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2022,7 +1986,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.639Z",
      "updated_at": "2024-10-18T11:16:24.642Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2078,7 +2041,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.646Z",
      "updated_at": "2024-10-18T11:16:24.648Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2134,7 +2096,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:26.033Z",
      "updated_at": "2024-10-18T11:16:26.045Z",
-      "first_seen_at": "2024-10-18T11:16:26.033Z",
      "uid": "prowler-aws-account_security_contact_information_is_registered-112233445566-us-east-1-112233445566",
      "delta": "new",
      "status": "MANUAL",
--- a/api/src/backend/api/fixtures/dev/6_dev_rbac.json
+++ b/api/src/backend/api/fixtures/dev/6_dev_rbac.json
@@ -64,7 +64,7 @@
    "pk": "3f01e759-bdf9-4a99-8888-1ab805b79f93",
    "fields": {
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "admin_test",
+      "name": "admin",
      "manage_users": true,
      "manage_account": true,
      "manage_billing": true,
--- a/api/src/backend/api/management/commands/findings.py
+++ b/api/src/backend/api/management/commands/findings.py
@@ -1,237 +0,0 @@
-import random
-from datetime import datetime, timezone
-from math import ceil
-from uuid import uuid4
-
-from django.core.management.base import BaseCommand
-from tqdm import tqdm
-
-from api.db_utils import rls_transaction
-from api.models import (
-    Finding,
-    Provider,
-    Resource,
-    ResourceFindingMapping,
-    Scan,
-    StatusChoices,
-)
-from prowler.lib.check.models import CheckMetadata
-
-
-class Command(BaseCommand):
-    help = "Populates the database with test data for performance testing."
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--tenant",
-            type=str,
-            required=True,
-            help="Tenant id for which the data will be populated.",
-        )
-        parser.add_argument(
-            "--resources",
-            type=int,
-            required=True,
-            help="The number of resources to create.",
-        )
-        parser.add_argument(
-            "--findings",
-            type=int,
-            required=True,
-            help="The number of findings to create.",
-        )
-        parser.add_argument(
-            "--batch", type=int, required=True, help="The batch size for bulk creation."
-        )
-        parser.add_argument(
-            "--alias",
-            type=str,
-            required=False,
-            help="Optional alias for the provider and scan",
-        )
-
-    def handle(self, *args, **options):
-        tenant_id = options["tenant"]
-        num_resources = options["resources"]
-        num_findings = options["findings"]
-        batch_size = options["batch"]
-        alias = options["alias"] or "Testing"
-        uid_token = str(uuid4())
-
-        self.stdout.write(self.style.NOTICE("Starting data population"))
-        self.stdout.write(self.style.NOTICE(f"\tTenant: {tenant_id}"))
-        self.stdout.write(self.style.NOTICE(f"\tAlias: {alias}"))
-        self.stdout.write(self.style.NOTICE(f"\tResources: {num_resources}"))
-        self.stdout.write(self.style.NOTICE(f"\tFindings: {num_findings}"))
-        self.stdout.write(self.style.NOTICE(f"\tBatch size: {batch_size}\n\n"))
-
-        # Resource metadata
-        possible_regions = [
-            "us-east-1",
-            "us-east-2",
-            "us-west-1",
-            "us-west-2",
-            "ca-central-1",
-            "eu-central-1",
-            "eu-west-1",
-            "eu-west-2",
-            "eu-west-3",
-            "ap-southeast-1",
-            "ap-southeast-2",
-            "ap-northeast-1",
-            "ap-northeast-2",
-            "ap-south-1",
-            "sa-east-1",
-        ]
-        possible_services = []
-        possible_types = []
-
-        bulk_check_metadata = CheckMetadata.get_bulk(provider="aws")
-        for check_metadata in bulk_check_metadata.values():
-            if check_metadata.ServiceName not in possible_services:
-                possible_services.append(check_metadata.ServiceName)
-            if (
-                check_metadata.ResourceType
-                and check_metadata.ResourceType not in possible_types
-            ):
-                possible_types.append(check_metadata.ResourceType)
-
-        with rls_transaction(tenant_id):
-            provider, _ = Provider.all_objects.get_or_create(
-                tenant_id=tenant_id,
-                provider="aws",
-                connected=True,
-                uid=str(random.randint(100000000000, 999999999999)),
-                defaults={
-                    "alias": alias,
-                },
-            )
-
-        with rls_transaction(tenant_id):
-            scan = Scan.all_objects.create(
-                tenant_id=tenant_id,
-                provider=provider,
-                name=alias,
-                trigger="manual",
-                state="executing",
-                progress=0,
-                started_at=datetime.now(timezone.utc),
-            )
-        scan_state = "completed"
-
-        try:
-            # Create resources
-            resources = []
-
-            for i in range(num_resources):
-                resources.append(
-                    Resource(
-                        tenant_id=tenant_id,
-                        provider_id=provider.id,
-                        uid=f"testing-{uid_token}-{i}",
-                        name=f"Testing {uid_token}-{i}",
-                        region=random.choice(possible_regions),
-                        service=random.choice(possible_services),
-                        type=random.choice(possible_types),
-                    )
-                )
-
-            num_batches = ceil(len(resources) / batch_size)
-            self.stdout.write(self.style.WARNING("Creating resources..."))
-            for i in tqdm(range(0, len(resources), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    Resource.all_objects.bulk_create(resources[i : i + batch_size])
-            self.stdout.write(self.style.SUCCESS("Resources created successfully.\n\n"))
-
-            with rls_transaction(tenant_id):
-                scan.progress = 33
-                scan.save()
-
-            # Create Findings
-            findings = []
-            possible_deltas = ["new", "changed", None]
-            possible_severities = ["critical", "high", "medium", "low"]
-            findings_resources_mapping = []
-
-            for i in range(num_findings):
-                severity = random.choice(possible_severities)
-                check_id = random.randint(1, 1000)
-                assigned_resource_num = random.randint(0, len(resources) - 1)
-                assigned_resource = resources[assigned_resource_num]
-                findings_resources_mapping.append(assigned_resource_num)
-
-                findings.append(
-                    Finding(
-                        tenant_id=tenant_id,
-                        scan=scan,
-                        uid=f"testing-{uid_token}-{i}",
-                        delta=random.choice(possible_deltas),
-                        check_id=f"check-{check_id}",
-                        status=random.choice(list(StatusChoices)),
-                        severity=severity,
-                        impact=severity,
-                        raw_result={},
-                        check_metadata={
-                            "checktitle": f"Test title for check {check_id}",
-                            "risk": f"Testing risk {uid_token}-{i}",
-                            "provider": "aws",
-                            "severity": severity,
-                            "categories": ["category1", "category2", "category3"],
-                            "description": "This is a random description that should not matter for testing purposes.",
-                            "servicename": assigned_resource.service,
-                            "resourcetype": assigned_resource.type,
-                        },
-                    )
-                )
-
-            num_batches = ceil(len(findings) / batch_size)
-            self.stdout.write(self.style.WARNING("Creating findings..."))
-            for i in tqdm(range(0, len(findings), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    Finding.all_objects.bulk_create(findings[i : i + batch_size])
-            self.stdout.write(self.style.SUCCESS("Findings created successfully.\n\n"))
-
-            with rls_transaction(tenant_id):
-                scan.progress = 66
-                scan.save()
-
-            # Create ResourceFindingMapping
-            mappings = []
-            for index, f in enumerate(findings):
-                mappings.append(
-                    ResourceFindingMapping(
-                        tenant_id=tenant_id,
-                        resource=resources[findings_resources_mapping[index]],
-                        finding=f,
-                    )
-                )
-
-            num_batches = ceil(len(mappings) / batch_size)
-            self.stdout.write(
-                self.style.WARNING("Creating resource-finding mappings...")
-            )
-            for i in tqdm(range(0, len(mappings), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    ResourceFindingMapping.objects.bulk_create(
-                        mappings[i : i + batch_size]
-                    )
-            self.stdout.write(
-                self.style.SUCCESS(
-                    "Resource-finding mappings created successfully.\n\n"
-                )
-            )
-        except Exception as e:
-            self.stdout.write(self.style.ERROR(f"Failed to populate test data: {e}"))
-            scan_state = "failed"
-        finally:
-            scan.completed_at = datetime.now(timezone.utc)
-            scan.duration = int(
-                (datetime.now(timezone.utc) - scan.started_at).total_seconds()
-            )
-            scan.progress = 100
-            scan.state = scan_state
-            scan.unique_resource_count = num_resources
-            with rls_transaction(tenant_id):
-                scan.save()
-
-        self.stdout.write(self.style.NOTICE("Successfully populated test data."))
--- a/api/src/backend/api/migrations/0001_initial.py
+++ b/api/src/backend/api/migrations/0001_initial.py
@@ -552,7 +552,7 @@ class Migration(migrations.Migration):
        migrations.AddConstraint(
            model_name="providergroupmembership",
            constraint=models.UniqueConstraint(
-                fields=("provider_id", "provider_group"),
+                fields=("provider_id", "provider_group_id"),
                name="unique_provider_group_membership",
            ),
        ),
--- a/api/src/backend/api/migrations/0003_rbac.py
+++ b/api/src/backend/api/migrations/0003_rbac.py
@@ -1,17 +1,15 @@
 # Generated by Django 5.1.1 on 2024-12-05 12:29

-import uuid
-
+import api.rls
 import django.db.models.deletion
+import uuid
 from django.conf import settings
 from django.db import migrations, models

-import api.rls
-

 class Migration(migrations.Migration):
    dependencies = [
-        ("api", "0003_update_provider_unique_constraint_with_is_deleted"),
+        ("api", "0002_token_migrations"),
    ]

    operations = [
--- a/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
+++ b/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
@@ -1,23 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-20 13:16
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0002_token_migrations"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0005_rbac_missing_admin_roles.py
+++ b/api/src/backend/api/migrations/0005_rbac_missing_admin_roles.py
@@ -1,44 +0,0 @@
-from django.db import migrations
-
-from api.db_router import MainRouter
-
-
-def create_admin_role(apps, schema_editor):
-    Tenant = apps.get_model("api", "Tenant")
-    Role = apps.get_model("api", "Role")
-    User = apps.get_model("api", "User")
-    UserRoleRelationship = apps.get_model("api", "UserRoleRelationship")
-
-    for tenant in Tenant.objects.using(MainRouter.admin_db).all():
-        admin_role, _ = Role.objects.using(MainRouter.admin_db).get_or_create(
-            name="admin",
-            tenant=tenant,
-            defaults={
-                "manage_users": True,
-                "manage_account": True,
-                "manage_billing": True,
-                "manage_providers": True,
-                "manage_integrations": True,
-                "manage_scans": True,
-                "unlimited_visibility": True,
-            },
-        )
-        users = User.objects.using(MainRouter.admin_db).filter(
-            membership__tenant=tenant
-        )
-        for user in users:
-            UserRoleRelationship.objects.using(MainRouter.admin_db).get_or_create(
-                user=user,
-                role=admin_role,
-                tenant=tenant,
-            )
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0004_rbac"),
-    ]
-
-    operations = [
-        migrations.RunPython(create_admin_role),
-    ]
--- a/api/src/backend/api/migrations/0006_findings_first_seen.py
+++ b/api/src/backend/api/migrations/0006_findings_first_seen.py
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0005_rbac_missing_admin_roles"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="first_seen_at",
-            field=models.DateTimeField(editable=False, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
+++ b/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
@@ -1,25 +0,0 @@
-# Generated by Django 5.1.5 on 2025-01-28 15:03
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0006_findings_first_seen"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="scan",
-            index=models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="scansummary",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="scan_summaries_tenant_scan_idx"
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0008_daily_scheduled_tasks_update.py
+++ b/api/src/backend/api/migrations/0008_daily_scheduled_tasks_update.py
@@ -1,64 +0,0 @@
-import json
-from datetime import datetime, timedelta, timezone
-
-import django.db.models.deletion
-from django.db import migrations, models
-from django_celery_beat.models import PeriodicTask
-
-from api.db_utils import rls_transaction
-from api.models import Scan, StateChoices
-
-
-def migrate_daily_scheduled_scan_tasks(apps, schema_editor):
-    for daily_scheduled_scan_task in PeriodicTask.objects.filter(
-        task="scan-perform-scheduled"
-    ):
-        task_kwargs = json.loads(daily_scheduled_scan_task.kwargs)
-        tenant_id = task_kwargs["tenant_id"]
-        provider_id = task_kwargs["provider_id"]
-
-        current_time = datetime.now(timezone.utc)
-        scheduled_time_today = datetime.combine(
-            current_time.date(),
-            daily_scheduled_scan_task.start_time.time(),
-            tzinfo=timezone.utc,
-        )
-
-        if current_time < scheduled_time_today:
-            next_scan_date = scheduled_time_today
-        else:
-            next_scan_date = scheduled_time_today + timedelta(days=1)
-
-        with rls_transaction(tenant_id):
-            Scan.objects.create(
-                tenant_id=tenant_id,
-                name="Daily scheduled scan",
-                provider_id=provider_id,
-                trigger=Scan.TriggerChoices.SCHEDULED,
-                state=StateChoices.SCHEDULED,
-                scheduled_at=next_scan_date,
-                scheduler_task_id=daily_scheduled_scan_task.id,
-            )
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0007_scan_and_scan_summaries_indexes"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="scan",
-            name="scheduler_task",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.CASCADE,
-                to="django_celery_beat.periodictask",
-            ),
-        ),
-        migrations.RunPython(migrate_daily_scheduled_scan_tasks),
-    ]
--- a/api/src/backend/api/migrations/0009_increase_provider_uid_maximum_length.py
+++ b/api/src/backend/api/migrations/0009_increase_provider_uid_maximum_length.py
@@ -1,22 +0,0 @@
-# Generated by Django 5.1.5 on 2025-02-07 09:42
-
-import django.core.validators
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0008_daily_scheduled_tasks_update"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="uid",
-            field=models.CharField(
-                max_length=250,
-                validators=[django.core.validators.MinLengthValidator(3)],
-                verbose_name="Unique identifier for the provider, set by the provider",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0010_findings_performance_indexes_partitions.py
+++ b/api/src/backend/api/migrations/0010_findings_performance_indexes_partitions.py
@@ -1,109 +0,0 @@
-from functools import partial
-
-from django.db import connection, migrations
-
-
-def create_index_on_partitions(
-    apps, schema_editor, parent_table: str, index_name: str, index_details: str
-):
-    with connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass;
-        """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-    # Iterate over partitions and create index concurrently.
-    # Note: PostgreSQL does not allow CONCURRENTLY inside a transaction,
-    # so we need atomic = False for this migration.
-    for partition in partitions:
-        sql = (
-            f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {partition.replace('.', '_')}_{index_name} ON {partition} "
-            f"{index_details};"
-        )
-        schema_editor.execute(sql)
-
-
-def drop_index_on_partitions(apps, schema_editor, parent_table: str, index_name: str):
-    with schema_editor.connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass;
-        """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-
-    # Iterate over partitions and drop index concurrently.
-    for partition in partitions:
-        partition_index = f"{partition.replace('.', '_')}_{index_name}"
-        sql = f"DROP INDEX CONCURRENTLY IF EXISTS {partition_index};"
-        schema_editor.execute(sql)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0009_increase_provider_uid_maximum_length"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_tenant_and_id_idx",
-                index_details="(tenant_id, id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_tenant_and_id_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_idx",
-                index_details="(tenant_id, scan_id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_id_idx",
-                index_details="(tenant_id, scan_id, id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_id_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_delta_new_idx",
-                index_details="(tenant_id, id) where delta = 'new'",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_delta_new_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0011_findings_performance_indexes_parent.py
+++ b/api/src/backend/api/migrations/0011_findings_performance_indexes_parent.py
@@ -1,49 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0010_findings_performance_indexes_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "id"], name="findings_tenant_and_id_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="find_tenant_scan_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "scan_id", "id"], name="find_tenant_scan_id_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                condition=models.Q(("delta", "new")),
-                fields=["tenant_id", "id"],
-                name="find_delta_new_idx",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="resourcetagmapping",
-            index=models.Index(
-                fields=["tenant_id", "resource_id"], name="resource_tag_tenant_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "service", "region", "type"],
-                name="resource_tenant_metadata_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0012_scan_report_output.py
+++ b/api/src/backend/api/migrations/0012_scan_report_output.py
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0011_findings_performance_indexes_parent"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="scan",
-            name="output_location",
-            field=models.CharField(blank=True, max_length=200, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0013_integrations_enum.py
+++ b/api/src/backend/api/migrations/0013_integrations_enum.py
@@ -1,35 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import IntegrationTypeEnum, PostgresEnumMigration, register_enum
-from api.models import Integration
-
-IntegrationTypeEnumMigration = PostgresEnumMigration(
-    enum_name="integration_type",
-    enum_values=tuple(
-        integration_type[0]
-        for integration_type in Integration.IntegrationChoices.choices
-    ),
-)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0012_scan_report_output"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            IntegrationTypeEnumMigration.create_enum_type,
-            reverse_code=IntegrationTypeEnumMigration.drop_enum_type,
-        ),
-        migrations.RunPython(
-            partial(register_enum, enum_class=IntegrationTypeEnum),
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
--- a/api/src/backend/api/migrations/0014_integrations.py
+++ b/api/src/backend/api/migrations/0014_integrations.py
@@ -1,131 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-from api.rls import RowLevelSecurityConstraint
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0013_integrations_enum"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Integration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("enabled", models.BooleanField(default=False)),
-                ("connected", models.BooleanField(blank=True, null=True)),
-                (
-                    "connection_last_checked_at",
-                    models.DateTimeField(blank=True, null=True),
-                ),
-                (
-                    "integration_type",
-                    api.db_utils.IntegrationTypeEnumField(
-                        choices=[
-                            ("amazon_s3", "Amazon S3"),
-                            ("saml", "SAML"),
-                            ("aws_security_hub", "AWS Security Hub"),
-                            ("jira", "JIRA"),
-                            ("slack", "Slack"),
-                        ]
-                    ),
-                ),
-                ("configuration", models.JSONField(default=dict)),
-                ("_credentials", models.BinaryField(db_column="credentials")),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={"db_table": "integrations", "abstract": False},
-        ),
-        migrations.AddConstraint(
-            model_name="integration",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_integration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.CreateModel(
-            name="IntegrationProviderRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "integration",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to="api.integration",
-                    ),
-                ),
-                (
-                    "provider",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.provider"
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "integration_provider_mappings",
-                "constraints": [
-                    models.UniqueConstraint(
-                        fields=("integration_id", "provider_id"),
-                        name="unique_integration_provider_rel",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="IntegrationProviderRelationship",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_integrationproviderrelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="integration",
-            name="providers",
-            field=models.ManyToManyField(
-                blank=True,
-                related_name="integrations",
-                through="api.IntegrationProviderRelationship",
-                to="api.provider",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0015_finding_muted.py
+++ b/api/src/backend/api/migrations/0015_finding_muted.py
@@ -1,26 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-25 11:29
-
-from django.db import migrations, models
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0014_integrations"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="muted",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AlterField(
-            model_name="finding",
-            name="status",
-            field=api.db_utils.StatusEnumField(
-                choices=[("FAIL", "Fail"), ("PASS", "Pass"), ("MANUAL", "Manual")]
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0016_finding_compliance_resource_details_and_more.py
+++ b/api/src/backend/api/migrations/0016_finding_compliance_resource_details_and_more.py
@@ -1,32 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-31 10:46
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0015_finding_muted"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="compliance",
-            field=models.JSONField(blank=True, default=dict, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="details",
-            field=models.TextField(blank=True, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="metadata",
-            field=models.TextField(blank=True, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="partition",
-            field=models.TextField(blank=True, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0017_m365_provider.py
+++ b/api/src/backend/api/migrations/0017_m365_provider.py
@@ -1,32 +0,0 @@
-# Generated by Django 5.1.7 on 2025-04-16 08:47
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0016_finding_compliance_resource_details_and_more"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'm365';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
--- a/api/src/backend/api/models.py
+++ b/api/src/backend/api/models.py
@@ -11,7 +11,6 @@ from django.core.validators import MinLengthValidator
 from django.db import models
 from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
-from django_celery_beat.models import PeriodicTask
 from django_celery_results.models import TaskResult
 from psqlextra.manager import PostgresManager
 from psqlextra.models import PostgresPartitionedModel
@@ -21,7 +20,6 @@ from uuid6 import uuid7
 from api.db_utils import (
    CustomUserManager,
    FindingDeltaEnumField,
-    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
    ProviderEnumField,
@@ -59,6 +57,7 @@ class StatusChoices(models.TextChoices):
    FAIL = "FAIL", _("Fail")
    PASS = "PASS", _("Pass")
    MANUAL = "MANUAL", _("Manual")
+    MUTED = "MUTED", _("Muted")


 class StateChoices(models.TextChoices):
@@ -70,21 +69,6 @@ class StateChoices(models.TextChoices):
    CANCELLED = "cancelled", _("Cancelled")


-class PermissionChoices(models.TextChoices):
-    """
-    Represents the different permission states that a role can have.
-
-    Attributes:
-        UNLIMITED: Indicates that the role possesses all permissions.
-        LIMITED: Indicates that the role has some permissions but not all.
-        NONE: Indicates that the role does not have any permissions.
-    """
-
-    UNLIMITED = "unlimited", _("Unlimited permissions")
-    LIMITED = "limited", _("Limited permissions")
-    NONE = "none", _("No permissions")
-
-
 class ActiveProviderManager(models.Manager):
    def get_queryset(self):
        return super().get_queryset().filter(self.active_provider_filter())
@@ -191,7 +175,6 @@ class Provider(RowLevelSecurityProtectedModel):
        AZURE = "azure", _("Azure")
        GCP = "gcp", _("GCP")
        KUBERNETES = "kubernetes", _("Kubernetes")
-        M365 = "m365", _("M365")

    @staticmethod
    def validate_aws_uid(value):
@@ -215,15 +198,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_m365_uid(value):
-        if not re.match(r"^[a-zA-Z0-9-]+\.onmicrosoft\.com$", value):
-            raise ModelValidationError(
-                detail="M365 tenant ID must be a valid domain.",
-                code="m365-uid",
-                pointer="/data/attributes/uid",
-            )
-
    @staticmethod
    def validate_gcp_uid(value):
        if not re.match(r"^[a-z][a-z0-9-]{5,29}$", value):
@@ -237,13 +211,13 @@ class Provider(RowLevelSecurityProtectedModel):
    @staticmethod
    def validate_kubernetes_uid(value):
        if not re.match(
-            r"^[a-z0-9][A-Za-z0-9_.:\/-]{1,250}$",
+            r"(^[a-z0-9]([-a-z0-9]{1,61}[a-z0-9])?$)|(^arn:aws(-cn|-us-gov|-iso|-iso-b)?:[a-zA-Z0-9\-]+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:[a-zA-Z0-9\-_\/:\.\*]+(:\d+)?$)",
            value,
        ):
            raise ModelValidationError(
                detail="The value must either be a valid Kubernetes UID (up to 63 characters, "
                "starting and ending with a lowercase letter or number, containing only "
-                "lowercase alphanumeric characters and hyphens) or a valid AWS EKS Cluster ARN, GCP GKE Context Name or Azure AKS Cluster Name.",
+                "lowercase alphanumeric characters and hyphens) or a valid EKS ARN.",
                code="kubernetes-uid",
                pointer="/data/attributes/uid",
            )
@@ -257,7 +231,7 @@ class Provider(RowLevelSecurityProtectedModel):
    )
    uid = models.CharField(
        "Unique identifier for the provider, set by the provider",
-        max_length=250,
+        max_length=63,
        blank=False,
        validators=[MinLengthValidator(3)],
    )
@@ -282,7 +256,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
+                fields=("tenant_id", "provider", "uid"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -320,7 +294,7 @@ class ProviderGroup(RowLevelSecurityProtectedModel):
        ]

    class JSONAPIMeta:
-        resource_name = "provider-groups"
+        resource_name = "provider-group"


 class ProviderGroupMembership(RowLevelSecurityProtectedModel):
@@ -333,7 +307,7 @@ class ProviderGroupMembership(RowLevelSecurityProtectedModel):
        db_table = "provider_group_memberships"
        constraints = [
            models.UniqueConstraint(
-                fields=["provider_id", "provider_group"],
+                fields=["provider_id", "provider_group_id"],
                name="unique_provider_group_membership",
            ),
            RowLevelSecurityConstraint(
@@ -421,10 +395,6 @@ class Scan(RowLevelSecurityProtectedModel):
    started_at = models.DateTimeField(null=True, blank=True)
    completed_at = models.DateTimeField(null=True, blank=True)
    next_scan_at = models.DateTimeField(null=True, blank=True)
-    scheduler_task = models.ForeignKey(
-        PeriodicTask, on_delete=models.CASCADE, null=True, blank=True
-    )
-    output_location = models.CharField(blank=True, null=True, max_length=200)
    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
@@ -443,10 +413,6 @@ class Scan(RowLevelSecurityProtectedModel):
                fields=["provider", "state", "trigger", "scheduled_at"],
                name="scans_prov_state_trig_sche_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -528,19 +494,14 @@ class Resource(RowLevelSecurityProtectedModel):
        editable=False,
    )

-    metadata = models.TextField(blank=True, null=True)
-    details = models.TextField(blank=True, null=True)
-    partition = models.TextField(blank=True, null=True)
-
-    # Relationships
    tags = models.ManyToManyField(
        ResourceTag,
        verbose_name="Tags associated with the resource, by provider",
        through="ResourceTagMapping",
    )

-    def get_tags(self, tenant_id: str) -> dict:
-        return {tag.key: tag.value for tag in self.tags.filter(tenant_id=tenant_id)}
+    def get_tags(self) -> dict:
+        return {tag.key: tag.value for tag in self.tags.all()}

    def clear_tags(self):
        self.tags.clear()
@@ -568,10 +529,6 @@ class Resource(RowLevelSecurityProtectedModel):
                fields=["uid", "region", "service", "name"],
                name="resource_uid_reg_serv_name_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "service", "region", "type"],
-                name="resource_tenant_metadata_idx",
-            ),
            GinIndex(fields=["text_search"], name="gin_resources_search_idx"),
        ]

@@ -619,12 +576,6 @@ class ResourceTagMapping(RowLevelSecurityProtectedModel):
            ),
        ]

-        indexes = [
-            models.Index(
-                fields=["tenant_id", "resource_id"], name="resource_tag_tenant_idx"
-            ),
-        ]
-

 class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    """
@@ -649,7 +600,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid7, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    first_seen_at = models.DateTimeField(editable=False, null=True)

    uid = models.CharField(max_length=300)
    delta = FindingDeltaEnumField(
@@ -670,8 +620,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    tags = models.JSONField(default=dict, null=True, blank=True)
    check_id = models.CharField(max_length=100, blank=False, null=False)
    check_metadata = models.JSONField(default=dict, null=False)
-    muted = models.BooleanField(default=False, null=False)
-    compliance = models.JSONField(default=dict, null=True, blank=True)

    # Relationships
    scan = models.ForeignKey(to=Scan, related_name="findings", on_delete=models.CASCADE)
@@ -725,17 +673,7 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
                ],
                name="findings_filter_idx",
            ),
-            models.Index(fields=["tenant_id", "id"], name="findings_tenant_and_id_idx"),
            GinIndex(fields=["text_search"], name="gin_findings_search_idx"),
-            models.Index(fields=["tenant_id", "scan_id"], name="find_tenant_scan_idx"),
-            models.Index(
-                fields=["tenant_id", "scan_id", "id"], name="find_tenant_scan_id_idx"
-            ),
-            models.Index(
-                fields=["tenant_id", "id"],
-                condition=Q(delta="new"),
-                name="find_delta_new_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -926,38 +864,6 @@ class Role(RowLevelSecurityProtectedModel):
        Invitation, through="InvitationRoleRelationship", related_name="roles"
    )

-    # Filter permission_state
-    PERMISSION_FIELDS = [
-        "manage_users",
-        "manage_account",
-        "manage_billing",
-        "manage_providers",
-        "manage_integrations",
-        "manage_scans",
-    ]
-
-    @property
-    def permission_state(self):
-        values = [getattr(self, field) for field in self.PERMISSION_FIELDS]
-        if all(values):
-            return PermissionChoices.UNLIMITED
-        elif not any(values):
-            return PermissionChoices.NONE
-        else:
-            return PermissionChoices.LIMITED
-
-    @classmethod
-    def filter_by_permission_state(cls, queryset, value):
-        q_all_true = Q(**{field: True for field in cls.PERMISSION_FIELDS})
-        q_all_false = Q(**{field: False for field in cls.PERMISSION_FIELDS})
-
-        if value == PermissionChoices.UNLIMITED:
-            return queryset.filter(q_all_true)
-        elif value == PermissionChoices.NONE:
-            return queryset.filter(q_all_false)
-        else:
-            return queryset.exclude(q_all_true | q_all_false)
-
    class Meta:
        db_table = "roles"
        constraints = [
@@ -973,7 +879,7 @@ class Role(RowLevelSecurityProtectedModel):
        ]

    class JSONAPIMeta:
-        resource_name = "roles"
+        resource_name = "role"


 class RoleProviderGroupRelationship(RowLevelSecurityProtectedModel):
@@ -1146,89 +1052,6 @@ class ScanSummary(RowLevelSecurityProtectedModel):
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "scan_id"],
-                name="scan_summaries_tenant_scan_idx",
-            )
-        ]

    class JSONAPIMeta:
        resource_name = "scan-summaries"
-
-
-class Integration(RowLevelSecurityProtectedModel):
-    class IntegrationChoices(models.TextChoices):
-        S3 = "amazon_s3", _("Amazon S3")
-        SAML = "saml", _("SAML")
-        AWS_SECURITY_HUB = "aws_security_hub", _("AWS Security Hub")
-        JIRA = "jira", _("JIRA")
-        SLACK = "slack", _("Slack")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    enabled = models.BooleanField(default=False)
-    connected = models.BooleanField(null=True, blank=True)
-    connection_last_checked_at = models.DateTimeField(null=True, blank=True)
-    integration_type = IntegrationTypeEnumField(choices=IntegrationChoices.choices)
-    configuration = models.JSONField(default=dict)
-    _credentials = models.BinaryField(db_column="credentials")
-
-    providers = models.ManyToManyField(
-        Provider,
-        related_name="integrations",
-        through="IntegrationProviderRelationship",
-        blank=True,
-    )
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "integrations"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "integrations"
-
-    @property
-    def credentials(self):
-        if isinstance(self._credentials, memoryview):
-            encrypted_bytes = self._credentials.tobytes()
-        elif isinstance(self._credentials, str):
-            encrypted_bytes = self._credentials.encode()
-        else:
-            encrypted_bytes = self._credentials
-        decrypted_data = fernet.decrypt(encrypted_bytes)
-        return json.loads(decrypted_data.decode())
-
-    @credentials.setter
-    def credentials(self, value):
-        encrypted_data = fernet.encrypt(json.dumps(value).encode())
-        self._credentials = encrypted_data
-
-
-class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    integration = models.ForeignKey(Integration, on_delete=models.CASCADE)
-    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "integration_provider_mappings"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["integration_id", "provider_id"],
-                name="unique_integration_provider_rel",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
--- a/api/src/backend/api/rbac/permissions.py
+++ b/api/src/backend/api/rbac/permissions.py
@@ -1,12 +1,8 @@
+from config.django.base import DISABLE_RBAC
+
 from enum import Enum
-from typing import Optional
-
-from django.db.models import QuerySet
 from rest_framework.permissions import BasePermission

-from api.db_router import MainRouter
-from api.models import Provider, Role, User
-

 class Permissions(Enum):
    MANAGE_USERS = "manage_users"
@@ -25,13 +21,15 @@ class HasPermissions(BasePermission):
    """

    def has_permission(self, request, view):
+        # This is for testing/demo purposes only
+        if DISABLE_RBAC:
+            return True
+
        required_permissions = getattr(view, "required_permissions", [])
        if not required_permissions:
            return True

-        user_roles = (
-            User.objects.using(MainRouter.admin_db).get(id=request.user.id).roles.all()
-        )
+        user_roles = request.user.roles.all()
        if not user_roles:
            return False

@@ -40,36 +38,3 @@ class HasPermissions(BasePermission):
                return False

        return True
-
-
-def get_role(user: User) -> Optional[Role]:
-    """
-    Retrieve the first role assigned to the given user.
-
-    Returns:
-        The user's first Role instance if the user has any roles, otherwise None.
-    """
-    return user.roles.first()
-
-
-def get_providers(role: Role) -> QuerySet[Provider]:
-    """
-    Return a distinct queryset of Providers accessible by the given role.
-
-    If the role has no associated provider groups, an empty queryset is returned.
-
-    Args:
-        role: A Role instance.
-
-    Returns:
-        A QuerySet of Provider objects filtered by the role's provider groups.
-        If the role has no provider groups, returns an empty queryset.
-    """
-    tenant = role.tenant
-    provider_groups = role.provider_groups.all()
-    if not provider_groups.exists():
-        return Provider.objects.none()
-
-    return Provider.objects.filter(
-        tenant=tenant, provider_groups__in=provider_groups
-    ).distinct()
--- a/api/src/backend/api/renderers.py
+++ b/api/src/backend/api/renderers.py
@@ -2,7 +2,7 @@ from contextlib import nullcontext

 from rest_framework_json_api.renderers import JSONRenderer

-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction


 class APIJSONRenderer(JSONRenderer):
@@ -13,9 +13,9 @@ class APIJSONRenderer(JSONRenderer):
        tenant_id = getattr(request, "tenant_id", None) if request else None
        include_param_present = "include" in request.query_params if request else False

-        # Use rls_transaction if needed for included resources, otherwise do nothing
+        # Use tenant_transaction if needed for included resources, otherwise do nothing
        context_manager = (
-            rls_transaction(tenant_id)
+            tenant_transaction(tenant_id)
            if tenant_id and include_param_present
            else nullcontext()
        )
--- a/api/src/backend/api/rls.py
+++ b/api/src/backend/api/rls.py
@@ -2,7 +2,8 @@ from typing import Any
 from uuid import uuid4

 from django.core.exceptions import ValidationError
-from django.db import DEFAULT_DB_ALIAS, models
+from django.db import DEFAULT_DB_ALIAS
+from django.db import models
 from django.db.backends.ddl_references import Statement, Table

 from api.db_utils import DB_USER, POSTGRES_TENANT_VAR
@@ -58,11 +59,11 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
    drop_sql_query = """
        ALTER TABLE %(table_name)s NO FORCE ROW LEVEL SECURITY;
        ALTER TABLE %(table_name)s DISABLE ROW LEVEL SECURITY;
-        REVOKE ALL ON TABLE %(table_name)s FROM %(db_user)s;
+        REVOKE ALL ON TABLE %(table_name) TO %(db_user)s;
    """

    drop_policy_sql_query = """
-        DROP POLICY IF EXISTS %(db_user)s_%(raw_table_name)s_{statement} ON %(table_name)s;
+        DROP POLICY IF EXISTS %(db_user)s_%(table_name)s_{statement} on %(table_name)s;
    """

    def __init__(
@@ -87,7 +88,9 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
                f"{grant_queries}{self.grant_sql_query.format(statement=statement)}"
            )

-        full_create_sql_query = f"{self.rls_sql_query}{policy_queries}{grant_queries}"
+        full_create_sql_query = (
+            f"{self.rls_sql_query}" f"{policy_queries}" f"{grant_queries}"
+        )

        table_name = model._meta.db_table
        if self.partition_name:
@@ -104,20 +107,16 @@ class RowLevelSecurityConstraint(models.BaseConstraint):

    def remove_sql(self, model: Any, schema_editor: Any) -> Any:
        field_column = schema_editor.quote_name(self.target_field)
-        raw_table_name = model._meta.db_table
-        table_name = raw_table_name
-        if self.partition_name:
-            raw_table_name = f"{raw_table_name}_{self.partition_name}"
-            table_name = raw_table_name
-
        full_drop_sql_query = (
            f"{self.drop_sql_query}"
-            f"{''.join([self.drop_policy_sql_query.format(statement=statement) for statement in self.statements])}"
+            f"{''.join([self.drop_policy_sql_query.format(statement) for statement in self.statements])}"
        )
+        table_name = model._meta.db_table
+        if self.partition_name:
+            table_name = f"{table_name}_{self.partition_name}"
        return Statement(
            full_drop_sql_query,
            table_name=Table(table_name, schema_editor.quote_name),
-            raw_table_name=raw_table_name,
            field_column=field_column,
            db_user=DB_USER,
            partition_name=self.partition_name,
--- a/api/src/backend/api/signals.py
+++ b/api/src/backend/api/signals.py
@@ -1,12 +1,12 @@
 from celery import states
 from celery.signals import before_task_publish
-from config.celery import celery_app
 from django.db.models.signals import post_delete
 from django.dispatch import receiver
+from django_celery_beat.models import PeriodicTask
 from django_celery_results.backends.database import DatabaseBackend

-from api.db_utils import delete_related_daily_task
 from api.models import Provider
+from config.celery import celery_app


 def create_task_result_on_publish(sender=None, headers=None, **kwargs):  # noqa: F841
@@ -31,4 +31,5 @@ before_task_publish.connect(
@receiver(post_delete, sender=Provider)
 def delete_provider_scan_task(sender, instance, **kwargs):  # noqa: F841
    # Delete the associated periodic task when the provider is deleted
-    delete_related_daily_task(instance.id)
+    task_name = f"scan-perform-scheduled-{instance.id}"
+    PeriodicTask.objects.filter(name=task_name).delete()
--- a/api/src/backend/api/specs/v1.yaml
+++ b/api/src/backend/api/specs/v1.yaml
--- a/api/src/backend/api/tests/integration/test_authentication.py
+++ b/api/src/backend/api/tests/integration/test_authentication.py
@@ -1,11 +1,12 @@
 import pytest
-from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header
 from django.urls import reverse
+from unittest.mock import patch
 from rest_framework.test import APIClient

-from api.models import Membership, User
+from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header


+@patch("api.v1.views.MainRouter.admin_db", new="default")
@pytest.mark.django_db
 def test_basic_authentication():
    client = APIClient()
@@ -97,204 +98,3 @@ def test_refresh_token(create_test_user, tenants_fixture):
        format="vnd.api+json",
    )
    assert new_refresh_response.status_code == 200
-
-
-@pytest.mark.django_db
-def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fixture):
-    client = APIClient()
-
-    role = roles_fixture[0]
-
-    user1_email = "user1@testing.com"
-    user2_email = "user2@testing.com"
-
-    password = "thisisapassword123"
-
-    user1_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user1",
-                    "email": user1_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user1_response.status_code == 201
-
-    user1_access_token, _ = get_api_tokens(client, user1_email, password)
-    user1_headers = get_authorization_header(user1_access_token)
-
-    user2_invitation = client.post(
-        reverse("invitation-list"),
-        data={
-            "data": {
-                "type": "invitations",
-                "attributes": {"email": user2_email},
-                "relationships": {
-                    "roles": {
-                        "data": [
-                            {
-                                "type": "roles",
-                                "id": str(role.id),
-                            }
-                        ]
-                    }
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=user1_headers,
-    )
-    assert user2_invitation.status_code == 201
-    invitation_token = user2_invitation.json()["data"]["attributes"]["token"]
-
-    user2_response = client.post(
-        reverse("user-list") + f"?invitation_token={invitation_token}",
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user2",
-                    "email": user2_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user2_response.status_code == 201
-
-    user2_access_token, _ = get_api_tokens(client, user2_email, password)
-    user2_headers = get_authorization_header(user2_access_token)
-
-    user1_me = client.get(reverse("user-me"), headers=user1_headers)
-    assert user1_me.status_code == 200
-    assert user1_me.json()["data"]["attributes"]["email"] == user1_email
-
-    user2_me = client.get(reverse("user-me"), headers=user2_headers)
-    assert user2_me.status_code == 200
-    assert user2_me.json()["data"]["attributes"]["email"] == user2_email
-
-
-@pytest.mark.django_db
-class TestTokenSwitchTenant:
-    def test_switch_tenant_with_valid_token(self, tenants_fixture, providers_fixture):
-        client = APIClient()
-
-        test_user = "test_email@prowler.com"
-        test_password = "test_password"
-
-        # Check that we can create a new user without any kind of authentication
-        user_creation_response = client.post(
-            reverse("user-list"),
-            data={
-                "data": {
-                    "type": "users",
-                    "attributes": {
-                        "name": "test",
-                        "email": test_user,
-                        "password": test_password,
-                    },
-                }
-            },
-            format="vnd.api+json",
-        )
-        assert user_creation_response.status_code == 201
-
-        # Create a new relationship between this user and another tenant
-        tenant_id = tenants_fixture[0].id
-        user_instance = User.objects.get(email=test_user)
-        Membership.objects.create(user=user_instance, tenant_id=tenant_id)
-
-        # Check that using our new user's credentials we can authenticate and get the providers
-        access_token, _ = get_api_tokens(client, test_user, test_password)
-        auth_headers = get_authorization_header(access_token)
-
-        user_me_response = client.get(
-            reverse("user-me"),
-            headers=auth_headers,
-        )
-        assert user_me_response.status_code == 200
-        # Assert this user belongs to two tenants
-        assert (
-            user_me_response.json()["data"]["relationships"]["memberships"]["meta"][
-                "count"
-            ]
-            == 2
-        )
-
-        provider_response = client.get(
-            reverse("provider-list"),
-            headers=auth_headers,
-        )
-        assert provider_response.status_code == 200
-        # Empty response since there are no providers in this tenant
-        assert not provider_response.json()["data"]
-
-        switch_tenant_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": tenant_id},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert switch_tenant_response.status_code == 200
-        new_access_token = switch_tenant_response.json()["data"]["attributes"]["access"]
-        new_auth_headers = get_authorization_header(new_access_token)
-
-        provider_response = client.get(
-            reverse("provider-list"),
-            headers=new_auth_headers,
-        )
-        assert provider_response.status_code == 200
-        # Now it must be data because we switched to another tenant with providers
-        assert provider_response.json()["data"]
-
-    def test_switch_tenant_with_invalid_token(self, create_test_user, tenants_fixture):
-        client = APIClient()
-
-        access_token, refresh_token = get_api_tokens(
-            client, create_test_user.email, TEST_PASSWORD
-        )
-        auth_headers = get_authorization_header(access_token)
-
-        invalid_token_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": "invalid_tenant_id"},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert invalid_token_response.status_code == 400
-        assert invalid_token_response.json()["errors"][0]["code"] == "invalid"
-        assert (
-            invalid_token_response.json()["errors"][0]["detail"]
-            == "Must be a valid UUID."
-        )
-
-        invalid_tenant_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": tenants_fixture[-1].id},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert invalid_tenant_response.status_code == 400
-        assert invalid_tenant_response.json()["errors"][0]["code"] == "invalid"
-        assert invalid_tenant_response.json()["errors"][0]["detail"] == (
-            "Tenant does not exist or user is not a " "member."
-        )
--- a/api/src/backend/api/tests/integration/test_providers.py
+++ b/api/src/backend/api/tests/integration/test_providers.py
@@ -1,85 +0,0 @@
-from unittest.mock import Mock, patch
-
-import pytest
-from conftest import get_api_tokens, get_authorization_header
-from django.urls import reverse
-from rest_framework.test import APIClient
-
-from api.models import Provider
-
-
-@patch("api.v1.views.Task.objects.get")
-@patch("api.v1.views.delete_provider_task.delay")
-@pytest.mark.django_db
-def test_delete_provider_without_executing_task(
-    mock_delete_task, mock_task_get, create_test_user, tenants_fixture, tasks_fixture
-):
-    client = APIClient()
-
-    test_user = "test_email@prowler.com"
-    test_password = "test_password"
-
-    prowler_task = tasks_fixture[0]
-    task_mock = Mock()
-    task_mock.id = prowler_task.id
-    mock_delete_task.return_value = task_mock
-    mock_task_get.return_value = prowler_task
-
-    user_creation_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "test",
-                    "email": test_user,
-                    "password": test_password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user_creation_response.status_code == 201
-
-    access_token, _ = get_api_tokens(client, test_user, test_password)
-    auth_headers = get_authorization_header(access_token)
-
-    create_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": "123456789012",
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert create_provider_response.status_code == 201
-    provider_id = create_provider_response.json()["data"]["id"]
-    provider_uid = create_provider_response.json()["data"]["attributes"]["uid"]
-
-    remove_provider = client.delete(
-        reverse("provider-detail", kwargs={"pk": provider_id}),
-        headers=auth_headers,
-    )
-    assert remove_provider.status_code == 202
-
-    recreate_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": provider_uid,
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert recreate_provider_response.status_code == 201
--- a/api/src/backend/api/tests/integration/test_tenants.py
+++ b/api/src/backend/api/tests/integration/test_tenants.py
@@ -11,9 +11,9 @@ from conftest import TEST_USER, TEST_PASSWORD, get_api_tokens, get_authorization
 def test_check_resources_between_different_tenants(
    schedule_mock,
    enforce_test_user_db_connection,
+    patch_testing_flag,
    authenticated_api_client,
    tenants_fixture,
-    set_user_admin_roles_fixture,
 ):
    client = authenticated_api_client

--- a/api/src/backend/api/tests/notest_rbac.py
+++ b/api/src/backend/api/tests/notest_rbac.py
@@ -1,19 +1,9 @@
-from unittest.mock import ANY, Mock, patch
+# TODO: Enable this tests

 import pytest
 from django.urls import reverse
 from rest_framework import status
-
-from api.models import (
-    Membership,
-    ProviderGroup,
-    ProviderGroupMembership,
-    Role,
-    RoleProviderGroupRelationship,
-    User,
-    UserRoleRelationship,
-)
-from api.v1.serializers import TokenSerializer
+from unittest.mock import patch, ANY, Mock


@pytest.mark.django_db
@@ -41,14 +31,6 @@ class TestUserViewSet:
            == create_test_user_rbac.email
        )

-    def test_retrieve_user_with_no_roles(
-        self, authenticated_client_rbac_noroles, create_test_user_rbac_no_roles
-    ):
-        response = authenticated_client_rbac_noroles.get(
-            reverse("user-detail", kwargs={"pk": create_test_user_rbac_no_roles.id})
-        )
-        assert response.status_code == status.HTTP_403_FORBIDDEN
-
    def test_retrieve_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac, create_test_user
    ):
@@ -57,6 +39,7 @@ class TestUserViewSet:
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN

+    @patch("api.db_router.MainRouter.admin_db", new="default")
    def test_create_user_with_all_permissions(self, authenticated_client_rbac):
        valid_user_payload = {
            "name": "test",
@@ -69,6 +52,7 @@ class TestUserViewSet:
        assert response.status_code == status.HTTP_201_CREATED
        assert response.json()["data"]["attributes"]["email"] == "new_user@test.com"

+    @patch("api.db_router.MainRouter.admin_db", new="default")
    def test_create_user_with_no_permissions(
        self, authenticated_client_no_permissions_rbac
    ):
@@ -316,96 +300,3 @@ class TestProviderViewSet:
            reverse("provider-connection", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
-@pytest.mark.django_db
-class TestLimitedVisibility:
-    TEST_EMAIL = "rbac@rbac.com"
-    TEST_PASSWORD = "thisisapassword123"
-
-    @pytest.fixture
-    def limited_admin_user(
-        self, django_db_setup, django_db_blocker, tenants_fixture, providers_fixture
-    ):
-        with django_db_blocker.unblock():
-            tenant = tenants_fixture[0]
-            provider = providers_fixture[0]
-            user = User.objects.create_user(
-                name="testing",
-                email=self.TEST_EMAIL,
-                password=self.TEST_PASSWORD,
-            )
-            Membership.objects.create(
-                user=user,
-                tenant=tenant,
-                role=Membership.RoleChoices.OWNER,
-            )
-
-            role = Role.objects.create(
-                name="limited_visibility",
-                tenant=tenant,
-                manage_users=True,
-                manage_account=True,
-                manage_billing=True,
-                manage_providers=True,
-                manage_integrations=True,
-                manage_scans=True,
-                unlimited_visibility=False,
-            )
-            UserRoleRelationship.objects.create(
-                user=user,
-                role=role,
-                tenant=tenant,
-            )
-
-            provider_group = ProviderGroup.objects.create(
-                name="limited_visibility_group",
-                tenant=tenant,
-            )
-            ProviderGroupMembership.objects.create(
-                tenant=tenant,
-                provider=provider,
-                provider_group=provider_group,
-            )
-
-            RoleProviderGroupRelationship.objects.create(
-                tenant=tenant, role=role, provider_group=provider_group
-            )
-
-        return user
-
-    @pytest.fixture
-    def authenticated_client_rbac_limited(
-        self, limited_admin_user, tenants_fixture, client
-    ):
-        client.user = limited_admin_user
-        tenant_id = tenants_fixture[0].id
-        serializer = TokenSerializer(
-            data={
-                "type": "tokens",
-                "email": self.TEST_EMAIL,
-                "password": self.TEST_PASSWORD,
-                "tenant_id": tenant_id,
-            }
-        )
-        serializer.is_valid(raise_exception=True)
-        access_token = serializer.validated_data["access"]
-        client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-        return client
-
-    def test_integrations(
-        self, authenticated_client_rbac_limited, integrations_fixture, providers_fixture
-    ):
-        # Integration 2 is related to provider1 and provider 2
-        # This user cannot see provider 2
-        integration = integrations_fixture[1]
-
-        response = authenticated_client_rbac_limited.get(
-            reverse("integration-detail", kwargs={"pk": integration.id})
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert integration.providers.count() == 2
-        assert (
-            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
-        )
--- a/api/src/backend/api/tests/test_database.py
+++ b/api/src/backend/api/tests/test_database.py
@@ -6,10 +6,8 @@ from django.db.utils import ConnectionRouter
 from api.db_router import MainRouter
 from api.rls import Tenant
 from config.django.base import DATABASE_ROUTERS as PROD_DATABASE_ROUTERS
-from unittest.mock import patch


-@patch("api.db_router.MainRouter.admin_db", new="admin")
 class TestMainDatabaseRouter:
    @pytest.fixture(scope="module")
    def router(self):
--- a/api/src/backend/api/tests/test_db_utils.py
+++ b/api/src/backend/api/tests/test_db_utils.py
@@ -2,15 +2,7 @@ from datetime import datetime, timezone
 from enum import Enum
 from unittest.mock import patch

-import pytest
-
-from api.db_utils import (
-    batch_delete,
-    enum_to_choices,
-    generate_random_token,
-    one_week_from_now,
-)
-from api.models import Provider
+from api.db_utils import enum_to_choices, one_week_from_now, generate_random_token


 class TestEnumToChoices:
@@ -114,27 +106,3 @@ class TestGenerateRandomToken:
        token = generate_random_token(length=5, symbols="")
        # Default symbols
        assert len(token) == 5
-
-
-class TestBatchDelete:
-    @pytest.fixture
-    def create_test_providers(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        provider_id = 123456789012
-        provider_count = 10
-        for i in range(provider_count):
-            Provider.objects.create(
-                tenant=tenant,
-                uid=f"{provider_id + i}",
-                provider=Provider.ProviderChoices.AWS,
-            )
-        return provider_count
-
-    @pytest.mark.django_db
-    def test_batch_delete(self, tenants_fixture, create_test_providers):
-        tenant_id = str(tenants_fixture[0].id)
-        _, summary = batch_delete(
-            tenant_id, Provider.objects.all(), batch_size=create_test_providers // 2
-        )
-        assert Provider.objects.all().count() == 0
-        assert summary == {"api.Provider": create_test_providers}
--- a/api/src/backend/api/tests/test_decorators.py
+++ b/api/src/backend/api/tests/test_decorators.py
@@ -1,9 +1,7 @@
-import uuid
-from unittest.mock import call, patch
+from unittest.mock import patch, call

 import pytest

-from api.db_utils import POSTGRES_TENANT_VAR, SET_CONFIG_QUERY
 from api.decorators import set_tenant


@@ -17,12 +15,12 @@ class TestSetTenantDecorator:
        def random_func(arg):
            return arg

-        tenant_id = str(uuid.uuid4())
+        tenant_id = "1234-abcd-5678"

        result = random_func("test_arg", tenant_id=tenant_id)

        assert (
-            call(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
+            call(f"SELECT set_config('api.tenant_id', '{tenant_id}', TRUE);")
            in mock_cursor.execute.mock_calls
        )
        assert result == "test_arg"
--- a/api/src/backend/api/tests/test_models.py
+++ b/api/src/backend/api/tests/test_models.py
@@ -7,10 +7,9 @@ from api.models import Resource, ResourceTag
 class TestResourceModel:
    def test_setting_tags(self, providers_fixture):
        provider, *_ = providers_fixture
-        tenant_id = provider.tenant_id

        resource = Resource.objects.create(
-            tenant_id=tenant_id,
+            tenant_id=provider.tenant_id,
            provider=provider,
            uid="arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
            name="My Instance 1",
@@ -21,12 +20,12 @@ class TestResourceModel:

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key",
                value="value",
            ),
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key2",
                value="value2",
            ),
@@ -34,9 +33,9 @@ class TestResourceModel:

        resource.upsert_or_delete_tags(tags)

-        assert len(tags) == len(resource.tags.filter(tenant_id=tenant_id))
+        assert len(tags) == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        for tag in tags:
            assert tag.key in tags_dict
@@ -44,79 +43,47 @@ class TestResourceModel:

    def test_adding_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=resource.tenant_id,
                key="env",
                value="test",
            ),
        ]
-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

-        assert before_count + 1 == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count + 1 == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        assert "env" in tags_dict
        assert tags_dict["env"] == "test"

    def test_adding_duplicate_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

-        tags = resource.tags.filter(tenant_id=tenant_id)
+        tags = resource.tags.all()

-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

        # should be the same number of tags
-        assert before_count == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count == len(resource.tags.all())

    def test_add_tags_none(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.upsert_or_delete_tags(None)

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}

    def test_clear_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.clear_tags()

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
-
-
-# @pytest.mark.django_db
-# class TestFindingModel:
-#     def test_add_finding_with_long_uid(
-#         self, providers_fixture, scans_fixture, resources_fixture
-#     ):
-#         provider, *_ = providers_fixture
-#         tenant_id = provider.tenant_id
-
-#         long_uid = "1" * 500
-#         _ = Finding.objects.create(
-#             tenant_id=tenant_id,
-#             uid=long_uid,
-#             delta=Finding.DeltaChoices.NEW,
-#             check_metadata={},
-#             status=StatusChoices.PASS,
-#             status_extended="",
-#             severity="high",
-#             impact="high",
-#             raw_result={},
-#             check_id="test_check",
-#             scan=scans_fixture[0],
-#             first_seen_at=None,
-#             muted=False,
-#             compliance={},
-#         )
-#         assert Finding.objects.filter(uid=long_uid).exists()
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}
--- a/api/src/backend/api/tests/test_utils.py
+++ b/api/src/backend/api/tests/test_utils.py
@@ -1,25 +1,25 @@
 from datetime import datetime, timedelta, timezone
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch, MagicMock

 import pytest
-from rest_framework.exceptions import NotFound, ValidationError
-
-from api.db_router import MainRouter
-from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Provider
-from api.utils import (
-    get_prowler_provider_kwargs,
-    initialize_prowler_provider,
-    merge_dicts,
-    prowler_provider_connection_test,
-    return_prowler_provider,
-    validate_invitation,
-)
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
-from prowler.providers.m365.m365_provider import M365Provider
+from rest_framework.exceptions import ValidationError, NotFound
+
+from api.db_router import MainRouter
+from api.exceptions import InvitationTokenExpiredException
+from api.models import Invitation
+from api.models import Provider
+from api.utils import (
+    merge_dicts,
+    return_prowler_provider,
+    initialize_prowler_provider,
+    prowler_provider_connection_test,
+    get_prowler_provider_kwargs,
+)
+from api.utils import validate_invitation


 class TestMergeDicts:
@@ -105,7 +105,6 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.GCP.value, GcpProvider),
            (Provider.ProviderChoices.AZURE.value, AzureProvider),
            (Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
-            (Provider.ProviderChoices.M365.value, M365Provider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -145,18 +144,6 @@ class TestProwlerProviderConnectionTest:
            key="value", provider_id="1234567890", raise_on_exception=False
        )

-    @pytest.mark.django_db
-    @patch("api.utils.return_prowler_provider")
-    def test_prowler_provider_connection_test_without_secret(
-        self, mock_return_prowler_provider, providers_fixture
-    ):
-        mock_return_prowler_provider.return_value = MagicMock()
-        connection = prowler_provider_connection_test(providers_fixture[0])
-
-        assert connection.is_connected is False
-        assert isinstance(connection.error, Provider.secret.RelatedObjectDoesNotExist)
-        assert str(connection.error) == "Provider has no secret."
-

 class TestGetProwlerProviderKwargs:
    @pytest.mark.parametrize(
@@ -178,10 +165,6 @@ class TestGetProwlerProviderKwargs:
                Provider.ProviderChoices.KUBERNETES.value,
                {"context": "provider_uid"},
            ),
-            (
-                Provider.ProviderChoices.M365.value,
-                {},
-            ),
        ],
    )
    def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
@@ -291,10 +274,9 @@ class TestValidateInvitation:
        expired_time = datetime.now(timezone.utc) - timedelta(days=1)
        invitation.expires_at = expired_time

-        with (
-            patch("api.utils.Invitation.objects.using") as mock_using,
-            patch("api.utils.datetime") as mock_datetime,
-        ):
+        with patch("api.utils.Invitation.objects.using") as mock_using, patch(
+            "api.utils.datetime"
+        ) as mock_datetime:
            mock_db = mock_using.return_value
            mock_db.get.return_value = invitation
            mock_datetime.now.return_value = datetime.now(timezone.utc)
--- a/api/src/backend/api/tests/test_views.py
+++ b/api/src/backend/api/tests/test_views.py
--- a/api/src/backend/api/utils.py
+++ b/api/src/backend/api/utils.py
@@ -1,26 +1,15 @@
 from datetime import datetime, timezone

-from allauth.socialaccount.providers.oauth2.client import OAuth2Client
-from rest_framework.exceptions import NotFound, ValidationError
-
-from api.db_router import MainRouter
-from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Provider
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
-from prowler.providers.m365.m365_provider import M365Provider
+from rest_framework.exceptions import ValidationError, NotFound

-
-class CustomOAuth2Client(OAuth2Client):
-    def __init__(self, client_id, secret, *args, **kwargs):
-        # Remove any duplicate "scope_delimiter" from kwargs
-        # Bug present in dj-rest-auth after version v7.0.1
-        # https://github.com/iMerica/dj-rest-auth/issues/673
-        kwargs.pop("scope_delimiter", None)
-        super().__init__(client_id, secret, *args, **kwargs)
+from api.db_router import MainRouter
+from api.exceptions import InvitationTokenExpiredException
+from api.models import Provider, Invitation


 def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:
@@ -52,14 +41,14 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider]:
+) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -73,8 +62,6 @@ def return_prowler_provider(
            prowler_provider = AzureProvider
        case Provider.ProviderChoices.KUBERNETES.value:
            prowler_provider = KubernetesProvider
-        case Provider.ProviderChoices.M365.value:
-            prowler_provider = M365Provider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -107,15 +94,15 @@ def get_prowler_provider_kwargs(provider: Provider) -> dict:

 def initialize_prowler_provider(
    provider: Provider,
-) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
+) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, or `KubernetesProvider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
@@ -133,12 +120,7 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
        Connection: A connection object representing the result of the connection test for the specified provider.
    """
    prowler_provider = return_prowler_provider(provider)
-
-    try:
-        prowler_provider_kwargs = provider.secret.secret
-    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
-        return Connection(is_connected=False, error=secret_error)
-
+    prowler_provider_kwargs = provider.secret.secret
    return prowler_provider.test_connection(
        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
    )
--- a/api/src/backend/api/uuid_utils.py
+++ b/api/src/backend/api/uuid_utils.py
@@ -106,7 +106,7 @@ def uuid7_end(uuid_obj: UUID, offset_months: int = 1) -> UUID:

    Args:
        uuid_obj: A UUIDv7 object.
-        offset_months: Number of months to offset from the given UUID's date. Defaults to 1 to handle if
+        offset_days: Number of months to offset from the given UUID's date. Defaults to 1 to handle if
        partitions are not being used, if so the value will be the one set at FINDINGS_TABLE_PARTITION_MONTHS.

    Returns:
--- a/api/src/backend/api/v1/serializer_utils/integrations.py
+++ b/api/src/backend/api/v1/serializer_utils/integrations.py
@@ -1,122 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-from rest_framework_json_api.serializers import ValidationError
-
-
-class BaseValidateSerializer(serializers.Serializer):
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
-
-
-# Integrations
-
-
-class S3ConfigSerializer(BaseValidateSerializer):
-    bucket_name = serializers.CharField()
-    output_directory = serializers.CharField()
-
-    class Meta:
-        resource_name = "integrations"
-
-
-class AWSCredentialSerializer(BaseValidateSerializer):
-    role_arn = serializers.CharField(required=False)
-    external_id = serializers.CharField(required=False)
-    role_session_name = serializers.CharField(required=False)
-    session_duration = serializers.IntegerField(
-        required=False, min_value=900, max_value=43200
-    )
-    aws_access_key_id = serializers.CharField(required=False)
-    aws_secret_access_key = serializers.CharField(required=False)
-    aws_session_token = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "integrations"
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "AWS Credentials",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
-                        "assumption.",
-                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
-                        "AWS credentials.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
-                        "no AWS credentials are pre-configured.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token for temporary credentials, if applicable.",
-                    },
-                    "session_duration": {
-                        "type": "integer",
-                        "minimum": 900,
-                        "maximum": 43200,
-                        "default": 3600,
-                        "description": "The duration (in seconds) for the role session.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
-                        "The regex used to validate this parameter is a string of characters consisting of "
-                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
-                        "underscores or any of the following characters: =,.@-\n\n"
-                        "Examples:\n"
-                        "- MySession123\n"
-                        "- User_Session-1\n"
-                        "- Test.Session@2",
-                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
-                    },
-                },
-            },
-        ]
-    }
-)
-class IntegrationCredentialField(serializers.JSONField):
-    pass
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "Amazon S3",
-                "properties": {
-                    "bucket_name": {
-                        "type": "string",
-                        "description": "The name of the S3 bucket where files will be stored.",
-                    },
-                    "output_directory": {
-                        "type": "string",
-                        "description": "The directory path within the bucket where files will be saved.",
-                    },
-                },
-                "required": ["bucket_name", "output_directory"],
-            },
-        ]
-    }
-)
-class IntegrationConfigField(serializers.JSONField):
-    pass
--- a/api/src/backend/api/v1/serializer_utils/providers.py
+++ b/api/src/backend/api/v1/serializer_utils/providers.py
@@ -1,172 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "AWS Static Credentials",
-                "properties": {
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Required for environments where no IAM role is being "
-                        "assumed and direct AWS access is needed.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Must accompany 'aws_access_key_id' to authorize "
-                        "access to AWS resources.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token associated with temporary credentials. Only needed for "
-                        "session-based or temporary AWS access.",
-                    },
-                },
-                "required": ["aws_access_key_id", "aws_secret_access_key"],
-            },
-            {
-                "type": "object",
-                "title": "AWS Assume Role",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
-                        "assumption.",
-                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
-                        "AWS credentials.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
-                        "no AWS credentials are pre-configured.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token for temporary credentials, if applicable.",
-                    },
-                    "session_duration": {
-                        "type": "integer",
-                        "minimum": 900,
-                        "maximum": 43200,
-                        "default": 3600,
-                        "description": "The duration (in seconds) for the role session.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
-                        "The regex used to validate this parameter is a string of characters consisting of "
-                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
-                        "underscores or any of the following characters: =,.@-\n\n"
-                        "Examples:\n"
-                        "- MySession123\n"
-                        "- User_Session-1\n"
-                        "- Test.Session@2",
-                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
-                    },
-                },
-                "required": ["role_arn", "external_id"],
-            },
-            {
-                "type": "object",
-                "title": "Azure Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the application (client) ID, providing "
-                        "secure access.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "tenant_id"],
-            },
-            {
-                "type": "object",
-                "title": "M365 Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the application (client) ID, providing "
-                        "secure access.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                    "user": {
-                        "type": "email",
-                        "description": "User microsoft email address.",
-                    },
-                    "encrypted_password": {
-                        "type": "string",
-                        "description": "User encrypted password.",
-                    },
-                },
-                "required": [
-                    "client_id",
-                    "client_secret",
-                    "tenant_id",
-                    "user",
-                    "encrypted_password",
-                ],
-            },
-            {
-                "type": "object",
-                "title": "GCP Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The client ID from Google Cloud, used to identify the application for GCP "
-                        "access.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the GCP client ID, required for secure "
-                        "access.",
-                    },
-                    "refresh_token": {
-                        "type": "string",
-                        "description": "A refresh token that allows the application to obtain new access tokens for "
-                        "extended use.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "refresh_token"],
-            },
-            {
-                "type": "object",
-                "title": "Kubernetes Static Credentials",
-                "properties": {
-                    "kubeconfig_content": {
-                        "type": "string",
-                        "description": "The content of the Kubernetes kubeconfig file, encoded as a string.",
-                    }
-                },
-                "required": ["kubeconfig_content"],
-            },
-        ]
-    }
-)
-class ProviderSecretField(serializers.JSONField):
-    pass
--- a/api/src/backend/api/v1/serializers.py
+++ b/api/src/backend/api/v1/serializers.py
--- a/api/src/backend/api/v1/urls.py
+++ b/api/src/backend/api/v1/urls.py
@@ -3,32 +3,28 @@ from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers

 from api.v1.views import (
-    ComplianceOverviewViewSet,
    CustomTokenObtainView,
    CustomTokenRefreshView,
-    CustomTokenSwitchTenantView,
    FindingViewSet,
-    GithubSocialLoginView,
-    GoogleSocialLoginView,
-    IntegrationViewSet,
-    InvitationAcceptViewSet,
-    InvitationViewSet,
    MembershipViewSet,
-    OverviewViewSet,
-    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
+    ProviderGroupProvidersRelationshipView,
    ProviderSecretViewSet,
+    InvitationViewSet,
+    InvitationAcceptViewSet,
+    RoleViewSet,
+    RoleProviderGroupRelationshipView,
+    UserRoleRelationshipView,
+    OverviewViewSet,
+    ComplianceOverviewViewSet,
    ProviderViewSet,
    ResourceViewSet,
-    RoleProviderGroupRelationshipView,
-    RoleViewSet,
    ScanViewSet,
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
    TenantMembersViewSet,
    TenantViewSet,
-    UserRoleRelationshipView,
    UserViewSet,
 )

@@ -48,7 +44,6 @@ router.register(
 )
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
-router.register(r"integrations", IntegrationViewSet, basename="integration")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -61,7 +56,6 @@ users_router.register(r"memberships", MembershipViewSet, basename="user-membersh
 urlpatterns = [
    path("tokens", CustomTokenObtainView.as_view(), name="token-obtain"),
    path("tokens/refresh", CustomTokenRefreshView.as_view(), name="token-refresh"),
-    path("tokens/switch", CustomTokenSwitchTenantView.as_view(), name="token-switch"),
    path(
        "providers/secrets",
        ProviderSecretViewSet.as_view({"get": "list", "post": "create"}),
@@ -112,8 +106,6 @@ urlpatterns = [
        ),
        name="provider_group-providers-relationship",
    ),
-    path("tokens/google", GoogleSocialLoginView.as_view(), name="token-google"),
-    path("tokens/github", GithubSocialLoginView.as_view(), name="token-github"),
    path("", include(router.urls)),
    path("", include(tenants_router.urls)),
    path("", include(users_router.urls)),
--- a/api/src/backend/api/v1/views.py
+++ b/api/src/backend/api/v1/views.py
--- a/api/src/backend/config/celery.py
+++ b/api/src/backend/config/celery.py
@@ -1,21 +1,10 @@
 from celery import Celery, Task
-from config.env import env
-
-BROKER_VISIBILITY_TIMEOUT = env.int("DJANGO_BROKER_VISIBILITY_TIMEOUT", default=86400)

 celery_app = Celery("tasks")

 celery_app.config_from_object("django.conf:settings", namespace="CELERY")
 celery_app.conf.update(result_extended=True, result_expires=None)

-celery_app.conf.broker_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.result_backend_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.visibility_timeout = BROKER_VISIBILITY_TIMEOUT
-
 celery_app.autodiscover_tasks(["api"])


@@ -46,13 +35,13 @@ class RLSTask(Task):
            **options,
        )
        task_result_instance = TaskResult.objects.get(task_id=result.task_id)
-        from api.db_utils import rls_transaction
+        from api.db_utils import tenant_transaction

        tenant_id = kwargs.get("tenant_id")
-        with rls_transaction(tenant_id):
-            APITask.objects.update_or_create(
+        with tenant_transaction(tenant_id):
+            APITask.objects.create(
                id=task_result_instance.task_id,
                tenant_id=tenant_id,
-                defaults={"task_runner_task": task_result_instance},
+                task_runner_task=task_result_instance,
            )
        return result
--- a/api/src/backend/config/custom_logging.py
+++ b/api/src/backend/config/custom_logging.py
@@ -2,9 +2,10 @@ import json
 import logging
 from enum import StrEnum

-from config.env import env
 from django_guid.log_filters import CorrelationId

+from config.env import env
+

 class BackendLogger(StrEnum):
    GUNICORN = "gunicorn"
@@ -38,9 +39,9 @@ class NDJSONFormatter(logging.Formatter):
            "funcName": record.funcName,
            "process": record.process,
            "thread": record.thread,
-            "transaction_id": (
-                record.transaction_id if hasattr(record, "transaction_id") else None
-            ),
+            "transaction_id": record.transaction_id
+            if hasattr(record, "transaction_id")
+            else None,
        }

        # Add REST API extra fields
--- a/api/src/backend/config/django/base.py
+++ b/api/src/backend/config/django/base.py
@@ -4,8 +4,6 @@ from config.custom_logging import LOGGING  # noqa
 from config.env import BASE_DIR, env  # noqa
 from config.settings.celery import *  # noqa
 from config.settings.partitions import *  # noqa
-from config.settings.sentry import *  # noqa
-from config.settings.social_login import *  # noqa

 SECRET_KEY = env("SECRET_KEY", default="secret")
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
@@ -31,13 +29,6 @@ INSTALLED_APPS = [
    "django_celery_results",
    "django_celery_beat",
    "rest_framework_simplejwt.token_blacklist",
-    "allauth",
-    "allauth.account",
-    "allauth.socialaccount",
-    "allauth.socialaccount.providers.google",
-    "allauth.socialaccount.providers.github",
-    "dj_rest_auth.registration",
-    "rest_framework.authtoken",
 ]

 MIDDLEWARE = [
@@ -51,11 +42,8 @@ MIDDLEWARE = [
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "api.middleware.APILoggingMiddleware",
-    "allauth.account.middleware.AccountMiddleware",
 ]

-SITE_ID = 1
-
 CORS_ALLOWED_ORIGINS = ["http://localhost", "http://127.0.0.1"]

 ROOT_URLCONF = "config.urls"
@@ -220,25 +208,5 @@ CACHE_STALE_WHILE_REVALIDATE = env.int("DJANGO_STALE_WHILE_REVALIDATE", 60)

 TESTING = False

-FINDINGS_MAX_DAYS_IN_RANGE = env.int("DJANGO_FINDINGS_MAX_DAYS_IN_RANGE", 7)
-
-
-# API export settings
-DJANGO_TMP_OUTPUT_DIRECTORY = env.str(
-    "DJANGO_TMP_OUTPUT_DIRECTORY", "/tmp/prowler_api_output"
-)
-DJANGO_FINDINGS_BATCH_SIZE = env.str("DJANGO_FINDINGS_BATCH_SIZE", 1000)
-
-DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID = env.str("DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID", "")
-DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY = env.str(
-    "DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY", ""
-)
-DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN = env.str("DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN", "")
-DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION = env.str("DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION", "")
-
-DJANGO_DELETION_BATCH_SIZE = env.int("DJANGO_DELETION_BATCH_SIZE", 5000)
-# HTTP Security Headers
-SECURE_CONTENT_TYPE_NOSNIFF = True
-X_FRAME_OPTIONS = "DENY"
-SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
+# Disable RBAC during tests/demos
+DISABLE_RBAC = False
--- a/api/src/backend/config/django/devel.py
+++ b/api/src/backend/config/django/devel.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=True)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["*"])

--- a/api/src/backend/config/django/production.py
+++ b/api/src/backend/config/django/production.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

--- a/api/src/backend/config/django/testing.py
+++ b/api/src/backend/config/django/testing.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

@@ -9,8 +10,8 @@ DATABASES = {
    "default": {
        "ENGINE": "psqlextra.backend",
        "NAME": "prowler_db_test",
-        "USER": env("POSTGRES_USER", default="prowler_admin"),
-        "PASSWORD": env("POSTGRES_PASSWORD", default="postgres"),
+        "USER": env("POSTGRES_USER", default="prowler"),
+        "PASSWORD": env("POSTGRES_PASSWORD", default="S3cret"),
        "HOST": env("POSTGRES_HOST", default="localhost"),
        "PORT": env("POSTGRES_PORT", default="5432"),
    },
--- a/api/src/backend/config/settings/sentry.py
+++ b/api/src/backend/config/settings/sentry.py
@@ -1,102 +0,0 @@
-import sentry_sdk
-from config.env import env
-
-IGNORED_EXCEPTIONS = [
-    # Provider is not connected due to credentials errors
-    "is not connected",
-    # Authentication Errors from AWS
-    "InvalidToken",
-    "AccessDeniedException",
-    "AuthorizationErrorException",
-    "UnrecognizedClientException",
-    "UnauthorizedOperation",
-    "AuthFailure",
-    "InvalidClientTokenId",
-    "AWSInvalidProviderIdError",
-    "InternalServerErrorException",
-    "AccessDenied",
-    "No Shodan API Key",  # Shodan Check
-    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
-    "ThrottlingException",
-    "Rate exceeded",
-    "SubscriptionRequiredException",
-    "UnknownOperationException",
-    "OptInRequired",
-    "ReadTimeout",
-    "LimitExceeded",
-    "ConnectTimeoutError",
-    "ExpiredToken",
-    "IncompleteSignature",
-    "RegionDisabledException",
-    "TooManyRequestsException",
-    "SignatureDoesNotMatch",
-    "InvalidParameterValueException",
-    "InvalidInputException",
-    "ValidationException",
-    "AWSSecretAccessKeyInvalidError",
-    "InvalidAction",
-    "InvalidRequestException",
-    "RequestExpired",
-    "ConnectionClosedError",
-    "MaxRetryError",
-    "AWSAccessKeyIDInvalidError",
-    "AWSSessionTokenExpiredError",
-    "EndpointConnectionError",  # AWS Service is not available in a region
-    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    # Authentication Errors from GCP
-    "ClientAuthenticationError",
-    "AuthorizationFailed",
-    "Reauthentication is needed",
-    "Permission denied to get service",
-    "API has not been used in project",
-    "HttpError 404 when requesting",
-    "HttpError 403 when requesting",
-    "HttpError 400 when requesting",
-    "GCPNoAccesibleProjectsError",
-    # Authentication Errors from Azure
-    "ClientAuthenticationError",
-    "AuthorizationFailed",
-    "Subscription Not Registered",
-    "AzureNotValidClientIdError",
-    "AzureNotValidClientSecretError",
-    "AzureNotValidTenantIdError",
-    "AzureInvalidProviderIdError",
-    "AzureTenantIdAndClientSecretNotBelongingToClientIdError",
-    "AzureTenantIdAndClientIdNotBelongingToClientSecretError",
-    "AzureClientIdAndClientSecretNotBelongingToTenantIdError",
-    "AzureHTTPResponseError",
-    "Error with credentials provided",
-]
-
-
-def before_send(event, hint):
-    """
-    before_send handles the Sentry events in order to sent them or not
-    """
-    # Ignore logs with the ignored_exceptions
-    # https://docs.python.org/3/library/logging.html#logrecord-objects
-    if "log_record" in hint:
-        log_msg = hint["log_record"].msg
-        log_lvl = hint["log_record"].levelno
-
-        # Handle Error events and discard the rest
-        if log_lvl == 40 and any(ignored in log_msg for ignored in IGNORED_EXCEPTIONS):
-            return
-    return event
-
-
-sentry_sdk.init(
-    dsn=env.str("DJANGO_SENTRY_DSN", ""),
-    # Add data like request headers and IP for users,
-    # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
-    before_send=before_send,
-    send_default_pii=True,
-    _experiments={
-        # Set continuous_profiling_auto_start to True
-        # to automatically start the profiler on when
-        # possible.
-        "continuous_profiling_auto_start": True,
-    },
-    attach_stacktrace=True,
-    ignore_errors=IGNORED_EXCEPTIONS,
-)
--- a/api/src/backend/config/settings/social_login.py
+++ b/api/src/backend/config/settings/social_login.py
@@ -1,53 +0,0 @@
-from config.env import env
-
-# Provider Oauth settings
-GOOGLE_OAUTH_CLIENT_ID = env("SOCIAL_GOOGLE_OAUTH_CLIENT_ID", default="")
-GOOGLE_OAUTH_CLIENT_SECRET = env("SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET", default="")
-GOOGLE_OAUTH_CALLBACK_URL = env("SOCIAL_GOOGLE_OAUTH_CALLBACK_URL", default="")
-
-GITHUB_OAUTH_CLIENT_ID = env("SOCIAL_GITHUB_OAUTH_CLIENT_ID", default="")
-GITHUB_OAUTH_CLIENT_SECRET = env("SOCIAL_GITHUB_OAUTH_CLIENT_SECRET", default="")
-GITHUB_OAUTH_CALLBACK_URL = env("SOCIAL_GITHUB_OAUTH_CALLBACK_URL", default="")
-
-# Allauth settings
-ACCOUNT_LOGIN_METHODS = {"email"}  # Use Email / Password authentication
-ACCOUNT_USERNAME_REQUIRED = False
-ACCOUNT_EMAIL_REQUIRED = True
-ACCOUNT_EMAIL_VERIFICATION = "none"  # Do not require email confirmation
-ACCOUNT_USER_MODEL_USERNAME_FIELD = None
-REST_AUTH = {
-    "TOKEN_MODEL": None,
-    "REST_USE_JWT": True,
-}
-# django-allauth (social)
-# Authenticate if local account with this email address already exists
-SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
-# Connect local account and social account if local account with that email address already exists
-SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
-SOCIALACCOUNT_ADAPTER = "api.adapters.ProwlerSocialAccountAdapter"
-SOCIALACCOUNT_PROVIDERS = {
-    "google": {
-        "APP": {
-            "client_id": GOOGLE_OAUTH_CLIENT_ID,
-            "secret": GOOGLE_OAUTH_CLIENT_SECRET,
-            "key": "",
-        },
-        "SCOPE": [
-            "email",
-            "profile",
-        ],
-        "AUTH_PARAMS": {
-            "access_type": "online",
-        },
-    },
-    "github": {
-        "APP": {
-            "client_id": GITHUB_OAUTH_CLIENT_ID,
-            "secret": GITHUB_OAUTH_CLIENT_SECRET,
-        },
-        "SCOPE": [
-            "user",
-            "read:org",
-        ],
-    },
-}
--- a/api/src/backend/conftest.py
+++ b/api/src/backend/conftest.py
@@ -1,41 +1,38 @@
 import logging
-from datetime import datetime, timedelta, timezone
-from unittest.mock import patch

 import pytest
 from django.conf import settings
-from django.db import connection as django_connection
-from django.db import connections as django_connections
+from datetime import datetime, timezone, timedelta
+from django.db import connections as django_connections, connection as django_connection
 from django.urls import reverse
 from django_celery_results.models import TaskResult
+from prowler.lib.check.models import Severity
+from prowler.lib.outputs.finding import Status
 from rest_framework import status
 from rest_framework.test import APIClient
+from unittest.mock import patch

-from api.db_utils import rls_transaction
 from api.models import (
-    ComplianceOverview,
    Finding,
-    Integration,
-    IntegrationProviderRelationship,
-    Invitation,
-    Membership,
+)
+from api.models import (
+    User,
    Provider,
    ProviderGroup,
-    ProviderSecret,
    Resource,
    ResourceTag,
    Role,
    Scan,
-    ScanSummary,
    StateChoices,
    Task,
-    User,
+    Membership,
+    ProviderSecret,
+    Invitation,
+    ComplianceOverview,
    UserRoleRelationship,
 )
 from api.rls import Tenant
 from api.v1.serializers import TokenSerializer
-from prowler.lib.check.models import Severity
-from prowler.lib.outputs.finding import Status

 API_JSON_CONTENT_TYPE = "application/vnd.api+json"
 NO_TENANT_HTTP_STATUS = status.HTTP_401_UNAUTHORIZED
@@ -78,6 +75,16 @@ def disable_logging():
    logging.disable(logging.CRITICAL)


+@pytest.fixture(scope="function")
+def patch_testing_flag():
+    """
+    Fixture to patch the TESTING flag to True during tests.
+    """
+    with patch("api.rbac.permissions.DISABLE_RBAC", True):
+        with patch("api.v1.views.DISABLE_RBAC", True):
+            yield
+
+
@pytest.fixture(scope="session", autouse=True)
 def create_test_user(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
@@ -90,14 +97,16 @@ def create_test_user(django_db_setup, django_db_blocker):


@pytest.fixture(scope="function")
-def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
+def create_test_user_rbac(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
        user = User.objects.create_user(
            name="testing",
            email="rbac@rbac.com",
            password=TEST_PASSWORD,
        )
-        tenant = tenants_fixture[0]
+        tenant = Tenant.objects.create(
+            name="Tenant Test",
+        )
        Membership.objects.create(
            user=user,
            tenant=tenant,
@@ -122,24 +131,6 @@ def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
    return user


-@pytest.fixture(scope="function")
-def create_test_user_rbac_no_roles(django_db_setup, django_db_blocker, tenants_fixture):
-    with django_db_blocker.unblock():
-        user = User.objects.create_user(
-            name="testing",
-            email="rbac_noroles@rbac.com",
-            password=TEST_PASSWORD,
-        )
-        tenant = tenants_fixture[0]
-        Membership.objects.create(
-            user=user,
-            tenant=tenant,
-            role=Membership.RoleChoices.OWNER,
-        )
-
-    return user
-
-
@pytest.fixture(scope="function")
 def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
@@ -178,32 +169,8 @@ def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
@pytest.fixture
 def authenticated_client_rbac(create_test_user_rbac, tenants_fixture, client):
    client.user = create_test_user_rbac
-    tenant_id = tenants_fixture[0].id
    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac@rbac.com",
-            "password": TEST_PASSWORD,
-            "tenant_id": tenant_id,
-        }
-    )
-    serializer.is_valid(raise_exception=True)
-    access_token = serializer.validated_data["access"]
-    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-    return client
-
-
-@pytest.fixture
-def authenticated_client_rbac_noroles(
-    create_test_user_rbac_no_roles, tenants_fixture, client
-):
-    client.user = create_test_user_rbac_no_roles
-    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac_noroles@rbac.com",
-            "password": TEST_PASSWORD,
-        }
+        data={"type": "tokens", "email": "rbac@rbac.com", "password": TEST_PASSWORD}
    )
    serializer.is_valid()
    access_token = serializer.validated_data["access"]
@@ -230,9 +197,7 @@ def authenticated_client_no_permissions_rbac(


@pytest.fixture
-def authenticated_client(
-    create_test_user, tenants_fixture, set_user_admin_roles_fixture, client
-):
+def authenticated_client(create_test_user, tenants_fixture, client):
    client.user = create_test_user
    serializer = TokenSerializer(
        data={"type": "tokens", "email": TEST_USER, "password": TEST_PASSWORD}
@@ -281,33 +246,10 @@ def tenants_fixture(create_test_user):
    return tenant1, tenant2, tenant3


-@pytest.fixture
-def set_user_admin_roles_fixture(create_test_user, tenants_fixture):
-    user = create_test_user
-    for tenant in tenants_fixture[:2]:
-        with rls_transaction(str(tenant.id)):
-            role = Role.objects.create(
-                name="admin",
-                tenant_id=tenant.id,
-                manage_users=True,
-                manage_account=True,
-                manage_billing=True,
-                manage_providers=True,
-                manage_integrations=True,
-                manage_scans=True,
-                unlimited_visibility=True,
-            )
-            UserRoleRelationship.objects.create(
-                user=user,
-                role=role,
-                tenant_id=tenant.id,
-            )
-
-
@pytest.fixture
 def invitations_fixture(create_test_user, tenants_fixture):
    user = create_test_user
-    tenant = tenants_fixture[0]
+    *_, tenant = tenants_fixture
    valid_invitation = Invitation.objects.create(
        email="testing@prowler.com",
        state=Invitation.State.PENDING,
@@ -326,20 +268,6 @@ def invitations_fixture(create_test_user, tenants_fixture):
    return valid_invitation, expired_invitation


-@pytest.fixture
-def users_fixture(django_user_model):
-    user1 = User.objects.create_user(
-        name="user1", email="test_unit0@prowler.com", password="S3cret"
-    )
-    user2 = User.objects.create_user(
-        name="user2", email="test_unit1@prowler.com", password="S3cret"
-    )
-    user3 = User.objects.create_user(
-        name="user3", email="test_unit2@prowler.com", password="S3cret"
-    )
-    return user1, user2, user3
-
-
@pytest.fixture
 def providers_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -397,23 +325,6 @@ def provider_groups_fixture(tenants_fixture):
    return pgroup1, pgroup2, pgroup3


-@pytest.fixture
-def admin_role_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-
-    return Role.objects.get_or_create(
-        name="admin",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )[0]
-
-
@pytest.fixture
 def roles_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -450,19 +361,8 @@ def roles_fixture(tenants_fixture):
        manage_scans=True,
        unlimited_visibility=True,
    )
-    role4 = Role.objects.create(
-        name="Role Four",
-        tenant_id=tenant.id,
-        manage_users=False,
-        manage_account=False,
-        manage_billing=False,
-        manage_providers=False,
-        manage_integrations=False,
-        manage_scans=False,
-        unlimited_visibility=False,
-    )

-    return role1, role2, role3, role4
+    return role1, role2, role3


@pytest.fixture
@@ -488,7 +388,7 @@ def scans_fixture(tenants_fixture, providers_fixture):
        name="Scan 1",
        provider=provider,
        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
+        state=StateChoices.AVAILABLE,
        tenant_id=tenant.id,
        started_at="2024-01-02T00:00:00Z",
    )
@@ -628,7 +528,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding1.add_resources([resource1])
@@ -654,8 +553,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
-        muted=True,
    )

    finding2.add_resources([resource2])
@@ -795,147 +692,10 @@ def get_api_tokens(
        data=json_body,
        format="vnd.api+json",
    )
-    return (
-        response.json()["data"]["attributes"]["access"],
-        response.json()["data"]["attributes"]["refresh"],
-    )
-
-
-@pytest.fixture
-def scan_summaries_fixture(tenants_fixture, providers_fixture):
-    tenant = tenants_fixture[0]
-    provider = providers_fixture[0]
-    scan = Scan.objects.create(
-        name="overview scan",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant=tenant,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check1",
-        service="service1",
-        severity="high",
-        region="region2",
-        _pass=0,
-        fail=1,
-        muted=1,
-        total=2,
-        new=2,
-        changed=0,
-        unchanged=0,
-        fail_new=1,
-        fail_changed=0,
-        pass_new=0,
-        pass_changed=0,
-        muted_new=1,
-        muted_changed=0,
-        scan=scan,
-    )
-
-    ScanSummary.objects.create(
-        tenant=tenant,
-        check_id="check2",
-        service="service2",
-        severity="critical",
-        region="region1",
-        _pass=1,
-        fail=0,
-        muted=0,
-        total=1,
-        new=1,
-        changed=0,
-        unchanged=0,
-        fail_new=0,
-        fail_changed=0,
-        pass_new=1,
-        pass_changed=0,
-        muted_new=0,
-        muted_changed=0,
-        scan=scan,
-    )
-
-
-@pytest.fixture
-def integrations_fixture(providers_fixture):
-    provider1, provider2, *_ = providers_fixture
-    tenant_id = provider1.tenant_id
-    integration1 = Integration.objects.create(
-        tenant_id=tenant_id,
-        enabled=True,
-        connected=True,
-        integration_type="amazon_s3",
-        configuration={"key": "value"},
-        credentials={"psswd": "1234"},
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration1,
-        provider=provider1,
-    )
-
-    integration2 = Integration.objects.create(
-        tenant_id=tenant_id,
-        enabled=True,
-        connected=True,
-        integration_type="amazon_s3",
-        configuration={"key": "value"},
-        credentials={"psswd": "1234"},
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration2,
-        provider=provider1,
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration2,
-        provider=provider2,
-    )
-
-    return integration1, integration2
+    return response.json()["data"]["attributes"]["access"], response.json()["data"][
+        "attributes"
+    ]["refresh"]


 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}
-
-
-def pytest_collection_modifyitems(items):
-    """Ensure test_rbac.py is executed first."""
-    items.sort(key=lambda item: 0 if "test_rbac.py" in item.nodeid else 1)
-
-
-def pytest_configure(config):
-    # Apply the mock before the test session starts. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch("api.db_router.MainRouter.admin_db", new="default").start()
-
-
-def pytest_unconfigure(config):
-    # Stop all patches after the test session ends. This is necessary to avoid admin error when running the
-    # 0004_rbac_missing_admin_roles migration
-    patch.stopall()
--- a/api/src/backend/tasks/beat.py
+++ b/api/src/backend/tasks/beat.py
@@ -5,14 +5,10 @@ from django_celery_beat.models import IntervalSchedule, PeriodicTask
 from rest_framework_json_api.serializers import ValidationError
 from tasks.tasks import perform_scheduled_scan_task

-from api.db_utils import rls_transaction
-from api.models import Provider, Scan, StateChoices
+from api.models import Provider


 def schedule_provider_scan(provider_instance: Provider):
-    tenant_id = str(provider_instance.tenant_id)
-    provider_id = str(provider_instance.id)
-
    schedule, _ = IntervalSchedule.objects.get_or_create(
        every=24,
        period=IntervalSchedule.HOURS,
@@ -21,9 +17,23 @@ def schedule_provider_scan(provider_instance: Provider):
    # Create a unique name for the periodic task
    task_name = f"scan-perform-scheduled-{provider_instance.id}"

-    if PeriodicTask.objects.filter(
-        interval=schedule, name=task_name, task="scan-perform-scheduled"
-    ).exists():
+    # Schedule the task
+    _, created = PeriodicTask.objects.get_or_create(
+        interval=schedule,
+        name=task_name,
+        task="scan-perform-scheduled",
+        kwargs=json.dumps(
+            {
+                "tenant_id": str(provider_instance.tenant_id),
+                "provider_id": str(provider_instance.id),
+            }
+        ),
+        one_off=False,
+        defaults={
+            "start_time": datetime.now(timezone.utc) + timedelta(hours=24),
+        },
+    )
+    if not created:
        raise ValidationError(
            [
                {
@@ -35,36 +45,9 @@ def schedule_provider_scan(provider_instance: Provider):
            ]
        )

-    with rls_transaction(tenant_id):
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant_id,
-            name="Daily scheduled scan",
-            provider_id=provider_id,
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduled_at=datetime.now(timezone.utc),
-        )
-
-    # Schedule the task
-    periodic_task_instance = PeriodicTask.objects.create(
-        interval=schedule,
-        name=task_name,
-        task="scan-perform-scheduled",
-        kwargs=json.dumps(
-            {
-                "tenant_id": tenant_id,
-                "provider_id": provider_id,
-            }
-        ),
-        one_off=False,
-        start_time=datetime.now(timezone.utc) + timedelta(hours=24),
-    )
-    scheduled_scan.scheduler_task_id = periodic_task_instance.id
-    scheduled_scan.save()
-
    return perform_scheduled_scan_task.apply_async(
        kwargs={
            "tenant_id": str(provider_instance.tenant_id),
-            "provider_id": provider_id,
+            "provider_id": str(provider_instance.id),
        },
    )
--- a/api/src/backend/tasks/jobs/deletion.py
+++ b/api/src/backend/tasks/jobs/deletion.py
@@ -1,19 +1,18 @@
 from celery.utils.log import get_task_logger
-from django.db import DatabaseError
+from django.db import transaction

 from api.db_router import MainRouter
-from api.db_utils import batch_delete, rls_transaction
+from api.db_utils import batch_delete, tenant_transaction
 from api.models import Finding, Provider, Resource, Scan, ScanSummary, Tenant

 logger = get_task_logger(__name__)


-def delete_provider(tenant_id: str, pk: str):
+def delete_provider(pk: str):
    """
    Gracefully deletes an instance of a provider along with its related data.

    Args:
-        tenant_id (str): Tenant ID the resources belong to.
        pk (str): The primary key of the Provider instance to delete.

    Returns:
@@ -23,31 +22,33 @@ def delete_provider(tenant_id: str, pk: str):
    Raises:
        Provider.DoesNotExist: If no instance with the provided primary key exists.
    """
-    with rls_transaction(tenant_id):
-        instance = Provider.all_objects.get(pk=pk)
-        deletion_summary = {}
-        deletion_steps = [
-            ("Scan Summaries", ScanSummary.all_objects.filter(scan__provider=instance)),
-            ("Findings", Finding.all_objects.filter(scan__provider=instance)),
-            ("Resources", Resource.all_objects.filter(provider=instance)),
-            ("Scans", Scan.all_objects.filter(provider=instance)),
-        ]
+    instance = Provider.all_objects.get(pk=pk)
+    deletion_summary = {}

-    for step_name, queryset in deletion_steps:
-        try:
-            _, step_summary = batch_delete(tenant_id, queryset)
-            deletion_summary.update(step_summary)
-        except DatabaseError as db_error:
-            logger.error(f"Error deleting {step_name}: {db_error}")
-            raise
+    with transaction.atomic():
+        # Delete Scan Summaries
+        scan_summaries_qs = ScanSummary.all_objects.filter(scan__provider=instance)
+        _, scans_summ_summary = batch_delete(scan_summaries_qs)
+        deletion_summary.update(scans_summ_summary)

-    try:
-        with rls_transaction(tenant_id):
-            _, provider_summary = instance.delete()
+        # Delete Findings
+        findings_qs = Finding.all_objects.filter(scan__provider=instance)
+        _, findings_summary = batch_delete(findings_qs)
+        deletion_summary.update(findings_summary)
+
+        # Delete Resources
+        resources_qs = Resource.all_objects.filter(provider=instance)
+        _, resources_summary = batch_delete(resources_qs)
+        deletion_summary.update(resources_summary)
+
+        # Delete Scans
+        scans_qs = Scan.all_objects.filter(provider=instance)
+        _, scans_summary = batch_delete(scans_qs)
+        deletion_summary.update(scans_summary)
+
+        provider_deleted_count, provider_summary = instance.delete()
        deletion_summary.update(provider_summary)
-    except DatabaseError as db_error:
-        logger.error(f"Error deleting Provider: {db_error}")
-        raise
+
    return deletion_summary


@@ -65,8 +66,9 @@ def delete_tenant(pk: str):
    deletion_summary = {}

    for provider in Provider.objects.using(MainRouter.admin_db).filter(tenant_id=pk):
-        summary = delete_provider(pk, provider.id)
-        deletion_summary.update(summary)
+        with tenant_transaction(pk):
+            summary = delete_provider(provider.id)
+            deletion_summary.update(summary)

    Tenant.objects.using(MainRouter.admin_db).filter(id=pk).delete()

--- a/api/src/backend/tasks/jobs/export.py
+++ b/api/src/backend/tasks/jobs/export.py
@@ -1,249 +0,0 @@
-import os
-import zipfile
-
-import boto3
-import config.django.base as base
-from botocore.exceptions import ClientError, NoCredentialsError, ParamValidationError
-from celery.utils.log import get_task_logger
-from django.conf import settings
-
-from prowler.config.config import (
-    csv_file_suffix,
-    html_file_suffix,
-    json_ocsf_file_suffix,
-    output_file_timestamp,
-)
-from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
-    AWSWellArchitected,
-)
-from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
-from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
-from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
-from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
-from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
-from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
-from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
-from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
-from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
-from prowler.lib.outputs.compliance.iso27001.iso27001_azure import AzureISO27001
-from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
-from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
-    KubernetesISO27001,
-)
-from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
-from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
-from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
-    AzureMitreAttack,
-)
-from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_gcp import GCPMitreAttack
-from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_aws import (
-    ProwlerThreatScoreAWS,
-)
-from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_azure import (
-    ProwlerThreatScoreAzure,
-)
-from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_gcp import (
-    ProwlerThreatScoreGCP,
-)
-from prowler.lib.outputs.csv.csv import CSV
-from prowler.lib.outputs.html.html import HTML
-from prowler.lib.outputs.ocsf.ocsf import OCSF
-
-logger = get_task_logger(__name__)
-
-
-COMPLIANCE_CLASS_MAP = {
-    "aws": [
-        (lambda name: name.startswith("cis_"), AWSCIS),
-        (lambda name: name == "mitre_attack_aws", AWSMitreAttack),
-        (lambda name: name.startswith("ens_"), AWSENS),
-        (
-            lambda name: name.startswith("aws_well_architected_framework"),
-            AWSWellArchitected,
-        ),
-        (lambda name: name.startswith("iso27001_"), AWSISO27001),
-        (lambda name: name.startswith("kisa"), AWSKISAISMSP),
-        (lambda name: name == "prowler_threatscore_aws", ProwlerThreatScoreAWS),
-    ],
-    "azure": [
-        (lambda name: name.startswith("cis_"), AzureCIS),
-        (lambda name: name == "mitre_attack_azure", AzureMitreAttack),
-        (lambda name: name.startswith("ens_"), AzureENS),
-        (lambda name: name.startswith("iso27001_"), AzureISO27001),
-        (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
-    ],
-    "gcp": [
-        (lambda name: name.startswith("cis_"), GCPCIS),
-        (lambda name: name == "mitre_attack_gcp", GCPMitreAttack),
-        (lambda name: name.startswith("ens_"), GCPENS),
-        (lambda name: name.startswith("iso27001_"), GCPISO27001),
-        (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
-    ],
-    "kubernetes": [
-        (lambda name: name.startswith("cis_"), KubernetesCIS),
-        (lambda name: name.startswith("iso27001_"), KubernetesISO27001),
-    ],
-    "m365": [
-        (lambda name: name.startswith("cis_"), M365CIS),
-    ],
-}
-
-
-# Predefined mapping for output formats and their configurations
-OUTPUT_FORMATS_MAPPING = {
-    "csv": {
-        "class": CSV,
-        "suffix": csv_file_suffix,
-        "kwargs": {},
-    },
-    "json-ocsf": {"class": OCSF, "suffix": json_ocsf_file_suffix, "kwargs": {}},
-    "html": {"class": HTML, "suffix": html_file_suffix, "kwargs": {"stats": {}}},
-}
-
-
-def _compress_output_files(output_directory: str) -> str:
-    """
-    Compress output files from all configured output formats into a ZIP archive.
-    Args:
-        output_directory (str): The directory where the output files are located.
-            The function looks up all known suffixes in OUTPUT_FORMATS_MAPPING
-            and compresses those files into a single ZIP.
-    Returns:
-        str: The full path to the newly created ZIP archive.
-    """
-    zip_path = f"{output_directory}.zip"
-    parent_dir = os.path.dirname(output_directory)
-    zip_path_abs = os.path.abspath(zip_path)
-
-    with zipfile.ZipFile(zip_path, "w", zipfile.ZIP_DEFLATED) as zipf:
-        for foldername, _, filenames in os.walk(parent_dir):
-            for filename in filenames:
-                file_path = os.path.join(foldername, filename)
-                if os.path.abspath(file_path) == zip_path_abs:
-                    continue
-                arcname = os.path.relpath(file_path, start=parent_dir)
-                zipf.write(file_path, arcname)
-
-    return zip_path
-
-
-def get_s3_client():
-    """
-    Create and return a boto3 S3 client using AWS credentials from environment variables.
-
-    This function attempts to initialize an S3 client by reading the AWS access key, secret key,
-    session token, and region from environment variables. It then validates the client by listing
-    available S3 buckets. If an error occurs during this process (for example, due to missing or
-    invalid credentials), it falls back to creating an S3 client without explicitly provided credentials,
-    which may rely on other configuration sources (e.g., IAM roles).
-
-    Returns:
-        boto3.client: A configured S3 client instance.
-
-    Raises:
-        ClientError, NoCredentialsError, or ParamValidationError if both attempts to create a client fail.
-    """
-    s3_client = None
-    try:
-        s3_client = boto3.client(
-            "s3",
-            aws_access_key_id=settings.DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID,
-            aws_secret_access_key=settings.DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY,
-            aws_session_token=settings.DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN,
-            region_name=settings.DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION,
-        )
-        s3_client.list_buckets()
-    except (ClientError, NoCredentialsError, ParamValidationError, ValueError):
-        s3_client = boto3.client("s3")
-        s3_client.list_buckets()
-
-    return s3_client
-
-
-def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str:
-    """
-    Upload the specified ZIP file to an S3 bucket.
-    If the S3 bucket environment variables are not configured,
-    the function returns None without performing an upload.
-    Args:
-        tenant_id (str): The tenant identifier, used as part of the S3 key prefix.
-        zip_path (str): The local file system path to the ZIP file to be uploaded.
-        scan_id (str): The scan identifier, used as part of the S3 key prefix.
-    Returns:
-        str: The S3 URI of the uploaded file (e.g., "s3://<bucket>/<key>") if successful.
-        None: If the required environment variables for the S3 bucket are not set.
-    Raises:
-        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
-    """
-    bucket = base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET
-    if not bucket:
-        return None
-
-    try:
-        s3 = get_s3_client()
-
-        # Upload the ZIP file (outputs) to the S3 bucket
-        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
-        s3.upload_file(
-            Filename=zip_path,
-            Bucket=bucket,
-            Key=zip_key,
-        )
-
-        # Upload the compliance directory to the S3 bucket
-        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
-        for filename in os.listdir(compliance_dir):
-            local_path = os.path.join(compliance_dir, filename)
-            if not os.path.isfile(local_path):
-                continue
-            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
-            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
-
-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
-    except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
-        logger.error(f"S3 upload failed: {str(e)}")
-
-
-def _generate_output_directory(
-    output_directory, prowler_provider: object, tenant_id: str, scan_id: str
-) -> tuple[str, str]:
-    """
-    Generate a file system path for the output directory of a prowler scan.
-
-    This function constructs the output directory path by combining a base
-    temporary output directory, the tenant ID, the scan ID, and details about
-    the prowler provider along with a timestamp. The resulting path is used to
-    store the output files of a prowler scan.
-
-    Note:
-        This function depends on one external variable:
-          - `output_file_timestamp`: A timestamp (as a string) used to uniquely identify the output.
-
-    Args:
-        output_directory (str): The base output directory.
-        prowler_provider (object): An identifier or descriptor for the prowler provider.
-                                   Typically, this is a string indicating the provider (e.g., "aws").
-        tenant_id (str): The unique identifier for the tenant.
-        scan_id (str): The unique identifier for the scan.
-
-    Returns:
-        str: The constructed file system path for the prowler scan output directory.
-
-    Example:
-        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
-        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
-        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
-    """
-    path = (
-        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
-        f"{prowler_provider}-{output_file_timestamp}"
-    )
-    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)
-
-    compliance_path = (
-        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
-        f"{prowler_provider}-{output_file_timestamp}"
-    )
-    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)
-
-    return path, compliance_path
--- a/api/src/backend/tasks/jobs/scan.py
+++ b/api/src/backend/tasks/jobs/scan.py
@@ -1,4 +1,3 @@
-import json
 import time
 from copy import deepcopy
 from datetime import datetime, timezone
@@ -7,13 +6,12 @@ from celery.utils.log import get_task_logger
 from config.settings.celery import CELERY_DEADLOCK_ATTEMPTS
 from django.db import IntegrityError, OperationalError
 from django.db.models import Case, Count, IntegerField, Sum, When
-from tasks.utils import CustomEncoder

 from api.compliance import (
    PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE,
    generate_scan_compliance,
 )
-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction
 from api.models import (
    ComplianceOverview,
    Finding,
@@ -71,7 +69,7 @@ def _store_resources(
            - tuple[str, str]: A tuple containing the resource UID and region.

    """
-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        resource_instance, created = Resource.objects.get_or_create(
            tenant_id=tenant_id,
            provider=provider_instance,
@@ -88,7 +86,7 @@ def _store_resources(
            resource_instance.service = finding.service_name
            resource_instance.type = finding.resource_type
            resource_instance.save()
-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        tags = [
            ResourceTag.objects.get_or_create(
                tenant_id=tenant_id, key=key, value=value
@@ -118,12 +116,13 @@ def perform_prowler_scan(
        ValueError: If the provider cannot be connected.

    """
+    generate_compliance = False
    check_status_by_region = {}
    exception = None
    unique_resources = set()
    start_time = time.time()

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        provider_instance = Provider.objects.get(pk=provider_id)
        scan_instance = Scan.objects.get(pk=scan_id)
        scan_instance.state = StateChoices.EXECUTING
@@ -131,7 +130,7 @@ def perform_prowler_scan(
        scan_instance.save()

    try:
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            try:
                prowler_provider = initialize_prowler_provider(provider_instance)
                provider_instance.connected = True
@@ -146,6 +145,7 @@ def perform_prowler_scan(
                )
                provider_instance.save()

+        generate_compliance = provider_instance.provider != Provider.ProviderChoices.GCP
        prowler_scan = ProwlerScan(provider=prowler_provider, checks=checks_to_execute)

        resource_cache = {}
@@ -154,12 +154,9 @@ def perform_prowler_scan(

        for progress, findings in prowler_scan.scan():
            for finding in findings:
-                if finding is None:
-                    logger.error(f"None finding detected on scan {scan_id}.")
-                    continue
                for attempt in range(CELERY_DEADLOCK_ATTEMPTS):
                    try:
-                        with rls_transaction(tenant_id):
+                        with tenant_transaction(tenant_id):
                            # Process resource
                            resource_uid = finding.resource_uid
                            if resource_uid not in resource_cache:
@@ -181,10 +178,7 @@ def perform_prowler_scan(

                        # Update resource fields if necessary
                        updated_fields = []
-                        if (
-                            finding.region
-                            and resource_instance.region != finding.region
-                        ):
+                        if resource_instance.region != finding.region:
                            resource_instance.region = finding.region
                            updated_fields.append("region")
                        if resource_instance.service != finding.service_name:
@@ -193,19 +187,8 @@ def perform_prowler_scan(
                        if resource_instance.type != finding.resource_type:
                            resource_instance.type = finding.resource_type
                            updated_fields.append("type")
-                        if resource_instance.metadata != finding.resource_metadata:
-                            resource_instance.metadata = json.dumps(
-                                finding.resource_metadata, cls=CustomEncoder
-                            )
-                            updated_fields.append("metadata")
-                        if resource_instance.details != finding.resource_details:
-                            resource_instance.details = finding.resource_details
-                            updated_fields.append("details")
-                        if resource_instance.partition != finding.partition:
-                            resource_instance.partition = finding.partition
-                            updated_fields.append("partition")
                        if updated_fields:
-                            with rls_transaction(tenant_id):
+                            with tenant_transaction(tenant_id):
                                resource_instance.save(update_fields=updated_fields)
                    except (OperationalError, IntegrityError) as db_err:
                        if attempt < CELERY_DEADLOCK_ATTEMPTS - 1:
@@ -220,7 +203,7 @@ def perform_prowler_scan(

                # Update tags
                tags = []
-                with rls_transaction(tenant_id):
+                with tenant_transaction(tenant_id):
                    for key, value in finding.resource_tags.items():
                        tag_key = (key, value)
                        if tag_key not in tag_cache:
@@ -236,35 +219,26 @@ def perform_prowler_scan(
                unique_resources.add((resource_instance.uid, resource_instance.region))

                # Process finding
-                with rls_transaction(tenant_id):
+                with tenant_transaction(tenant_id):
                    finding_uid = finding.uid
-                    last_first_seen_at = None
                    if finding_uid not in last_status_cache:
                        most_recent_finding = (
-                            Finding.all_objects.filter(
-                                tenant_id=tenant_id, uid=finding_uid
-                            )
-                            .order_by("-inserted_at")
-                            .values("status", "first_seen_at")
+                            Finding.objects.filter(uid=finding_uid)
+                            .order_by("-id")
+                            .values("status")
                            .first()
                        )
-                        last_status = None
-                        if most_recent_finding:
-                            last_status = most_recent_finding["status"]
-                            last_first_seen_at = most_recent_finding["first_seen_at"]
-                        last_status_cache[finding_uid] = last_status, last_first_seen_at
+                        last_status = (
+                            most_recent_finding["status"]
+                            if most_recent_finding
+                            else None
+                        )
+                        last_status_cache[finding_uid] = last_status
                    else:
-                        last_status, last_first_seen_at = last_status_cache[finding_uid]
+                        last_status = last_status_cache[finding_uid]

                    status = FindingStatus[finding.status]
                    delta = _create_finding_delta(last_status, status)
-                    # For the findings prior to the change, when a first finding is found with delta!="new" it will be
-                    # assigned a current date as first_seen_at and the successive findings with the same UID will
-                    # always get the date of the previous finding.
-                    # For new findings, when a finding (delta="new") is found for the first time, the first_seen_at
-                    # attribute will be assigned the current date, the following findings will get that date.
-                    if not last_first_seen_at:
-                        last_first_seen_at = datetime.now(tz=timezone.utc)

                    # Create the finding
                    finding_instance = Finding.objects.create(
@@ -279,14 +253,11 @@ def perform_prowler_scan(
                        raw_result=finding.raw,
                        check_id=finding.check_id,
                        scan=scan_instance,
-                        first_seen_at=last_first_seen_at,
-                        muted=finding.muted,
-                        compliance=finding.compliance,
                    )
                    finding_instance.add_resources([resource_instance])

                # Update compliance data if applicable
-                if finding.status.value == "MUTED":
+                if not generate_compliance or finding.status.value == "MUTED":
                    continue

                region_dict = check_status_by_region.setdefault(finding.region, {})
@@ -296,7 +267,7 @@ def perform_prowler_scan(
                region_dict[finding.check_id] = finding.status.value

            # Update scan progress
-            with rls_transaction(tenant_id):
+            with tenant_transaction(tenant_id):
                scan_instance.progress = progress
                scan_instance.save()

@@ -308,13 +279,13 @@ def perform_prowler_scan(
        scan_instance.state = StateChoices.FAILED

    finally:
-        with rls_transaction(tenant_id):
+        with tenant_transaction(tenant_id):
            scan_instance.duration = time.time() - start_time
            scan_instance.completed_at = datetime.now(tz=timezone.utc)
            scan_instance.unique_resource_count = len(unique_resources)
            scan_instance.save()

-    if exception is None:
+    if exception is None and generate_compliance:
        try:
            regions = prowler_provider.get_regions()
        except AttributeError:
@@ -359,18 +330,9 @@ def perform_prowler_scan(
                        total_requirements=compliance["total_requirements"],
                    )
                )
-        try:
-            with rls_transaction(tenant_id):
-                ComplianceOverview.objects.bulk_create(
-                    compliance_overview_objects, batch_size=100
-                )
-        except Exception as overview_exception:
-            import sentry_sdk
+        with tenant_transaction(tenant_id):
+            ComplianceOverview.objects.bulk_create(compliance_overview_objects)

-            sentry_sdk.capture_exception(overview_exception)
-            logger.error(
-                f"Error storing compliance overview for scan {scan_id}: {overview_exception}"
-            )
    if exception is not None:
        raise exception

@@ -406,8 +368,8 @@ def aggregate_findings(tenant_id: str, scan_id: str):
        - muted_new: Muted findings with a delta of 'new'.
        - muted_changed: Muted findings with a delta of 'changed'.
    """
-    with rls_transaction(tenant_id):
-        findings = Finding.objects.filter(tenant_id=tenant_id, scan_id=scan_id)
+    with tenant_transaction(tenant_id):
+        findings = Finding.objects.filter(scan_id=scan_id)

        aggregation = findings.values(
            "check_id",
@@ -417,21 +379,21 @@ def aggregate_findings(tenant_id: str, scan_id: str):
        ).annotate(
            fail=Sum(
                Case(
-                    When(status="FAIL", muted=False, then=1),
+                    When(status="FAIL", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            _pass=Sum(
                Case(
-                    When(status="PASS", muted=False, then=1),
+                    When(status="PASS", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
-            muted_count=Sum(
+            muted=Sum(
                Case(
-                    When(muted=True, then=1),
+                    When(status="MUTED", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
@@ -439,70 +401,70 @@ def aggregate_findings(tenant_id: str, scan_id: str):
            total=Count("id"),
            new=Sum(
                Case(
-                    When(delta="new", muted=False, then=1),
+                    When(delta="new", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            changed=Sum(
                Case(
-                    When(delta="changed", muted=False, then=1),
+                    When(delta="changed", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            unchanged=Sum(
                Case(
-                    When(delta__isnull=True, muted=False, then=1),
+                    When(delta__isnull=True, then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            fail_new=Sum(
                Case(
-                    When(delta="new", status="FAIL", muted=False, then=1),
+                    When(delta="new", status="FAIL", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            fail_changed=Sum(
                Case(
-                    When(delta="changed", status="FAIL", muted=False, then=1),
+                    When(delta="changed", status="FAIL", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            pass_new=Sum(
                Case(
-                    When(delta="new", status="PASS", muted=False, then=1),
+                    When(delta="new", status="PASS", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            pass_changed=Sum(
                Case(
-                    When(delta="changed", status="PASS", muted=False, then=1),
+                    When(delta="changed", status="PASS", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            muted_new=Sum(
                Case(
-                    When(delta="new", muted=True, then=1),
+                    When(delta="new", status="MUTED", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
            muted_changed=Sum(
                Case(
-                    When(delta="changed", muted=True, then=1),
+                    When(delta="changed", status="MUTED", then=1),
                    default=0,
                    output_field=IntegerField(),
                )
            ),
        )

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
        scan_aggregations = {
            ScanSummary(
                tenant_id=tenant_id,
@@ -513,7 +475,7 @@ def aggregate_findings(tenant_id: str, scan_id: str):
                region=agg["resources__region"],
                fail=agg["fail"],
                _pass=agg["_pass"],
-                muted=agg["muted_count"],
+                muted=agg["muted"],
                total=agg["total"],
                new=agg["new"],
                changed=agg["changed"],
--- a/api/src/backend/tasks/tasks.py
+++ b/api/src/backend/tasks/tasks.py
@@ -1,35 +1,15 @@
 from datetime import datetime, timedelta, timezone
-from pathlib import Path
-from shutil import rmtree

-from celery import chain, shared_task
-from celery.utils.log import get_task_logger
+from celery import shared_task
 from config.celery import RLSTask
-from config.django.base import DJANGO_FINDINGS_BATCH_SIZE, DJANGO_TMP_OUTPUT_DIRECTORY
 from django_celery_beat.models import PeriodicTask
 from tasks.jobs.connection import check_provider_connection
 from tasks.jobs.deletion import delete_provider, delete_tenant
-from tasks.jobs.export import (
-    COMPLIANCE_CLASS_MAP,
-    OUTPUT_FORMATS_MAPPING,
-    _compress_output_files,
-    _generate_output_directory,
-    _upload_to_s3,
-)
 from tasks.jobs.scan import aggregate_findings, perform_prowler_scan
-from tasks.utils import batched, get_next_execution_datetime

-from api.compliance import get_compliance_frameworks
-from api.db_utils import rls_transaction
+from api.db_utils import tenant_transaction
 from api.decorators import set_tenant
-from api.models import Finding, Provider, Scan, ScanSummary, StateChoices
-from api.utils import initialize_prowler_provider
-from api.v1.serializers import ScanTaskSerializer
-from prowler.lib.check.compliance_models import Compliance
-from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
-from prowler.lib.outputs.finding import Finding as FindingOutput
-
-logger = get_task_logger(__name__)
+from api.models import Provider, Scan


@shared_task(base=RLSTask, name="provider-connection-check")
@@ -49,10 +29,9 @@ def check_provider_connection_task(provider_id: str):
    return check_provider_connection(provider_id=provider_id)


-@shared_task(
-    base=RLSTask, name="provider-deletion", queue="deletion", autoretry_for=(Exception,)
-)
-def delete_provider_task(provider_id: str, tenant_id: str):
+@shared_task(base=RLSTask, name="provider-deletion")
+@set_tenant
+def delete_provider_task(provider_id: str):
    """
    Task to delete a specific Provider instance.

@@ -60,7 +39,6 @@ def delete_provider_task(provider_id: str, tenant_id: str):

    Args:
        provider_id (str): The primary key of the `Provider` instance to be deleted.
-        tenant_id (str): Tenant ID the provider belongs to.

    Returns:
        tuple: A tuple containing:
@@ -68,7 +46,7 @@ def delete_provider_task(provider_id: str, tenant_id: str):
            - A dictionary with the count of deleted instances per model,
              including related models if cascading deletes were triggered.
    """
-    return delete_provider(tenant_id=tenant_id, pk=provider_id)
+    return delete_provider(pk=provider_id)


@shared_task(base=RLSTask, name="scan-perform", queue="scans")
@@ -91,22 +69,13 @@ def perform_scan_task(
    Returns:
        dict: The result of the scan execution, typically including the status and results of the performed checks.
    """
-    result = perform_prowler_scan(
+    return perform_prowler_scan(
        tenant_id=tenant_id,
        scan_id=scan_id,
        provider_id=provider_id,
        checks_to_execute=checks_to_execute,
    )

-    chain(
-        perform_scan_summary_task.si(tenant_id, scan_id),
-        generate_outputs.si(
-            scan_id=scan_id, provider_id=provider_id, tenant_id=tenant_id
-        ),
-    ).apply_async()
-
-    return result
-

@shared_task(base=RLSTask, bind=True, name="scan-perform-scheduled", queue="scans")
 def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
@@ -130,91 +99,35 @@ def perform_scheduled_scan_task(self, tenant_id: str, provider_id: str):
    """
    task_id = self.request.id

-    with rls_transaction(tenant_id):
+    with tenant_transaction(tenant_id):
+        provider_instance = Provider.objects.get(pk=provider_id)
        periodic_task_instance = PeriodicTask.objects.get(
            name=f"scan-perform-scheduled-{provider_id}"
        )
+        next_scan_date = datetime.combine(
+            datetime.now(timezone.utc), periodic_task_instance.start_time.time()
+        ) + timedelta(hours=24)

-        executed_scan = Scan.objects.filter(
+        scan_instance = Scan.objects.create(
            tenant_id=tenant_id,
-            provider_id=provider_id,
-            task__task_runner_task__task_id=task_id,
-        ).order_by("completed_at")
-
-        if (
-            Scan.objects.filter(
-                tenant_id=tenant_id,
-                provider_id=provider_id,
-                trigger=Scan.TriggerChoices.SCHEDULED,
-                state=StateChoices.EXECUTING,
-                scheduler_task_id=periodic_task_instance.id,
-                scheduled_at__date=datetime.now(timezone.utc).date(),
-            ).exists()
-            or executed_scan.exists()
-        ):
-            # Duplicated task execution due to visibility timeout or scan is already running
-            logger.warning(f"Duplicated scheduled scan for provider {provider_id}.")
-            try:
-                affected_scan = executed_scan.first()
-                if not affected_scan:
-                    raise ValueError(
-                        "Error retrieving affected scan details after detecting duplicated scheduled "
-                        "scan."
-                    )
-                # Return the affected scan details to avoid losing data
-                serializer = ScanTaskSerializer(instance=affected_scan)
-            except Exception as duplicated_scan_exception:
-                logger.error(
-                    f"Duplicated scheduled scan for provider {provider_id}. Error retrieving affected scan details: "
-                    f"{str(duplicated_scan_exception)}"
-                )
-                raise duplicated_scan_exception
-            return serializer.data
-
-        next_scan_datetime = get_next_execution_datetime(task_id, provider_id)
-        scan_instance, _ = Scan.objects.get_or_create(
-            tenant_id=tenant_id,
-            provider_id=provider_id,
+            name="Daily scheduled scan",
+            provider=provider_instance,
            trigger=Scan.TriggerChoices.SCHEDULED,
-            state__in=(StateChoices.SCHEDULED, StateChoices.AVAILABLE),
-            scheduler_task_id=periodic_task_instance.id,
-            defaults={
-                "state": StateChoices.SCHEDULED,
-                "name": "Daily scheduled scan",
-                "scheduled_at": next_scan_datetime - timedelta(days=1),
-            },
+            next_scan_at=next_scan_date,
+            task_id=task_id,
        )

-        scan_instance.task_id = task_id
-        scan_instance.save()
-
-    try:
-        result = perform_prowler_scan(
-            tenant_id=tenant_id,
-            scan_id=str(scan_instance.id),
-            provider_id=provider_id,
-        )
-    except Exception as e:
-        raise e
-    finally:
-        with rls_transaction(tenant_id):
-            Scan.objects.get_or_create(
-                tenant_id=tenant_id,
-                name="Daily scheduled scan",
-                provider_id=provider_id,
-                trigger=Scan.TriggerChoices.SCHEDULED,
-                state=StateChoices.SCHEDULED,
-                scheduled_at=next_scan_datetime,
-                scheduler_task_id=periodic_task_instance.id,
-            )
-
-    chain(
-        perform_scan_summary_task.si(tenant_id, scan_instance.id),
-        generate_outputs.si(
-            scan_id=str(scan_instance.id), provider_id=provider_id, tenant_id=tenant_id
-        ),
-    ).apply_async()
-
+    result = perform_prowler_scan(
+        tenant_id=tenant_id,
+        scan_id=str(scan_instance.id),
+        provider_id=provider_id,
+    )
+    perform_scan_summary_task.apply_async(
+        kwargs={
+            "tenant_id": tenant_id,
+            "scan_id": str(scan_instance.id),
+        }
+    )
    return result


@@ -223,138 +136,6 @@ def perform_scan_summary_task(tenant_id: str, scan_id: str):
    return aggregate_findings(tenant_id=tenant_id, scan_id=scan_id)


-@shared_task(name="tenant-deletion", queue="deletion", autoretry_for=(Exception,))
+@shared_task(name="tenant-deletion")
 def delete_tenant_task(tenant_id: str):
    return delete_tenant(pk=tenant_id)
-
-
-@shared_task(
-    base=RLSTask,
-    name="scan-report",
-    queue="scan-reports",
-)
-@set_tenant(keep_tenant=True)
-def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
-    """
-    Process findings in batches and generate output files in multiple formats.
-
-    This function retrieves findings associated with a scan, processes them
-    in batches of 50, and writes each batch to the corresponding output files.
-    It reuses output writer instances across batches, updates them with each
-    batch of transformed findings, and uses a flag to indicate when the final
-    batch is being processed. Finally, the output files are compressed and
-    uploaded to S3.
-
-    Args:
-        tenant_id (str): The tenant identifier.
-        scan_id (str): The scan identifier.
-        provider_id (str): The provider_id id to be used in generating outputs.
-    """
-    # Check if the scan has findings
-    if not ScanSummary.objects.filter(scan_id=scan_id).exists():
-        logger.info(f"No findings found for scan {scan_id}")
-        return {"upload": False}
-
-    provider_obj = Provider.objects.get(id=provider_id)
-    prowler_provider = initialize_prowler_provider(provider_obj)
-    provider_uid = provider_obj.uid
-    provider_type = provider_obj.provider
-
-    frameworks_bulk = Compliance.get_bulk(provider_type)
-    frameworks_avail = get_compliance_frameworks(provider_type)
-    out_dir, comp_dir = _generate_output_directory(
-        DJANGO_TMP_OUTPUT_DIRECTORY, provider_uid, tenant_id, scan_id
-    )
-
-    def get_writer(writer_map, name, factory, is_last):
-        """
-        Return existing writer_map[name] or create via factory().
-        In both cases set `.close_file = is_last`.
-        """
-        initialization = False
-        if name not in writer_map:
-            writer_map[name] = factory()
-            initialization = True
-        w = writer_map[name]
-        w.close_file = is_last
-
-        return w, initialization
-
-    output_writers = {}
-    compliance_writers = {}
-
-    scan_summary = FindingOutput._transform_findings_stats(
-        ScanSummary.objects.filter(scan_id=scan_id)
-    )
-
-    qs = Finding.all_objects.filter(scan_id=scan_id).order_by("uid").iterator()
-    for batch, is_last in batched(qs, DJANGO_FINDINGS_BATCH_SIZE):
-        fos = [FindingOutput.transform_api_finding(f, prowler_provider) for f in batch]
-
-        # Outputs
-        for mode, cfg in OUTPUT_FORMATS_MAPPING.items():
-            cls = cfg["class"]
-            suffix = cfg["suffix"]
-            extra = cfg.get("kwargs", {}).copy()
-            if mode == "html":
-                extra.update(provider=prowler_provider, stats=scan_summary)
-
-            writer, initialization = get_writer(
-                output_writers,
-                cls,
-                lambda cls=cls, fos=fos, suffix=suffix: cls(
-                    findings=fos,
-                    file_path=out_dir,
-                    file_extension=suffix,
-                    from_cli=False,
-                ),
-                is_last,
-            )
-            if not initialization:
-                writer.transform(fos)
-            writer.batch_write_data_to_file(**extra)
-            writer._data.clear()
-
-        # Compliance CSVs
-        for name in frameworks_avail:
-            compliance_obj = frameworks_bulk[name]
-
-            klass = GenericCompliance
-            for condition, cls in COMPLIANCE_CLASS_MAP.get(provider_type, []):
-                if condition(name):
-                    klass = cls
-                    break
-
-            filename = f"{comp_dir}_{name}.csv"
-
-            writer, initialization = get_writer(
-                compliance_writers,
-                name,
-                lambda klass=klass, fos=fos: klass(
-                    findings=fos,
-                    compliance=compliance_obj,
-                    file_path=filename,
-                    from_cli=False,
-                ),
-                is_last,
-            )
-            if not initialization:
-                writer.transform(fos, compliance_obj, name)
-            writer.batch_write_data_to_file()
-            writer._data.clear()
-
-    compressed = _compress_output_files(out_dir)
-    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)
-
-    if upload_uri:
-        try:
-            rmtree(Path(compressed).parent, ignore_errors=True)
-        except Exception as e:
-            logger.error(f"Error deleting output files: {e}")
-        final_location, did_upload = upload_uri, True
-    else:
-        final_location, did_upload = compressed, False
-
-    Scan.all_objects.filter(id=scan_id).update(output_location=final_location)
-    logger.info(f"Scan outputs at {final_location}")
-    return {"upload": did_upload}
--- a/api/src/backend/tasks/tests/test_beat.py
+++ b/api/src/backend/tasks/tests/test_beat.py
@@ -6,8 +6,6 @@ from django_celery_beat.models import IntervalSchedule, PeriodicTask
 from rest_framework_json_api.serializers import ValidationError
 from tasks.beat import schedule_provider_scan

-from api.models import Scan
-

@pytest.mark.django_db
 class TestScheduleProviderScan:
@@ -17,11 +15,9 @@ class TestScheduleProviderScan:
        with patch(
            "tasks.tasks.perform_scheduled_scan_task.apply_async"
        ) as mock_apply_async:
-            assert Scan.all_objects.count() == 0
            result = schedule_provider_scan(provider_instance)

            assert result is not None
-            assert Scan.all_objects.count() == 1

            mock_apply_async.assert_called_once_with(
                kwargs={
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pablo Lara	a75755c8c5	WIP: add change role to the user's invitations	2024-12-15 10:37:51 +01:00
Pablo Lara	3e0568f381	chore: add change role to the user's invitations	2024-12-13 12:38:08 +01:00
Pablo Lara	fec66a3685	Merge branch 'master' into PRWLR-4669-Roles-Page-API-UI	2024-12-13 06:02:29 +01:00
Pablo Lara	ba335de6b3	chore: fix error with exports	2024-12-11 08:30:12 +01:00
Pablo Lara	93051d55d5	feat: add role when invite an user	2024-12-10 18:14:57 +01:00
Pablo Lara	161c56ffe4	feat: add permission column to roles table	2024-12-10 11:28:10 +01:00
Pablo Lara	e306322630	Merge branch 'PRWLR-5688-Implement-permission-status-filter' into PRWLR-4669-Roles-Page-API-UI	2024-12-10 10:47:14 +01:00
Adrián Jesús Peña Rodríguez	b4eb6e8076	feat(rbac): add permission_state field to role serializer	2024-12-10 10:45:09 +01:00
Pablo Lara	b54e9334b9	chore: add and edit roles is working now	2024-12-10 10:44:34 +01:00
Adrián Jesús Peña Rodríguez	5fd1af7559	feat(rbac): add permission_state filter	2024-12-10 10:33:26 +01:00
Pablo Lara	83c7ced6ff	Merge branch 'feat-rbac' into PRWLR-4669-Roles-Page-API-UI	2024-12-10 09:29:24 +01:00
Adrián Jesús Peña Rodríguez	67d9ff2419	ref(provider_groups): ref the provider_groups relationships endpoint (#6033 )	2024-12-10 09:28:22 +01:00
Pablo Lara	130fddae1e	feat: edit role feature	2024-12-10 09:08:25 +01:00
Pablo Lara	04b9f81e26	feat: add new role feature	2024-12-10 07:24:01 +01:00
Pablo Lara	29bc697487	feat: add roles page	2024-12-05 15:25:07 +01:00
Pablo Lara	381aa93f55	chore: add roles item to the sidebar	2024-12-05 09:12:31 +01:00
Adrián Jesús Peña Rodríguez	2bee4b986f	Merge branch 'master' into feat-rbac	2024-12-04 15:42:47 +01:00
Adrián Jesús Peña Rodríguez	9723b8fac1	Merge branch 'master' into feat-rbac	2024-12-04 12:51:39 +01:00
Adrián Jesús Peña Rodríguez	67ef67add9	feat(api-rbac): RBAC system (#5903 )	2024-11-26 12:32:55 +01:00