chore: add manage group actions

Merge branch 'PRWLR-5824-Update-resource-name-and-enable-relationships-on-role-and-provider_group-create-update' into PRWLR-4669-Roles-Page-UI-with-API-changes
2026-03-27 18:38:52 +00:00 · 2024-12-18 17:38:09 +01:00 · 2024-12-18 12:10:45 +01:00 · 2024-12-18 11:15:37 +01:00 · 2024-12-18 11:08:19 +01:00 · 2024-12-18 11:05:29 +01:00
3059 changed files with 39621 additions and 244774 deletions
--- a/.env
+++ b/.env
@@ -3,17 +3,16 @@
 # For production, it is recommended to use a secure method to store these variables and change the default secret keys.

 #### Prowler UI Configuration ####
-PROWLER_UI_VERSION="stable"
-AUTH_URL=http://localhost:3000
+PROWLER_UI_VERSION="latest"
+SITE_URL=http://localhost:3000
 API_BASE_URL=http://prowler-api:8080/api/v1
-NEXT_PUBLIC_API_DOCS_URL=http://prowler-api:8080/api/v1/docs
 AUTH_TRUST_HOST=true
 UI_PORT=3000
 # openssl rand -base64 32
 AUTH_SECRET="N/c6mnaS5+SWq81+819OrzQZlmx1Vxtp/orjttJSmw8="

 #### Prowler API Configuration ####
-PROWLER_API_VERSION="stable"
+PROWLER_API_VERSION="latest"
 # PostgreSQL settings
 # If running Django and celery on host, use 'localhost', else use 'postgres-db'
 POSTGRES_HOST=postgres-db
@@ -24,40 +23,12 @@ POSTGRES_USER=prowler
 POSTGRES_PASSWORD=postgres
 POSTGRES_DB=prowler_db

-# Celery-Prowler task settings
-TASK_RETRY_DELAY_SECONDS=0.1
-TASK_RETRY_ATTEMPTS=5
-
 # Valkey settings
 # If running Valkey and celery on host, use localhost, else use 'valkey'
 VALKEY_HOST=valkey
 VALKEY_PORT=6379
 VALKEY_DB=0

-# API scan settings
-
-# The path to the directory where scan output should be stored
-DJANGO_TMP_OUTPUT_DIRECTORY="/tmp/prowler_api_output"
-
-# The maximum number of findings to process in a single batch
-DJANGO_FINDINGS_BATCH_SIZE=1000
-
-# The AWS access key to be used when uploading scan output to an S3 bucket
-# If left empty, default AWS credentials resolution behavior will be used
-DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID=""
-
-# The AWS secret key to be used when uploading scan output to an S3 bucket
-DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY=""
-
-# An optional AWS session token
-DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN=""
-
-# The AWS region where your S3 bucket is located (e.g., "us-east-1")
-DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION=""
-
-# The name of the S3 bucket where scan output should be stored
-DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET=""
-
 # Django settings
 DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,prowler-api
 DJANGO_BIND_ADDRESS=0.0.0.0
@@ -69,12 +40,9 @@ DJANGO_LOGGING_FORMATTER=human_readable
 # Select one of [DEBUG|INFO|WARNING|ERROR|CRITICAL]
 # Applies to both Django and Celery Workers
 DJANGO_LOGGING_LEVEL=INFO
-# Defaults to the maximum available based on CPU cores if not set.
-DJANGO_WORKERS=4
-# Token lifetime is in minutes
-DJANGO_ACCESS_TOKEN_LIFETIME=30
-# Token lifetime is in minutes
-DJANGO_REFRESH_TOKEN_LIFETIME=1440
+DJANGO_WORKERS=4 # Defaults to the maximum available based on CPU cores if not set.
+DJANGO_ACCESS_TOKEN_LIFETIME=30 # Token lifetime is in minutes
+DJANGO_REFRESH_TOKEN_LIFETIME=1440 # Token lifetime is in minutes
 DJANGO_CACHE_MAX_AGE=3600
 DJANGO_STALE_WHILE_REVALIDATE=60
 DJANGO_MANAGE_DB_PARTITIONS=True
@@ -119,21 +87,3 @@ jQIDAQAB
 -----END PUBLIC KEY-----"
 # openssl rand -base64 32
 DJANGO_SECRETS_ENCRYPTION_KEY="oE/ltOhp/n1TdbHjVmzcjDPLcLA41CVI/4Rk+UB5ESc="
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_SENTRY_DSN=
-
-# Sentry settings
-SENTRY_ENVIRONMENT=local
-SENTRY_RELEASE=local
-
-#### Prowler release version ####
-NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v5.5.1
-
-# Social login credentials
-SOCIAL_GOOGLE_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/google"
-SOCIAL_GOOGLE_OAUTH_CLIENT_ID=""
-SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET=""
-
-SOCIAL_GITHUB_OAUTH_CALLBACK_URL="${AUTH_URL}/api/auth/callback/github"
-SOCIAL_GITHUB_OAUTH_CLIENT_ID=""
-SOCIAL_GITHUB_OAUTH_CLIENT_SECRET=""
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,112 +9,96 @@ updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "daily"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
      - "pip"

-  # Dependabot Updates are temporary disabled - 2025/03/19
-  # - package-ecosystem: "pip"
-  #   directory: "/api"
-  #   schedule:
-  #     interval: "daily"
-  #   open-pull-requests-limit: 10
-  #   target-branch: master
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "component/api"
-
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "daily"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
      - "github_actions"

-  # Dependabot Updates are temporary disabled - 2025/03/19
-  # - package-ecosystem: "npm"
-  #   directory: "/ui"
-  #   schedule:
-  #     interval: "daily"
-  #   open-pull-requests-limit: 10
-  #   target-branch: master
-  #   labels:
-  #     - "dependencies"
-  #     - "npm"
-  #     - "component/ui"
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    target-branch: master
+    labels:
+      - "dependencies"
+      - "npm"

  - package-ecosystem: "docker"
    directory: "/"
    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 25
+      interval: "weekly"
+    open-pull-requests-limit: 10
    target-branch: master
    labels:
      - "dependencies"
      - "docker"

-  # Dependabot Updates are temporary disabled - 2025/04/15
  # v4.6
-  # - package-ecosystem: "pip"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "v4"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v4"

-  # - package-ecosystem: "github-actions"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "github_actions"
-  #     - "v4"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v4"

-  # - package-ecosystem: "docker"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "weekly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v4.6
-  #   labels:
-  #     - "dependencies"
-  #     - "docker"
-  #     - "v4"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    target-branch: v4.6
+    labels:
+      - "dependencies"
+      - "docker"
+      - "v4"

-  # Dependabot Updates are temporary disabled - 2025/03/19
  # v3
-  # - package-ecosystem: "pip"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "monthly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v3
-  #   labels:
-  #     - "dependencies"
-  #     - "pip"
-  #     - "v3"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+    target-branch: v3
+    labels:
+      - "dependencies"
+      - "pip"
+      - "v3"

-  # - package-ecosystem: "github-actions"
-  #   directory: "/"
-  #   schedule:
-  #     interval: "monthly"
-  #   open-pull-requests-limit: 10
-  #   target-branch: v3
-  #   labels:
-  #     - "dependencies"
-  #     - "github_actions"
-  #     - "v3"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 10
+    target-branch: v3
+    labels:
+      - "dependencies"
+      - "github_actions"
+      - "v3"
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -92,13 +92,3 @@ component/api:
 component/ui:
  - changed-files:
      - any-glob-to-any-file: "ui/**"
-
-compliance:
-  - changed-files:
-      - any-glob-to-any-file: "prowler/compliance/**"
-      - any-glob-to-any-file: "prowler/lib/outputs/compliance/**"
-      - any-glob-to-any-file: "tests/lib/outputs/compliance/**"
-
-review-django-migrations:
-  - changed-files:
-      - any-glob-to-any-file: "api/src/backend/api/migrations/**"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -15,13 +15,7 @@ Please include a summary of the change and which issue is fixed. List any depend
 - [ ] Review if the code is being covered by tests.
 - [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
 - [ ] Review if backport is needed.
- [ ] Review if is needed to change the [Readme.md](https://github.com/prowler-cloud/prowler/blob/master/README.md)
-
-#### API
- [ ] Verify if API specs need to be regenerated.
- [ ] Check if version updates are required (e.g., specs, Poetry, etc.).
- [ ] Ensure new entries are added to [CHANGELOG.md](https://github.com/prowler-cloud/prowler/blob/master/api/CHANGELOG.md), if applicable.

 ### License

-By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/api-build-lint-push-containers.yml
+++ b/.github/workflows/api-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./api

@@ -32,83 +31,51 @@ env:
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-api

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  # Build Prowler OSS container
  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.WORKING_DIRECTORY }}

    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set short git commit SHA
-        id: vars
+      - name: Repository check
+        working-directory: /tmp
        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
+
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-api-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/api-codeql.yml
+++ b/.github/workflows/api-codeql.yml
@@ -15,12 +15,16 @@ on:
  push:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
  pull_request:
    branches:
      - "master"
+      - "v3"
+      - "v4.*"
      - "v5.*"
    paths:
      - "api/**"
@@ -44,16 +48,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/api-pull-request.yml
+++ b/.github/workflows/api-pull-request.yml
@@ -4,17 +4,15 @@ on:
  push:
    branches:
      - "master"
-      - "v5.*"
    paths:
-      - ".github/workflows/api-pull-request.yml"
      - "api/**"
  pull_request:
    branches:
      - "master"
-      - "v5.*"
    paths:
      - "api/**"

+
 env:
  POSTGRES_HOST: localhost
  POSTGRES_PORT: 5432
@@ -26,8 +24,7 @@ env:
  VALKEY_HOST: localhost
  VALKEY_PORT: 6379
  VALKEY_DB: 0
-  API_WORKING_DIR: ./api
-  IMAGE_NAME: prowler-api
+

 jobs:
  test:
@@ -71,11 +68,11 @@ jobs:
          --health-retries 5

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@v45
        with:
          files: api/**
          files_ignore: |
@@ -85,30 +82,16 @@ jobs:
            api/README.md
            api/mkdocs.yml

-      - name: Replace @master with current branch in pyproject.toml
-        working-directory: ./api
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
-          echo "Using branch: $BRANCH_NAME"
-          sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
-
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==2.1.1
-
-      - name: Update poetry.lock after the branch name change
-        working-directory: ./api
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          poetry lock
+          pipx install poetry

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -117,7 +100,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install --no-root
+          poetry install
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -129,7 +112,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
+          poetry lock --check

      - name: Lint with ruff
        working-directory: ./api
@@ -159,7 +142,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run safety check --ignore 70612,66963,74429,77119
+          poetry run safety check --ignore 70612,66963

      - name: Vulture
        working-directory: ./api
@@ -181,23 +164,8 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
          flags: api
-  test-container-build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-      - name: Build Container
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
-        with:
-          context: ${{ env.API_WORKING_DIR }}
-          push: false
-          tags: ${{ env.IMAGE_NAME }}:latest
-          outputs: type=docker
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -23,7 +23,7 @@ jobs:
    steps:
      - name: Check labels
        id: preview_label_check
-        uses: agilepathway/label-checker@c3d16ad512e7cea5961df85ff2486bb774caf3c5 # v1.6.65
+        uses: docker://agilepathway/pull-request-label-checker:v1.6.55
        with:
          allow_failure: true
          prefix_mode: true
@@ -33,7 +33,7 @@ jobs:

      - name: Backport Action
        if: steps.preview_label_check.outputs.label_check == 'success'
-        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947 # v9.5.1
+        uses: sorenlouv/backport-github-action@v9.5.1
        with:
          github_token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          auto_backport_label_prefix: ${{ env.BACKPORT_LABEL_PREFIX }}
--- a/.github/workflows/build-documentation-on-pr.yml
+++ b/.github/workflows/build-documentation-on-pr.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Leave PR comment with the Prowler Documentation URI
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@v4
        with:
          issue-number: ${{ env.PR_NUMBER }}
          body: |
--- a/.github/workflows/conventional-commit.yml
+++ b/.github/workflows/conventional-commit.yml
@@ -1,23 +0,0 @@
-name: Prowler - Conventional Commit
-
-on:
-  pull_request:
-    types:
-      - "opened"
-      - "edited"
-      - "synchronize"
-    branches:
-      - "master"
-      - "v3"
-      - "v4.*"
-      - "v5.*"
-
-jobs:
-  conventional-commit-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: conventional-commit-check
-        id: conventional-commit-check
-        uses: agenthunt/conventional-commit-checker-action@9e552d650d0e205553ec7792d447929fc78e012b # v2.0.0
-        with:
-            pr-title-regex: '^([^\s(]+)(?:\(([^)]+)\))?: (.+)'
--- a/.github/workflows/find-secrets.yml
+++ b/.github/workflows/find-secrets.yml
@@ -7,11 +7,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@b06f6d72a3791308bb7ba59c2b8cb7a083bd17e4 # v3.88.26
+        uses: trufflesecurity/trufflehog@v3.86.1
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -14,4 +14,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+    - uses: actions/labeler@v5
--- a/.github/workflows/pull-request-check-changelog.yml
+++ b/.github/workflows/pull-request-check-changelog.yml
@@ -1,86 +0,0 @@
-name: Check Changelog
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled, unlabeled]
-
-jobs:
-  check-changelog:
-    if: contains(github.event.pull_request.labels.*.name, 'no-changelog') == false
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: write
-    env:
-      MONITORED_FOLDERS: "api ui prowler"
-
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Get list of changed files
-        id: changed_files
-        run: |
-          git fetch origin ${{ github.base_ref }}
-          git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt
-          cat changed_files.txt
-
-      - name: Check for folder changes and changelog presence
-        id: check_folders
-        run: |
-          missing_changelogs=""
-
-          for folder in $MONITORED_FOLDERS; do
-            if grep -q "^${folder}/" changed_files.txt; then
-              echo "Detected changes in ${folder}/"
-              if ! grep -q "^${folder}/CHANGELOG.md$" changed_files.txt; then
-                echo "No changelog update found for ${folder}/"
-                missing_changelogs="${missing_changelogs}- \`${folder}\`\n"
-              fi
-            fi
-          done
-
-          echo "missing_changelogs<<EOF" >> $GITHUB_OUTPUT
-          echo -e "${missing_changelogs}" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-      - name: Find existing changelog comment
-        if: github.event.pull_request.head.repo.full_name == github.repository
-        id: find_comment
-        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e #v3.1.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- changelog-check -->'
-
-      - name: Comment on PR if changelog is missing
-        if: github.event.pull_request.head.repo.full_name == github.repository && steps.check_folders.outputs.missing_changelogs != ''
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          body: |
-            <!-- changelog-check -->
-            ⚠️ **Changes detected in the following folders without a corresponding update to the `CHANGELOG.md`:**
-
-            ${{ steps.check_folders.outputs.missing_changelogs }}
-
-            Please add an entry to the corresponding `CHANGELOG.md` file to maintain a clear history of changes.
-
-      - name: Comment on PR if all changelogs are present
-        if: github.event.pull_request.head.repo.full_name == github.repository && steps.check_folders.outputs.missing_changelogs == ''
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          body: |
-            <!-- changelog-check -->
-            ✅ All necessary `CHANGELOG.md` files have been updated. Great job! 🎉
-
-      - name: Fail if changelog is missing
-        if: steps.check_folders.outputs.missing_changelogs != ''
-        run: |
-          echo "ERROR: Missing changelog updates in some folders."
-          exit 1
--- a/.github/workflows/pull-request-merged.yml
+++ b/.github/workflows/pull-request-merged.yml
@@ -1,37 +0,0 @@
-name: Prowler - Merged Pull Request
-
-on:
-  pull_request_target:
-    branches: ['master']
-    types: ['closed']
-
-jobs:
-  trigger-cloud-pull-request:
-    name: Trigger Cloud Pull Request
-    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ github.event.pull_request.merge_commit_sha }}
-
-      - name: Set short git commit SHA
-        id: vars
-        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
-
-      - name: Trigger pull request
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-pull-request-merged
-          client-payload: '{
-            "PROWLER_COMMIT_SHA": "${{ github.sha }}",
-            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
-            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
-            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
-            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }},
-            "PROWLER_PR_URL":${{ toJson(github.event.pull_request.html_url) }}
-          }'
--- a/.github/workflows/sdk-build-lint-push-containers.yml
+++ b/.github/workflows/sdk-build-lint-push-containers.yml
@@ -59,16 +59,16 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4

      - name: Setup Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}

      - name: Install Poetry
        run: |
-          pipx install poetry==2.*
+          pipx install poetry
          pipx inject poetry poetry-bumpversion

      - name: Get Prowler version
@@ -108,13 +108,13 @@ jobs:
          esac

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Public ECR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
@@ -123,11 +123,11 @@ jobs:
          AWS_REGION: ${{ env.AWS_REGION }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
--- a/.github/workflows/sdk-bump-version.yml
+++ b/.github/workflows/sdk-bump-version.yml
@@ -1,145 +0,0 @@
-name: SDK - Bump Version
-
-on:
-  release:
-    types: [published]
-
-
-env:
-  PROWLER_VERSION: ${{ github.event.release.tag_name }}
-  BASE_BRANCH: master
-
-jobs:
-  bump-version:
-    name: Bump Version
-    if: github.repository == 'prowler-cloud/prowler'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get Prowler version
-        shell: bash
-        run: |
-          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
-            MAJOR_VERSION=${BASH_REMATCH[1]}
-            MINOR_VERSION=${BASH_REMATCH[2]}
-            FIX_VERSION=${BASH_REMATCH[3]}
-
-            # Export version components to GitHub environment
-            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
-            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"
-
-            if (( MAJOR_VERSION == 5 )); then
-                if (( FIX_VERSION == 0 )); then
-                  echo "Minor Release: $PROWLER_VERSION"
-
-                  # Set up next minor version for master
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=${BASE_BRANCH}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  # Set up patch version for version branch
-                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
-                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
-                else
-                  echo "Patch Release: $PROWLER_VERSION"
-
-                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
-                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
-
-                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
-                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
-
-                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
-                fi
-            else
-                echo "Releasing another Prowler major version, aborting..."
-                exit 1
-            fi
-          else
-            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
-            exit 1
-          fi
-
-      - name: Bump versions in files
-        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"
-
-            set -e
-
-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml
-
-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py
-
-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env
-
-            git --no-pager diff
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.TARGET_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
-            body: |
-              ### Description
-
-              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}
-
-              ### License
-
-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
-
-      - name: Handle patch version for minor release
-        if: env.FIX_VERSION == '0'
-        run: |
-            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
-            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"
-
-            set -e
-
-            echo "Bumping version in pyproject.toml ..."
-            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml
-
-            echo "Bumping version in prowler/config/config.py ..."
-            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py
-
-            echo "Bumping version in .env ..."
-            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env
-
-            git --no-pager diff
-
-      - name: Create Pull Request for patch version
-        if: env.FIX_VERSION == '0'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
-            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-            base: ${{ env.VERSION_BRANCH }}
-            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
-            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
-            body: |
-              ### Description
-
-              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}
-
-              ### License
-
-              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
--- a/.github/workflows/sdk-codeql.yml
+++ b/.github/workflows/sdk-codeql.yml
@@ -17,21 +17,17 @@ on:
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
-      - '.github/**'
  pull_request:
    branches:
      - "master"
      - "v3"
      - "v4.*"
-      - "v5.*"
    paths-ignore:
      - 'ui/**'
      - 'api/**'
-      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

@@ -52,16 +48,16 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/sdk-pull-request.yml
+++ b/.github/workflows/sdk-pull-request.yml
@@ -21,11 +21,11 @@ jobs:
        python-version: ["3.9", "3.10", "3.11", "3.12"]

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Test if changes are in not ignored paths
        id: are-non-ignored-files-changed
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
+        uses: tj-actions/changed-files@v45
        with:
          files: ./**
          files_ignore: |
@@ -34,24 +34,19 @@ jobs:
            permissions/**
            api/**
            ui/**
-            prowler/CHANGELOG.md
            README.md
            mkdocs.yml
            .backportrc.json
-            .env
-            docker-compose*
-            examples/**
-            .gitignore

      - name: Install poetry
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
          python -m pip install --upgrade pip
-          pipx install poetry==2.1.1
+          pipx install poetry

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -59,7 +54,7 @@ jobs:
      - name: Install dependencies
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry install --no-root
+          poetry install
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
@@ -70,7 +65,7 @@ jobs:
      - name: Poetry check
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry check --lock
+          poetry lock --check

      - name: Lint with flake8
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -107,128 +102,15 @@ jobs:
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013

-      # Test AWS
-      - name: AWS - Check if any file has changed
-        id: aws-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/aws/**
-            ./tests/providers/aws/**
-            .poetry.lock
-
-      - name: AWS - Test
-        if: steps.aws-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/aws --cov-report=xml:aws_coverage.xml tests/providers/aws
-
-      # Test Azure
-      - name: Azure - Check if any file has changed
-        id: azure-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/azure/**
-            ./tests/providers/azure/**
-            .poetry.lock
-
-      - name: Azure - Test
-        if: steps.azure-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/azure --cov-report=xml:azure_coverage.xml tests/providers/azure
-
-      # Test GCP
-      - name: GCP - Check if any file has changed
-        id: gcp-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/gcp/**
-            ./tests/providers/gcp/**
-            .poetry.lock
-
-      - name: GCP - Test
-        if: steps.gcp-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/gcp --cov-report=xml:gcp_coverage.xml tests/providers/gcp
-
-      # Test Kubernetes
-      - name: Kubernetes - Check if any file has changed
-        id: kubernetes-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/kubernetes/**
-            ./tests/providers/kubernetes/**
-            .poetry.lock
-
-      - name: Kubernetes - Test
-        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/kubernetes --cov-report=xml:kubernetes_coverage.xml tests/providers/kubernetes
-
-      # Test GitHub
-      - name: GitHub - Check if any file has changed
-        id: github-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/github/**
-            ./tests/providers/github/**
-            .poetry.lock
-
-      - name: GitHub - Test
-        if: steps.github-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/github --cov-report=xml:github_coverage.xml tests/providers/github
-
-      # Test NHN
-      - name: NHN - Check if any file has changed
-        id: nhn-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/nhn/**
-            ./tests/providers/nhn/**
-            .poetry.lock
-
-      - name: NHN - Test
-        if: steps.nhn-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/nhn --cov-report=xml:nhn_coverage.xml tests/providers/nhn
-
-      # Test M365
-      - name: M365 - Check if any file has changed
-        id: m365-changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
-        with:
-          files: |
-            ./prowler/providers/m365/**
-            ./tests/providers/m365/**
-            .poetry.lock
-
-      - name: M365 - Test
-        if: steps.m365-changed-files.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/providers/m365 --cov-report=xml:m365_coverage.xml tests/providers/m365
-
-      # Common Tests
-      - name: Lib - Test
+      - name: Test with pytest
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run pytest -n auto --cov=./prowler/lib --cov-report=xml:lib_coverage.xml tests/lib
+          poetry run pytest -n auto --cov=./prowler --cov-report=xml tests

-      - name: Config - Test
-        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        run: |
-          poetry run pytest -n auto --cov=./prowler/config --cov-report=xml:config_coverage.xml tests/config
-
-      # Codecov
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+        uses: codecov/codecov-action@v5
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
          flags: prowler
-          files: ./aws_coverage.xml,./azure_coverage.xml,./gcp_coverage.xml,./kubernetes_coverage.xml,./github_coverage.xml,./nhn_coverage.xml,./m365_coverage.xml,./lib_coverage.xml,./config_coverage.xml
--- a/.github/workflows/sdk-pypi-release.yml
+++ b/.github/workflows/sdk-pypi-release.yml
@@ -7,43 +7,15 @@ on:
 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
  PYTHON_VERSION: 3.11
-  # CACHE: "poetry"
+  CACHE: "poetry"

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  release-prowler-job:
    runs-on: ubuntu-latest
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    env:
      POETRY_VIRTUALENVS_CREATE: "false"
    name: Release Prowler to PyPI
    steps:
-      - name: Repository check
-        working-directory: /tmp
-        run: |
-              if [[ "${{ github.repository }}" != "prowler-cloud/prowler" ]]; then
-                  echo "This action only runs for prowler-cloud/prowler"
-                  exit 1
-              fi
-
      - name: Get Prowler version
        run: |
          PROWLER_VERSION="${{ env.RELEASE_TAG }}"
@@ -64,17 +36,17 @@ jobs:
              ;;
          esac

-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4

      - name: Install dependencies
        run: |
-          pipx install poetry==2.1.1
+          pipx install poetry

      - name: Setup Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          # cache: ${{ env.CACHE }}
+          cache: ${{ env.CACHE }}

      - name: Build Prowler package
        run: |
--- a/.github/workflows/sdk-refresh-aws-services-regions.yml
+++ b/.github/workflows/sdk-refresh-aws-services-regions.yml
@@ -4,7 +4,7 @@ name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday
+    - cron: "0 9 * * *" #runs at 09:00 UTC everyday

 env:
  GITHUB_BRANCH: "master"
@@ -23,12 +23,12 @@ jobs:
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@v5
        with:
          python-version: 3.9 #install the python needed

@@ -38,7 +38,7 @@ jobs:
          pip install boto3

      - name: Configure AWS Credentials -- DEV
-        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ env.AWS_REGION_DEV }}
          role-to-assume: ${{ secrets.DEV_IAM_ROLE_ARN }}
@@ -50,13 +50,12 @@ jobs:

      # Create pull request
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@v7
        with:
-          author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
          commit-message: "feat(regions_update): Update regions for AWS services"
          branch: "aws-services-regions-updated-${{ github.sha }}"
-          labels: "status/waiting-for-revision, severity/low, provider/aws"
+          labels: "status/waiting-for-revision, severity/low, provider/aws, backport-to-v3"
          title: "chore(regions_update): Changes in regions for AWS services"
          body: |
            ### Description
--- a/.github/workflows/ui-build-lint-push-containers.yml
+++ b/.github/workflows/ui-build-lint-push-containers.yml
@@ -23,7 +23,6 @@ env:
  # Tags
  LATEST_TAG: latest
  RELEASE_TAG: ${{ github.event.release.tag_name }}
-  STABLE_TAG: stable

  WORKING_DIRECTORY: ./ui

@@ -32,87 +31,51 @@ env:
  PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-ui

 jobs:
-  repository-check:
-    name: Repository check
-    runs-on: ubuntu-latest
-    outputs:
-      is_repo: ${{ steps.repository_check.outputs.is_repo }}
-    steps:
-      - name: Repository check
-        id: repository_check
-        working-directory: /tmp
-        run: |
-          if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]]
-          then
-            echo "is_repo=true" >> "${GITHUB_OUTPUT}"
-          else
-            echo "This action only runs for prowler-cloud/prowler"
-            echo "is_repo=false" >> "${GITHUB_OUTPUT}"
-          fi
-
  # Build Prowler OSS container
  container-build-push:
-    needs: repository-check
-    if: needs.repository-check.outputs.is_repo == 'true'
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.WORKING_DIRECTORY }}

    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set short git commit SHA
-        id: vars
+      - name: Repository check
+        working-directory: /tmp
        run: |
-          shortSha=$(git rev-parse --short ${{ github.sha }})
-          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+          [[ ${{ github.repository }} != "prowler-cloud/prowler" ]] && echo "This action only runs for prowler-cloud/prowler"; exit 0
+
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3

      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=${{ env.SHORT_SHA }}
          # Set push: false for testing
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+        uses: docker/build-push-action@v6
        with:
          context: ${{ env.WORKING_DIRECTORY }}
-          build-args: |
-            NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${{ env.RELEASE_TAG }}
          push: true
          tags: |
            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }}
-            ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
-
-      - name: Trigger deployment
-        if: github.event_name == 'push'
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
-        with:
-          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
-          repository: ${{ secrets.CLOUD_DISPATCH }}
-          event-type: prowler-ui-deploy
-          client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ env.SHORT_SHA }}"}'
--- a/.github/workflows/ui-codeql.yml
+++ b/.github/workflows/ui-codeql.yml
@@ -15,12 +15,14 @@ on:
  push:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
  pull_request:
    branches:
      - "master"
+      - "v4.*"
      - "v5.*"
    paths:
      - "ui/**"
@@ -44,16 +46,16 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/ui-pull-request.yml
+++ b/.github/workflows/ui-pull-request.yml
@@ -1,22 +1,11 @@
 name: UI - Pull Request

 on:
-  push:
-    branches:
-      - "master"
-      - "v5.*"
-    paths:
-      - ".github/workflows/ui-pull-request.yml"
-      - "ui/**"
  pull_request:
    branches:
      - master
-      - "v5.*"
    paths:
      - 'ui/**'
-env:
-  UI_WORKING_DIR: ./ui
-  IMAGE_NAME: prowler-ui

 jobs:
  test-and-coverage:
@@ -27,11 +16,11 @@ jobs:
        node-version: [20.x]
    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
@@ -43,20 +32,3 @@ jobs:
      - name: Build the application
        working-directory: ./ui
        run: npm run build
-  test-container-build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-      - name: Build Container
-        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
-        with:
-          context: ${{ env.UI_WORKING_DIR }}
-          # Always build using `prod` target
-          target: prod
-          push: false
-          tags: ${{ env.IMAGE_NAME }}:latest
-          outputs: type=docker
-          build-args: |
-            NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_51LwpXXXX
--- a/.gitignore
+++ b/.gitignore
@@ -31,7 +31,7 @@ tags
 *.DS_Store

 # Prowler output
-/output
+output/

 # Prowler found secrets
 secrets-*/
@@ -42,18 +42,13 @@ junit-reports/
 # VSCode files
 .vscode/

-# Cursor files
-.cursorignore
-
 # Terraform
 .terraform*
 *.tfstate
-*.tfstate.*

 # .env
 ui/.env*
 api/.env*
-.env.local

 # Coverage
 .coverage*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -27,7 +27,6 @@ repos:
    hooks:
      - id: shellcheck
        exclude: contrib
-
  ## PYTHON
  - repo: https://github.com/myint/autoflake
    rev: v2.3.1
@@ -59,28 +58,11 @@ repos:
        args: ["--ignore=E266,W503,E203,E501,W605"]

  - repo: https://github.com/python-poetry/poetry
-    rev: 2.1.1
+    rev: 1.8.0
    hooks:
      - id: poetry-check
-        name: API - poetry-check
-        args: ["--directory=./api"]
-        pass_filenames: false
-
      - id: poetry-lock
-        name: API - poetry-lock
-        args: ["--directory=./api"]
-        pass_filenames: false
-
-      - id: poetry-check
-        name: SDK - poetry-check
-        args: ["--directory=./"]
-        pass_filenames: false
-
-      - id: poetry-lock
-        name: SDK - poetry-lock
-        args: ["--directory=./"]
-        pass_filenames: false
-
+        args: ["--no-update"]

  - repo: https://github.com/hadolint/hadolint
    rev: v2.13.0-beta
@@ -108,19 +90,20 @@ repos:
      - id: bandit
        name: bandit
        description: "Bandit is a tool for finding common security issues in Python code"
-        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/,./.venv/' -r .'
+        entry: bash -c 'bandit -q -lll -x '*_test.py,./contrib/' -r .'
        language: system
        files: '.*\.py'

      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'safety check --ignore 70612,66963,74429'
+        entry: bash -c 'safety check --ignore 70612,66963'
        language: system

      - id: vulture
        name: vulture
        description: "Vulture finds unused code in Python programs."
-        entry: bash -c 'vulture --exclude "contrib,.venv,api/src/backend/api/tests/,api/src/backend/conftest.py,api/src/backend/tasks/tests/" --min-confidence 100 .'
+        entry: bash -c 'vulture --exclude "contrib" --min-confidence 100 .'
+        exclude: 'api/src/backend/'
        language: system
        files: '.*\.py'
--- a/64
+++ b/64
@@ -1,64 +1,38 @@
-FROM python:3.12.10-slim-bookworm AS build
+FROM python:3.12.8-alpine3.20

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
-LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"

-ARG POWERSHELL_VERSION=7.5.0
-
-# hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install PowerShell
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
-    else \
-        echo "Unsupported architecture: $ARCH" && exit 1 ; \
-    fi && \
-    mkdir -p /opt/microsoft/powershell/7 && \
-    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
-    chmod +x /opt/microsoft/powershell/7/pwsh && \
-    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
-    rm /tmp/powershell.tar.gz
-
-# Add prowler user
-RUN addgroup --gid 1000 prowler && \
-    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
+# Update system dependencies and install essential tools
+#hadolint ignore=DL3018
+RUN apk --no-cache upgrade && apk --no-cache add curl git

+# Create non-root user
+RUN mkdir -p /home/prowler && \
+    echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
+    echo 'prowler:x:1000:' > /etc/group && \
+    chown -R prowler:prowler /home/prowler
 USER prowler

-WORKDIR /home/prowler
-
 # Copy necessary files
+WORKDIR /home/prowler
 COPY prowler/  /home/prowler/prowler/
 COPY dashboard/ /home/prowler/dashboard/
 COPY pyproject.toml /home/prowler
-COPY README.md /home/prowler/
-COPY prowler/providers/m365/lib/powershell/m365_powershell.py /home/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py
+COPY README.md /home/prowler

 # Install Python dependencies
 ENV HOME='/home/prowler'
-ENV PATH="${HOME}/.local/bin:${PATH}"
-#hadolint ignore=DL3013
-RUN pip install --no-cache-dir --upgrade pip && \
-    pip install --no-cache-dir poetry
-
-# By default poetry does not compile Python source files to bytecode during installation.
-# This speeds up the installation process, but the first execution may take a little more
-# time because Python then compiles source files to bytecode automatically. If you want to
-# compile source files to bytecode during installation, you can use the --compile option
-RUN poetry install --compile && \
-    rm -rf ~/.cache/pip
-
-# Install PowerShell modules
-RUN poetry run python prowler/providers/m365/lib/powershell/m365_powershell.py
+ENV PATH="$HOME/.local/bin:$PATH"
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel && \
+    pip install --no-cache-dir .

 # Remove deprecated dash dependencies
 RUN pip uninstall dash-html-components -y && \
    pip uninstall dash-core-components -y

+# Remove Prowler directory and build files
+USER 0
+RUN rm -rf /home/prowler/prowler /home/prowler/pyproject.toml /home/prowler/README.md /home/prowler/build /home/prowler/prowler.egg-info
+
 USER prowler
-ENTRYPOINT ["poetry", "run", "prowler"]
+ENTRYPOINT ["prowler"]
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
  <img align="center" src="https://github.com/prowler-cloud/prowler/blob/master/docs/img/prowler-logo-white.png#gh-dark-mode-only" width="50%" height="50%">
 </p>
 <p align="center">
-  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment it secures. It is trusted by the industry leaders to uphold the highest standards in security.
+  <b><i>Prowler Open Source</b> is as dynamic and adaptable as the environment they’re meant to protect. Trusted by the leaders in security.
 </p>
 <p align="center">
 <b>Learn more at <a href="https://prowler.com">prowler.com</i></b>
@@ -43,29 +43,15 @@

 # Description

-**Prowler** is an open-source security tool designed to assess and enforce security best practices across AWS, Azure, Google Cloud, and Kubernetes. It supports tasks such as security audits, incident response, continuous monitoring, system hardening, forensic readiness, and remediation processes.
-
-Prowler includes hundreds of built-in controls to ensure compliance with standards and frameworks, including:
-
- **Industry Standards:** CIS, NIST 800, NIST CSF, and CISA
- **Regulatory Compliance and Governance:** RBI, FedRAMP, and PCI-DSS
- **Frameworks for Sensitive Data and Privacy:** GDPR, HIPAA, and FFIEC
- **Frameworks for Organizational Governance and Quality Control:** SOC2 and GXP
- **AWS-Specific Frameworks:** AWS Foundational Technical Review (FTR) and AWS Well-Architected Framework (Security Pillar)
- **National Security Standards:** ENS (Spanish National Security Scheme)
- **Custom Security Frameworks:** Tailored to your needs
-
-## Prowler CLI and Prowler Cloud
-
-Prowler offers a Command Line Interface (CLI), known as Prowler Open Source, and an additional service built on top of it, called <a href="https://prowler.com">Prowler Cloud</a>.
+**Prowler** is an Open Source security tool to perform AWS, Azure, Google Cloud and Kubernetes security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness, and also remediations! We have Prowler CLI (Command Line Interface) that we call Prowler Open Source and a service on top of it that we call <a href="https://prowler.com">Prowler Cloud</a>.

 ## Prowler App

-Prowler App is a web-based application that simplifies running Prowler across your cloud provider accounts. It provides a user-friendly interface to visualize the results and streamline your security assessments.
+Prowler App is a web application that allows you to run Prowler in your cloud provider accounts and visualize the results in a user-friendly interface.

 ![Prowler App](docs/img/overview.png)

->For more details, refer to the [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)
+>More details at [Prowler App Documentation](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-app-installation)

 ## Prowler CLI

@@ -74,7 +60,6 @@ prowler <provider>
 ```
 ![Prowler CLI Execution](docs/img/short-display.png)

-
 ## Prowler Dashboard

 ```console
@@ -82,28 +67,22 @@ prowler dashboard
 ```
 ![Prowler Dashboard](docs/img/dashboard.png)

-# Prowler at a Glance
+It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, AWS Well-Architected Framework Security Pillar, AWS Foundational Technical Review (FTR), ENS (Spanish National Security Scheme) and your custom security frameworks.

 | Provider | Checks | Services | [Compliance Frameworks](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/compliance/) | [Categories](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/misc/#categories) |
 |---|---|---|---|---|
-| AWS | 564 | 82 | 34 | 10 |
-| GCP | 79 | 13 | 7 | 3 |
-| Azure | 140 | 18 | 8 | 3 |
-| Kubernetes | 83 | 7 | 4 | 7 |
-| GitHub | 3 | 2 | 1 | 0 |
-| M365 | 44 | 2 | 2 | 0 |
-| NHN (Unofficial) | 6 | 2 | 1 | 0 |
-
-> Use the following commands to list Prowler's available checks, services, compliance frameworks, and categories: `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.
+| AWS | 561 | 81 -> `prowler aws --list-services` | 30 -> `prowler aws --list-compliance` | 9 -> `prowler aws --list-categories` |
+| GCP | 77 | 13 -> `prowler gcp --list-services` | 3 -> `prowler gcp --list-compliance` | 2 -> `prowler gcp --list-categories`|
+| Azure | 139 | 18 -> `prowler azure --list-services` | 4 -> `prowler azure --list-compliance` | 2 -> `prowler azure --list-categories` |
+| Kubernetes | 83 | 7 -> `prowler kubernetes --list-services` | 1 -> `prowler kubernetes --list-compliance` | 7 -> `prowler kubernetes --list-categories` |

 # 💻 Installation

 ## Prowler App

-Installing Prowler App
-Prowler App offers flexible installation methods tailored to various environments:
+Prowler App can be installed in different ways, depending on your environment:

-> For detailed instructions on using Prowler App, refer to the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).
+> See how to use Prowler App in the [Prowler App Usage Guide](https://docs.prowler.com/projects/prowler-open-source/en/latest/tutorials/prowler-app/).

 ### Docker Compose

@@ -119,23 +98,14 @@ curl -LO https://raw.githubusercontent.com/prowler-cloud/prowler/refs/heads/mast
 docker compose up -d
 ```

-> Containers are built for `linux/amd64`.
-
-### Configuring Your Workstation for Prowler App
-
-If your workstation's architecture is incompatible, you can resolve this by:
-
- **Setting the environment variable**: `DOCKER_DEFAULT_PLATFORM=linux/amd64`
- **Using the following flag in your Docker command**: `--platform linux/amd64`
-
-> Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.
+> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

 ### From GitHub

 **Requirements**

 * `git` installed.
-* `poetry` v2 installed: [poetry installation](https://python-poetry.org/docs/#installation).
+* `poetry` installed: [poetry installation](https://python-poetry.org/docs/#installation).
 * `npm` installed: [npm installation](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm).
 * `Docker Compose` installed: https://docs.docker.com/compose/install/.

@@ -145,7 +115,7 @@ If your workstation's architecture is incompatible, you can resolve this by:
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 docker compose up postgres valkey -d
@@ -153,13 +123,8 @@ cd src/backend
 python manage.py migrate --database admin
 gunicorn -c config/guniconf.py config.wsgi:application
 ```
-> [!IMPORTANT]
-> As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.
->
-> If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.
-> For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.

-> After completing the setup, access the API documentation at http://localhost:8080/api/v1/docs.
+> Now, you can access the API documentation at http://localhost:8080/api/v1/docs.

 **Commands to run the API Worker**

@@ -167,7 +132,7 @@ gunicorn -c config/guniconf.py config.wsgi:application
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 cd src/backend
@@ -180,7 +145,7 @@ python -m celery -A config.celery worker -l info -E
 git clone https://github.com/prowler-cloud/prowler
 cd prowler/api
 poetry install
-eval $(poetry env activate)
+poetry shell
 set -a
 source .env
 cd src/backend
@@ -197,31 +162,29 @@ npm run build
 npm start
 ```

-> Once configured, access the Prowler App at http://localhost:3000. Sign up using your email and password to get started.
+> Enjoy Prowler App at http://localhost:3000 by signing up with your email and password.

 ## Prowler CLI
 ### Pip package
-Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/). Consequently, it can be installed using pip with Python >3.9.1, <3.13:
+Prowler CLI is available as a project in [PyPI](https://pypi.org/project/prowler-cloud/), thus can be installed using pip with Python >= 3.9, < 3.13:

 ```console
 pip install prowler
 prowler -v
 ```
->For further guidance, refer to [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)
+>More details at [https://docs.prowler.com](https://docs.prowler.com/projects/prowler-open-source/en/latest/#prowler-cli-installation)

 ### Containers

-**Available Versions of Prowler CLI**
+The available versions of Prowler CLI are the following:

-The following versions of Prowler CLI are available, depending on your requirements:
-
- `latest`: Synchronizes with the `master` branch. Note that this version is not stable.
- `v4-latest`: Synchronizes with the `v4` branch. Note that this version is not stable.
- `v3-latest`: Synchronizes with the `v3` branch. Note that this version is not stable.
- `<x.y.z>` (release): Stable releases corresponding to specific versions. You can find the complete list of releases [here](https://github.com/prowler-cloud/prowler/releases).
- `stable`: Always points to the latest release.
- `v4-stable`: Always points to the latest release for v4.
- `v3-stable`: Always points to the latest release for v3.
+- `latest`: in sync with `master` branch (bear in mind that it is not a stable version)
+- `v4-latest`: in sync with `v4` branch (bear in mind that it is not a stable version)
+- `v3-latest`: in sync with `v3` branch (bear in mind that it is not a stable version)
+- `<x.y.z>` (release): you can find the releases [here](https://github.com/prowler-cloud/prowler/releases), those are stable releases.
+- `stable`: this tag always point to the latest release.
+- `v4-stable`: this tag always point to the latest release for v4.
+- `v3-stable`: this tag always point to the latest release for v3.

 The container images are available here:
 - Prowler CLI:
@@ -233,56 +196,29 @@ The container images are available here:

 ### From GitHub

-Python >3.9.1, <3.13 is required with pip and Poetry:
+Python >= 3.9, < 3.13 is required with pip and poetry:

 ``` console
 git clone https://github.com/prowler-cloud/prowler
 cd prowler
-eval $(poetry env activate)
+poetry shell
 poetry install
-python prowler-cli.py -v
+python prowler.py -v
 ```
-> [!IMPORTANT]
-> To clone Prowler on Windows, configure Git to support long file paths by running the following command: `git config core.longpaths true`.
-
-> [!IMPORTANT]
-> As of Poetry v2.0.0, the `poetry shell` command has been deprecated. Use `poetry env activate` instead for environment activation.
->
-> If your Poetry version is below v2.0.0, continue using `poetry shell` to activate your environment.
-> For further guidance, refer to the Poetry Environment Activation Guide https://python-poetry.org/docs/managing-environments/#activating-the-environment.
-
-# ✏️ High level architecture
+> If you want to clone Prowler from Windows, use `git config core.longpaths true` to allow long file paths.
+# 📐✏️ High level architecture

 ## Prowler App
-**Prowler App** is composed of three key components:
+The **Prowler App** consists of three main components:

- **Prowler UI**: A web-based interface, built with Next.js, providing a user-friendly experience for executing Prowler scans and visualizing results.
- **Prowler API**: A backend service, developed with Django REST Framework, responsible for running Prowler scans and storing the generated results.
- **Prowler SDK**: A Python SDK designed to extend the functionality of the Prowler CLI for advanced capabilities.
+- **Prowler UI**: A user-friendly web interface for running Prowler and viewing results, powered by Next.js.
+- **Prowler API**: The backend API that executes Prowler scans and stores the results, built with Django REST Framework.
+- **Prowler SDK**: A Python SDK that integrates with the Prowler CLI for advanced functionality.

 ![Prowler App Architecture](docs/img/prowler-app-architecture.png)

 ## Prowler CLI
-
-**Running Prowler**
-
-Prowler can be executed across various environments, offering flexibility to meet your needs. It can be run from:
-
- Your own workstation
-
- A Kubernetes Job
-
- Google Compute Engine
-
- Azure Virtual Machines (VMs)
-
- Amazon EC2 instances
-
- AWS Fargate or other container platforms
-
- CloudShell
-
-And many more environments.
+You can run Prowler from your workstation, a Kubernetes Job, a Google Compute Engine, an Azure VM, an EC2 instance, Fargate or any other container, CloudShell and many more.

 ![Architecture](docs/img/architecture.png)

@@ -290,36 +226,23 @@ And many more environments.

 ## General
 - `Allowlist` now is called `Mutelist`.
- The `--quiet` option has been deprecated. Use the `--status` flag to filter findings based on their status: PASS, FAIL, or MANUAL.
- All findings with an `INFO` status have been reclassified as `MANUAL`.
- The CSV output format is standardized across all providers.
+- The `--quiet` option has been deprecated, now use the `--status` flag to select the finding's status you want to get from PASS, FAIL or MANUAL.
+- All `INFO` finding's status has changed to `MANUAL`.
+- The CSV output format is common for all the providers.

-**Deprecated Output Formats**
-
-The following formats are now deprecated:
- Native JSON has been replaced with JSON in [OCSF] v1.1.0 format, which is standardized across all providers (https://schema.ocsf.io/).
+We have deprecated some of our outputs formats:
+- The native JSON is replaced for the JSON [OCSF](https://schema.ocsf.io/) v1.1.0, common for all the providers.

 ## AWS
-
-**AWS Flag Deprecation**
-
-The flag --sts-endpoint-region has been deprecated due to the adoption of AWS STS regional tokens.
-
-**Sending FAIL Results to AWS Security Hub**
-
- To send only FAILS to AWS Security Hub, use one of the following options: `--send-sh-only-fails` or `--security-hub --status FAIL`.
+- Deprecate the AWS flag --sts-endpoint-region since we use AWS STS regional tokens.
+- To send only FAILS to AWS Security Hub, now use either `--send-sh-only-fails` or `--security-hub --status FAIL`.


 # 📖 Documentation

-**Documentation Resources**
-
-For installation instructions, usage details, tutorials, and the Developer Guide, visit https://docs.prowler.com/
+Install, Usage, Tutorials and Developer Guide is at https://docs.prowler.com/

 # 📃 License

-**Prowler License Information**
-
-Prowler is licensed under the Apache License 2.0, as indicated in each file within the repository. Obtaining a Copy of the License
-
-A copy of the License is available at <http://www.apache.org/licenses/LICENSE-2.0>
+Prowler is licensed as Apache License 2.0 as specified in each file. You may obtain a copy of the License at
+<http://www.apache.org/licenses/LICENSE-2.0>
--- a/api/.env.example
+++ b/api/.env.example
@@ -22,8 +22,6 @@ DJANGO_SECRETS_ENCRYPTION_KEY=""
 # Decide whether to allow Django manage database table partitions
 DJANGO_MANAGE_DB_PARTITIONS=[True|False]
 DJANGO_CELERY_DEADLOCK_ATTEMPTS=5
-DJANGO_BROKER_VISIBILITY_TIMEOUT=86400
-DJANGO_SENTRY_DSN=

 # PostgreSQL settings
 # If running django and celery on host, use 'localhost', else use 'postgres-db'
@@ -40,19 +38,3 @@ POSTGRES_DB=prowler_db
 VALKEY_HOST=[localhost|valkey]
 VALKEY_PORT=6379
 VALKEY_DB=0
-
-# Sentry settings
-SENTRY_ENVIRONMENT=local
-SENTRY_RELEASE=local
-
-# Social login credentials
-DJANGO_GOOGLE_OAUTH_CLIENT_ID=""
-DJANGO_GOOGLE_OAUTH_CLIENT_SECRET=""
-DJANGO_GOOGLE_OAUTH_CALLBACK_URL=""
-
-DJANGO_GITHUB_OAUTH_CLIENT_ID=""
-DJANGO_GITHUB_OAUTH_CLIENT_SECRET=""
-DJANGO_GITHUB_OAUTH_CALLBACK_URL=""
-
-# Deletion Task Batch Size
-DJANGO_DELETION_BATCH_SIZE=5000
--- a/api/.pre-commit-config.yaml
+++ b/api/.pre-commit-config.yaml
@@ -80,7 +80,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429,77119'
+        entry: bash -c 'poetry run safety check --ignore 70612,66963'
        language: system

      - id: vulture
--- a/api/CHANGELOG.md
+++ b/api/CHANGELOG.md
@@ -1,141 +0,0 @@
-# Prowler API Changelog
-
-All notable changes to the **Prowler API** are documented in this file.
-
-## [v1.8.5] (Prowler v5.7.5)
-
-### Fixed
- Normalize provider UID to ensure safe and unique export directory paths [(#8007)](https://github.com/prowler-cloud/prowler/pull/8007).
- Blank resource types in `/metadata` endpoints [(#8027)](https://github.com/prowler-cloud/prowler/pull/8027)
-
---
-
-## [v1.8.4] (Prowler v5.7.4)
-
-### Removed
- Reverted RLS transaction handling and DB custom backend [(#7994)](https://github.com/prowler-cloud/prowler/pull/7994).
-
---
-
-## [v1.8.3] (Prowler v5.7.3)
-
-### Added
- Database backend to handle already closed connections [(#7935)](https://github.com/prowler-cloud/prowler/pull/7935).
-
-### Changed
- Renamed field encrypted_password to password for M365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784)
-
-### Fixed
- Fixed transaction persistence with RLS operations [(#7916)](https://github.com/prowler-cloud/prowler/pull/7916).
- Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932).
- Fixed the connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)
-
---
-
-## [v1.8.2] (Prowler v5.7.2)
-
-### Fixed
- Fixed task lookup to use task_kwargs instead of task_args for scan report resolution. [(#7830)](https://github.com/prowler-cloud/prowler/pull/7830)
- Fixed Kubernetes UID validation to allow valid context names [(#7871)](https://github.com/prowler-cloud/prowler/pull/7871)
- Fixed the connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831)
- Fixed a race condition when creating background tasks [(#7876)](https://github.com/prowler-cloud/prowler/pull/7876).
- Fixed an error when modifying or retrieving tenants due to missing user UUID in transaction context [(#7890)](https://github.com/prowler-cloud/prowler/pull/7890).
-
---
-
-## [v1.8.1] (Prowler v5.7.1)
-
-### Fixed
- Added database index to improve performance on finding lookup [(#7800)](https://github.com/prowler-cloud/prowler/pull/7800).
-
---
-
-## [v1.8.0] (Prowler v5.7.0)
-
-### Added
- Added huge improvements to `/findings/metadata` and resource related filters for findings [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
- Added improvements to `/overviews` endpoints [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
- Added new queue to perform backfill background tasks [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690).
- Added new endpoints to retrieve latest findings and metadata [(#7743)](https://github.com/prowler-cloud/prowler/pull/7743).
- Added export support for Prowler ThreatScore in M365 [(7783)](https://github.com/prowler-cloud/prowler/pull/7783)
-
---
-
-## [v1.7.0] (Prowler v5.6.0)
-
-### Added
-
- Added M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563).
- Added a `compliance/` folder and ZIP‐export functionality for all compliance reports.[(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
- Added a new API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
-
---
-
-## [v1.6.0] (Prowler v5.5.0)
-
-### Added
-
- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
- HTTP Security Headers [(#7289)](https://github.com/prowler-cloud/prowler/pull/7289).
- New endpoint to get the compliance overviews metadata [(#7333)](https://github.com/prowler-cloud/prowler/pull/7333).
- Support for muted findings [(#7378)](https://github.com/prowler-cloud/prowler/pull/7378).
- Added missing fields to API findings and resources [(#7318)](https://github.com/prowler-cloud/prowler/pull/7318).
-
---
-
-## [v1.5.4] (Prowler v5.4.4)
-
-### Fixed
- Fixed a bug with periodic tasks when trying to delete a provider ([#7466])(https://github.com/prowler-cloud/prowler/pull/7466).
-
---
-
-## [v1.5.3] (Prowler v5.4.3)
-
-### Fixed
- Added duplicated scheduled scans handling ([#7401])(https://github.com/prowler-cloud/prowler/pull/7401).
- Added environment variable to configure the deletion task batch size ([#7423])(https://github.com/prowler-cloud/prowler/pull/7423).
-
---
-
-## [v1.5.2] (Prowler v5.4.2)
-
-### Changed
- Refactored deletion logic and implemented retry mechanism for deletion tasks [(#7349)](https://github.com/prowler-cloud/prowler/pull/7349).
-
---
-
-## [v1.5.1] (Prowler v5.4.1)
-
-### Fixed
- Added a handled response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183).
- Fixed a race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172).
- Handled exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283).
-
-### Added
-
- Support for developing new integrations [(#7167)](https://github.com/prowler-cloud/prowler/pull/7167).
-
---
-
-## [v1.5.0] (Prowler v5.4.0)
-
-### Added
- Social login integration with Google and GitHub [(#6906)](https://github.com/prowler-cloud/prowler/pull/6906)
- Add API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats [(#6878)](https://github.com/prowler-cloud/prowler/pull/6878).
- Configurable Sentry integration [(#6874)](https://github.com/prowler-cloud/prowler/pull/6874)
-
-### Changed
- Optimized `GET /findings` endpoint to improve response time and size [(#7019)](https://github.com/prowler-cloud/prowler/pull/7019).
-
---
-
-## [v1.4.0] (Prowler v5.3.0)
-
-### Changed
- Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700).
- Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800).
- Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863).
- Increased the allowed length of the provider UID for Kubernetes providers [(#6869)](https://github.com/prowler-cloud/prowler/pull/6869).
-
---
--- a/api/Dockerfile
+++ b/api/Dockerfile
@@ -1,33 +1,13 @@
-FROM python:3.12.10-slim-bookworm AS build
+FROM python:3.12.8-alpine3.20 AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

-ARG POWERSHELL_VERSION=7.5.0
-ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
-
-# hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install PowerShell
-RUN ARCH=$(uname -m) && \
-    if [ "$ARCH" = "x86_64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
-    elif [ "$ARCH" = "aarch64" ]; then \
-        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
-    else \
-        echo "Unsupported architecture: $ARCH" && exit 1 ; \
-    fi && \
-    mkdir -p /opt/microsoft/powershell/7 && \
-    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
-    chmod +x /opt/microsoft/powershell/7/pwsh && \
-    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
-    rm /tmp/powershell.tar.gz
-
-# Add prowler user
-RUN addgroup --gid 1000 prowler && \
-    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler
+# hadolint ignore=DL3018
+RUN apk --no-cache add gcc python3-dev musl-dev linux-headers curl-dev

+RUN apk --no-cache upgrade && \
+    addgroup -g 1000 prowler && \
+    adduser -D -u 1000 -G prowler prowler
 USER prowler

 WORKDIR /home/prowler
@@ -37,23 +17,27 @@ COPY pyproject.toml ./
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

-COPY src/backend/ ./backend/
+COPY src/backend/  ./backend/

 ENV PATH="/home/prowler/.local/bin:$PATH"

-# Add `--no-root` to avoid installing the current project as a package
-RUN poetry install --no-root && \
+RUN poetry install && \
    rm -rf ~/.cache/pip

 COPY docker-entrypoint.sh ./docker-entrypoint.sh

-RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"
-
 WORKDIR /home/prowler/backend

 # Development image
+# hadolint ignore=DL3006
 FROM build AS dev

+USER 0
+# hadolint ignore=DL3018
+RUN apk --no-cache add curl vim
+
+USER prowler
+
 ENTRYPOINT ["../docker-entrypoint.sh", "dev"]

 # Production image
--- a/api/README.md
+++ b/api/README.md
@@ -235,7 +235,6 @@ To view the logs for any component (e.g., Django, Celery worker), you can use th

 ```console
 docker logs -f $(docker ps --format "{{.Names}}" | grep 'api-')
-```

 ## Applying migrations

@@ -270,66 +269,3 @@ poetry shell
 cd src/backend
 pytest
 ```
-
-# Custom commands
-
-Django provides a way to create custom commands that can be run from the command line.
-
-> These commands can be found in: ```prowler/api/src/backend/api/management/commands```
-
-To run a custom command, you need to be in the `prowler/api/src/backend` directory and run:
-
-```console
-poetry shell
-python manage.py <command_name>
-```
-
-## Generate dummy data
-
-```console
-python manage.py findings --tenant
-<TENANT_ID> --findings <NUM_FINDINGS> --re
-sources <NUM_RESOURCES> --batch <TRANSACTION_BATCH_SIZE> --alias <ALIAS>
-```
-
-This command creates, for a given tenant, a provider, scan and a set of findings and resources related altogether.
-
-> Scan progress and state are updated in real time.
-> - 0-33%: Create resources.
-> - 33-66%: Create findings.
-> - 66%: Create resource-finding mapping.
->
-> The last step is required to access the findings details, since the UI needs that to print all the information.
-
-### Example
-
-```console
-~/backend $ poetry run python manage.py findings --tenant
-fffb1893-3fc7-4623-a5d9-fae47da1c528 --findings 25000 --re
-sources 1000 --batch 5000 --alias test-script
-
-Starting data population
-	Tenant: fffb1893-3fc7-4623-a5d9-fae47da1c528
-	Alias: test-script
-	Resources: 1000
-	Findings: 25000
-	Batch size: 5000
-
-
-Creating resources...
-100%|███████████████████████| 1/1 [00:00<00:00,  7.72it/s]
-Resources created successfully.
-
-
-Creating findings...
-100%|███████████████████████| 5/5 [00:05<00:00,  1.09s/it]
-Findings created successfully.
-
-
-Creating resource-finding mappings...
-100%|███████████████████████| 5/5 [00:02<00:00,  1.81it/s]
-Resource-finding mappings created successfully.
-
-
-Successfully populated test data.
-```
--- a/api/docker-entrypoint.sh
+++ b/api/docker-entrypoint.sh
@@ -28,7 +28,7 @@ start_prod_server() {

 start_worker() {
  echo "Starting the worker..."
-  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans,scan-reports,deletion,backfill -E --max-tasks-per-child 1
+  poetry run python -m celery -A config.celery worker -l "${DJANGO_LOGGING_LEVEL:-info}" -Q celery,scans -E
 }

 start_worker_beat() {
--- a/api/poetry.lock
+++ b/api/poetry.lock
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -2,51 +2,43 @@
 build-backend = "poetry.core.masonry.api"
 requires = ["poetry-core"]

-[project]
-authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
-dependencies = [
-  "celery[pytest] (>=5.4.0,<6.0.0)",
-  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django==5.1.8",
-  "django-allauth==65.4.1",
-  "django-celery-beat (>=2.7.0,<3.0.0)",
-  "django-celery-results (>=2.5.1,<3.0.0)",
-  "django-cors-headers==4.4.0",
-  "django-environ==0.11.2",
-  "django-filter==24.3",
-  "django-guid==3.5.0",
-  "django-postgres-extra (>=2.0.8,<3.0.0)",
-  "djangorestframework==3.15.2",
-  "djangorestframework-jsonapi==7.0.2",
-  "djangorestframework-simplejwt (>=5.3.1,<6.0.0)",
-  "drf-nested-routers (>=0.94.1,<1.0.0)",
-  "drf-spectacular==0.27.2",
-  "drf-spectacular-jsonapi==0.5.1",
-  "gunicorn==23.0.0",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.7",
-  "psycopg2-binary==2.9.9",
-  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
-  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
-  "uuid6==2024.7.10"
-]
+[tool.poetry]
+authors = ["Prowler Team"]
 description = "Prowler's API (Django/DRF)"
 license = "Apache-2.0"
 name = "prowler-api"
 package-mode = false
-# Needed for the SDK compatibility
-requires-python = ">=3.11,<3.13"
-version = "1.8.5"
+version = "1.1.0"

-[project.scripts]
-celery = "src.backend.config.settings.celery"
+[tool.poetry.dependencies]
+celery = {extras = ["pytest"], version = "^5.4.0"}
+django = "5.1.1"
+django-celery-beat = "^2.7.0"
+django-celery-results = "^2.5.1"
+django-cors-headers = "4.4.0"
+django-environ = "0.11.2"
+django-filter = "24.3"
+django-guid = "3.5.0"
+django-postgres-extra = "^2.0.8"
+djangorestframework = "3.15.2"
+djangorestframework-jsonapi = "7.0.2"
+djangorestframework-simplejwt = "^5.3.1"
+drf-nested-routers = "^0.94.1"
+drf-spectacular = "0.27.2"
+drf-spectacular-jsonapi = "0.5.1"
+gunicorn = "23.0.0"
+prowler = {git = "https://github.com/prowler-cloud/prowler.git", tag = "5.0.0"}
+psycopg2-binary = "2.9.9"
+pytest-celery = {extras = ["redis"], version = "^1.0.1"}
+# Needed for prowler compatibility
+python = ">=3.11,<3.13"
+uuid6 = "2024.7.10"

 [tool.poetry.group.dev.dependencies]
 bandit = "1.7.9"
 coverage = "7.5.4"
-django-silk = "5.3.2"
 docker = "7.1.0"
 freezegun = "1.5.1"
-marshmallow = ">=3.15.0,<4.0.0"
 mypy = "1.10.1"
 pylint = "3.2.5"
 pytest = "8.2.2"
@@ -56,6 +48,8 @@ pytest-env = "1.1.3"
 pytest-randomly = "3.15.0"
 pytest-xdist = "3.6.1"
 ruff = "0.5.0"
-safety = "3.2.9"
-tqdm = "4.67.1"
-vulture = "2.14"
+safety = "3.2.3"
+vulture = "2.11"
+
+[tool.poetry.scripts]
+celery = "src.backend.config.settings.celery"
--- a/api/src/backend/api/adapters.py
+++ b/api/src/backend/api/adapters.py
@@ -1,61 +0,0 @@
-from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
-from django.db import transaction
-
-from api.db_router import MainRouter
-from api.db_utils import rls_transaction
-from api.models import Membership, Role, Tenant, User, UserRoleRelationship
-
-
-class ProwlerSocialAccountAdapter(DefaultSocialAccountAdapter):
-    @staticmethod
-    def get_user_by_email(email: str):
-        try:
-            return User.objects.get(email=email)
-        except User.DoesNotExist:
-            return None
-
-    def pre_social_login(self, request, sociallogin):
-        # Link existing accounts with the same email address
-        email = sociallogin.account.extra_data.get("email")
-        if email:
-            existing_user = self.get_user_by_email(email)
-            if existing_user:
-                sociallogin.connect(request, existing_user)
-
-    def save_user(self, request, sociallogin, form=None):
-        """
-        Called after the user data is fully populated from the provider
-        and is about to be saved to the DB for the first time.
-        """
-        with transaction.atomic(using=MainRouter.admin_db):
-            user = super().save_user(request, sociallogin, form)
-            user.save(using=MainRouter.admin_db)
-            social_account_name = sociallogin.account.extra_data.get("name")
-            if social_account_name:
-                user.name = social_account_name
-                user.save(using=MainRouter.admin_db)
-
-            tenant = Tenant.objects.using(MainRouter.admin_db).create(
-                name=f"{user.email.split('@')[0]} default tenant"
-            )
-            with rls_transaction(str(tenant.id)):
-                Membership.objects.using(MainRouter.admin_db).create(
-                    user=user, tenant=tenant, role=Membership.RoleChoices.OWNER
-                )
-                role = Role.objects.using(MainRouter.admin_db).create(
-                    name="admin",
-                    tenant_id=tenant.id,
-                    manage_users=True,
-                    manage_account=True,
-                    manage_billing=True,
-                    manage_providers=True,
-                    manage_integrations=True,
-                    manage_scans=True,
-                    unlimited_visibility=True,
-                )
-                UserRoleRelationship.objects.using(MainRouter.admin_db).create(
-                    user=user,
-                    role=role,
-                    tenant_id=tenant.id,
-                )
-        return user
--- a/api/src/backend/api/base_views.py
+++ b/api/src/backend/api/base_views.py
@@ -109,6 +109,16 @@ class BaseTenantViewset(BaseViewSet):
                pass  # Tenant might not exist, handle gracefully

    def initial(self, request, *args, **kwargs):
+        if (
+            request.resolver_match.url_name != "tenant-detail"
+            and request.method != "DELETE"
+        ):
+            user_id = str(request.user.id)
+
+            with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
+                return super().initial(request, *args, **kwargs)
+
+        # TODO: DRY this when we have time
        if request.auth is None:
            raise NotAuthenticated

@@ -116,8 +126,8 @@ class BaseTenantViewset(BaseViewSet):
        if tenant_id is None:
            raise NotAuthenticated("Tenant ID is not present in token")

-        user_id = str(request.user.id)
-        with rls_transaction(value=user_id, parameter=POSTGRES_USER_VAR):
+        with rls_transaction(tenant_id):
+            self.request.tenant_id = tenant_id
            return super().initial(request, *args, **kwargs)


--- a/api/src/backend/api/compliance.py
+++ b/api/src/backend/api/compliance.py
@@ -1,38 +1,12 @@
 from types import MappingProxyType

-from api.models import Provider
-from prowler.config.config import get_available_compliance_frameworks
 from prowler.lib.check.compliance_models import Compliance
 from prowler.lib.check.models import CheckMetadata

+from api.models import Provider
+
 PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
 PROWLER_CHECKS = {}
-AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
-
-
-def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
-    """
-    Retrieve and cache the list of available compliance frameworks for a specific cloud provider.
-
-    This function lazily loads and caches the available compliance frameworks (e.g., CIS, MITRE, ISO)
-    for each provider type (AWS, Azure, GCP, etc.) on first access. Subsequent calls for the same
-    provider will return the cached result.
-
-    Args:
-        provider_type (Provider.ProviderChoices): The cloud provider type for which to retrieve
-            available compliance frameworks (e.g., "aws", "azure", "gcp", "m365").
-
-    Returns:
-        list[str]: A list of framework identifiers (e.g., "cis_1.4_aws", "mitre_attack_azure") available
-        for the given provider.
-    """
-    global AVAILABLE_COMPLIANCE_FRAMEWORKS
-    if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
-        AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
-            get_available_compliance_frameworks(provider_type)
-        )
-
-    return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]


 def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
--- a/api/src/backend/api/db_router.py
+++ b/api/src/backend/api/db_router.py
@@ -1,29 +1,18 @@
-ALLOWED_APPS = ("django", "socialaccount", "account", "authtoken", "silk")
-
-
 class MainRouter:
    default_db = "default"
    admin_db = "admin"

    def db_for_read(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if model_table_name.startswith("django_") or any(
-            model_table_name.startswith(f"{app}_") for app in ALLOWED_APPS
-        ):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

    def db_for_write(self, model, **hints):  # noqa: F841
        model_table_name = model._meta.db_table
-        if any(model_table_name.startswith(f"{app}_") for app in ALLOWED_APPS):
+        if model_table_name.startswith("django_"):
            return self.admin_db
        return None

    def allow_migrate(self, db, app_label, model_name=None, **hints):  # noqa: F841
        return db == self.admin_db
-
-    def allow_relation(self, obj1, obj2, **hints):  # noqa: F841
-        # Allow relations if both objects are in either "default" or "admin" db connectors
-        if {obj1._state.db, obj2._state.db} <= {self.default_db, self.admin_db}:
-            return True
-        return None
--- a/api/src/backend/api/db_utils.py
+++ b/api/src/backend/api/db_utils.py
@@ -5,8 +5,8 @@ from datetime import datetime, timedelta, timezone

 from django.conf import settings
 from django.contrib.auth.models import BaseUserManager
+from django.core.paginator import Paginator
 from django.db import connection, models, transaction
-from django_celery_beat.models import PeriodicTask
 from psycopg2 import connect as psycopg2_connect
 from psycopg2.extensions import AsIs, new_type, register_adapter, register_type
 from rest_framework_json_api.serializers import ValidationError
@@ -106,12 +106,11 @@ def generate_random_token(length: int = 14, symbols: str | None = None) -> str:
    return "".join(secrets.choice(symbols or _symbols) for _ in range(length))


-def batch_delete(tenant_id, queryset, batch_size=settings.DJANGO_DELETION_BATCH_SIZE):
+def batch_delete(queryset, batch_size=5000):
    """
    Deletes objects in batches and returns the total number of deletions and a summary.

    Args:
-        tenant_id (str): Tenant ID the queryset belongs to.
        queryset (QuerySet): The queryset of objects to delete.
        batch_size (int): The number of objects to delete in each batch.

@@ -121,37 +120,21 @@ def batch_delete(tenant_id, queryset, batch_size=settings.DJANGO_DELETION_BATCH_
    total_deleted = 0
    deletion_summary = {}

-    while True:
-        with rls_transaction(tenant_id, POSTGRES_TENANT_VAR):
-            # Get a batch of IDs to delete
-            batch_ids = set(
-                queryset.values_list("id", flat=True).order_by("id")[:batch_size]
-            )
-            if not batch_ids:
-                # No more objects to delete
-                break
+    paginator = Paginator(queryset.order_by("id").only("id"), batch_size)

-            deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()
+    for page_num in paginator.page_range:
+        batch_ids = [obj.id for obj in paginator.page(page_num).object_list]
+
+        deleted_count, deleted_info = queryset.filter(id__in=batch_ids).delete()

        total_deleted += deleted_count
+
        for model_label, count in deleted_info.items():
            deletion_summary[model_label] = deletion_summary.get(model_label, 0) + count

    return total_deleted, deletion_summary


-def delete_related_daily_task(provider_id: str):
-    """
-    Deletes the periodic task associated with a specific provider.
-
-    Args:
-        provider_id (str): The unique identifier for the provider
-                           whose related periodic task should be deleted.
-    """
-    task_name = f"scan-perform-scheduled-{provider_id}"
-    PeriodicTask.objects.filter(name=task_name).delete()
-
-
 # Postgres Enums


@@ -227,77 +210,6 @@ def register_enum(apps, schema_editor, enum_class):  # noqa: F841
        register_adapter(enum_class, enum_adapter)


-def create_index_on_partitions(
-    apps,  # noqa: F841
-    schema_editor,
-    parent_table: str,
-    index_name: str,
-    columns: str,
-    method: str = "BTREE",
-    where: str = "",
-):
-    """
-    Create an index on every existing partition of `parent_table`.
-
-    Args:
-        parent_table: The name of the root table (e.g. "findings").
-        index_name: A short name for the index (will be prefixed per-partition).
-        columns: The parenthesized column list, e.g. "tenant_id, scan_id, status".
-        method:   The index method—BTREE, GIN, etc.  Defaults to BTREE.
-        where:    Optional WHERE clause (without the leading "WHERE"), e.g. "status = 'FAIL'".
-    """
-    with connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass
-            """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-
-    where_sql = f" WHERE {where}" if where else ""
-    for partition in partitions:
-        idx_name = f"{partition.replace('.', '_')}_{index_name}"
-        sql = (
-            f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {idx_name} "
-            f"ON {partition} USING {method} ({columns})"
-            f"{where_sql};"
-        )
-        schema_editor.execute(sql)
-
-
-def drop_index_on_partitions(
-    apps,  # noqa: F841
-    schema_editor,
-    parent_table: str,
-    index_name: str,
-):
-    """
-    Drop the per-partition indexes that were created by create_index_on_partitions.
-
-    Args:
-        parent_table: The name of the root table (e.g. "findings").
-        index_name:   The same short name used when creating them.
-    """
-    with connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass
-            """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-
-    for partition in partitions:
-        idx_name = f"{partition.replace('.', '_')}_{index_name}"
-        sql = f"DROP INDEX CONCURRENTLY IF EXISTS {idx_name};"
-        schema_editor.execute(sql)
-
-
 # Postgres enum definition for member role


@@ -404,15 +316,3 @@ class InvitationStateEnum(EnumType):
 class InvitationStateEnumField(PostgresEnumField):
    def __init__(self, *args, **kwargs):
        super().__init__("invitation_state", *args, **kwargs)
-
-
-# Postgres enum definition for Integration type
-
-
-class IntegrationTypeEnum(EnumType):
-    enum_type_name = "integration_type"
-
-
-class IntegrationTypeEnumField(PostgresEnumField):
-    def __init__(self, *args, **kwargs):
-        super().__init__("integration_type", *args, **kwargs)
--- a/api/src/backend/api/decorators.py
+++ b/api/src/backend/api/decorators.py
@@ -7,7 +7,7 @@ from rest_framework_json_api.serializers import ValidationError
 from api.db_utils import POSTGRES_TENANT_VAR, SET_CONFIG_QUERY


-def set_tenant(func=None, *, keep_tenant=False):
+def set_tenant(func):
    """
    Decorator to set the tenant context for a Celery task based on the provided tenant_id.

@@ -40,29 +40,20 @@ def set_tenant(func=None, *, keep_tenant=False):
        # The tenant context will be set before the task logic executes.
    """

-    def decorator(func):
-        @wraps(func)
-        @transaction.atomic
-        def wrapper(*args, **kwargs):
-            try:
-                if not keep_tenant:
-                    tenant_id = kwargs.pop("tenant_id")
-                else:
-                    tenant_id = kwargs["tenant_id"]
-            except KeyError:
-                raise KeyError("This task requires the tenant_id")
-            try:
-                uuid.UUID(tenant_id)
-            except ValueError:
-                raise ValidationError("Tenant ID must be a valid UUID")
-            with connection.cursor() as cursor:
-                cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])
+    @wraps(func)
+    @transaction.atomic
+    def wrapper(*args, **kwargs):
+        try:
+            tenant_id = kwargs.pop("tenant_id")
+        except KeyError:
+            raise KeyError("This task requires the tenant_id")
+        try:
+            uuid.UUID(tenant_id)
+        except ValueError:
+            raise ValidationError("Tenant ID must be a valid UUID")
+        with connection.cursor() as cursor:
+            cursor.execute(SET_CONFIG_QUERY, [POSTGRES_TENANT_VAR, tenant_id])

-            return func(*args, **kwargs)
+        return func(*args, **kwargs)

-        return wrapper
-
-    if func is None:
-        return decorator
-    else:
-        return decorator(func)
+    return wrapper
--- a/api/src/backend/api/filters.py
+++ b/api/src/backend/api/filters.py
@@ -1,4 +1,4 @@
-from datetime import date, datetime, timedelta, timezone
+from datetime import date, datetime, timezone

 from django.conf import settings
 from django.db.models import Q
@@ -24,7 +24,6 @@ from api.db_utils import (
 from api.models import (
    ComplianceOverview,
    Finding,
-    Integration,
    Invitation,
    Membership,
    PermissionChoices,
@@ -81,114 +80,6 @@ class ChoiceInFilter(BaseInFilter, ChoiceFilter):
    pass


-class CommonFindingFilters(FilterSet):
-    # We filter providers from the scan in findings
-    provider = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
-    provider__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
-    provider_type = ChoiceFilter(
-        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
-    )
-    provider_type__in = ChoiceInFilter(
-        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
-    )
-    provider_uid = CharFilter(field_name="scan__provider__uid", lookup_expr="exact")
-    provider_uid__in = CharInFilter(field_name="scan__provider__uid", lookup_expr="in")
-    provider_uid__icontains = CharFilter(
-        field_name="scan__provider__uid", lookup_expr="icontains"
-    )
-    provider_alias = CharFilter(field_name="scan__provider__alias", lookup_expr="exact")
-    provider_alias__in = CharInFilter(
-        field_name="scan__provider__alias", lookup_expr="in"
-    )
-    provider_alias__icontains = CharFilter(
-        field_name="scan__provider__alias", lookup_expr="icontains"
-    )
-
-    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
-
-    uid = CharFilter(field_name="uid")
-    delta = ChoiceFilter(choices=Finding.DeltaChoices.choices)
-    status = ChoiceFilter(choices=StatusChoices.choices)
-    severity = ChoiceFilter(choices=SeverityChoices)
-    impact = ChoiceFilter(choices=SeverityChoices)
-    muted = BooleanFilter(
-        help_text="If this filter is not provided, muted and non-muted findings will be returned."
-    )
-
-    resources = UUIDInFilter(field_name="resource__id", lookup_expr="in")
-
-    region = CharFilter(method="filter_resource_region")
-    region__in = CharInFilter(field_name="resource_regions", lookup_expr="overlap")
-    region__icontains = CharFilter(
-        field_name="resource_regions", lookup_expr="icontains"
-    )
-
-    service = CharFilter(method="filter_resource_service")
-    service__in = CharInFilter(field_name="resource_services", lookup_expr="overlap")
-    service__icontains = CharFilter(
-        field_name="resource_services", lookup_expr="icontains"
-    )
-
-    resource_uid = CharFilter(field_name="resources__uid")
-    resource_uid__in = CharInFilter(field_name="resources__uid", lookup_expr="in")
-    resource_uid__icontains = CharFilter(
-        field_name="resources__uid", lookup_expr="icontains"
-    )
-
-    resource_name = CharFilter(field_name="resources__name")
-    resource_name__in = CharInFilter(field_name="resources__name", lookup_expr="in")
-    resource_name__icontains = CharFilter(
-        field_name="resources__name", lookup_expr="icontains"
-    )
-
-    resource_type = CharFilter(method="filter_resource_type")
-    resource_type__in = CharInFilter(field_name="resource_types", lookup_expr="overlap")
-    resource_type__icontains = CharFilter(
-        field_name="resources__type", lookup_expr="icontains"
-    )
-
-    # Temporarily disabled until we implement tag filtering in the UI
-    # resource_tag_key = CharFilter(field_name="resources__tags__key")
-    # resource_tag_key__in = CharInFilter(
-    #     field_name="resources__tags__key", lookup_expr="in"
-    # )
-    # resource_tag_key__icontains = CharFilter(
-    #     field_name="resources__tags__key", lookup_expr="icontains"
-    # )
-    # resource_tag_value = CharFilter(field_name="resources__tags__value")
-    # resource_tag_value__in = CharInFilter(
-    #     field_name="resources__tags__value", lookup_expr="in"
-    # )
-    # resource_tag_value__icontains = CharFilter(
-    #     field_name="resources__tags__value", lookup_expr="icontains"
-    # )
-    # resource_tags = CharInFilter(
-    #     method="filter_resource_tag",
-    #     lookup_expr="in",
-    #     help_text="Filter by resource tags `key:value` pairs.\nMultiple values may be "
-    #     "separated by commas.",
-    # )
-
-    def filter_resource_service(self, queryset, name, value):
-        return queryset.filter(resource_services__contains=[value])
-
-    def filter_resource_region(self, queryset, name, value):
-        return queryset.filter(resource_regions__contains=[value])
-
-    def filter_resource_type(self, queryset, name, value):
-        return queryset.filter(resource_types__contains=[value])
-
-    def filter_resource_tag(self, queryset, name, value):
-        overall_query = Q()
-        for key_value_pair in value:
-            tag_key, tag_value = key_value_pair.split(":", 1)
-            overall_query |= Q(
-                resources__tags__key__icontains=tag_key,
-                resources__tags__value__icontains=tag_value,
-            )
-        return queryset.filter(overall_query).distinct()
-
-
 class TenantFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
@@ -365,20 +256,76 @@ class ResourceFilter(ProviderRelationshipFilterSet):
        return queryset.filter(tags__text_search=value)


-class FindingFilter(CommonFindingFilters):
+class FindingFilter(FilterSet):
+    # We filter providers from the scan in findings
+    provider = UUIDFilter(field_name="scan__provider__id", lookup_expr="exact")
+    provider__in = UUIDInFilter(field_name="scan__provider__id", lookup_expr="in")
+    provider_type = ChoiceFilter(
+        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
+    )
+    provider_type__in = ChoiceInFilter(
+        choices=Provider.ProviderChoices.choices, field_name="scan__provider__provider"
+    )
+    provider_uid = CharFilter(field_name="scan__provider__uid", lookup_expr="exact")
+    provider_uid__in = CharInFilter(field_name="scan__provider__uid", lookup_expr="in")
+    provider_uid__icontains = CharFilter(
+        field_name="scan__provider__uid", lookup_expr="icontains"
+    )
+    provider_alias = CharFilter(field_name="scan__provider__alias", lookup_expr="exact")
+    provider_alias__in = CharInFilter(
+        field_name="scan__provider__alias", lookup_expr="in"
+    )
+    provider_alias__icontains = CharFilter(
+        field_name="scan__provider__alias", lookup_expr="icontains"
+    )
+
+    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
+
+    uid = CharFilter(field_name="uid")
+    delta = ChoiceFilter(choices=Finding.DeltaChoices.choices)
+    status = ChoiceFilter(choices=StatusChoices.choices)
+    severity = ChoiceFilter(choices=SeverityChoices)
+    impact = ChoiceFilter(choices=SeverityChoices)
+
+    resources = UUIDInFilter(field_name="resource__id", lookup_expr="in")
+
+    region = CharFilter(field_name="resources__region")
+    region__in = CharInFilter(field_name="resources__region", lookup_expr="in")
+    region__icontains = CharFilter(
+        field_name="resources__region", lookup_expr="icontains"
+    )
+
+    service = CharFilter(field_name="resources__service")
+    service__in = CharInFilter(field_name="resources__service", lookup_expr="in")
+    service__icontains = CharFilter(
+        field_name="resources__service", lookup_expr="icontains"
+    )
+
+    resource_uid = CharFilter(field_name="resources__uid")
+    resource_uid__in = CharInFilter(field_name="resources__uid", lookup_expr="in")
+    resource_uid__icontains = CharFilter(
+        field_name="resources__uid", lookup_expr="icontains"
+    )
+
+    resource_name = CharFilter(field_name="resources__name")
+    resource_name__in = CharInFilter(field_name="resources__name", lookup_expr="in")
+    resource_name__icontains = CharFilter(
+        field_name="resources__name", lookup_expr="icontains"
+    )
+
+    resource_type = CharFilter(field_name="resources__type")
+    resource_type__in = CharInFilter(field_name="resources__type", lookup_expr="in")
+    resource_type__icontains = CharFilter(
+        field_name="resources__type", lookup_expr="icontains"
+    )
+
    scan = UUIDFilter(method="filter_scan_id")
    scan__in = UUIDInFilter(method="filter_scan_id_in")

    inserted_at = DateFilter(method="filter_inserted_at", lookup_expr="date")
    inserted_at__date = DateFilter(method="filter_inserted_at", lookup_expr="date")
-    inserted_at__gte = DateFilter(
-        method="filter_inserted_at_gte",
-        help_text=f"Maximum date range is {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-    )
-    inserted_at__lte = DateFilter(
-        method="filter_inserted_at_lte",
-        help_text=f"Maximum date range is {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-    )
+    inserted_at__gte = DateFilter(method="filter_inserted_at_gte")
+    inserted_at__lte = DateFilter(method="filter_inserted_at_lte")

    class Meta:
        model = Finding
@@ -406,61 +353,6 @@ class FindingFilter(CommonFindingFilters):
            },
        }

-    def filter_resource_type(self, queryset, name, value):
-        return queryset.filter(resource_types__contains=[value])
-
-    def filter_resource_region(self, queryset, name, value):
-        return queryset.filter(resource_regions__contains=[value])
-
-    def filter_resource_service(self, queryset, name, value):
-        return queryset.filter(resource_services__contains=[value])
-
-    def filter_queryset(self, queryset):
-        if not (self.data.get("scan") or self.data.get("scan__in")) and not (
-            self.data.get("inserted_at")
-            or self.data.get("inserted_at__date")
-            or self.data.get("inserted_at__gte")
-            or self.data.get("inserted_at__lte")
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": "At least one date filter is required: filter[inserted_at], filter[inserted_at.gte], "
-                        "or filter[inserted_at.lte].",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/inserted_at"},
-                        "code": "required",
-                    }
-                ]
-            )
-
-        gte_date = (
-            datetime.strptime(self.data.get("inserted_at__gte"), "%Y-%m-%d").date()
-            if self.data.get("inserted_at__gte")
-            else datetime.now(timezone.utc).date()
-        )
-        lte_date = (
-            datetime.strptime(self.data.get("inserted_at__lte"), "%Y-%m-%d").date()
-            if self.data.get("inserted_at__lte")
-            else datetime.now(timezone.utc).date()
-        )
-
-        if abs(lte_date - gte_date) > timedelta(
-            days=settings.FINDINGS_MAX_DAYS_IN_RANGE
-        ):
-            raise ValidationError(
-                [
-                    {
-                        "detail": f"The date range cannot exceed {settings.FINDINGS_MAX_DAYS_IN_RANGE} days.",
-                        "status": 400,
-                        "source": {"pointer": "/data/attributes/inserted_at"},
-                        "code": "invalid",
-                    }
-                ]
-            )
-
-        return super().filter_queryset(queryset)
-
    #  Convert filter values to UUIDv7 values for use with partitioning
    def filter_scan_id(self, queryset, name, value):
        try:
@@ -481,7 +373,9 @@ class FindingFilter(CommonFindingFilters):
            )

        return (
-            queryset.filter(id__gte=start).filter(id__lt=end).filter(scan_id=value_uuid)
+            queryset.filter(id__gte=start)
+            .filter(id__lt=end)
+            .filter(scan__id=value_uuid)
        )

    def filter_scan_id_in(self, queryset, name, value):
@@ -506,32 +400,31 @@ class FindingFilter(CommonFindingFilters):
                ]
            )
        if start == end:
-            return queryset.filter(id__gte=start).filter(scan_id__in=uuid_list)
+            return queryset.filter(id__gte=start).filter(scan__id__in=uuid_list)
        else:
            return (
                queryset.filter(id__gte=start)
                .filter(id__lt=end)
-                .filter(scan_id__in=uuid_list)
+                .filter(scan__id__in=uuid_list)
            )

    def filter_inserted_at(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        start = uuid7_start(datetime_to_uuid7(datetime_value))
-        end = uuid7_start(datetime_to_uuid7(datetime_value + timedelta(days=1)))
+        value = self.maybe_date_to_datetime(value)
+        start = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__gte=start, id__lt=end)
+        return queryset.filter(id__gte=start).filter(inserted_at__date=value)

    def filter_inserted_at_gte(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        start = uuid7_start(datetime_to_uuid7(datetime_value))
+        value = self.maybe_date_to_datetime(value)
+        start = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__gte=start)
+        return queryset.filter(id__gte=start).filter(inserted_at__gte=value)

    def filter_inserted_at_lte(self, queryset, name, value):
-        datetime_value = self.maybe_date_to_datetime(value)
-        end = uuid7_start(datetime_to_uuid7(datetime_value + timedelta(days=1)))
+        value = self.maybe_date_to_datetime(value)
+        end = uuid7_start(datetime_to_uuid7(value))

-        return queryset.filter(id__lt=end)
+        return queryset.filter(id__lte=end).filter(inserted_at__lte=value)

    @staticmethod
    def maybe_date_to_datetime(value):
@@ -541,31 +434,6 @@ class FindingFilter(CommonFindingFilters):
        return dt


-class LatestFindingFilter(CommonFindingFilters):
-    class Meta:
-        model = Finding
-        fields = {
-            "id": ["exact", "in"],
-            "uid": ["exact", "in"],
-            "delta": ["exact", "in"],
-            "status": ["exact", "in"],
-            "severity": ["exact", "in"],
-            "impact": ["exact", "in"],
-            "check_id": ["exact", "in", "icontains"],
-        }
-        filter_overrides = {
-            FindingDeltaEnumField: {
-                "filter_class": CharFilter,
-            },
-            StatusEnumField: {
-                "filter_class": CharFilter,
-            },
-            SeverityEnumField: {
-                "filter_class": CharFilter,
-            },
-        }
-
-
 class ProviderSecretFilter(FilterSet):
    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
    updated_at = DateFilter(field_name="updated_at", lookup_expr="date")
@@ -662,6 +530,12 @@ class ScanSummaryFilter(FilterSet):
        field_name="scan__provider__provider", choices=Provider.ProviderChoices.choices
    )
    region = CharFilter(field_name="region")
+    muted_findings = BooleanFilter(method="filter_muted_findings")
+
+    def filter_muted_findings(self, queryset, name, value):
+        if not value:
+            return queryset.exclude(muted__gt=0)
+        return queryset

    class Meta:
        model = ScanSummary
@@ -672,6 +546,8 @@ class ScanSummaryFilter(FilterSet):


 class ServiceOverviewFilter(ScanSummaryFilter):
+    muted_findings = None
+
    def is_valid(self):
        # Check if at least one of the inserted_at filters is present
        inserted_at_filters = [
@@ -689,19 +565,3 @@ class ServiceOverviewFilter(ScanSummaryFilter):
                }
            )
        return super().is_valid()
-
-
-class IntegrationFilter(FilterSet):
-    inserted_at = DateFilter(field_name="inserted_at", lookup_expr="date")
-    integration_type = ChoiceFilter(choices=Integration.IntegrationChoices.choices)
-    integration_type__in = ChoiceInFilter(
-        choices=Integration.IntegrationChoices.choices,
-        field_name="integration_type",
-        lookup_expr="in",
-    )
-
-    class Meta:
-        model = Integration
-        fields = {
-            "inserted_at": ["date", "gte", "lte"],
-        }
--- a/api/src/backend/api/fixtures/dev/2_dev_providers.json
+++ b/api/src/backend/api/fixtures/dev/2_dev_providers.json
@@ -122,22 +122,6 @@
      "scanner_args": {}
    }
  },
-  {
-    "model": "api.provider",
-    "pk": "7791914f-d646-4fe2-b2ed-73f2c6499a36",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "inserted_at": "2024-10-18T10:45:26.352Z",
-      "updated_at": "2024-10-18T11:16:23.533Z",
-      "provider": "kubernetes",
-      "uid": "gke_lucky-coast-419309_us-central1_autopilot-cluster-2",
-      "alias": "k8s_testing_2",
-      "connected": true,
-      "connection_last_checked_at": "2024-10-18T11:16:23.503Z",
-      "metadata": {},
-      "scanner_args": {}
-    }
-  },
  {
    "model": "api.providersecret",
    "pk": "11491b47-75ae-4f71-ad8d-3e630a72182e",
--- a/api/src/backend/api/fixtures/dev/3_dev_scans.json
+++ b/api/src/backend/api/fixtures/dev/3_dev_scans.json
@@ -11,7 +11,9 @@
      "unique_resource_count": 1,
      "duration": 5,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-01T17:25:27.050Z",
      "started_at": "2024-09-01T17:25:27.050Z",
@@ -31,7 +33,9 @@
      "unique_resource_count": 1,
      "duration": 20,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-02T17:24:27.050Z",
      "started_at": "2024-09-02T17:24:27.050Z",
@@ -51,7 +55,9 @@
      "unique_resource_count": 10,
      "duration": 10,
      "scanner_args": {
-        "checks_to_execute": ["cloudsql_instance_automated_backups"]
+        "checks_to_execute": [
+          "cloudsql_instance_automated_backups"
+        ]
      },
      "inserted_at": "2024-09-02T19:26:27.050Z",
      "started_at": "2024-09-02T19:26:27.050Z",
@@ -71,7 +77,9 @@
      "unique_resource_count": 1,
      "duration": 35,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "inserted_at": "2024-09-02T19:27:27.050Z",
      "started_at": "2024-09-02T19:27:27.050Z",
@@ -89,7 +97,9 @@
      "name": "test scheduled aws scan",
      "state": "available",
      "scanner_args": {
-        "checks_to_execute": ["cloudformation_stack_outputs_find_secrets"]
+        "checks_to_execute": [
+          "cloudformation_stack_outputs_find_secrets"
+        ]
      },
      "scheduled_at": "2030-09-02T19:20:27.050Z",
      "inserted_at": "2024-09-02T19:24:27.050Z",
@@ -168,7 +178,9 @@
      "unique_resource_count": 19,
      "progress": 100,
      "scanner_args": {
-        "checks_to_execute": ["accessanalyzer_enabled"]
+        "checks_to_execute": [
+          "accessanalyzer_enabled"
+        ]
      },
      "duration": 7,
      "scheduled_at": null,
@@ -178,56 +190,6 @@
      "completed_at": "2024-10-18T10:46:05.127Z"
    }
  },
-  {
-    "model": "api.scan",
-    "pk": "6dd8925f-a52d-48de-a546-d2d90db30ab1",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "real scan azure",
-      "provider": "1b59e032-3eb6-4694-93a5-df84cd9b3ce2",
-      "trigger": "manual",
-      "state": "completed",
-      "unique_resource_count": 20,
-      "progress": 100,
-      "scanner_args": {
-        "checks_to_execute": [
-          "accessanalyzer_enabled",
-          "account_security_contact_information_is_registered"
-        ]
-      },
-      "duration": 4,
-      "scheduled_at": null,
-      "inserted_at": "2024-10-18T11:16:21.358Z",
-      "updated_at": "2024-10-18T11:16:26.060Z",
-      "started_at": "2024-10-18T11:16:21.593Z",
-      "completed_at": "2024-10-18T11:16:26.060Z"
-    }
-  },
-  {
-    "model": "api.scan",
-    "pk": "4ca7ce89-3236-41a8-a369-8937bc152af5",
-    "fields": {
-      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
-      "name": "real scan k8s",
-      "provider": "7791914f-d646-4fe2-b2ed-73f2c6499a36",
-      "trigger": "manual",
-      "state": "completed",
-      "unique_resource_count": 20,
-      "progress": 100,
-      "scanner_args": {
-        "checks_to_execute": [
-          "accessanalyzer_enabled",
-          "account_security_contact_information_is_registered"
-        ]
-      },
-      "duration": 4,
-      "scheduled_at": null,
-      "inserted_at": "2024-10-18T11:16:21.358Z",
-      "updated_at": "2024-10-18T11:16:26.060Z",
-      "started_at": "2024-10-18T11:16:21.593Z",
-      "completed_at": "2024-10-18T11:16:26.060Z"
-    }
-  },
  {
    "model": "api.scan",
    "pk": "01929f57-c0ee-7553-be0b-cbde006fb6f7",
--- a/api/src/backend/api/fixtures/dev/5_dev_findings.json
+++ b/api/src/backend/api/fixtures/dev/5_dev_findings.json
@@ -6,7 +6,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.823Z",
      "updated_at": "2024-10-18T10:46:04.841Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -62,7 +61,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.855Z",
      "updated_at": "2024-10-18T10:46:04.858Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -118,7 +116,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.869Z",
      "updated_at": "2024-10-18T10:46:04.876Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -174,7 +171,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.888Z",
      "updated_at": "2024-10-18T10:46:04.892Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -230,7 +226,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.901Z",
      "updated_at": "2024-10-18T10:46:04.905Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -286,7 +281,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.915Z",
      "updated_at": "2024-10-18T10:46:04.919Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -342,7 +336,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.929Z",
      "updated_at": "2024-10-18T10:46:04.934Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -398,7 +391,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.944Z",
      "updated_at": "2024-10-18T10:46:04.947Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -454,7 +446,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.957Z",
      "updated_at": "2024-10-18T10:46:04.962Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": "new",
      "status": "PASS",
@@ -510,7 +501,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.971Z",
      "updated_at": "2024-10-18T10:46:04.975Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -566,7 +556,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.984Z",
      "updated_at": "2024-10-18T10:46:04.989Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -622,7 +611,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:04.999Z",
      "updated_at": "2024-10-18T10:46:05.003Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -678,7 +666,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.013Z",
      "updated_at": "2024-10-18T10:46:05.018Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -734,7 +721,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.029Z",
      "updated_at": "2024-10-18T10:46:05.033Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -790,7 +776,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.045Z",
      "updated_at": "2024-10-18T10:46:05.050Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -846,7 +831,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.061Z",
      "updated_at": "2024-10-18T10:46:05.065Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -902,7 +886,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.080Z",
      "updated_at": "2024-10-18T10:46:05.085Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -958,7 +941,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.099Z",
      "updated_at": "2024-10-18T10:46:05.104Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1014,7 +996,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T10:46:05.115Z",
      "updated_at": "2024-10-18T10:46:05.121Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": "new",
      "status": "FAIL",
@@ -1070,7 +1051,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.489Z",
      "updated_at": "2024-10-18T11:16:24.506Z",
-      "first_seen_at": "2024-10-18T10:46:04.823Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-south-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1126,7 +1106,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.518Z",
      "updated_at": "2024-10-18T11:16:24.521Z",
-      "first_seen_at": "2024-10-18T10:46:04.855Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1182,7 +1161,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.526Z",
      "updated_at": "2024-10-18T11:16:24.529Z",
-      "first_seen_at": "2024-10-18T10:46:04.869Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1238,7 +1216,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.535Z",
      "updated_at": "2024-10-18T11:16:24.538Z",
-      "first_seen_at": "2024-10-18T10:46:04.888Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1294,7 +1271,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.544Z",
      "updated_at": "2024-10-18T11:16:24.546Z",
-      "first_seen_at": "2024-10-18T10:46:04.901Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1350,7 +1326,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.551Z",
      "updated_at": "2024-10-18T11:16:24.554Z",
-      "first_seen_at": "2024-10-18T10:46:04.915Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-south-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1406,7 +1381,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.560Z",
      "updated_at": "2024-10-18T11:16:24.562Z",
-      "first_seen_at": "2024-10-18T10:46:04.929Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1462,7 +1436,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.567Z",
      "updated_at": "2024-10-18T11:16:24.569Z",
-      "first_seen_at": "2024-10-18T10:46:04.944Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ca-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1518,7 +1491,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.573Z",
      "updated_at": "2024-10-18T11:16:24.575Z",
-      "first_seen_at": "2024-10-18T10:46:04.957Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-east-1-ConsoleAnalyzer-83b66ad7-d024-454e-b851-52d11cc1cf7c",
      "delta": null,
      "status": "PASS",
@@ -1574,7 +1546,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.580Z",
      "updated_at": "2024-10-18T11:16:24.582Z",
-      "first_seen_at": "2024-10-18T10:46:04.971Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1630,7 +1601,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.587Z",
      "updated_at": "2024-10-18T11:16:24.589Z",
-      "first_seen_at": "2024-10-18T10:46:04.984Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-sa-east-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1686,7 +1656,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.595Z",
      "updated_at": "2024-10-18T11:16:24.597Z",
-      "first_seen_at": "2024-10-18T10:46:04.999Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-north-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1742,7 +1711,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.602Z",
      "updated_at": "2024-10-18T11:16:24.604Z",
-      "first_seen_at": "2024-10-18T10:46:05.013Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-us-west-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1798,7 +1766,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.610Z",
      "updated_at": "2024-10-18T11:16:24.612Z",
-      "first_seen_at": "2024-10-18T10:46:05.029Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1854,7 +1821,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.617Z",
      "updated_at": "2024-10-18T11:16:24.620Z",
-      "first_seen_at": "2024-10-18T10:46:05.045Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-eu-central-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1910,7 +1876,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.625Z",
      "updated_at": "2024-10-18T11:16:24.627Z",
-      "first_seen_at": "2024-10-18T10:46:05.061Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-1-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -1966,7 +1931,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.632Z",
      "updated_at": "2024-10-18T11:16:24.634Z",
-      "first_seen_at": "2024-10-18T10:46:05.080Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-southeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2022,7 +1986,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.639Z",
      "updated_at": "2024-10-18T11:16:24.642Z",
-      "first_seen_at": "2024-10-18T10:46:05.099Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-2-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2078,7 +2041,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:24.646Z",
      "updated_at": "2024-10-18T11:16:24.648Z",
-      "first_seen_at": "2024-10-18T10:46:05.115Z",
      "uid": "prowler-aws-accessanalyzer_enabled-112233445566-ap-northeast-3-112233445566",
      "delta": null,
      "status": "FAIL",
@@ -2134,7 +2096,6 @@
      "tenant": "12646005-9067-4d2a-a098-8bb378604362",
      "inserted_at": "2024-10-18T11:16:26.033Z",
      "updated_at": "2024-10-18T11:16:26.045Z",
-      "first_seen_at": "2024-10-18T11:16:26.033Z",
      "uid": "prowler-aws-account_security_contact_information_is_registered-112233445566-us-east-1-112233445566",
      "delta": "new",
      "status": "MANUAL",
--- a/api/src/backend/api/management/commands/findings.py
+++ b/api/src/backend/api/management/commands/findings.py
@@ -1,285 +0,0 @@
-import random
-from datetime import datetime, timezone
-from math import ceil
-from uuid import uuid4
-
-from django.core.management.base import BaseCommand
-from tqdm import tqdm
-
-from api.db_utils import rls_transaction
-from api.models import (
-    Finding,
-    Provider,
-    Resource,
-    ResourceFindingMapping,
-    ResourceScanSummary,
-    Scan,
-    StatusChoices,
-)
-from prowler.lib.check.models import CheckMetadata
-
-
-class Command(BaseCommand):
-    help = "Populates the database with test data for performance testing."
-
-    def add_arguments(self, parser):
-        parser.add_argument(
-            "--tenant",
-            type=str,
-            required=True,
-            help="Tenant id for which the data will be populated.",
-        )
-        parser.add_argument(
-            "--resources",
-            type=int,
-            required=True,
-            help="The number of resources to create.",
-        )
-        parser.add_argument(
-            "--findings",
-            type=int,
-            required=True,
-            help="The number of findings to create.",
-        )
-        parser.add_argument(
-            "--batch", type=int, required=True, help="The batch size for bulk creation."
-        )
-        parser.add_argument(
-            "--alias",
-            type=str,
-            required=False,
-            help="Optional alias for the provider and scan",
-        )
-
-    def handle(self, *args, **options):
-        tenant_id = options["tenant"]
-        num_resources = options["resources"]
-        num_findings = options["findings"]
-        batch_size = options["batch"]
-        alias = options["alias"] or "Testing"
-        uid_token = str(uuid4())
-
-        self.stdout.write(self.style.NOTICE("Starting data population"))
-        self.stdout.write(self.style.NOTICE(f"\tTenant: {tenant_id}"))
-        self.stdout.write(self.style.NOTICE(f"\tAlias: {alias}"))
-        self.stdout.write(self.style.NOTICE(f"\tResources: {num_resources}"))
-        self.stdout.write(self.style.NOTICE(f"\tFindings: {num_findings}"))
-        self.stdout.write(self.style.NOTICE(f"\tBatch size: {batch_size}\n\n"))
-
-        # Resource metadata
-        possible_regions = [
-            "us-east-1",
-            "us-east-2",
-            "us-west-1",
-            "us-west-2",
-            "ca-central-1",
-            "eu-central-1",
-            "eu-west-1",
-            "eu-west-2",
-            "eu-west-3",
-            "ap-southeast-1",
-            "ap-southeast-2",
-            "ap-northeast-1",
-            "ap-northeast-2",
-            "ap-south-1",
-            "sa-east-1",
-        ]
-        possible_services = []
-        possible_types = []
-
-        bulk_check_metadata = CheckMetadata.get_bulk(provider="aws")
-        for check_metadata in bulk_check_metadata.values():
-            if check_metadata.ServiceName not in possible_services:
-                possible_services.append(check_metadata.ServiceName)
-            if (
-                check_metadata.ResourceType
-                and check_metadata.ResourceType not in possible_types
-            ):
-                possible_types.append(check_metadata.ResourceType)
-
-        with rls_transaction(tenant_id):
-            provider, _ = Provider.all_objects.get_or_create(
-                tenant_id=tenant_id,
-                provider="aws",
-                connected=True,
-                uid=str(random.randint(100000000000, 999999999999)),
-                defaults={
-                    "alias": alias,
-                },
-            )
-
-        with rls_transaction(tenant_id):
-            scan = Scan.all_objects.create(
-                tenant_id=tenant_id,
-                provider=provider,
-                name=alias,
-                trigger="manual",
-                state="executing",
-                progress=0,
-                started_at=datetime.now(timezone.utc),
-            )
-        scan_state = "completed"
-
-        try:
-            # Create resources
-            resources = []
-
-            for i in range(num_resources):
-                resources.append(
-                    Resource(
-                        tenant_id=tenant_id,
-                        provider_id=provider.id,
-                        uid=f"testing-{uid_token}-{i}",
-                        name=f"Testing {uid_token}-{i}",
-                        region=random.choice(possible_regions),
-                        service=random.choice(possible_services),
-                        type=random.choice(possible_types),
-                        inserted_at="2024-10-01T00:00:00Z",
-                    )
-                )
-
-            num_batches = ceil(len(resources) / batch_size)
-            self.stdout.write(self.style.WARNING("Creating resources..."))
-            for i in tqdm(range(0, len(resources), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    Resource.all_objects.bulk_create(resources[i : i + batch_size])
-            self.stdout.write(self.style.SUCCESS("Resources created successfully.\n\n"))
-
-            with rls_transaction(tenant_id):
-                scan.progress = 33
-                scan.save()
-
-            # Create Findings
-            findings = []
-            possible_deltas = ["new", "changed", None]
-            possible_severities = ["critical", "high", "medium", "low"]
-            findings_resources_mapping = []
-
-            for i in range(num_findings):
-                severity = random.choice(possible_severities)
-                check_id = random.randint(1, 1000)
-                assigned_resource_num = random.randint(0, len(resources) - 1)
-                assigned_resource = resources[assigned_resource_num]
-                findings_resources_mapping.append(assigned_resource_num)
-
-                findings.append(
-                    Finding(
-                        tenant_id=tenant_id,
-                        scan=scan,
-                        uid=f"testing-{uid_token}-{i}",
-                        delta=random.choice(possible_deltas),
-                        check_id=f"check-{check_id}",
-                        status=random.choice(list(StatusChoices)),
-                        severity=severity,
-                        impact=severity,
-                        raw_result={},
-                        check_metadata={
-                            "checktitle": f"Test title for check {check_id}",
-                            "risk": f"Testing risk {uid_token}-{i}",
-                            "provider": "aws",
-                            "severity": severity,
-                            "categories": ["category1", "category2", "category3"],
-                            "description": "This is a random description that should not matter for testing purposes.",
-                            "servicename": assigned_resource.service,
-                            "resourcetype": assigned_resource.type,
-                        },
-                        resource_types=[assigned_resource.type],
-                        resource_regions=[assigned_resource.region],
-                        resource_services=[assigned_resource.service],
-                        inserted_at="2024-10-01T00:00:00Z",
-                    )
-                )
-
-            num_batches = ceil(len(findings) / batch_size)
-            self.stdout.write(self.style.WARNING("Creating findings..."))
-            for i in tqdm(range(0, len(findings), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    Finding.all_objects.bulk_create(findings[i : i + batch_size])
-            self.stdout.write(self.style.SUCCESS("Findings created successfully.\n\n"))
-
-            with rls_transaction(tenant_id):
-                scan.progress = 66
-                scan.save()
-
-            # Create ResourceFindingMapping
-            mappings = []
-            scan_resource_cache: set[tuple] = set()
-            for index, finding_instance in enumerate(findings):
-                resource_instance = resources[findings_resources_mapping[index]]
-                mappings.append(
-                    ResourceFindingMapping(
-                        tenant_id=tenant_id,
-                        resource=resource_instance,
-                        finding=finding_instance,
-                    )
-                )
-                scan_resource_cache.add(
-                    (
-                        str(resource_instance.id),
-                        resource_instance.service,
-                        resource_instance.region,
-                        resource_instance.type,
-                    )
-                )
-
-            num_batches = ceil(len(mappings) / batch_size)
-            self.stdout.write(
-                self.style.WARNING("Creating resource-finding mappings...")
-            )
-            for i in tqdm(range(0, len(mappings), batch_size), total=num_batches):
-                with rls_transaction(tenant_id):
-                    ResourceFindingMapping.objects.bulk_create(
-                        mappings[i : i + batch_size]
-                    )
-            self.stdout.write(
-                self.style.SUCCESS(
-                    "Resource-finding mappings created successfully.\n\n"
-                )
-            )
-
-            with rls_transaction(tenant_id):
-                scan.progress = 99
-                scan.save()
-
-            self.stdout.write(self.style.WARNING("Creating finding filter values..."))
-            resource_scan_summaries = [
-                ResourceScanSummary(
-                    tenant_id=tenant_id,
-                    scan_id=str(scan.id),
-                    resource_id=resource_id,
-                    service=service,
-                    region=region,
-                    resource_type=resource_type,
-                )
-                for resource_id, service, region, resource_type in scan_resource_cache
-            ]
-            num_batches = ceil(len(resource_scan_summaries) / batch_size)
-            with rls_transaction(tenant_id):
-                for i in tqdm(
-                    range(0, len(resource_scan_summaries), batch_size),
-                    total=num_batches,
-                ):
-                    with rls_transaction(tenant_id):
-                        ResourceScanSummary.objects.bulk_create(
-                            resource_scan_summaries[i : i + batch_size],
-                            ignore_conflicts=True,
-                        )
-
-            self.stdout.write(
-                self.style.SUCCESS("Finding filter values created successfully.\n\n")
-            )
-        except Exception as e:
-            self.stdout.write(self.style.ERROR(f"Failed to populate test data: {e}"))
-            scan_state = "failed"
-        finally:
-            scan.completed_at = datetime.now(timezone.utc)
-            scan.duration = int(
-                (datetime.now(timezone.utc) - scan.started_at).total_seconds()
-            )
-            scan.progress = 100
-            scan.state = scan_state
-            scan.unique_resource_count = num_resources
-            with rls_transaction(tenant_id):
-                scan.save()
-
-        self.stdout.write(self.style.NOTICE("Successfully populated test data."))
--- a/api/src/backend/api/migrations/0003_rbac.py
+++ b/api/src/backend/api/migrations/0003_rbac.py
@@ -1,17 +1,15 @@
 # Generated by Django 5.1.1 on 2024-12-05 12:29

-import uuid
-
+import api.rls
 import django.db.models.deletion
+import uuid
 from django.conf import settings
 from django.db import migrations, models

-import api.rls
-

 class Migration(migrations.Migration):
    dependencies = [
-        ("api", "0003_update_provider_unique_constraint_with_is_deleted"),
+        ("api", "0002_token_migrations"),
    ]

    operations = [
--- a/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
+++ b/api/src/backend/api/migrations/0003_update_provider_unique_constraint_with_is_deleted.py
@@ -1,23 +0,0 @@
-# Generated by Django 5.1.1 on 2024-12-20 13:16
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0002_token_migrations"),
-    ]
-
-    operations = [
-        migrations.RemoveConstraint(
-            model_name="provider",
-            name="unique_provider_uids",
-        ),
-        migrations.AddConstraint(
-            model_name="provider",
-            constraint=models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
-                name="unique_provider_uids",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0004_rbac_missing_admin_roles.py
+++ b/api/src/backend/api/migrations/0004_rbac_missing_admin_roles.py
@@ -1,5 +1,4 @@
 from django.db import migrations
-
 from api.db_router import MainRouter


@@ -36,7 +35,7 @@ def create_admin_role(apps, schema_editor):

 class Migration(migrations.Migration):
    dependencies = [
-        ("api", "0004_rbac"),
+        ("api", "0003_rbac"),
    ]

    operations = [
--- a/api/src/backend/api/migrations/0006_findings_first_seen.py
+++ b/api/src/backend/api/migrations/0006_findings_first_seen.py
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0005_rbac_missing_admin_roles"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="first_seen_at",
-            field=models.DateTimeField(editable=False, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
+++ b/api/src/backend/api/migrations/0007_scan_and_scan_summaries_indexes.py
@@ -1,25 +0,0 @@
-# Generated by Django 5.1.5 on 2025-01-28 15:03
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0006_findings_first_seen"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="scan",
-            index=models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="scansummary",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="scan_summaries_tenant_scan_idx"
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0008_daily_scheduled_tasks_update.py
+++ b/api/src/backend/api/migrations/0008_daily_scheduled_tasks_update.py
@@ -1,64 +0,0 @@
-import json
-from datetime import datetime, timedelta, timezone
-
-import django.db.models.deletion
-from django.db import migrations, models
-from django_celery_beat.models import PeriodicTask
-
-from api.db_utils import rls_transaction
-from api.models import Scan, StateChoices
-
-
-def migrate_daily_scheduled_scan_tasks(apps, schema_editor):
-    for daily_scheduled_scan_task in PeriodicTask.objects.filter(
-        task="scan-perform-scheduled"
-    ):
-        task_kwargs = json.loads(daily_scheduled_scan_task.kwargs)
-        tenant_id = task_kwargs["tenant_id"]
-        provider_id = task_kwargs["provider_id"]
-
-        current_time = datetime.now(timezone.utc)
-        scheduled_time_today = datetime.combine(
-            current_time.date(),
-            daily_scheduled_scan_task.start_time.time(),
-            tzinfo=timezone.utc,
-        )
-
-        if current_time < scheduled_time_today:
-            next_scan_date = scheduled_time_today
-        else:
-            next_scan_date = scheduled_time_today + timedelta(days=1)
-
-        with rls_transaction(tenant_id):
-            Scan.objects.create(
-                tenant_id=tenant_id,
-                name="Daily scheduled scan",
-                provider_id=provider_id,
-                trigger=Scan.TriggerChoices.SCHEDULED,
-                state=StateChoices.SCHEDULED,
-                scheduled_at=next_scan_date,
-                scheduler_task_id=daily_scheduled_scan_task.id,
-            )
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0007_scan_and_scan_summaries_indexes"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="scan",
-            name="scheduler_task",
-            field=models.ForeignKey(
-                blank=True,
-                null=True,
-                on_delete=django.db.models.deletion.CASCADE,
-                to="django_celery_beat.periodictask",
-            ),
-        ),
-        migrations.RunPython(migrate_daily_scheduled_scan_tasks),
-    ]
--- a/api/src/backend/api/migrations/0009_increase_provider_uid_maximum_length.py
+++ b/api/src/backend/api/migrations/0009_increase_provider_uid_maximum_length.py
@@ -1,22 +0,0 @@
-# Generated by Django 5.1.5 on 2025-02-07 09:42
-
-import django.core.validators
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0008_daily_scheduled_tasks_update"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="uid",
-            field=models.CharField(
-                max_length=250,
-                validators=[django.core.validators.MinLengthValidator(3)],
-                verbose_name="Unique identifier for the provider, set by the provider",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0010_findings_performance_indexes_partitions.py
+++ b/api/src/backend/api/migrations/0010_findings_performance_indexes_partitions.py
@@ -1,109 +0,0 @@
-from functools import partial
-
-from django.db import connection, migrations
-
-
-def create_index_on_partitions(
-    apps, schema_editor, parent_table: str, index_name: str, index_details: str
-):
-    with connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass;
-        """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-    # Iterate over partitions and create index concurrently.
-    # Note: PostgreSQL does not allow CONCURRENTLY inside a transaction,
-    # so we need atomic = False for this migration.
-    for partition in partitions:
-        sql = (
-            f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {partition.replace('.', '_')}_{index_name} ON {partition} "
-            f"{index_details};"
-        )
-        schema_editor.execute(sql)
-
-
-def drop_index_on_partitions(apps, schema_editor, parent_table: str, index_name: str):
-    with schema_editor.connection.cursor() as cursor:
-        cursor.execute(
-            """
-            SELECT inhrelid::regclass::text
-            FROM pg_inherits
-            WHERE inhparent = %s::regclass;
-        """,
-            [parent_table],
-        )
-        partitions = [row[0] for row in cursor.fetchall()]
-
-    # Iterate over partitions and drop index concurrently.
-    for partition in partitions:
-        partition_index = f"{partition.replace('.', '_')}_{index_name}"
-        sql = f"DROP INDEX CONCURRENTLY IF EXISTS {partition_index};"
-        schema_editor.execute(sql)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0009_increase_provider_uid_maximum_length"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_tenant_and_id_idx",
-                index_details="(tenant_id, id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_tenant_and_id_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_idx",
-                index_details="(tenant_id, scan_id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_id_idx",
-                index_details="(tenant_id, scan_id, id)",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_scan_id_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_delta_new_idx",
-                index_details="(tenant_id, id) where delta = 'new'",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_delta_new_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0011_findings_performance_indexes_parent.py
+++ b/api/src/backend/api/migrations/0011_findings_performance_indexes_parent.py
@@ -1,49 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0010_findings_performance_indexes_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "id"], name="findings_tenant_and_id_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "scan_id"], name="find_tenant_scan_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "scan_id", "id"], name="find_tenant_scan_id_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                condition=models.Q(("delta", "new")),
-                fields=["tenant_id", "id"],
-                name="find_delta_new_idx",
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="resourcetagmapping",
-            index=models.Index(
-                fields=["tenant_id", "resource_id"], name="resource_tag_tenant_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "service", "region", "type"],
-                name="resource_tenant_metadata_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0012_scan_report_output.py
+++ b/api/src/backend/api/migrations/0012_scan_report_output.py
@@ -1,15 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0011_findings_performance_indexes_parent"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="scan",
-            name="output_location",
-            field=models.CharField(blank=True, max_length=200, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0013_integrations_enum.py
+++ b/api/src/backend/api/migrations/0013_integrations_enum.py
@@ -1,35 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import IntegrationTypeEnum, PostgresEnumMigration, register_enum
-from api.models import Integration
-
-IntegrationTypeEnumMigration = PostgresEnumMigration(
-    enum_name="integration_type",
-    enum_values=tuple(
-        integration_type[0]
-        for integration_type in Integration.IntegrationChoices.choices
-    ),
-)
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0012_scan_report_output"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            IntegrationTypeEnumMigration.create_enum_type,
-            reverse_code=IntegrationTypeEnumMigration.drop_enum_type,
-        ),
-        migrations.RunPython(
-            partial(register_enum, enum_class=IntegrationTypeEnum),
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
--- a/api/src/backend/api/migrations/0014_integrations.py
+++ b/api/src/backend/api/migrations/0014_integrations.py
@@ -1,131 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-03 15:46
-
-import uuid
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-import api.db_utils
-import api.rls
-from api.rls import RowLevelSecurityConstraint
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0013_integrations_enum"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Integration",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                ("updated_at", models.DateTimeField(auto_now=True)),
-                ("enabled", models.BooleanField(default=False)),
-                ("connected", models.BooleanField(blank=True, null=True)),
-                (
-                    "connection_last_checked_at",
-                    models.DateTimeField(blank=True, null=True),
-                ),
-                (
-                    "integration_type",
-                    api.db_utils.IntegrationTypeEnumField(
-                        choices=[
-                            ("amazon_s3", "Amazon S3"),
-                            ("saml", "SAML"),
-                            ("aws_security_hub", "AWS Security Hub"),
-                            ("jira", "JIRA"),
-                            ("slack", "Slack"),
-                        ]
-                    ),
-                ),
-                ("configuration", models.JSONField(default=dict)),
-                ("_credentials", models.BinaryField(db_column="credentials")),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={"db_table": "integrations", "abstract": False},
-        ),
-        migrations.AddConstraint(
-            model_name="integration",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_integration",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.CreateModel(
-            name="IntegrationProviderRelationship",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                ("inserted_at", models.DateTimeField(auto_now_add=True)),
-                (
-                    "integration",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE,
-                        to="api.integration",
-                    ),
-                ),
-                (
-                    "provider",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.provider"
-                    ),
-                ),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "integration_provider_mappings",
-                "constraints": [
-                    models.UniqueConstraint(
-                        fields=("integration_id", "provider_id"),
-                        name="unique_integration_provider_rel",
-                    ),
-                ],
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="IntegrationProviderRelationship",
-            constraint=RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_integrationproviderrelationship",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-        migrations.AddField(
-            model_name="integration",
-            name="providers",
-            field=models.ManyToManyField(
-                blank=True,
-                related_name="integrations",
-                through="api.IntegrationProviderRelationship",
-                to="api.provider",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0015_finding_muted.py
+++ b/api/src/backend/api/migrations/0015_finding_muted.py
@@ -1,26 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-25 11:29
-
-from django.db import migrations, models
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0014_integrations"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="muted",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AlterField(
-            model_name="finding",
-            name="status",
-            field=api.db_utils.StatusEnumField(
-                choices=[("FAIL", "Fail"), ("PASS", "Pass"), ("MANUAL", "Manual")]
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0016_finding_compliance_resource_details_and_more.py
+++ b/api/src/backend/api/migrations/0016_finding_compliance_resource_details_and_more.py
@@ -1,32 +0,0 @@
-# Generated by Django 5.1.5 on 2025-03-31 10:46
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0015_finding_muted"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="compliance",
-            field=models.JSONField(blank=True, default=dict, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="details",
-            field=models.TextField(blank=True, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="metadata",
-            field=models.TextField(blank=True, null=True),
-        ),
-        migrations.AddField(
-            model_name="resource",
-            name="partition",
-            field=models.TextField(blank=True, null=True),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0017_m365_provider.py
+++ b/api/src/backend/api/migrations/0017_m365_provider.py
@@ -1,32 +0,0 @@
-# Generated by Django 5.1.7 on 2025-04-16 08:47
-
-from django.db import migrations
-
-import api.db_utils
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0016_finding_compliance_resource_details_and_more"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="provider",
-            name="provider",
-            field=api.db_utils.ProviderEnumField(
-                choices=[
-                    ("aws", "AWS"),
-                    ("azure", "Azure"),
-                    ("gcp", "GCP"),
-                    ("kubernetes", "Kubernetes"),
-                    ("m365", "M365"),
-                ],
-                default="aws",
-            ),
-        ),
-        migrations.RunSQL(
-            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'm365';",
-            reverse_sql=migrations.RunSQL.noop,
-        ),
-    ]
--- a/api/src/backend/api/migrations/0018_resource_scan_summaries.py
+++ b/api/src/backend/api/migrations/0018_resource_scan_summaries.py
@@ -1,81 +0,0 @@
-# Generated by Django 5.1.7 on 2025-05-05 10:01
-
-import uuid
-
-import django.db.models.deletion
-import uuid6
-from django.db import migrations, models
-
-import api.rls
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0017_m365_provider"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="ResourceScanSummary",
-            fields=[
-                (
-                    "id",
-                    models.BigAutoField(
-                        auto_created=True,
-                        primary_key=True,
-                        serialize=False,
-                        verbose_name="ID",
-                    ),
-                ),
-                ("scan_id", models.UUIDField(db_index=True, default=uuid6.uuid7)),
-                ("resource_id", models.UUIDField(db_index=True, default=uuid.uuid4)),
-                ("service", models.CharField(max_length=100)),
-                ("region", models.CharField(max_length=100)),
-                ("resource_type", models.CharField(max_length=100)),
-                (
-                    "tenant",
-                    models.ForeignKey(
-                        on_delete=django.db.models.deletion.CASCADE, to="api.tenant"
-                    ),
-                ),
-            ],
-            options={
-                "db_table": "resource_scan_summaries",
-                "indexes": [
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "service"],
-                        name="rss_tenant_scan_svc_idx",
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "region"],
-                        name="rss_tenant_scan_reg_idx",
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "resource_type"],
-                        name="rss_tenant_scan_type_idx",
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "region", "service"],
-                        name="rss_tenant_scan_reg_svc_idx",
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "service", "resource_type"],
-                        name="rss_tenant_scan_svc_type_idx",
-                    ),
-                    models.Index(
-                        fields=["tenant_id", "scan_id", "region", "resource_type"],
-                        name="rss_tenant_scan_reg_type_idx",
-                    ),
-                ],
-                "unique_together": {("tenant_id", "scan_id", "resource_id")},
-            },
-        ),
-        migrations.AddConstraint(
-            model_name="resourcescansummary",
-            constraint=api.rls.RowLevelSecurityConstraint(
-                "tenant_id",
-                name="rls_on_resourcescansummary",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0019_finding_denormalize_resource_fields.py
+++ b/api/src/backend/api/migrations/0019_finding_denormalize_resource_fields.py
@@ -1,42 +0,0 @@
-import django.contrib.postgres.fields
-import django.contrib.postgres.indexes
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0018_resource_scan_summaries"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="finding",
-            name="resource_regions",
-            field=django.contrib.postgres.fields.ArrayField(
-                base_field=models.CharField(max_length=100),
-                blank=True,
-                null=True,
-                size=None,
-            ),
-        ),
-        migrations.AddField(
-            model_name="finding",
-            name="resource_services",
-            field=django.contrib.postgres.fields.ArrayField(
-                base_field=models.CharField(max_length=100),
-                blank=True,
-                null=True,
-                size=None,
-            ),
-        ),
-        migrations.AddField(
-            model_name="finding",
-            name="resource_types",
-            field=django.contrib.postgres.fields.ArrayField(
-                base_field=models.CharField(max_length=100),
-                blank=True,
-                null=True,
-                size=None,
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0020_findings_new_performance_indexes_partitions.py
+++ b/api/src/backend/api/migrations/0020_findings_new_performance_indexes_partitions.py
@@ -1,86 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0019_finding_denormalize_resource_fields"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_service_idx",
-                columns="resource_services",
-                method="GIN",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_service_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_region_idx",
-                columns="resource_regions",
-                method="GIN",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_region_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_rtype_idx",
-                columns="resource_types",
-                method="GIN",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="gin_find_rtype_idx",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_uid_idx",
-            ),
-            reverse_code=partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_uid_idx",
-                columns="uid",
-                method="BTREE",
-            ),
-        ),
-        migrations.RunPython(
-            partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_filter_idx",
-            ),
-            reverse_code=partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="findings_filter_idx",
-                columns="scan_id, impact, severity, status, check_id, delta",
-                method="BTREE",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0021_findings_new_performance_indexes_parent.py
+++ b/api/src/backend/api/migrations/0021_findings_new_performance_indexes_parent.py
@@ -1,37 +0,0 @@
-import django.contrib.postgres.indexes
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0020_findings_new_performance_indexes_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="finding",
-            index=django.contrib.postgres.indexes.GinIndex(
-                fields=["resource_services"], name="gin_find_service_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=django.contrib.postgres.indexes.GinIndex(
-                fields=["resource_regions"], name="gin_find_region_idx"
-            ),
-        ),
-        migrations.AddIndex(
-            model_name="finding",
-            index=django.contrib.postgres.indexes.GinIndex(
-                fields=["resource_types"], name="gin_find_rtype_idx"
-            ),
-        ),
-        migrations.RemoveIndex(
-            model_name="finding",
-            name="findings_uid_idx",
-        ),
-        migrations.RemoveIndex(
-            model_name="finding",
-            name="findings_filter_idx",
-        ),
-    ]
--- a/api/src/backend/api/migrations/0022_scan_summaries_performance_indexes.py
+++ b/api/src/backend/api/migrations/0022_scan_summaries_performance_indexes.py
@@ -1,38 +0,0 @@
-# Generated by Django 5.1.8 on 2025-05-12 10:04
-
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0021_findings_new_performance_indexes_parent"),
-        ("django_celery_beat", "0019_alter_periodictasks_options"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="scan",
-            index=models.Index(
-                condition=models.Q(("state", "completed")),
-                fields=["tenant_id", "provider_id", "state", "-inserted_at"],
-                name="scans_prov_state_ins_desc_idx",
-            ),
-        ),
-        AddIndexConcurrently(
-            model_name="scansummary",
-            index=models.Index(
-                fields=["tenant_id", "scan_id", "service"],
-                name="ss_tenant_scan_service_idx",
-            ),
-        ),
-        AddIndexConcurrently(
-            model_name="scansummary",
-            index=models.Index(
-                fields=["tenant_id", "scan_id", "severity"],
-                name="ss_tenant_scan_severity_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0023_resources_lookup_optimization.py
+++ b/api/src/backend/api/migrations/0023_resources_lookup_optimization.py
@@ -1,28 +0,0 @@
-# Generated by Django 5.1.8 on 2025-05-12 10:18
-
-from django.contrib.postgres.operations import AddIndexConcurrently
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0022_scan_summaries_performance_indexes"),
-    ]
-
-    operations = [
-        AddIndexConcurrently(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "id"], name="resources_tenant_id_idx"
-            ),
-        ),
-        AddIndexConcurrently(
-            model_name="resource",
-            index=models.Index(
-                fields=["tenant_id", "provider_id"],
-                name="resources_tenant_provider_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/migrations/0024_findings_uid_index_partitions.py
+++ b/api/src/backend/api/migrations/0024_findings_uid_index_partitions.py
@@ -1,29 +0,0 @@
-from functools import partial
-
-from django.db import migrations
-
-from api.db_utils import create_index_on_partitions, drop_index_on_partitions
-
-
-class Migration(migrations.Migration):
-    atomic = False
-
-    dependencies = [
-        ("api", "0023_resources_lookup_optimization"),
-    ]
-
-    operations = [
-        migrations.RunPython(
-            partial(
-                create_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_uid_inserted_idx",
-                columns="tenant_id, uid, inserted_at DESC",
-            ),
-            reverse_code=partial(
-                drop_index_on_partitions,
-                parent_table="findings",
-                index_name="find_tenant_uid_inserted_idx",
-            ),
-        )
-    ]
--- a/api/src/backend/api/migrations/0025_findings_uid_index_parent.py
+++ b/api/src/backend/api/migrations/0025_findings_uid_index_parent.py
@@ -1,17 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("api", "0024_findings_uid_index_partitions"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="finding",
-            index=models.Index(
-                fields=["tenant_id", "uid", "-inserted_at"],
-                name="find_tenant_uid_inserted_idx",
-            ),
-        ),
-    ]
--- a/api/src/backend/api/models.py
+++ b/api/src/backend/api/models.py
@@ -5,14 +5,12 @@ from uuid import UUID, uuid4
 from cryptography.fernet import Fernet
 from django.conf import settings
 from django.contrib.auth.models import AbstractBaseUser
-from django.contrib.postgres.fields import ArrayField
 from django.contrib.postgres.indexes import GinIndex
 from django.contrib.postgres.search import SearchVector, SearchVectorField
 from django.core.validators import MinLengthValidator
 from django.db import models
 from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
-from django_celery_beat.models import PeriodicTask
 from django_celery_results.models import TaskResult
 from psqlextra.manager import PostgresManager
 from psqlextra.models import PostgresPartitionedModel
@@ -22,7 +20,6 @@ from uuid6 import uuid7
 from api.db_utils import (
    CustomUserManager,
    FindingDeltaEnumField,
-    IntegrationTypeEnumField,
    InvitationStateEnumField,
    MemberRoleEnumField,
    ProviderEnumField,
@@ -60,6 +57,7 @@ class StatusChoices(models.TextChoices):
    FAIL = "FAIL", _("Fail")
    PASS = "PASS", _("Pass")
    MANUAL = "MANUAL", _("Manual")
+    MUTED = "MUTED", _("Muted")


 class StateChoices(models.TextChoices):
@@ -192,7 +190,6 @@ class Provider(RowLevelSecurityProtectedModel):
        AZURE = "azure", _("Azure")
        GCP = "gcp", _("GCP")
        KUBERNETES = "kubernetes", _("Kubernetes")
-        M365 = "m365", _("M365")

    @staticmethod
    def validate_aws_uid(value):
@@ -216,19 +213,6 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

-    @staticmethod
-    def validate_m365_uid(value):
-        if not re.match(
-            r"""^(?!-)[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?(?:\.(?!-)[A-Za-z0-9]"""
-            r"""(?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*\.[A-Za-z]{2,}$""",
-            value,
-        ):
-            raise ModelValidationError(
-                detail="M365 domain ID must be a valid domain.",
-                code="m365-uid",
-                pointer="/data/attributes/uid",
-            )
-
    @staticmethod
    def validate_gcp_uid(value):
        if not re.match(r"^[a-z][a-z0-9-]{5,29}$", value):
@@ -242,13 +226,13 @@ class Provider(RowLevelSecurityProtectedModel):
    @staticmethod
    def validate_kubernetes_uid(value):
        if not re.match(
-            r"^[a-zA-Z0-9][a-zA-Z0-9._@:\/-]{1,250}$",
+            r"(^[a-z0-9]([-a-z0-9]{1,61}[a-z0-9])?$)|(^arn:aws(-cn|-us-gov|-iso|-iso-b)?:[a-zA-Z0-9\-]+:([a-z]{2}-[a-z]+-\d{1})?:(\d{12})?:[a-zA-Z0-9\-_\/:\.\*]+(:\d+)?$)",
            value,
        ):
            raise ModelValidationError(
                detail="The value must either be a valid Kubernetes UID (up to 63 characters, "
                "starting and ending with a lowercase letter or number, containing only "
-                "lowercase alphanumeric characters and hyphens) or a valid AWS EKS Cluster ARN, GCP GKE Context Name or Azure AKS Cluster Name.",
+                "lowercase alphanumeric characters and hyphens) or a valid EKS ARN.",
                code="kubernetes-uid",
                pointer="/data/attributes/uid",
            )
@@ -262,7 +246,7 @@ class Provider(RowLevelSecurityProtectedModel):
    )
    uid = models.CharField(
        "Unique identifier for the provider, set by the provider",
-        max_length=250,
+        max_length=63,
        blank=False,
        validators=[MinLengthValidator(3)],
    )
@@ -287,7 +271,7 @@ class Provider(RowLevelSecurityProtectedModel):

        constraints = [
            models.UniqueConstraint(
-                fields=("tenant_id", "provider", "uid", "is_deleted"),
+                fields=("tenant_id", "provider", "uid"),
                name="unique_provider_uids",
            ),
            RowLevelSecurityConstraint(
@@ -426,11 +410,6 @@ class Scan(RowLevelSecurityProtectedModel):
    started_at = models.DateTimeField(null=True, blank=True)
    completed_at = models.DateTimeField(null=True, blank=True)
    next_scan_at = models.DateTimeField(null=True, blank=True)
-    scheduler_task = models.ForeignKey(
-        PeriodicTask, on_delete=models.CASCADE, null=True, blank=True
-    )
-    output_location = models.CharField(blank=True, null=True, max_length=200)
-
    # TODO: mutelist foreign key

    class Meta(RowLevelSecurityProtectedModel.Meta):
@@ -449,15 +428,6 @@ class Scan(RowLevelSecurityProtectedModel):
                fields=["provider", "state", "trigger", "scheduled_at"],
                name="scans_prov_state_trig_sche_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "provider_id", "state", "inserted_at"],
-                name="scans_prov_state_insert_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "provider_id", "state", "-inserted_at"],
-                condition=Q(state=StateChoices.COMPLETED),
-                name="scans_prov_state_ins_desc_idx",
-            ),
        ]

    class JSONAPIMeta:
@@ -539,19 +509,14 @@ class Resource(RowLevelSecurityProtectedModel):
        editable=False,
    )

-    metadata = models.TextField(blank=True, null=True)
-    details = models.TextField(blank=True, null=True)
-    partition = models.TextField(blank=True, null=True)
-
-    # Relationships
    tags = models.ManyToManyField(
        ResourceTag,
        verbose_name="Tags associated with the resource, by provider",
        through="ResourceTagMapping",
    )

-    def get_tags(self, tenant_id: str) -> dict:
-        return {tag.key: tag.value for tag in self.tags.filter(tenant_id=tenant_id)}
+    def get_tags(self) -> dict:
+        return {tag.key: tag.value for tag in self.tags.all()}

    def clear_tags(self):
        self.tags.clear()
@@ -579,16 +544,7 @@ class Resource(RowLevelSecurityProtectedModel):
                fields=["uid", "region", "service", "name"],
                name="resource_uid_reg_serv_name_idx",
            ),
-            models.Index(
-                fields=["tenant_id", "service", "region", "type"],
-                name="resource_tenant_metadata_idx",
-            ),
            GinIndex(fields=["text_search"], name="gin_resources_search_idx"),
-            models.Index(fields=["tenant_id", "id"], name="resources_tenant_id_idx"),
-            models.Index(
-                fields=["tenant_id", "provider_id"],
-                name="resources_tenant_provider_idx",
-            ),
        ]

        constraints = [
@@ -635,12 +591,6 @@ class ResourceTagMapping(RowLevelSecurityProtectedModel):
            ),
        ]

-        indexes = [
-            models.Index(
-                fields=["tenant_id", "resource_id"], name="resource_tag_tenant_idx"
-            ),
-        ]
-

 class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    """
@@ -665,7 +615,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    id = models.UUIDField(primary_key=True, default=uuid7, editable=False)
    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    first_seen_at = models.DateTimeField(editable=False, null=True)

    uid = models.CharField(max_length=300)
    delta = FindingDeltaEnumField(
@@ -686,23 +635,6 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
    tags = models.JSONField(default=dict, null=True, blank=True)
    check_id = models.CharField(max_length=100, blank=False, null=False)
    check_metadata = models.JSONField(default=dict, null=False)
-    muted = models.BooleanField(default=False, null=False)
-    compliance = models.JSONField(default=dict, null=True, blank=True)
-
-    # Denormalize resource data for performance
-    resource_regions = ArrayField(
-        models.CharField(max_length=100), blank=True, null=True
-    )
-    resource_services = ArrayField(
-        models.CharField(max_length=100),
-        blank=True,
-        null=True,
-    )
-    resource_types = ArrayField(
-        models.CharField(max_length=100),
-        blank=True,
-        null=True,
-    )

    # Relationships
    scan = models.ForeignKey(to=Scan, related_name="findings", on_delete=models.CASCADE)
@@ -744,53 +676,32 @@ class Finding(PostgresPartitionedModel, RowLevelSecurityProtectedModel):
        ]

        indexes = [
-            models.Index(fields=["tenant_id", "id"], name="findings_tenant_and_id_idx"),
+            models.Index(fields=["uid"], name="findings_uid_idx"),
+            models.Index(
+                fields=[
+                    "scan_id",
+                    "impact",
+                    "severity",
+                    "status",
+                    "check_id",
+                    "delta",
+                ],
+                name="findings_filter_idx",
+            ),
            GinIndex(fields=["text_search"], name="gin_findings_search_idx"),
-            models.Index(fields=["tenant_id", "scan_id"], name="find_tenant_scan_idx"),
-            models.Index(
-                fields=["tenant_id", "scan_id", "id"], name="find_tenant_scan_id_idx"
-            ),
-            models.Index(
-                fields=["tenant_id", "id"],
-                condition=Q(delta="new"),
-                name="find_delta_new_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "uid", "-inserted_at"],
-                name="find_tenant_uid_inserted_idx",
-            ),
-            GinIndex(fields=["resource_services"], name="gin_find_service_idx"),
-            GinIndex(fields=["resource_regions"], name="gin_find_region_idx"),
-            GinIndex(fields=["resource_types"], name="gin_find_rtype_idx"),
        ]

    class JSONAPIMeta:
        resource_name = "findings"

    def add_resources(self, resources: list[Resource] | None):
-        if not resources:
-            return
-
-        self.resource_regions = self.resource_regions or []
-        self.resource_services = self.resource_services or []
-        self.resource_types = self.resource_types or []
-
-        # Deduplication
-        regions = set(self.resource_regions)
-        services = set(self.resource_services)
-        types = set(self.resource_types)
-
+        # Add new relationships with the tenant_id field
        for resource in resources:
            ResourceFindingMapping.objects.update_or_create(
                resource=resource, finding=self, tenant_id=self.tenant_id
            )
-            regions.add(resource.region)
-            services.add(resource.service)
-            types.add(resource.type)

-        self.resource_regions = list(regions)
-        self.resource_services = list(services)
-        self.resource_types = list(types)
+        # Save the instance
        self.save()


@@ -1188,146 +1099,6 @@ class ScanSummary(RowLevelSecurityProtectedModel):
                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
            ),
        ]
-        indexes = [
-            models.Index(
-                fields=["tenant_id", "scan_id"],
-                name="scan_summaries_tenant_scan_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "service"],
-                name="ss_tenant_scan_service_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "severity"],
-                name="ss_tenant_scan_severity_idx",
-            ),
-        ]

    class JSONAPIMeta:
        resource_name = "scan-summaries"
-
-
-class Integration(RowLevelSecurityProtectedModel):
-    class IntegrationChoices(models.TextChoices):
-        S3 = "amazon_s3", _("Amazon S3")
-        SAML = "saml", _("SAML")
-        AWS_SECURITY_HUB = "aws_security_hub", _("AWS Security Hub")
-        JIRA = "jira", _("JIRA")
-        SLACK = "slack", _("Slack")
-
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    inserted_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    enabled = models.BooleanField(default=False)
-    connected = models.BooleanField(null=True, blank=True)
-    connection_last_checked_at = models.DateTimeField(null=True, blank=True)
-    integration_type = IntegrationTypeEnumField(choices=IntegrationChoices.choices)
-    configuration = models.JSONField(default=dict)
-    _credentials = models.BinaryField(db_column="credentials")
-
-    providers = models.ManyToManyField(
-        Provider,
-        related_name="integrations",
-        through="IntegrationProviderRelationship",
-        blank=True,
-    )
-
-    class Meta(RowLevelSecurityProtectedModel.Meta):
-        db_table = "integrations"
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-    class JSONAPIMeta:
-        resource_name = "integrations"
-
-    @property
-    def credentials(self):
-        if isinstance(self._credentials, memoryview):
-            encrypted_bytes = self._credentials.tobytes()
-        elif isinstance(self._credentials, str):
-            encrypted_bytes = self._credentials.encode()
-        else:
-            encrypted_bytes = self._credentials
-        decrypted_data = fernet.decrypt(encrypted_bytes)
-        return json.loads(decrypted_data.decode())
-
-    @credentials.setter
-    def credentials(self, value):
-        encrypted_data = fernet.encrypt(json.dumps(value).encode())
-        self._credentials = encrypted_data
-
-
-class IntegrationProviderRelationship(RowLevelSecurityProtectedModel):
-    id = models.UUIDField(primary_key=True, default=uuid4, editable=False)
-    integration = models.ForeignKey(Integration, on_delete=models.CASCADE)
-    provider = models.ForeignKey(Provider, on_delete=models.CASCADE)
-    inserted_at = models.DateTimeField(auto_now_add=True)
-
-    class Meta:
-        db_table = "integration_provider_mappings"
-        constraints = [
-            models.UniqueConstraint(
-                fields=["integration_id", "provider_id"],
-                name="unique_integration_provider_rel",
-            ),
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
-
-
-class ResourceScanSummary(RowLevelSecurityProtectedModel):
-    scan_id = models.UUIDField(default=uuid7, db_index=True)
-    resource_id = models.UUIDField(default=uuid4, db_index=True)
-    service = models.CharField(max_length=100)
-    region = models.CharField(max_length=100)
-    resource_type = models.CharField(max_length=100)
-
-    class Meta:
-        db_table = "resource_scan_summaries"
-        unique_together = (("tenant_id", "scan_id", "resource_id"),)
-
-        indexes = [
-            # Single-dimension lookups:
-            models.Index(
-                fields=["tenant_id", "scan_id", "service"],
-                name="rss_tenant_scan_svc_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "region"],
-                name="rss_tenant_scan_reg_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "resource_type"],
-                name="rss_tenant_scan_type_idx",
-            ),
-            # Two-dimension cross-filters:
-            models.Index(
-                fields=["tenant_id", "scan_id", "region", "service"],
-                name="rss_tenant_scan_reg_svc_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "service", "resource_type"],
-                name="rss_tenant_scan_svc_type_idx",
-            ),
-            models.Index(
-                fields=["tenant_id", "scan_id", "region", "resource_type"],
-                name="rss_tenant_scan_reg_type_idx",
-            ),
-        ]
-
-        constraints = [
-            RowLevelSecurityConstraint(
-                field="tenant_id",
-                name="rls_on_%(class)s",
-                statements=["SELECT", "INSERT", "UPDATE", "DELETE"],
-            ),
-        ]
--- a/api/src/backend/api/rbac/permissions.py
+++ b/api/src/backend/api/rbac/permissions.py
@@ -1,11 +1,9 @@
 from enum import Enum
-from typing import Optional
-
-from django.db.models import QuerySet
 from rest_framework.permissions import BasePermission
-
-from api.db_router import MainRouter
 from api.models import Provider, Role, User
+from api.db_router import MainRouter
+from typing import Optional
+from django.db.models import QuerySet


 class Permissions(Enum):
@@ -65,11 +63,8 @@ def get_providers(role: Role) -> QuerySet[Provider]:
        A QuerySet of Provider objects filtered by the role's provider groups.
        If the role has no provider groups, returns an empty queryset.
    """
-    tenant = role.tenant
    provider_groups = role.provider_groups.all()
    if not provider_groups.exists():
        return Provider.objects.none()

-    return Provider.objects.filter(
-        tenant=tenant, provider_groups__in=provider_groups
-    ).distinct()
+    return Provider.objects.filter(provider_groups__in=provider_groups).distinct()
--- a/api/src/backend/api/rls.py
+++ b/api/src/backend/api/rls.py
@@ -2,7 +2,8 @@ from typing import Any
 from uuid import uuid4

 from django.core.exceptions import ValidationError
-from django.db import DEFAULT_DB_ALIAS, models
+from django.db import DEFAULT_DB_ALIAS
+from django.db import models
 from django.db.backends.ddl_references import Statement, Table

 from api.db_utils import DB_USER, POSTGRES_TENANT_VAR
@@ -58,11 +59,11 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
    drop_sql_query = """
        ALTER TABLE %(table_name)s NO FORCE ROW LEVEL SECURITY;
        ALTER TABLE %(table_name)s DISABLE ROW LEVEL SECURITY;
-        REVOKE ALL ON TABLE %(table_name)s FROM %(db_user)s;
+        REVOKE ALL ON TABLE %(table_name) TO %(db_user)s;
    """

    drop_policy_sql_query = """
-        DROP POLICY IF EXISTS %(db_user)s_%(raw_table_name)s_{statement} ON %(table_name)s;
+        DROP POLICY IF EXISTS %(db_user)s_%(table_name)s_{statement} on %(table_name)s;
    """

    def __init__(
@@ -87,7 +88,9 @@ class RowLevelSecurityConstraint(models.BaseConstraint):
                f"{grant_queries}{self.grant_sql_query.format(statement=statement)}"
            )

-        full_create_sql_query = f"{self.rls_sql_query}{policy_queries}{grant_queries}"
+        full_create_sql_query = (
+            f"{self.rls_sql_query}" f"{policy_queries}" f"{grant_queries}"
+        )

        table_name = model._meta.db_table
        if self.partition_name:
@@ -104,20 +107,16 @@ class RowLevelSecurityConstraint(models.BaseConstraint):

    def remove_sql(self, model: Any, schema_editor: Any) -> Any:
        field_column = schema_editor.quote_name(self.target_field)
-        raw_table_name = model._meta.db_table
-        table_name = raw_table_name
-        if self.partition_name:
-            raw_table_name = f"{raw_table_name}_{self.partition_name}"
-            table_name = raw_table_name
-
        full_drop_sql_query = (
            f"{self.drop_sql_query}"
-            f"{''.join([self.drop_policy_sql_query.format(statement=statement) for statement in self.statements])}"
+            f"{''.join([self.drop_policy_sql_query.format(statement) for statement in self.statements])}"
        )
+        table_name = model._meta.db_table
+        if self.partition_name:
+            table_name = f"{table_name}_{self.partition_name}"
        return Statement(
            full_drop_sql_query,
            table_name=Table(table_name, schema_editor.quote_name),
-            raw_table_name=raw_table_name,
            field_column=field_column,
            db_user=DB_USER,
            partition_name=self.partition_name,
--- a/api/src/backend/api/signals.py
+++ b/api/src/backend/api/signals.py
@@ -1,12 +1,12 @@
 from celery import states
 from celery.signals import before_task_publish
-from config.celery import celery_app
 from django.db.models.signals import post_delete
 from django.dispatch import receiver
+from django_celery_beat.models import PeriodicTask
 from django_celery_results.backends.database import DatabaseBackend

-from api.db_utils import delete_related_daily_task
 from api.models import Provider
+from config.celery import celery_app


 def create_task_result_on_publish(sender=None, headers=None, **kwargs):  # noqa: F841
@@ -31,4 +31,5 @@ before_task_publish.connect(
@receiver(post_delete, sender=Provider)
 def delete_provider_scan_task(sender, instance, **kwargs):  # noqa: F841
    # Delete the associated periodic task when the provider is deleted
-    delete_related_daily_task(instance.id)
+    task_name = f"scan-perform-scheduled-{instance.id}"
+    PeriodicTask.objects.filter(name=task_name).delete()
--- a/api/src/backend/api/specs/v1.yaml
+++ b/api/src/backend/api/specs/v1.yaml
--- a/api/src/backend/api/tests/integration/test_authentication.py
+++ b/api/src/backend/api/tests/integration/test_authentication.py
@@ -1,9 +1,8 @@
 import pytest
-from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header
 from django.urls import reverse
 from rest_framework.test import APIClient

-from api.models import Membership, User
+from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header


@pytest.mark.django_db
@@ -97,204 +96,3 @@ def test_refresh_token(create_test_user, tenants_fixture):
        format="vnd.api+json",
    )
    assert new_refresh_response.status_code == 200
-
-
-@pytest.mark.django_db
-def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fixture):
-    client = APIClient()
-
-    role = roles_fixture[0]
-
-    user1_email = "user1@testing.com"
-    user2_email = "user2@testing.com"
-
-    password = "thisisapassword123"
-
-    user1_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user1",
-                    "email": user1_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user1_response.status_code == 201
-
-    user1_access_token, _ = get_api_tokens(client, user1_email, password)
-    user1_headers = get_authorization_header(user1_access_token)
-
-    user2_invitation = client.post(
-        reverse("invitation-list"),
-        data={
-            "data": {
-                "type": "invitations",
-                "attributes": {"email": user2_email},
-                "relationships": {
-                    "roles": {
-                        "data": [
-                            {
-                                "type": "roles",
-                                "id": str(role.id),
-                            }
-                        ]
-                    }
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=user1_headers,
-    )
-    assert user2_invitation.status_code == 201
-    invitation_token = user2_invitation.json()["data"]["attributes"]["token"]
-
-    user2_response = client.post(
-        reverse("user-list") + f"?invitation_token={invitation_token}",
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "user2",
-                    "email": user2_email,
-                    "password": password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user2_response.status_code == 201
-
-    user2_access_token, _ = get_api_tokens(client, user2_email, password)
-    user2_headers = get_authorization_header(user2_access_token)
-
-    user1_me = client.get(reverse("user-me"), headers=user1_headers)
-    assert user1_me.status_code == 200
-    assert user1_me.json()["data"]["attributes"]["email"] == user1_email
-
-    user2_me = client.get(reverse("user-me"), headers=user2_headers)
-    assert user2_me.status_code == 200
-    assert user2_me.json()["data"]["attributes"]["email"] == user2_email
-
-
-@pytest.mark.django_db
-class TestTokenSwitchTenant:
-    def test_switch_tenant_with_valid_token(self, tenants_fixture, providers_fixture):
-        client = APIClient()
-
-        test_user = "test_email@prowler.com"
-        test_password = "test_password"
-
-        # Check that we can create a new user without any kind of authentication
-        user_creation_response = client.post(
-            reverse("user-list"),
-            data={
-                "data": {
-                    "type": "users",
-                    "attributes": {
-                        "name": "test",
-                        "email": test_user,
-                        "password": test_password,
-                    },
-                }
-            },
-            format="vnd.api+json",
-        )
-        assert user_creation_response.status_code == 201
-
-        # Create a new relationship between this user and another tenant
-        tenant_id = tenants_fixture[0].id
-        user_instance = User.objects.get(email=test_user)
-        Membership.objects.create(user=user_instance, tenant_id=tenant_id)
-
-        # Check that using our new user's credentials we can authenticate and get the providers
-        access_token, _ = get_api_tokens(client, test_user, test_password)
-        auth_headers = get_authorization_header(access_token)
-
-        user_me_response = client.get(
-            reverse("user-me"),
-            headers=auth_headers,
-        )
-        assert user_me_response.status_code == 200
-        # Assert this user belongs to two tenants
-        assert (
-            user_me_response.json()["data"]["relationships"]["memberships"]["meta"][
-                "count"
-            ]
-            == 2
-        )
-
-        provider_response = client.get(
-            reverse("provider-list"),
-            headers=auth_headers,
-        )
-        assert provider_response.status_code == 200
-        # Empty response since there are no providers in this tenant
-        assert not provider_response.json()["data"]
-
-        switch_tenant_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": tenant_id},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert switch_tenant_response.status_code == 200
-        new_access_token = switch_tenant_response.json()["data"]["attributes"]["access"]
-        new_auth_headers = get_authorization_header(new_access_token)
-
-        provider_response = client.get(
-            reverse("provider-list"),
-            headers=new_auth_headers,
-        )
-        assert provider_response.status_code == 200
-        # Now it must be data because we switched to another tenant with providers
-        assert provider_response.json()["data"]
-
-    def test_switch_tenant_with_invalid_token(self, create_test_user, tenants_fixture):
-        client = APIClient()
-
-        access_token, refresh_token = get_api_tokens(
-            client, create_test_user.email, TEST_PASSWORD
-        )
-        auth_headers = get_authorization_header(access_token)
-
-        invalid_token_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": "invalid_tenant_id"},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert invalid_token_response.status_code == 400
-        assert invalid_token_response.json()["errors"][0]["code"] == "invalid"
-        assert (
-            invalid_token_response.json()["errors"][0]["detail"]
-            == "Must be a valid UUID."
-        )
-
-        invalid_tenant_response = client.post(
-            reverse("token-switch"),
-            data={
-                "data": {
-                    "type": "tokens-switch-tenant",
-                    "attributes": {"tenant_id": tenants_fixture[-1].id},
-                }
-            },
-            headers=auth_headers,
-        )
-        assert invalid_tenant_response.status_code == 400
-        assert invalid_tenant_response.json()["errors"][0]["code"] == "invalid"
-        assert invalid_tenant_response.json()["errors"][0]["detail"] == (
-            "Tenant does not exist or user is not a " "member."
-        )
--- a/api/src/backend/api/tests/integration/test_providers.py
+++ b/api/src/backend/api/tests/integration/test_providers.py
@@ -1,85 +0,0 @@
-from unittest.mock import Mock, patch
-
-import pytest
-from conftest import get_api_tokens, get_authorization_header
-from django.urls import reverse
-from rest_framework.test import APIClient
-
-from api.models import Provider
-
-
-@patch("api.v1.views.Task.objects.get")
-@patch("api.v1.views.delete_provider_task.delay")
-@pytest.mark.django_db
-def test_delete_provider_without_executing_task(
-    mock_delete_task, mock_task_get, create_test_user, tenants_fixture, tasks_fixture
-):
-    client = APIClient()
-
-    test_user = "test_email@prowler.com"
-    test_password = "test_password"
-
-    prowler_task = tasks_fixture[0]
-    task_mock = Mock()
-    task_mock.id = prowler_task.id
-    mock_delete_task.return_value = task_mock
-    mock_task_get.return_value = prowler_task
-
-    user_creation_response = client.post(
-        reverse("user-list"),
-        data={
-            "data": {
-                "type": "users",
-                "attributes": {
-                    "name": "test",
-                    "email": test_user,
-                    "password": test_password,
-                },
-            }
-        },
-        format="vnd.api+json",
-    )
-    assert user_creation_response.status_code == 201
-
-    access_token, _ = get_api_tokens(client, test_user, test_password)
-    auth_headers = get_authorization_header(access_token)
-
-    create_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": "123456789012",
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert create_provider_response.status_code == 201
-    provider_id = create_provider_response.json()["data"]["id"]
-    provider_uid = create_provider_response.json()["data"]["attributes"]["uid"]
-
-    remove_provider = client.delete(
-        reverse("provider-detail", kwargs={"pk": provider_id}),
-        headers=auth_headers,
-    )
-    assert remove_provider.status_code == 202
-
-    recreate_provider_response = client.post(
-        reverse("provider-list"),
-        data={
-            "data": {
-                "type": "providers",
-                "attributes": {
-                    "provider": Provider.ProviderChoices.AWS,
-                    "uid": provider_uid,
-                },
-            }
-        },
-        format="vnd.api+json",
-        headers=auth_headers,
-    )
-    assert recreate_provider_response.status_code == 201
--- a/api/src/backend/api/tests/test_db_utils.py
+++ b/api/src/backend/api/tests/test_db_utils.py
@@ -2,15 +2,7 @@ from datetime import datetime, timezone
 from enum import Enum
 from unittest.mock import patch

-import pytest
-
-from api.db_utils import (
-    batch_delete,
-    enum_to_choices,
-    generate_random_token,
-    one_week_from_now,
-)
-from api.models import Provider
+from api.db_utils import enum_to_choices, one_week_from_now, generate_random_token


 class TestEnumToChoices:
@@ -114,27 +106,3 @@ class TestGenerateRandomToken:
        token = generate_random_token(length=5, symbols="")
        # Default symbols
        assert len(token) == 5
-
-
-class TestBatchDelete:
-    @pytest.fixture
-    def create_test_providers(self, tenants_fixture):
-        tenant = tenants_fixture[0]
-        provider_id = 123456789012
-        provider_count = 10
-        for i in range(provider_count):
-            Provider.objects.create(
-                tenant=tenant,
-                uid=f"{provider_id + i}",
-                provider=Provider.ProviderChoices.AWS,
-            )
-        return provider_count
-
-    @pytest.mark.django_db
-    def test_batch_delete(self, tenants_fixture, create_test_providers):
-        tenant_id = str(tenants_fixture[0].id)
-        _, summary = batch_delete(
-            tenant_id, Provider.objects.all(), batch_size=create_test_providers // 2
-        )
-        assert Provider.objects.all().count() == 0
-        assert summary == {"api.Provider": create_test_providers}
--- a/api/src/backend/api/tests/test_models.py
+++ b/api/src/backend/api/tests/test_models.py
@@ -7,10 +7,9 @@ from api.models import Resource, ResourceTag
 class TestResourceModel:
    def test_setting_tags(self, providers_fixture):
        provider, *_ = providers_fixture
-        tenant_id = provider.tenant_id

        resource = Resource.objects.create(
-            tenant_id=tenant_id,
+            tenant_id=provider.tenant_id,
            provider=provider,
            uid="arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
            name="My Instance 1",
@@ -21,12 +20,12 @@ class TestResourceModel:

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key",
                value="value",
            ),
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=provider.tenant_id,
                key="key2",
                value="value2",
            ),
@@ -34,9 +33,9 @@ class TestResourceModel:

        resource.upsert_or_delete_tags(tags)

-        assert len(tags) == len(resource.tags.filter(tenant_id=tenant_id))
+        assert len(tags) == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        for tag in tags:
            assert tag.key in tags_dict
@@ -44,79 +43,47 @@ class TestResourceModel:

    def test_adding_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

        tags = [
            ResourceTag.objects.create(
-                tenant_id=tenant_id,
+                tenant_id=resource.tenant_id,
                key="env",
                value="test",
            ),
        ]
-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

-        assert before_count + 1 == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count + 1 == len(resource.tags.all())

-        tags_dict = resource.get_tags(tenant_id=tenant_id)
+        tags_dict = resource.get_tags()

        assert "env" in tags_dict
        assert tags_dict["env"] == "test"

    def test_adding_duplicate_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)

-        tags = resource.tags.filter(tenant_id=tenant_id)
+        tags = resource.tags.all()

-        before_count = len(resource.tags.filter(tenant_id=tenant_id))
+        before_count = len(resource.tags.all())

        resource.upsert_or_delete_tags(tags)

        # should be the same number of tags
-        assert before_count == len(resource.tags.filter(tenant_id=tenant_id))
+        assert before_count == len(resource.tags.all())

    def test_add_tags_none(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.upsert_or_delete_tags(None)

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}

    def test_clear_tags(self, resources_fixture):
        resource, *_ = resources_fixture
-        tenant_id = str(resource.tenant_id)
        resource.clear_tags()

-        assert len(resource.tags.filter(tenant_id=tenant_id)) == 0
-        assert resource.get_tags(tenant_id=tenant_id) == {}
-
-
-# @pytest.mark.django_db
-# class TestFindingModel:
-#     def test_add_finding_with_long_uid(
-#         self, providers_fixture, scans_fixture, resources_fixture
-#     ):
-#         provider, *_ = providers_fixture
-#         tenant_id = provider.tenant_id
-
-#         long_uid = "1" * 500
-#         _ = Finding.objects.create(
-#             tenant_id=tenant_id,
-#             uid=long_uid,
-#             delta=Finding.DeltaChoices.NEW,
-#             check_metadata={},
-#             status=StatusChoices.PASS,
-#             status_extended="",
-#             severity="high",
-#             impact="high",
-#             raw_result={},
-#             check_id="test_check",
-#             scan=scans_fixture[0],
-#             first_seen_at=None,
-#             muted=False,
-#             compliance={},
-#         )
-#         assert Finding.objects.filter(uid=long_uid).exists()
+        assert len(resource.tags.all()) == 0
+        assert resource.get_tags() == {}
--- a/api/src/backend/api/tests/test_rbac.py
+++ b/api/src/backend/api/tests/test_rbac.py
@@ -1,19 +1,7 @@
-from unittest.mock import ANY, Mock, patch
-
 import pytest
 from django.urls import reverse
 from rest_framework import status
-
-from api.models import (
-    Membership,
-    ProviderGroup,
-    ProviderGroupMembership,
-    Role,
-    RoleProviderGroupRelationship,
-    User,
-    UserRoleRelationship,
-)
-from api.v1.serializers import TokenSerializer
+from unittest.mock import patch, ANY, Mock


@pytest.mark.django_db
@@ -316,96 +304,3 @@ class TestProviderViewSet:
            reverse("provider-connection", kwargs={"pk": provider.id})
        )
        assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
-@pytest.mark.django_db
-class TestLimitedVisibility:
-    TEST_EMAIL = "rbac@rbac.com"
-    TEST_PASSWORD = "thisisapassword123"
-
-    @pytest.fixture
-    def limited_admin_user(
-        self, django_db_setup, django_db_blocker, tenants_fixture, providers_fixture
-    ):
-        with django_db_blocker.unblock():
-            tenant = tenants_fixture[0]
-            provider = providers_fixture[0]
-            user = User.objects.create_user(
-                name="testing",
-                email=self.TEST_EMAIL,
-                password=self.TEST_PASSWORD,
-            )
-            Membership.objects.create(
-                user=user,
-                tenant=tenant,
-                role=Membership.RoleChoices.OWNER,
-            )
-
-            role = Role.objects.create(
-                name="limited_visibility",
-                tenant=tenant,
-                manage_users=True,
-                manage_account=True,
-                manage_billing=True,
-                manage_providers=True,
-                manage_integrations=True,
-                manage_scans=True,
-                unlimited_visibility=False,
-            )
-            UserRoleRelationship.objects.create(
-                user=user,
-                role=role,
-                tenant=tenant,
-            )
-
-            provider_group = ProviderGroup.objects.create(
-                name="limited_visibility_group",
-                tenant=tenant,
-            )
-            ProviderGroupMembership.objects.create(
-                tenant=tenant,
-                provider=provider,
-                provider_group=provider_group,
-            )
-
-            RoleProviderGroupRelationship.objects.create(
-                tenant=tenant, role=role, provider_group=provider_group
-            )
-
-        return user
-
-    @pytest.fixture
-    def authenticated_client_rbac_limited(
-        self, limited_admin_user, tenants_fixture, client
-    ):
-        client.user = limited_admin_user
-        tenant_id = tenants_fixture[0].id
-        serializer = TokenSerializer(
-            data={
-                "type": "tokens",
-                "email": self.TEST_EMAIL,
-                "password": self.TEST_PASSWORD,
-                "tenant_id": tenant_id,
-            }
-        )
-        serializer.is_valid(raise_exception=True)
-        access_token = serializer.validated_data["access"]
-        client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
-        return client
-
-    def test_integrations(
-        self, authenticated_client_rbac_limited, integrations_fixture, providers_fixture
-    ):
-        # Integration 2 is related to provider1 and provider 2
-        # This user cannot see provider 2
-        integration = integrations_fixture[1]
-
-        response = authenticated_client_rbac_limited.get(
-            reverse("integration-detail", kwargs={"pk": integration.id})
-        )
-
-        assert response.status_code == status.HTTP_200_OK
-        assert integration.providers.count() == 2
-        assert (
-            response.json()["data"]["relationships"]["providers"]["meta"]["count"] == 1
-        )
--- a/api/src/backend/api/tests/test_sentry.py
+++ b/api/src/backend/api/tests/test_sentry.py
@@ -1,80 +0,0 @@
-import logging
-from unittest.mock import MagicMock
-
-from config.settings.sentry import before_send
-
-
-def test_before_send_ignores_log_with_ignored_exception():
-    """Test that before_send ignores logs containing ignored exceptions."""
-    log_record = MagicMock()
-    log_record.msg = "Provider kubernetes is not connected"
-    log_record.levelno = logging.ERROR  # 40
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
-
-
-def test_before_send_ignores_exception_with_ignored_exception():
-    """Test that before_send ignores exceptions containing ignored exceptions."""
-    exc_info = (Exception, Exception("Provider kubernetes is not connected"), None)
-
-    hint = {"exc_info": exc_info}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
-
-
-def test_before_send_passes_through_non_ignored_log():
-    """Test that before_send passes through logs that don't contain ignored exceptions."""
-    log_record = MagicMock()
-    log_record.msg = "Some other error message"
-    log_record.levelno = logging.ERROR  # 40
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was passed through
-    assert result == event
-
-
-def test_before_send_passes_through_non_ignored_exception():
-    """Test that before_send passes through exceptions that don't contain ignored exceptions."""
-    exc_info = (Exception, Exception("Some other error message"), None)
-
-    hint = {"exc_info": exc_info}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was passed through
-    assert result == event
-
-
-def test_before_send_handles_warning_level():
-    """Test that before_send handles warning level logs."""
-    log_record = MagicMock()
-    log_record.msg = "Provider kubernetes is not connected"
-    log_record.levelno = logging.WARNING  # 30
-
-    hint = {"log_record": log_record}
-
-    event = MagicMock()
-
-    result = before_send(event, hint)
-
-    # Assert that the event was dropped (None returned)
-    assert result is None
--- a/api/src/backend/api/tests/test_utils.py
+++ b/api/src/backend/api/tests/test_utils.py
@@ -1,25 +1,25 @@
 from datetime import datetime, timedelta, timezone
-from unittest.mock import MagicMock, patch
+from unittest.mock import patch, MagicMock

 import pytest
-from rest_framework.exceptions import NotFound, ValidationError
-
-from api.db_router import MainRouter
-from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Provider
-from api.utils import (
-    get_prowler_provider_kwargs,
-    initialize_prowler_provider,
-    merge_dicts,
-    prowler_provider_connection_test,
-    return_prowler_provider,
-    validate_invitation,
-)
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
-from prowler.providers.m365.m365_provider import M365Provider
+from rest_framework.exceptions import ValidationError, NotFound
+
+from api.db_router import MainRouter
+from api.exceptions import InvitationTokenExpiredException
+from api.models import Invitation
+from api.models import Provider
+from api.utils import (
+    merge_dicts,
+    return_prowler_provider,
+    initialize_prowler_provider,
+    prowler_provider_connection_test,
+    get_prowler_provider_kwargs,
+)
+from api.utils import validate_invitation


 class TestMergeDicts:
@@ -105,7 +105,6 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.GCP.value, GcpProvider),
            (Provider.ProviderChoices.AZURE.value, AzureProvider),
            (Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
-            (Provider.ProviderChoices.M365.value, M365Provider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -145,18 +144,6 @@ class TestProwlerProviderConnectionTest:
            key="value", provider_id="1234567890", raise_on_exception=False
        )

-    @pytest.mark.django_db
-    @patch("api.utils.return_prowler_provider")
-    def test_prowler_provider_connection_test_without_secret(
-        self, mock_return_prowler_provider, providers_fixture
-    ):
-        mock_return_prowler_provider.return_value = MagicMock()
-        connection = prowler_provider_connection_test(providers_fixture[0])
-
-        assert connection.is_connected is False
-        assert isinstance(connection.error, Provider.secret.RelatedObjectDoesNotExist)
-        assert str(connection.error) == "Provider has no secret."
-

 class TestGetProwlerProviderKwargs:
    @pytest.mark.parametrize(
@@ -178,10 +165,6 @@ class TestGetProwlerProviderKwargs:
                Provider.ProviderChoices.KUBERNETES.value,
                {"context": "provider_uid"},
            ),
-            (
-                Provider.ProviderChoices.M365.value,
-                {},
-            ),
        ],
    )
    def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
@@ -291,10 +274,9 @@ class TestValidateInvitation:
        expired_time = datetime.now(timezone.utc) - timedelta(days=1)
        invitation.expires_at = expired_time

-        with (
-            patch("api.utils.Invitation.objects.using") as mock_using,
-            patch("api.utils.datetime") as mock_datetime,
-        ):
+        with patch("api.utils.Invitation.objects.using") as mock_using, patch(
+            "api.utils.datetime"
+        ) as mock_datetime:
            mock_db = mock_using.return_value
            mock_db.get.return_value = invitation
            mock_datetime.now.return_value = datetime.now(timezone.utc)
--- a/api/src/backend/api/tests/test_views.py
+++ b/api/src/backend/api/tests/test_views.py
--- a/api/src/backend/api/utils.py
+++ b/api/src/backend/api/utils.py
@@ -1,29 +1,15 @@
 from datetime import datetime, timezone

-from allauth.socialaccount.providers.oauth2.client import OAuth2Client
-from django.contrib.postgres.aggregates import ArrayAgg
-from django.db.models import Subquery
-from rest_framework.exceptions import NotFound, ValidationError
-
-from api.db_router import MainRouter
-from api.exceptions import InvitationTokenExpiredException
-from api.models import Invitation, Provider, Resource
-from api.v1.serializers import FindingMetadataSerializer
 from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
-from prowler.providers.m365.m365_provider import M365Provider
+from rest_framework.exceptions import ValidationError, NotFound

-
-class CustomOAuth2Client(OAuth2Client):
-    def __init__(self, client_id, secret, *args, **kwargs):
-        # Remove any duplicate "scope_delimiter" from kwargs
-        # Bug present in dj-rest-auth after version v7.0.1
-        # https://github.com/iMerica/dj-rest-auth/issues/673
-        kwargs.pop("scope_delimiter", None)
-        super().__init__(client_id, secret, *args, **kwargs)
+from api.db_router import MainRouter
+from api.exceptions import InvitationTokenExpiredException
+from api.models import Provider, Invitation


 def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:
@@ -55,14 +41,14 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider]:
+) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -76,8 +62,6 @@ def return_prowler_provider(
            prowler_provider = AzureProvider
        case Provider.ProviderChoices.KUBERNETES.value:
            prowler_provider = KubernetesProvider
-        case Provider.ProviderChoices.M365.value:
-            prowler_provider = M365Provider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -110,15 +94,15 @@ def get_prowler_provider_kwargs(provider: Provider) -> dict:

 def initialize_prowler_provider(
    provider: Provider,
-) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
+) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, or `KubernetesProvider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
@@ -136,12 +120,7 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
        Connection: A connection object representing the result of the connection test for the specified provider.
    """
    prowler_provider = return_prowler_provider(provider)
-
-    try:
-        prowler_provider_kwargs = provider.secret.secret
-    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
-        return Connection(is_connected=False, error=secret_error)
-
+    prowler_provider_kwargs = provider.secret.secret
    return prowler_provider.test_connection(
        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
    )
@@ -208,33 +187,3 @@ def validate_invitation(
        )

    return invitation
-
-
-# ToRemove after removing the fallback mechanism in /findings/metadata
-def get_findings_metadata_no_aggregations(tenant_id: str, filtered_queryset):
-    filtered_ids = filtered_queryset.order_by().values("id")
-
-    relevant_resources = Resource.all_objects.filter(
-        tenant_id=tenant_id, findings__id__in=Subquery(filtered_ids)
-    ).only("service", "region", "type")
-
-    aggregation = relevant_resources.aggregate(
-        services=ArrayAgg("service", flat=True),
-        regions=ArrayAgg("region", flat=True),
-        resource_types=ArrayAgg("type", flat=True),
-    )
-
-    services = sorted(set(aggregation["services"] or []))
-    regions = sorted({region for region in aggregation["regions"] or [] if region})
-    resource_types = sorted(set(aggregation["resource_types"] or []))
-
-    result = {
-        "services": services,
-        "regions": regions,
-        "resource_types": resource_types,
-    }
-
-    serializer = FindingMetadataSerializer(data=result)
-    serializer.is_valid(raise_exception=True)
-
-    return serializer.data
--- a/api/src/backend/api/uuid_utils.py
+++ b/api/src/backend/api/uuid_utils.py
@@ -106,7 +106,7 @@ def uuid7_end(uuid_obj: UUID, offset_months: int = 1) -> UUID:

    Args:
        uuid_obj: A UUIDv7 object.
-        offset_months: Number of months to offset from the given UUID's date. Defaults to 1 to handle if
+        offset_days: Number of months to offset from the given UUID's date. Defaults to 1 to handle if
        partitions are not being used, if so the value will be the one set at FINDINGS_TABLE_PARTITION_MONTHS.

    Returns:
--- a/api/src/backend/api/v1/mixins.py
+++ b/api/src/backend/api/v1/mixins.py
@@ -1,33 +0,0 @@
-from rest_framework.response import Response
-
-
-class PaginateByPkMixin:
-    """
-    Mixin to paginate on a list of PKs (cheaper than heavy JOINs),
-    re-fetch the full objects with the desired select/prefetch,
-    re-sort them to preserve DB ordering, then serialize + return.
-    """
-
-    def paginate_by_pk(
-        self,
-        request,  # noqa: F841
-        base_queryset,
-        manager,
-        select_related: list[str] | None = None,
-        prefetch_related: list[str] | None = None,
-    ) -> Response:
-        pk_list = base_queryset.values_list("id", flat=True)
-        page = self.paginate_queryset(pk_list)
-        if page is None:
-            return Response(self.get_serializer(base_queryset, many=True).data)
-
-        queryset = manager.filter(id__in=page)
-        if select_related:
-            queryset = queryset.select_related(*select_related)
-        if prefetch_related:
-            queryset = queryset.prefetch_related(*prefetch_related)
-
-        queryset = sorted(queryset, key=lambda obj: page.index(obj.id))
-
-        serialized = self.get_serializer(queryset, many=True).data
-        return self.get_paginated_response(serialized)
--- a/api/src/backend/api/v1/serializer_utils/integrations.py
+++ b/api/src/backend/api/v1/serializer_utils/integrations.py
@@ -1,122 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-from rest_framework_json_api.serializers import ValidationError
-
-
-class BaseValidateSerializer(serializers.Serializer):
-    def validate(self, data):
-        if hasattr(self, "initial_data"):
-            initial_data = set(self.initial_data.keys()) - {"id", "type"}
-            unknown_keys = initial_data - set(self.fields.keys())
-            if unknown_keys:
-                raise ValidationError(f"Invalid fields: {unknown_keys}")
-        return data
-
-
-# Integrations
-
-
-class S3ConfigSerializer(BaseValidateSerializer):
-    bucket_name = serializers.CharField()
-    output_directory = serializers.CharField()
-
-    class Meta:
-        resource_name = "integrations"
-
-
-class AWSCredentialSerializer(BaseValidateSerializer):
-    role_arn = serializers.CharField(required=False)
-    external_id = serializers.CharField(required=False)
-    role_session_name = serializers.CharField(required=False)
-    session_duration = serializers.IntegerField(
-        required=False, min_value=900, max_value=43200
-    )
-    aws_access_key_id = serializers.CharField(required=False)
-    aws_secret_access_key = serializers.CharField(required=False)
-    aws_session_token = serializers.CharField(required=False)
-
-    class Meta:
-        resource_name = "integrations"
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "AWS Credentials",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
-                        "assumption.",
-                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
-                        "AWS credentials.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
-                        "no AWS credentials are pre-configured.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token for temporary credentials, if applicable.",
-                    },
-                    "session_duration": {
-                        "type": "integer",
-                        "minimum": 900,
-                        "maximum": 43200,
-                        "default": 3600,
-                        "description": "The duration (in seconds) for the role session.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
-                        "The regex used to validate this parameter is a string of characters consisting of "
-                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
-                        "underscores or any of the following characters: =,.@-\n\n"
-                        "Examples:\n"
-                        "- MySession123\n"
-                        "- User_Session-1\n"
-                        "- Test.Session@2",
-                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
-                    },
-                },
-            },
-        ]
-    }
-)
-class IntegrationCredentialField(serializers.JSONField):
-    pass
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "Amazon S3",
-                "properties": {
-                    "bucket_name": {
-                        "type": "string",
-                        "description": "The name of the S3 bucket where files will be stored.",
-                    },
-                    "output_directory": {
-                        "type": "string",
-                        "description": "The directory path within the bucket where files will be saved.",
-                    },
-                },
-                "required": ["bucket_name", "output_directory"],
-            },
-        ]
-    }
-)
-class IntegrationConfigField(serializers.JSONField):
-    pass
--- a/api/src/backend/api/v1/serializer_utils/providers.py
+++ b/api/src/backend/api/v1/serializer_utils/providers.py
@@ -1,172 +0,0 @@
-from drf_spectacular.utils import extend_schema_field
-from rest_framework_json_api import serializers
-
-
-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "AWS Static Credentials",
-                "properties": {
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Required for environments where no IAM role is being "
-                        "assumed and direct AWS access is needed.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Must accompany 'aws_access_key_id' to authorize "
-                        "access to AWS resources.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token associated with temporary credentials. Only needed for "
-                        "session-based or temporary AWS access.",
-                    },
-                },
-                "required": ["aws_access_key_id", "aws_secret_access_key"],
-            },
-            {
-                "type": "object",
-                "title": "AWS Assume Role",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
-                        "assumption.",
-                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
-                        "AWS credentials.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
-                        "no AWS credentials are pre-configured.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token for temporary credentials, if applicable.",
-                    },
-                    "session_duration": {
-                        "type": "integer",
-                        "minimum": 900,
-                        "maximum": 43200,
-                        "default": 3600,
-                        "description": "The duration (in seconds) for the role session.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
-                        "The regex used to validate this parameter is a string of characters consisting of "
-                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
-                        "underscores or any of the following characters: =,.@-\n\n"
-                        "Examples:\n"
-                        "- MySession123\n"
-                        "- User_Session-1\n"
-                        "- Test.Session@2",
-                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
-                    },
-                },
-                "required": ["role_arn", "external_id"],
-            },
-            {
-                "type": "object",
-                "title": "Azure Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the application (client) ID, providing "
-                        "secure access.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "tenant_id"],
-            },
-            {
-                "type": "object",
-                "title": "M365 Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the application (client) ID, providing "
-                        "secure access.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                    "user": {
-                        "type": "email",
-                        "description": "User microsoft email address.",
-                    },
-                    "password": {
-                        "type": "string",
-                        "description": "User password.",
-                    },
-                },
-                "required": [
-                    "client_id",
-                    "client_secret",
-                    "tenant_id",
-                    "user",
-                    "password",
-                ],
-            },
-            {
-                "type": "object",
-                "title": "GCP Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The client ID from Google Cloud, used to identify the application for GCP "
-                        "access.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the GCP client ID, required for secure "
-                        "access.",
-                    },
-                    "refresh_token": {
-                        "type": "string",
-                        "description": "A refresh token that allows the application to obtain new access tokens for "
-                        "extended use.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "refresh_token"],
-            },
-            {
-                "type": "object",
-                "title": "Kubernetes Static Credentials",
-                "properties": {
-                    "kubeconfig_content": {
-                        "type": "string",
-                        "description": "The content of the Kubernetes kubeconfig file, encoded as a string.",
-                    }
-                },
-                "required": ["kubeconfig_content"],
-            },
-        ]
-    }
-)
-class ProviderSecretField(serializers.JSONField):
-    pass
--- a/api/src/backend/api/v1/serializers.py
+++ b/api/src/backend/api/v1/serializers.py
@@ -16,8 +16,6 @@ from rest_framework_simplejwt.tokens import RefreshToken
 from api.models import (
    ComplianceOverview,
    Finding,
-    Integration,
-    IntegrationProviderRelationship,
    Invitation,
    InvitationRoleRelationship,
    Membership,
@@ -36,76 +34,11 @@ from api.models import (
    UserRoleRelationship,
 )
 from api.rls import Tenant
-from api.v1.serializer_utils.integrations import (
-    AWSCredentialSerializer,
-    IntegrationConfigField,
-    IntegrationCredentialField,
-    S3ConfigSerializer,
-)
-from api.v1.serializer_utils.providers import ProviderSecretField

 # Tokens


-def generate_tokens(user: User, tenant_id: str) -> dict:
-    try:
-        refresh = RefreshToken.for_user(user)
-    except InvalidKeyError:
-        # Handle invalid key error
-        raise ValidationError(
-            {
-                "detail": "Token generation failed due to invalid key configuration. Provide valid "
-                "DJANGO_TOKEN_SIGNING_KEY and DJANGO_TOKEN_VERIFYING_KEY in the environment."
-            }
-        )
-    except Exception as e:
-        raise ValidationError({"detail": str(e)})
-
-    # Post-process the tokens
-    # Set the tenant_id
-    refresh["tenant_id"] = tenant_id
-
-    # Set the nbf (not before) claim to the iat (issued at) claim. At this moment, simplejwt does not provide a
-    # way to set the nbf claim
-    refresh.payload["nbf"] = refresh["iat"]
-
-    # Get the access token
-    access = refresh.access_token
-
-    if settings.SIMPLE_JWT["UPDATE_LAST_LOGIN"]:
-        update_last_login(None, user)
-
-    return {"access": str(access), "refresh": str(refresh)}
-
-
-class BaseTokenSerializer(TokenObtainPairSerializer):
-    def custom_validate(self, attrs, social: bool = False):
-        email = attrs.get("email")
-        password = attrs.get("password")
-        tenant_id = str(attrs.get("tenant_id", ""))
-
-        # Authenticate user
-        user = (
-            User.objects.get(email=email)
-            if social
-            else authenticate(username=email, password=password)
-        )
-        if user is None:
-            raise ValidationError("Invalid credentials")
-
-        if tenant_id:
-            if not user.is_member_of_tenant(tenant_id):
-                raise ValidationError("Tenant does not exist or user is not a member.")
-        else:
-            first_membership = user.memberships.order_by("date_joined").first()
-            if first_membership is None:
-                raise ValidationError("User has no memberships.")
-            tenant_id = str(first_membership.tenant_id)
-
-        return generate_tokens(user, tenant_id)
-
-
-class TokenSerializer(BaseTokenSerializer):
+class TokenSerializer(TokenObtainPairSerializer):
    email = serializers.EmailField(write_only=True)
    password = serializers.CharField(write_only=True)
    tenant_id = serializers.UUIDField(
@@ -123,25 +56,53 @@ class TokenSerializer(BaseTokenSerializer):
        resource_name = "tokens"

    def validate(self, attrs):
-        return super().custom_validate(attrs)
+        email = attrs.get("email")
+        password = attrs.get("password")
+        tenant_id = str(attrs.get("tenant_id", ""))

+        # Authenticate user
+        user = authenticate(username=email, password=password)
+        if user is None:
+            raise ValidationError("Invalid credentials")

-class TokenSocialLoginSerializer(BaseTokenSerializer):
-    email = serializers.EmailField(write_only=True)
+        if tenant_id:
+            if not user.is_member_of_tenant(tenant_id):
+                raise ValidationError("Tenant does not exist or user is not a member.")
+        else:
+            first_membership = user.memberships.order_by("date_joined").first()
+            if first_membership is None:
+                raise ValidationError("User has no memberships.")
+            tenant_id = str(first_membership.tenant_id)

-    # Output tokens
-    refresh = serializers.CharField(read_only=True)
-    access = serializers.CharField(read_only=True)
+        # Generate tokens
+        try:
+            refresh = RefreshToken.for_user(user)
+        except InvalidKeyError:
+            # Handle invalid key error
+            raise ValidationError(
+                {
+                    "detail": "Token generation failed due to invalid key configuration. Provide valid "
+                    "DJANGO_TOKEN_SIGNING_KEY and DJANGO_TOKEN_VERIFYING_KEY in the environment."
+                }
+            )
+        except Exception as e:
+            raise ValidationError({"detail": str(e)})

-    class JSONAPIMeta:
-        resource_name = "tokens"
+        # Post-process the tokens
+        # Set the tenant_id
+        refresh["tenant_id"] = tenant_id

-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.fields.pop("password", None)
+        # Set the nbf (not before) claim to the iat (issued at) claim. At this moment, simplejwt does not provide a
+        # way to set the nbf claim
+        refresh.payload["nbf"] = refresh["iat"]

-    def validate(self, attrs):
-        return super().custom_validate(attrs, social=True)
+        # Get the access token
+        access = refresh.access_token
+
+        if settings.SIMPLE_JWT["UPDATE_LAST_LOGIN"]:
+            update_last_login(None, user)
+
+        return {"access": str(access), "refresh": str(refresh)}


 # TODO: Check if we can change the parent class to TokenRefreshSerializer from rest_framework_simplejwt.serializers
@@ -179,30 +140,6 @@ class TokenRefreshSerializer(serializers.Serializer):
            raise ValidationError({"refresh": "Invalid or expired token"})


-class TokenSwitchTenantSerializer(serializers.Serializer):
-    tenant_id = serializers.UUIDField(
-        write_only=True, help_text="The tenant ID for which to request a new token."
-    )
-    access = serializers.CharField(read_only=True)
-    refresh = serializers.CharField(read_only=True)
-
-    class JSONAPIMeta:
-        resource_name = "tokens-switch-tenant"
-
-    def validate(self, attrs):
-        request = self.context["request"]
-        user = request.user
-
-        if not user.is_authenticated:
-            raise ValidationError("Invalid or expired token.")
-
-        tenant_id = str(attrs.get("tenant_id"))
-        if not user.is_member_of_tenant(tenant_id):
-            raise ValidationError("Tenant does not exist or user is not a member.")
-
-        return generate_tokens(user, tenant_id)
-
-
 # Base


@@ -298,10 +235,13 @@ class UserCreateSerializer(BaseWriteSerializer):

 class UserUpdateSerializer(BaseWriteSerializer):
    password = serializers.CharField(write_only=True, required=False)
+    roles = serializers.ResourceRelatedField(
+        queryset=Role.objects.all(), many=True, required=False
+    )

    class Meta:
        model = User
-        fields = ["id", "name", "password", "email", "company_name"]
+        fields = ["id", "name", "password", "email", "company_name", "roles"]
        extra_kwargs = {
            "id": {"read_only": True},
        }
@@ -566,6 +506,7 @@ class ProviderGroupCreateSerializer(ProviderGroupSerializer):
            "updated_at",
            "providers",
            "roles",
+            "url",
        ]

    def create(self, validated_data):
@@ -754,43 +695,6 @@ class ProviderSerializer(RLSSerializer):
        }


-class ProviderIncludeSerializer(RLSSerializer):
-    """
-    Serializer for the Provider model.
-    """
-
-    provider = ProviderEnumSerializerField()
-    connection = serializers.SerializerMethodField(read_only=True)
-
-    class Meta:
-        model = Provider
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "provider",
-            "uid",
-            "alias",
-            "connection",
-            # "scanner_args",
-        ]
-
-    @extend_schema_field(
-        {
-            "type": "object",
-            "properties": {
-                "connected": {"type": "boolean"},
-                "last_checked_at": {"type": "string", "format": "date-time"},
-            },
-        }
-    )
-    def get_connection(self, obj):
-        return {
-            "connected": obj.connected,
-            "last_checked_at": obj.connection_last_checked_at,
-        }
-
-
 class ProviderCreateSerializer(RLSSerializer, BaseWriteSerializer):
    class Meta:
        model = Provider
@@ -852,39 +756,6 @@ class ScanSerializer(RLSSerializer):
            "url",
        ]

-    included_serializers = {
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
-    }
-
-
-class ScanIncludeSerializer(RLSSerializer):
-    trigger = serializers.ChoiceField(
-        choices=Scan.TriggerChoices.choices, read_only=True
-    )
-    state = StateEnumSerializerField(read_only=True)
-
-    class Meta:
-        model = Scan
-        fields = [
-            "id",
-            "name",
-            "trigger",
-            "state",
-            "unique_resource_count",
-            "progress",
-            # "scanner_args",
-            "duration",
-            "inserted_at",
-            "started_at",
-            "completed_at",
-            "scheduled_at",
-            "provider",
-        ]
-
-    included_serializers = {
-        "provider": "api.v1.serializers.ProviderIncludeSerializer",
-    }
-

 class ScanCreateSerializer(RLSSerializer, BaseWriteSerializer):
    class Meta:
@@ -952,23 +823,6 @@ class ScanTaskSerializer(RLSSerializer):
        ]


-class ScanReportSerializer(serializers.Serializer):
-    id = serializers.CharField(source="scan")
-
-    class Meta:
-        resource_name = "scan-reports"
-        fields = ["id"]
-
-
-class ScanComplianceReportSerializer(serializers.Serializer):
-    id = serializers.CharField(source="scan")
-    name = serializers.CharField()
-
-    class Meta:
-        resource_name = "scan-reports"
-        fields = ["id", "name"]
-
-
 class ResourceTagSerializer(RLSSerializer):
    """
    Serializer for the ResourceTag model
@@ -1024,52 +878,7 @@ class ResourceSerializer(RLSSerializer):
        }
    )
    def get_tags(self, obj):
-        return obj.get_tags(self.context.get("tenant_id"))
-
-    def get_fields(self):
-        """`type` is a Python reserved keyword."""
-        fields = super().get_fields()
-        type_ = fields.pop("type_")
-        fields["type"] = type_
-        return fields
-
-
-class ResourceIncludeSerializer(RLSSerializer):
-    """
-    Serializer for the Resource model.
-    """
-
-    tags = serializers.SerializerMethodField()
-    type_ = serializers.CharField(read_only=True)
-
-    class Meta:
-        model = Resource
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "uid",
-            "name",
-            "region",
-            "service",
-            "type_",
-            "tags",
-        ]
-        extra_kwargs = {
-            "id": {"read_only": True},
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-        }
-
-    @extend_schema_field(
-        {
-            "type": "object",
-            "description": "Tags associated with the resource",
-            "example": {"env": "prod", "owner": "johndoe"},
-        }
-    )
-    def get_tags(self, obj):
-        return obj.get_tags(self.context.get("tenant_id"))
+        return obj.get_tags()

    def get_fields(self):
        """`type` is a Python reserved keyword."""
@@ -1100,8 +909,6 @@ class FindingSerializer(RLSSerializer):
            "raw_result",
            "inserted_at",
            "updated_at",
-            "first_seen_at",
-            "muted",
            "url",
            # Relationships
            "scan",
@@ -1109,12 +916,11 @@ class FindingSerializer(RLSSerializer):
        ]

    included_serializers = {
-        "scan": ScanIncludeSerializer,
-        "resources": ResourceIncludeSerializer,
+        "scan": ScanSerializer,
+        "resources": ResourceSerializer,
    }


-# To be removed when the related endpoint is removed as well
 class FindingDynamicFilterSerializer(serializers.Serializer):
    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
@@ -1123,19 +929,6 @@ class FindingDynamicFilterSerializer(serializers.Serializer):
        resource_name = "finding-dynamic-filters"


-class FindingMetadataSerializer(serializers.Serializer):
-    services = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-    resource_types = serializers.ListField(
-        child=serializers.CharField(), allow_empty=True
-    )
-    # Temporarily disabled until we implement tag filtering in the UI
-    # tags = serializers.JSONField(help_text="Tags are described as key-value pairs.")
-
-    class Meta:
-        resource_name = "findings-metadata"
-
-
 # Provider secrets
 class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
    @staticmethod
@@ -1151,8 +944,6 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = GCPProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
-            elif provider_type == Provider.ProviderChoices.M365.value:
-                serializer = M365ProviderSecret(data=secret)
            else:
                raise serializers.ValidationError(
                    {"provider": f"Provider type not supported {provider_type}"}
@@ -1192,17 +983,6 @@ class AzureProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-class M365ProviderSecret(serializers.Serializer):
-    client_id = serializers.CharField()
-    client_secret = serializers.CharField()
-    tenant_id = serializers.CharField()
-    user = serializers.EmailField()
-    password = serializers.CharField()
-
-    class Meta:
-        resource_name = "provider-secrets"
-
-
 class GCPProviderSecret(serializers.Serializer):
    client_id = serializers.CharField()
    client_secret = serializers.CharField()
@@ -1221,7 +1001,7 @@ class KubernetesProviderSecret(serializers.Serializer):

 class AWSRoleAssumptionProviderSecret(serializers.Serializer):
    role_arn = serializers.CharField()
-    external_id = serializers.CharField()
+    external_id = serializers.CharField(required=False)
    role_session_name = serializers.CharField(required=False)
    session_duration = serializers.IntegerField(
        required=False, min_value=900, max_value=43200
@@ -1234,6 +1014,142 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


+@extend_schema_field(
+    {
+        "oneOf": [
+            {
+                "type": "object",
+                "title": "AWS Static Credentials",
+                "properties": {
+                    "aws_access_key_id": {
+                        "type": "string",
+                        "description": "The AWS access key ID. Required for environments where no IAM role is being "
+                        "assumed and direct AWS access is needed.",
+                    },
+                    "aws_secret_access_key": {
+                        "type": "string",
+                        "description": "The AWS secret access key. Must accompany 'aws_access_key_id' to authorize "
+                        "access to AWS resources.",
+                    },
+                    "aws_session_token": {
+                        "type": "string",
+                        "description": "The session token associated with temporary credentials. Only needed for "
+                        "session-based or temporary AWS access.",
+                    },
+                },
+                "required": ["aws_access_key_id", "aws_secret_access_key"],
+            },
+            {
+                "type": "object",
+                "title": "AWS Assume Role",
+                "properties": {
+                    "role_arn": {
+                        "type": "string",
+                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
+                        "assumption.",
+                    },
+                    "aws_access_key_id": {
+                        "type": "string",
+                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
+                        "AWS credentials.",
+                    },
+                    "aws_secret_access_key": {
+                        "type": "string",
+                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
+                        "no AWS credentials are pre-configured.",
+                    },
+                    "aws_session_token": {
+                        "type": "string",
+                        "description": "The session token for temporary credentials, if applicable.",
+                    },
+                    "session_duration": {
+                        "type": "integer",
+                        "minimum": 900,
+                        "maximum": 43200,
+                        "default": 3600,
+                        "description": "The duration (in seconds) for the role session.",
+                    },
+                    "external_id": {
+                        "type": "string",
+                        "description": "An optional identifier to enhance security for role assumption; may be "
+                        "required by the role administrator.",
+                    },
+                    "role_session_name": {
+                        "type": "string",
+                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
+                        "The regex used to validate this parameter is a string of characters consisting of "
+                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
+                        "underscores or any of the following characters: =,.@-\n\n"
+                        "Examples:\n"
+                        "- MySession123\n"
+                        "- User_Session-1\n"
+                        "- Test.Session@2",
+                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
+                    },
+                },
+                "required": ["role_arn"],
+            },
+            {
+                "type": "object",
+                "title": "Azure Static Credentials",
+                "properties": {
+                    "client_id": {
+                        "type": "string",
+                        "description": "The Azure application (client) ID for authentication in Azure AD.",
+                    },
+                    "client_secret": {
+                        "type": "string",
+                        "description": "The client secret associated with the application (client) ID, providing "
+                        "secure access.",
+                    },
+                    "tenant_id": {
+                        "type": "string",
+                        "description": "The Azure tenant ID, representing the directory where the application is "
+                        "registered.",
+                    },
+                },
+                "required": ["client_id", "client_secret", "tenant_id"],
+            },
+            {
+                "type": "object",
+                "title": "GCP Static Credentials",
+                "properties": {
+                    "client_id": {
+                        "type": "string",
+                        "description": "The client ID from Google Cloud, used to identify the application for GCP "
+                        "access.",
+                    },
+                    "client_secret": {
+                        "type": "string",
+                        "description": "The client secret associated with the GCP client ID, required for secure "
+                        "access.",
+                    },
+                    "refresh_token": {
+                        "type": "string",
+                        "description": "A refresh token that allows the application to obtain new access tokens for "
+                        "extended use.",
+                    },
+                },
+                "required": ["client_id", "client_secret", "refresh_token"],
+            },
+            {
+                "type": "object",
+                "title": "Kubernetes Static Credentials",
+                "properties": {
+                    "kubeconfig_content": {
+                        "type": "string",
+                        "description": "The content of the Kubernetes kubeconfig file, encoded as a string.",
+                    }
+                },
+                "required": ["kubeconfig_content"],
+            },
+        ]
+    }
+)
+class ProviderSecretField(serializers.JSONField):
+    pass
+
+
 class ProviderSecretSerializer(RLSSerializer):
    """
    Serializer for the ProviderSecret model.
@@ -1321,12 +1237,6 @@ class InvitationSerializer(RLSSerializer):

    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())

-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    class Meta:
        model = Invitation
        fields = [
@@ -1346,12 +1256,6 @@ class InvitationSerializer(RLSSerializer):
 class InvitationBaseWriteSerializer(BaseWriteSerializer):
    roles = serializers.ResourceRelatedField(many=True, queryset=Role.objects.all())

-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["roles"].queryset = Role.objects.filter(tenant_id=tenant_id)
-
    def validate_email(self, value):
        user = User.objects.filter(email=value).first()
        tenant_id = self.context["tenant_id"]
@@ -1412,10 +1316,6 @@ class InvitationCreateSerializer(InvitationBaseWriteSerializer, RLSSerializer):


 class InvitationUpdateSerializer(InvitationBaseWriteSerializer):
-    roles = serializers.ResourceRelatedField(
-        required=False, many=True, queryset=Role.objects.all()
-    )
-
    class Meta:
        model = Invitation
        fields = ["id", "email", "expires_at", "state", "token", "roles"]
@@ -1429,18 +1329,14 @@ class InvitationUpdateSerializer(InvitationBaseWriteSerializer):

    def update(self, instance, validated_data):
        tenant_id = self.context.get("tenant_id")
+        invitation = super().update(instance, validated_data)
        if "roles" in validated_data:
            roles = validated_data.pop("roles")
            instance.roles.clear()
-            new_relationships = [
-                InvitationRoleRelationship(
-                    role=r, invitation=instance, tenant_id=tenant_id
+            for role in roles:
+                InvitationRoleRelationship.objects.create(
+                    role=role, invitation=invitation, tenant_id=tenant_id
                )
-                for r in roles
-            ]
-            InvitationRoleRelationship.objects.bulk_create(new_relationships)
-
-        invitation = super().update(instance, validated_data)

        return invitation

@@ -1467,17 +1363,6 @@ class RoleSerializer(RLSSerializer, BaseWriteSerializer):
        queryset=ProviderGroup.objects.all(), many=True, required=False
    )

-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        tenant_id = self.context.get("tenant_id")
-        if tenant_id is not None:
-            self.fields["users"].queryset = User.objects.filter(
-                membership__tenant__id=tenant_id
-            )
-            self.fields["provider_groups"].queryset = ProviderGroup.objects.filter(
-                tenant_id=self.context.get("tenant_id")
-            )
-
    def get_permission_state(self, obj) -> str:
        return obj.permission_state

@@ -1505,11 +1390,9 @@ class RoleSerializer(RLSSerializer, BaseWriteSerializer):
            "name",
            "manage_users",
            "manage_account",
-            # Disable for the first release
-            # "manage_billing",
-            # /Disable for the first release
-            "manage_integrations",
+            "manage_billing",
            "manage_providers",
+            "manage_integrations",
            "manage_scans",
            "permission_state",
            "unlimited_visibility",
@@ -1790,13 +1673,6 @@ class ComplianceOverviewFullSerializer(ComplianceOverviewSerializer):
        return obj.requirements


-class ComplianceOverviewMetadataSerializer(serializers.Serializer):
-    regions = serializers.ListField(child=serializers.CharField(), allow_empty=True)
-
-    class Meta:
-        resource_name = "compliance-overviews-metadata"
-
-
 # Overviews


@@ -1817,7 +1693,7 @@ class OverviewProviderSerializer(serializers.Serializer):
            "properties": {
                "pass": {"type": "integer"},
                "fail": {"type": "integer"},
-                "muted": {"type": "integer"},
+                "manual": {"type": "integer"},
                "total": {"type": "integer"},
            },
        }
@@ -1826,7 +1702,7 @@ class OverviewProviderSerializer(serializers.Serializer):
        return {
            "pass": obj["findings_passed"],
            "fail": obj["findings_failed"],
-            "muted": obj["findings_muted"],
+            "manual": obj["findings_manual"],
            "total": obj["total_findings"],
        }

@@ -1921,201 +1797,3 @@ class ScheduleDailyCreateSerializer(serializers.Serializer):
            if unknown_keys:
                raise ValidationError(f"Invalid fields: {unknown_keys}")
        return data
-
-
-# Integrations
-
-
-class BaseWriteIntegrationSerializer(BaseWriteSerializer):
-    @staticmethod
-    def validate_integration_data(
-        integration_type: str,
-        providers: list[Provider],  # noqa
-        configuration: dict,
-        credentials: dict,
-    ):
-        if integration_type == Integration.IntegrationChoices.S3:
-            config_serializer = S3ConfigSerializer
-            credentials_serializers = [AWSCredentialSerializer]
-            # TODO: This will be required for AWS Security Hub
-            # if providers and not all(
-            #     provider.provider == Provider.ProviderChoices.AWS
-            #     for provider in providers
-            # ):
-            #     raise serializers.ValidationError(
-            #         {"providers": "All providers must be AWS for the S3 integration."}
-            #     )
-        else:
-            raise serializers.ValidationError(
-                {
-                    "integration_type": f"Integration type not supported yet: {integration_type}"
-                }
-            )
-
-        config_serializer(data=configuration).is_valid(raise_exception=True)
-
-        for cred_serializer in credentials_serializers:
-            try:
-                cred_serializer(data=credentials).is_valid(raise_exception=True)
-                break
-            except ValidationError:
-                continue
-        else:
-            raise ValidationError(
-                {"credentials": "Invalid credentials for the integration type."}
-            )
-
-
-class IntegrationSerializer(RLSSerializer):
-    """
-    Serializer for the Integration model.
-    """
-
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True
-    )
-
-    class Meta:
-        model = Integration
-        fields = [
-            "id",
-            "inserted_at",
-            "updated_at",
-            "enabled",
-            "connected",
-            "connection_last_checked_at",
-            "integration_type",
-            "configuration",
-            "providers",
-            "url",
-        ]
-
-    included_serializers = {
-        "providers": "api.v1.serializers.ProviderIncludeSerializer",
-    }
-
-    def to_representation(self, instance):
-        representation = super().to_representation(instance)
-        allowed_providers = self.context.get("allowed_providers")
-        if allowed_providers:
-            allowed_provider_ids = {str(provider.id) for provider in allowed_providers}
-            representation["providers"] = [
-                provider
-                for provider in representation["providers"]
-                if provider["id"] in allowed_provider_ids
-            ]
-        return representation
-
-
-class IntegrationCreateSerializer(BaseWriteIntegrationSerializer):
-    credentials = IntegrationCredentialField(write_only=True)
-    configuration = IntegrationConfigField()
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-
-    class Meta:
-        model = Integration
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "enabled",
-            "connected",
-            "connection_last_checked_at",
-            "integration_type",
-            "configuration",
-            "credentials",
-            "providers",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "connected": {"read_only": True},
-            "enabled": {"read_only": True},
-            "connection_last_checked_at": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        integration_type = attrs.get("integration_type")
-        providers = attrs.get("providers")
-        configuration = attrs.get("configuration")
-        credentials = attrs.get("credentials")
-
-        validated_attrs = super().validate(attrs)
-        self.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-        return validated_attrs
-
-    def create(self, validated_data):
-        tenant_id = self.context.get("tenant_id")
-
-        providers = validated_data.pop("providers", [])
-        integration = Integration.objects.create(tenant_id=tenant_id, **validated_data)
-
-        through_model_instances = [
-            IntegrationProviderRelationship(
-                integration=integration,
-                provider=provider,
-                tenant_id=tenant_id,
-            )
-            for provider in providers
-        ]
-        IntegrationProviderRelationship.objects.bulk_create(through_model_instances)
-
-        return integration
-
-
-class IntegrationUpdateSerializer(BaseWriteIntegrationSerializer):
-    credentials = IntegrationCredentialField(write_only=True, required=False)
-    configuration = IntegrationConfigField(required=False)
-    providers = serializers.ResourceRelatedField(
-        queryset=Provider.objects.all(), many=True, required=False
-    )
-
-    class Meta:
-        model = Integration
-        fields = [
-            "inserted_at",
-            "updated_at",
-            "enabled",
-            "connected",
-            "connection_last_checked_at",
-            "integration_type",
-            "configuration",
-            "credentials",
-            "providers",
-        ]
-        extra_kwargs = {
-            "inserted_at": {"read_only": True},
-            "updated_at": {"read_only": True},
-            "connected": {"read_only": True},
-            "connection_last_checked_at": {"read_only": True},
-            "integration_type": {"read_only": True},
-        }
-
-    def validate(self, attrs):
-        integration_type = self.instance.integration_type
-        providers = attrs.get("providers")
-        configuration = attrs.get("configuration") or self.instance.configuration
-        credentials = attrs.get("credentials") or self.instance.credentials
-
-        validated_attrs = super().validate(attrs)
-        self.validate_integration_data(
-            integration_type, providers, configuration, credentials
-        )
-        return validated_attrs
-
-    def update(self, instance, validated_data):
-        tenant_id = self.context.get("tenant_id")
-        if validated_data.get("providers") is not None:
-            instance.providers.clear()
-            new_relationships = [
-                IntegrationProviderRelationship(
-                    integration=instance, provider=provider, tenant_id=tenant_id
-                )
-                for provider in validated_data["providers"]
-            ]
-            IntegrationProviderRelationship.objects.bulk_create(new_relationships)
-
-        return super().update(instance, validated_data)
--- a/api/src/backend/api/v1/urls.py
+++ b/api/src/backend/api/v1/urls.py
@@ -3,32 +3,28 @@ from drf_spectacular.views import SpectacularRedocView
 from rest_framework_nested import routers

 from api.v1.views import (
-    ComplianceOverviewViewSet,
    CustomTokenObtainView,
    CustomTokenRefreshView,
-    CustomTokenSwitchTenantView,
    FindingViewSet,
-    GithubSocialLoginView,
-    GoogleSocialLoginView,
-    IntegrationViewSet,
-    InvitationAcceptViewSet,
-    InvitationViewSet,
    MembershipViewSet,
-    OverviewViewSet,
-    ProviderGroupProvidersRelationshipView,
    ProviderGroupViewSet,
+    ProviderGroupProvidersRelationshipView,
    ProviderSecretViewSet,
+    InvitationViewSet,
+    InvitationAcceptViewSet,
+    RoleViewSet,
+    RoleProviderGroupRelationshipView,
+    UserRoleRelationshipView,
+    OverviewViewSet,
+    ComplianceOverviewViewSet,
    ProviderViewSet,
    ResourceViewSet,
-    RoleProviderGroupRelationshipView,
-    RoleViewSet,
    ScanViewSet,
    ScheduleViewSet,
    SchemaView,
    TaskViewSet,
    TenantMembersViewSet,
    TenantViewSet,
-    UserRoleRelationshipView,
    UserViewSet,
 )

@@ -48,7 +44,6 @@ router.register(
 )
 router.register(r"overviews", OverviewViewSet, basename="overview")
 router.register(r"schedules", ScheduleViewSet, basename="schedule")
-router.register(r"integrations", IntegrationViewSet, basename="integration")

 tenants_router = routers.NestedSimpleRouter(router, r"tenants", lookup="tenant")
 tenants_router.register(
@@ -61,7 +56,6 @@ users_router.register(r"memberships", MembershipViewSet, basename="user-membersh
 urlpatterns = [
    path("tokens", CustomTokenObtainView.as_view(), name="token-obtain"),
    path("tokens/refresh", CustomTokenRefreshView.as_view(), name="token-refresh"),
-    path("tokens/switch", CustomTokenSwitchTenantView.as_view(), name="token-switch"),
    path(
        "providers/secrets",
        ProviderSecretViewSet.as_view({"get": "list", "post": "create"}),
@@ -112,8 +106,6 @@ urlpatterns = [
        ),
        name="provider_group-providers-relationship",
    ),
-    path("tokens/google", GoogleSocialLoginView.as_view(), name="token-google"),
-    path("tokens/github", GithubSocialLoginView.as_view(), name="token-github"),
    path("", include(router.urls)),
    path("", include(tenants_router.urls)),
    path("", include(users_router.urls)),
--- a/api/src/backend/api/v1/views.py
+++ b/api/src/backend/api/v1/views.py
--- a/api/src/backend/config/celery.py
+++ b/api/src/backend/config/celery.py
@@ -1,21 +1,10 @@
 from celery import Celery, Task
-from config.env import env
-
-BROKER_VISIBILITY_TIMEOUT = env.int("DJANGO_BROKER_VISIBILITY_TIMEOUT", default=86400)

 celery_app = Celery("tasks")

 celery_app.config_from_object("django.conf:settings", namespace="CELERY")
 celery_app.conf.update(result_extended=True, result_expires=None)

-celery_app.conf.broker_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.result_backend_transport_options = {
-    "visibility_timeout": BROKER_VISIBILITY_TIMEOUT
-}
-celery_app.conf.visibility_timeout = BROKER_VISIBILITY_TIMEOUT
-
 celery_app.autodiscover_tasks(["api"])


@@ -50,9 +39,9 @@ class RLSTask(Task):

        tenant_id = kwargs.get("tenant_id")
        with rls_transaction(tenant_id):
-            APITask.objects.update_or_create(
+            APITask.objects.create(
                id=task_result_instance.task_id,
                tenant_id=tenant_id,
-                defaults={"task_runner_task": task_result_instance},
+                task_runner_task=task_result_instance,
            )
        return result
--- a/api/src/backend/config/custom_logging.py
+++ b/api/src/backend/config/custom_logging.py
@@ -2,9 +2,10 @@ import json
 import logging
 from enum import StrEnum

-from config.env import env
 from django_guid.log_filters import CorrelationId

+from config.env import env
+

 class BackendLogger(StrEnum):
    GUNICORN = "gunicorn"
@@ -38,9 +39,9 @@ class NDJSONFormatter(logging.Formatter):
            "funcName": record.funcName,
            "process": record.process,
            "thread": record.thread,
-            "transaction_id": (
-                record.transaction_id if hasattr(record, "transaction_id") else None
-            ),
+            "transaction_id": record.transaction_id
+            if hasattr(record, "transaction_id")
+            else None,
        }

        # Add REST API extra fields
--- a/api/src/backend/config/django/base.py
+++ b/api/src/backend/config/django/base.py
@@ -4,8 +4,6 @@ from config.custom_logging import LOGGING  # noqa
 from config.env import BASE_DIR, env  # noqa
 from config.settings.celery import *  # noqa
 from config.settings.partitions import *  # noqa
-from config.settings.sentry import *  # noqa
-from config.settings.social_login import *  # noqa

 SECRET_KEY = env("SECRET_KEY", default="secret")
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
@@ -31,13 +29,6 @@ INSTALLED_APPS = [
    "django_celery_results",
    "django_celery_beat",
    "rest_framework_simplejwt.token_blacklist",
-    "allauth",
-    "allauth.account",
-    "allauth.socialaccount",
-    "allauth.socialaccount.providers.google",
-    "allauth.socialaccount.providers.github",
-    "dj_rest_auth.registration",
-    "rest_framework.authtoken",
 ]

 MIDDLEWARE = [
@@ -51,11 +42,8 @@ MIDDLEWARE = [
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "api.middleware.APILoggingMiddleware",
-    "allauth.account.middleware.AccountMiddleware",
 ]

-SITE_ID = 1
-
 CORS_ALLOWED_ORIGINS = ["http://localhost", "http://127.0.0.1"]

 ROOT_URLCONF = "config.urls"
@@ -111,7 +99,6 @@ SPECTACULAR_SETTINGS = {
    "PREPROCESSING_HOOKS": [
        "drf_spectacular_jsonapi.hooks.fix_nested_path_parameters",
    ],
-    "TITLE": "API Reference - Prowler",
 }

 WSGI_APPLICATION = "config.wsgi.application"
@@ -220,26 +207,3 @@ CACHE_STALE_WHILE_REVALIDATE = env.int("DJANGO_STALE_WHILE_REVALIDATE", 60)


 TESTING = False
-
-FINDINGS_MAX_DAYS_IN_RANGE = env.int("DJANGO_FINDINGS_MAX_DAYS_IN_RANGE", 7)
-
-
-# API export settings
-DJANGO_TMP_OUTPUT_DIRECTORY = env.str(
-    "DJANGO_TMP_OUTPUT_DIRECTORY", "/tmp/prowler_api_output"
-)
-DJANGO_FINDINGS_BATCH_SIZE = env.str("DJANGO_FINDINGS_BATCH_SIZE", 1000)
-
-DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
-DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID = env.str("DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID", "")
-DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY = env.str(
-    "DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY", ""
-)
-DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN = env.str("DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN", "")
-DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION = env.str("DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION", "")
-
-DJANGO_DELETION_BATCH_SIZE = env.int("DJANGO_DELETION_BATCH_SIZE", 5000)
-# HTTP Security Headers
-SECURE_CONTENT_TYPE_NOSNIFF = True
-X_FRAME_OPTIONS = "DENY"
-SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
--- a/api/src/backend/config/django/devel.py
+++ b/api/src/backend/config/django/devel.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=True)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["*"])

--- a/api/src/backend/config/django/production.py
+++ b/api/src/backend/config/django/production.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

--- a/api/src/backend/config/django/testing.py
+++ b/api/src/backend/config/django/testing.py
@@ -1,6 +1,7 @@
 from config.django.base import *  # noqa
 from config.env import env

+
 DEBUG = env.bool("DJANGO_DEBUG", default=False)
 ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["localhost", "127.0.0.1"])

--- a/api/src/backend/config/settings/sentry.py
+++ b/api/src/backend/config/settings/sentry.py
@@ -1,109 +0,0 @@
-import sentry_sdk
-from config.env import env
-
-IGNORED_EXCEPTIONS = [
-    # Provider is not connected due to credentials errors
-    "is not connected",
-    # Authentication Errors from AWS
-    "InvalidToken",
-    "AccessDeniedException",
-    "AuthorizationErrorException",
-    "UnrecognizedClientException",
-    "UnauthorizedOperation",
-    "AuthFailure",
-    "InvalidClientTokenId",
-    "AWSInvalidProviderIdError",
-    "InternalServerErrorException",
-    "AccessDenied",
-    "No Shodan API Key",  # Shodan Check
-    "RequestLimitExceeded",  # For now we don't want to log the RequestLimitExceeded errors
-    "ThrottlingException",
-    "Rate exceeded",
-    "SubscriptionRequiredException",
-    "UnknownOperationException",
-    "OptInRequired",
-    "ReadTimeout",
-    "LimitExceeded",
-    "ConnectTimeoutError",
-    "ExpiredToken",
-    "IncompleteSignature",
-    "RegionDisabledException",
-    "TooManyRequestsException",
-    "SignatureDoesNotMatch",
-    "InvalidParameterValueException",
-    "InvalidInputException",
-    "ValidationException",
-    "AWSSecretAccessKeyInvalidError",
-    "InvalidAction",
-    "InvalidRequestException",
-    "RequestExpired",
-    "ConnectionClosedError",
-    "MaxRetryError",
-    "AWSAccessKeyIDInvalidError",
-    "AWSSessionTokenExpiredError",
-    "EndpointConnectionError",  # AWS Service is not available in a region
-    "Pool is closed",  # The following comes from urllib3: eu-west-1 -- HTTPClientError[126]: An HTTP Client raised an unhandled exception: AWSHTTPSConnectionPool(host='hostname.s3.eu-west-1.amazonaws.com', port=443): Pool is closed.
-    # Authentication Errors from GCP
-    "ClientAuthenticationError",
-    "AuthorizationFailed",
-    "Reauthentication is needed",
-    "Permission denied to get service",
-    "API has not been used in project",
-    "HttpError 404 when requesting",
-    "HttpError 403 when requesting",
-    "HttpError 400 when requesting",
-    "GCPNoAccesibleProjectsError",
-    # Authentication Errors from Azure
-    "ClientAuthenticationError",
-    "AuthorizationFailed",
-    "Subscription Not Registered",
-    "AzureNotValidClientIdError",
-    "AzureNotValidClientSecretError",
-    "AzureNotValidTenantIdError",
-    "AzureInvalidProviderIdError",
-    "AzureTenantIdAndClientSecretNotBelongingToClientIdError",
-    "AzureTenantIdAndClientIdNotBelongingToClientSecretError",
-    "AzureClientIdAndClientSecretNotBelongingToTenantIdError",
-    "AzureHTTPResponseError",
-    "Error with credentials provided",
-]
-
-
-def before_send(event, hint):
-    """
-    before_send handles the Sentry events in order to sent them or not
-    """
-    # Ignore logs with the ignored_exceptions
-    # https://docs.python.org/3/library/logging.html#logrecord-objects
-    if "log_record" in hint:
-        log_msg = hint["log_record"].msg
-        log_lvl = hint["log_record"].levelno
-
-        # Handle Error and Critical events and discard the rest
-        if log_lvl <= 40 and any(ignored in log_msg for ignored in IGNORED_EXCEPTIONS):
-            return None  # Explicitly return None to drop the event
-
-    # Ignore exceptions with the ignored_exceptions
-    if "exc_info" in hint and hint["exc_info"]:
-        exc_value = str(hint["exc_info"][1])
-        if any(ignored in exc_value for ignored in IGNORED_EXCEPTIONS):
-            return None  # Explicitly return None to drop the event
-
-    return event
-
-
-sentry_sdk.init(
-    dsn=env.str("DJANGO_SENTRY_DSN", ""),
-    # Add data like request headers and IP for users,
-    # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
-    before_send=before_send,
-    send_default_pii=True,
-    _experiments={
-        # Set continuous_profiling_auto_start to True
-        # to automatically start the profiler on when
-        # possible.
-        "continuous_profiling_auto_start": True,
-    },
-    attach_stacktrace=True,
-    ignore_errors=IGNORED_EXCEPTIONS,
-)
--- a/api/src/backend/config/settings/social_login.py
+++ b/api/src/backend/config/settings/social_login.py
@@ -1,53 +0,0 @@
-from config.env import env
-
-# Provider Oauth settings
-GOOGLE_OAUTH_CLIENT_ID = env("SOCIAL_GOOGLE_OAUTH_CLIENT_ID", default="")
-GOOGLE_OAUTH_CLIENT_SECRET = env("SOCIAL_GOOGLE_OAUTH_CLIENT_SECRET", default="")
-GOOGLE_OAUTH_CALLBACK_URL = env("SOCIAL_GOOGLE_OAUTH_CALLBACK_URL", default="")
-
-GITHUB_OAUTH_CLIENT_ID = env("SOCIAL_GITHUB_OAUTH_CLIENT_ID", default="")
-GITHUB_OAUTH_CLIENT_SECRET = env("SOCIAL_GITHUB_OAUTH_CLIENT_SECRET", default="")
-GITHUB_OAUTH_CALLBACK_URL = env("SOCIAL_GITHUB_OAUTH_CALLBACK_URL", default="")
-
-# Allauth settings
-ACCOUNT_LOGIN_METHODS = {"email"}  # Use Email / Password authentication
-ACCOUNT_USERNAME_REQUIRED = False
-ACCOUNT_EMAIL_REQUIRED = True
-ACCOUNT_EMAIL_VERIFICATION = "none"  # Do not require email confirmation
-ACCOUNT_USER_MODEL_USERNAME_FIELD = None
-REST_AUTH = {
-    "TOKEN_MODEL": None,
-    "REST_USE_JWT": True,
-}
-# django-allauth (social)
-# Authenticate if local account with this email address already exists
-SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
-# Connect local account and social account if local account with that email address already exists
-SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
-SOCIALACCOUNT_ADAPTER = "api.adapters.ProwlerSocialAccountAdapter"
-SOCIALACCOUNT_PROVIDERS = {
-    "google": {
-        "APP": {
-            "client_id": GOOGLE_OAUTH_CLIENT_ID,
-            "secret": GOOGLE_OAUTH_CLIENT_SECRET,
-            "key": "",
-        },
-        "SCOPE": [
-            "email",
-            "profile",
-        ],
-        "AUTH_PARAMS": {
-            "access_type": "online",
-        },
-    },
-    "github": {
-        "APP": {
-            "client_id": GITHUB_OAUTH_CLIENT_ID,
-            "secret": GITHUB_OAUTH_CLIENT_SECRET,
-        },
-        "SCOPE": [
-            "user",
-            "read:org",
-        ],
-    },
-}
--- a/api/src/backend/conftest.py
+++ b/api/src/backend/conftest.py
@@ -10,14 +10,11 @@ from django.urls import reverse
 from django_celery_results.models import TaskResult
 from rest_framework import status
 from rest_framework.test import APIClient
-from tasks.jobs.backfill import backfill_resource_scan_summaries

 from api.db_utils import rls_transaction
 from api.models import (
    ComplianceOverview,
    Finding,
-    Integration,
-    IntegrationProviderRelationship,
    Invitation,
    Membership,
    Provider,
@@ -91,14 +88,16 @@ def create_test_user(django_db_setup, django_db_blocker):


@pytest.fixture(scope="function")
-def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):
+def create_test_user_rbac(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
        user = User.objects.create_user(
            name="testing",
            email="rbac@rbac.com",
            password=TEST_PASSWORD,
        )
-        tenant = tenants_fixture[0]
+        tenant = Tenant.objects.create(
+            name="Tenant Test",
+        )
        Membership.objects.create(
            user=user,
            tenant=tenant,
@@ -124,14 +123,16 @@ def create_test_user_rbac(django_db_setup, django_db_blocker, tenants_fixture):


@pytest.fixture(scope="function")
-def create_test_user_rbac_no_roles(django_db_setup, django_db_blocker, tenants_fixture):
+def create_test_user_rbac_no_roles(django_db_setup, django_db_blocker):
    with django_db_blocker.unblock():
        user = User.objects.create_user(
            name="testing",
            email="rbac_noroles@rbac.com",
            password=TEST_PASSWORD,
        )
-        tenant = tenants_fixture[0]
+        tenant = Tenant.objects.create(
+            name="Tenant Test",
+        )
        Membership.objects.create(
            user=user,
            tenant=tenant,
@@ -179,16 +180,10 @@ def create_test_user_rbac_limited(django_db_setup, django_db_blocker):
@pytest.fixture
 def authenticated_client_rbac(create_test_user_rbac, tenants_fixture, client):
    client.user = create_test_user_rbac
-    tenant_id = tenants_fixture[0].id
    serializer = TokenSerializer(
-        data={
-            "type": "tokens",
-            "email": "rbac@rbac.com",
-            "password": TEST_PASSWORD,
-            "tenant_id": tenant_id,
-        }
+        data={"type": "tokens", "email": "rbac@rbac.com", "password": TEST_PASSWORD}
    )
-    serializer.is_valid(raise_exception=True)
+    serializer.is_valid()
    access_token = serializer.validated_data["access"]
    client.defaults["HTTP_AUTHORIZATION"] = f"Bearer {access_token}"
    return client
@@ -308,7 +303,7 @@ def set_user_admin_roles_fixture(create_test_user, tenants_fixture):
@pytest.fixture
 def invitations_fixture(create_test_user, tenants_fixture):
    user = create_test_user
-    tenant = tenants_fixture[0]
+    *_, tenant = tenants_fixture
    valid_invitation = Invitation.objects.create(
        email="testing@prowler.com",
        state=Invitation.State.PENDING,
@@ -398,23 +393,6 @@ def provider_groups_fixture(tenants_fixture):
    return pgroup1, pgroup2, pgroup3


-@pytest.fixture
-def admin_role_fixture(tenants_fixture):
-    tenant, *_ = tenants_fixture
-
-    return Role.objects.get_or_create(
-        name="admin",
-        tenant_id=tenant.id,
-        manage_users=True,
-        manage_account=True,
-        manage_billing=True,
-        manage_providers=True,
-        manage_integrations=True,
-        manage_scans=True,
-        unlimited_visibility=True,
-    )[0]
-
-
@pytest.fixture
 def roles_fixture(tenants_fixture):
    tenant, *_ = tenants_fixture
@@ -489,7 +467,7 @@ def scans_fixture(tenants_fixture, providers_fixture):
        name="Scan 1",
        provider=provider,
        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
+        state=StateChoices.AVAILABLE,
        tenant_id=tenant.id,
        started_at="2024-01-02T00:00:00Z",
    )
@@ -629,7 +607,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description apple sauce",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
    )

    finding1.add_resources([resource1])
@@ -655,8 +632,6 @@ def findings_fixture(scans_fixture, resources_fixture):
            "CheckId": "test_check_id",
            "Description": "test description orange juice",
        },
-        first_seen_at="2024-01-02T00:00:00Z",
-        muted=True,
    )

    finding2.add_resources([resource2])
@@ -881,95 +856,6 @@ def scan_summaries_fixture(tenants_fixture, providers_fixture):
    )


-@pytest.fixture
-def integrations_fixture(providers_fixture):
-    provider1, provider2, *_ = providers_fixture
-    tenant_id = provider1.tenant_id
-    integration1 = Integration.objects.create(
-        tenant_id=tenant_id,
-        enabled=True,
-        connected=True,
-        integration_type="amazon_s3",
-        configuration={"key": "value"},
-        credentials={"psswd": "1234"},
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration1,
-        provider=provider1,
-    )
-
-    integration2 = Integration.objects.create(
-        tenant_id=tenant_id,
-        enabled=True,
-        connected=True,
-        integration_type="amazon_s3",
-        configuration={"key": "value"},
-        credentials={"psswd": "1234"},
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration2,
-        provider=provider1,
-    )
-    IntegrationProviderRelationship.objects.create(
-        tenant_id=tenant_id,
-        integration=integration2,
-        provider=provider2,
-    )
-
-    return integration1, integration2
-
-
-@pytest.fixture
-def backfill_scan_metadata_fixture(scans_fixture, findings_fixture):
-    for scan_instance in scans_fixture:
-        tenant_id = scan_instance.tenant_id
-        scan_id = scan_instance.id
-        backfill_resource_scan_summaries(tenant_id=tenant_id, scan_id=scan_id)
-
-
-@pytest.fixture(scope="function")
-def latest_scan_finding(authenticated_client, providers_fixture, resources_fixture):
-    provider = providers_fixture[0]
-    tenant_id = str(providers_fixture[0].tenant_id)
-    resource = resources_fixture[0]
-    scan = Scan.objects.create(
-        name="latest completed scan",
-        provider=provider,
-        trigger=Scan.TriggerChoices.MANUAL,
-        state=StateChoices.COMPLETED,
-        tenant_id=tenant_id,
-    )
-    finding = Finding.objects.create(
-        tenant_id=tenant_id,
-        uid="test_finding_uid_1",
-        scan=scan,
-        delta="new",
-        status=Status.FAIL,
-        status_extended="test status extended ",
-        impact=Severity.critical,
-        impact_extended="test impact extended one",
-        severity=Severity.critical,
-        raw_result={
-            "status": Status.FAIL,
-            "impact": Severity.critical,
-            "severity": Severity.critical,
-        },
-        tags={"test": "dev-qa"},
-        check_id="test_check_id",
-        check_metadata={
-            "CheckId": "test_check_id",
-            "Description": "test description apple sauce",
-        },
-        first_seen_at="2024-01-02T00:00:00Z",
-    )
-
-    finding.add_resources([resource])
-    backfill_resource_scan_summaries(tenant_id, str(scan.id))
-    return finding
-
-
 def get_authorization_header(access_token: str) -> dict:
    return {"Authorization": f"Bearer {access_token}"}

--- a/api/src/backend/tasks/beat.py
+++ b/api/src/backend/tasks/beat.py
@@ -5,14 +5,10 @@ from django_celery_beat.models import IntervalSchedule, PeriodicTask
 from rest_framework_json_api.serializers import ValidationError
 from tasks.tasks import perform_scheduled_scan_task

-from api.db_utils import rls_transaction
-from api.models import Provider, Scan, StateChoices
+from api.models import Provider


 def schedule_provider_scan(provider_instance: Provider):
-    tenant_id = str(provider_instance.tenant_id)
-    provider_id = str(provider_instance.id)
-
    schedule, _ = IntervalSchedule.objects.get_or_create(
        every=24,
        period=IntervalSchedule.HOURS,
@@ -21,9 +17,23 @@ def schedule_provider_scan(provider_instance: Provider):
    # Create a unique name for the periodic task
    task_name = f"scan-perform-scheduled-{provider_instance.id}"

-    if PeriodicTask.objects.filter(
-        interval=schedule, name=task_name, task="scan-perform-scheduled"
-    ).exists():
+    # Schedule the task
+    _, created = PeriodicTask.objects.get_or_create(
+        interval=schedule,
+        name=task_name,
+        task="scan-perform-scheduled",
+        kwargs=json.dumps(
+            {
+                "tenant_id": str(provider_instance.tenant_id),
+                "provider_id": str(provider_instance.id),
+            }
+        ),
+        one_off=False,
+        defaults={
+            "start_time": datetime.now(timezone.utc) + timedelta(hours=24),
+        },
+    )
+    if not created:
        raise ValidationError(
            [
                {
@@ -35,36 +45,9 @@ def schedule_provider_scan(provider_instance: Provider):
            ]
        )

-    with rls_transaction(tenant_id):
-        scheduled_scan = Scan.objects.create(
-            tenant_id=tenant_id,
-            name="Daily scheduled scan",
-            provider_id=provider_id,
-            trigger=Scan.TriggerChoices.SCHEDULED,
-            state=StateChoices.AVAILABLE,
-            scheduled_at=datetime.now(timezone.utc),
-        )
-
-    # Schedule the task
-    periodic_task_instance = PeriodicTask.objects.create(
-        interval=schedule,
-        name=task_name,
-        task="scan-perform-scheduled",
-        kwargs=json.dumps(
-            {
-                "tenant_id": tenant_id,
-                "provider_id": provider_id,
-            }
-        ),
-        one_off=False,
-        start_time=datetime.now(timezone.utc) + timedelta(hours=24),
-    )
-    scheduled_scan.scheduler_task_id = periodic_task_instance.id
-    scheduled_scan.save()
-
    return perform_scheduled_scan_task.apply_async(
        kwargs={
            "tenant_id": str(provider_instance.tenant_id),
-            "provider_id": provider_id,
+            "provider_id": str(provider_instance.id),
        },
    )
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pablo Lara	2d190eb020	chore: add manage group actions	2024-12-18 17:38:09 +01:00
Pablo Lara	0459a4d6f6	Merge branch 'PRWLR-5824-Update-resource-name-and-enable-relationships-on-role-and-provider_group-create-update' into PRWLR-4669-Roles-Page-UI-with-API-changes	2024-12-18 12:10:45 +01:00
Pablo Lara	19df649554	chore: add manage group actions	2024-12-18 11:15:37 +01:00
Adrián Jesús Peña Rodríguez	737550eb05	ref(rbac): update spec	2024-12-18 11:08:19 +01:00
Adrián Jesús Peña Rodríguez	68d7d9f998	ref(rbac): enable relationship creation when objects is created	2024-12-18 11:05:29 +01:00
Pablo Lara	3c9a8b3634	chore: add manage group component	2024-12-17 11:13:37 +01:00
Pablo Lara	81f970f2d3	chore: refactor updateInvite action form	2024-12-16 13:34:16 +01:00
Pablo Lara	3d9cd177a2	chore: add role column to the table users	2024-12-16 12:59:40 +01:00
Pablo Lara	c49fdc114a	chore: report an error related to RBAC API side	2024-12-15 11:43:46 +01:00
Pablo Lara	95fd9d6b5e	WIP: add change role to the user's invitations	2024-12-15 10:52:41 +01:00
Pablo Lara	6a5bc75252	chore: add change role to the user's invitations	2024-12-15 10:52:33 +01:00
Pablo Lara	858c04b0b0	chore: fix error with exports	2024-12-15 10:52:09 +01:00
Pablo Lara	2d6f20e84b	feat: add role when invite an user	2024-12-15 10:51:58 +01:00
Pablo Lara	b0a98b1a87	feat: add permission column to roles table	2024-12-15 10:51:49 +01:00
Pablo Lara	577530ac69	chore: add and edit roles is working now	2024-12-15 10:51:10 +01:00
Pablo Lara	c1a8d47e5b	feat: edit role feature	2024-12-15 10:50:39 +01:00
Pablo Lara	e80704d6f0	feat: add new role feature	2024-12-15 10:50:32 +01:00
Pablo Lara	010de4b415	feat: add roles page	2024-12-15 10:50:24 +01:00
Pablo Lara	0a2b8e4315	chore: add roles item to the sidebar	2024-12-15 10:50:16 +01:00