fix: accept legacy metadata from db

[danibarranqueroo]

Context

scan-report could fail when generating outputs for historical findings stored with legacy check_metadata values that no longer pass current CheckMetadata validation rules. This was affecting old persisted Azure findings during report generation, even though current metadata files in the repo are valid.

Description

This PR makes Finding.transform_api_finding() tolerate legacy persisted check metadata used in DB-backed findings during output generation. It keeps normal validation for current metadata, but falls back to a compatibility path for historical rows that fail validation so report generation does not crash.

It also adds regression coverage for:

• legacy persisted metadata in transform_api_finding()
• the generate_outputs_task path using legacy persisted check metadata

Steps to review

Test with a DB with old findings if this fix the issue.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

⚠️ Changes detected in the following folders without a corresponding update to the CHANGELOG.md:

• api
• prowler

Please add an entry to the corresponding CHANGELOG.md file to maintain a clear history of changes.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.52%. Comparing base (ab26608) to head (206feeb).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10408      +/-   ##
==========================================
- Coverage   93.38%   88.52%   -4.86%     
==========================================
  Files         219      313      +94     
  Lines       30398    37103    +6705     
==========================================
+ Hits        28386    32845    +4459     
- Misses       2012     4258    +2246     

Flag	Coverage Δ
api	93.38% <100.00%> (+<0.01%)	⬆️
prowler-py3.10-lib	66.09% <100.00%> (?)
prowler-py3.11-lib	66.09% <100.00%> (?)
prowler-py3.12-lib	66.09% <100.00%> (?)
prowler-py3.9-lib	66.09% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	66.09% <100.00%> (∅)
api	93.38% <100.00%> (+<0.01%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔒 Container Security Scan

Image: prowler:d712b21
Last scan: 2026-03-20 08:47:14 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler-api:d712b21
Last scan: 2026-03-20 08:50:59 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	5
Total	5

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[danibarranqueroo]

Please, do not merge this PR, we are waiting to see if the validators error happen again or it was a problem that occured just for scans that started before the release and finished after it.