fix(api): treat muted findings as resolved in finding-groups status

[AdriiiPRodri]

Context

When a finding group had muted FAIL findings, the aggregated status stayed FAIL even though no actionable (non-muted) failure remained. Concretely, a group like:

{
  "status": "FAIL",
  "muted": false,
  "pass_count": 1,
  "fail_count": 0,
  "fail_muted_count": 1,
  "muted_count": 1
}

reported status=FAIL despite fail_count=0, which contradicts the intent of muting (mark findings as resolved/accepted) and is inconsistent with the per-resource counters shown in the same payload.

Fixes #10824

Description

This PR aligns the three code paths that compute the aggregated status on /finding-groups endpoints so muted findings no longer drive the status column:

• A group is FAIL only while at least one non-muted FAIL remains (fail_count > 0).
• If every FAIL is muted, the group collapses to PASS (including fully-muted groups, whose muted flag stays true).
• MANUAL is reserved for groups with only manual findings.

Changes are scoped to api/src/backend/api/v1/views.py:

• FindingGroupViewSet._post_process_aggregation (Python path on the finding-level aggregation).
• _apply_aggregated_computed_filters (SQL Case used by filter[status] / filter[status__in]).
• _sorted_paginated_response (SQL Case used by sort=status / sort=-status).

The orthogonal muted boolean is unchanged: it is still true only when every finding in the group is muted.

Steps to review

1. Group with pass non-muted + fail muted — expected status=PASS, muted=false:

   GET /api/v1/finding-groups?filter[inserted_at]=<today>&filter[check_id]=<check>
   

2. Group that is fully muted (every finding muted) — expected status=PASS, muted=true:

   GET /api/v1/finding-groups?filter[inserted_at]=<today>&filter[check_id]=<fully_muted_check>
   

3. Filter by status:

   GET /api/v1/finding-groups?filter[inserted_at]=<today>&filter[status]=FAIL
   

   groups whose fails are all muted must not appear.
4. Sort by status:

   GET /api/v1/finding-groups?filter[inserted_at]=<today>&sort=-status
   

   non-muted FAIL groups come first, then PASS (includes fully-muted), then MANUAL.
5. Run the updated test class:

   cd api && poetry run pytest src/backend/api/tests/test_views.py::TestFindingGroupViewSet
   

   160 tests pass, including the new test_finding_groups_status_ignores_muted_failures that reproduces the reported payload.

Checklist

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler-api:a4f0309
Last scan: 2026-04-21 15:27:45 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	5
Total	5

4 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.48%. Comparing base (39911e3) to head (9b9539a).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #10825       +/-   ##
===========================================
+ Coverage   78.23%   93.48%   +15.24%     
===========================================
  Files          32      228      +196     
  Lines        1158    32081    +30923     
===========================================
+ Hits          906    29990    +29084     
- Misses        252     2091     +1839     

Flag	Coverage Δ
api	93.48% <100.00%> (?)
prowler-py3.10-github	?
prowler-py3.11-github	?
prowler-py3.12-github	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	93.48% <100.00%> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[prowler-bot]

💚 All backports created successfully

Status	Branch	Result
✅	v5.24

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details