Skip to content

feat(ui): add attack surface overview component #9412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Alan-TheGentleman merged 5 commits into from
Dec 2, 2025
Merged

feat(ui): add attack surface overview component #9412

Alan-TheGentleman merged 5 commits into from
Dec 2, 2025

Conversation

@Alan-TheGentleman
Copy link
Contributor

@Alan-TheGentleman Alan-TheGentleman commented Dec 2, 2025

Context

This PR adds the Attack Surface component to the overview page, which displays security metrics for different attack surface categories. It consumes the new backend endpoint added in #9309.

Description

Add a new Attack Surface component that displays failed findings across 4 security categories:

  • Internet Exposed Resources: Resources exposed to the internet
  • Exposed Secrets: Secrets found in configurations
  • IAM Policy Privilege Escalation: Policies allowing privilege escalation
  • EC2 with IMDSv1 Enabled: EC2 instances using IMDSv1

The component includes:

  • Server-side rendering (SSR) for optimal performance
  • Skeleton loading state
  • Empty state handling
  • Alert icon indicator when category has failed findings
  • Proper accessibility attributes (aria-labels, roles)

Steps to review

  1. Start the API and UI locally
  2. Navigate to the Overview page (/)
  3. Verify the Attack Surface component renders below the threat score charts
  4. Check that each card displays the correct failed_findings count
  5. Verify alert icon appears on cards with failures > 0
  6. Test loading state by throttling network
  7. Test empty state by filtering to a provider with no attack surface data

Checklist

UI

  • All issue/task requirements work as expected on the UI
  • Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
  • Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
  • Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Alan-TheGentleman
feat(ui): add attack surface overview component
75d2dc5 
- Add types for attack surface API response
- Create adapter to transform API data for UI consumption
- Add getAttackSurfaceOverview service action
- Create AttackSurface component with SSR support and skeleton
- Integrate component in overview page
@Alan-TheGentleman
fix(ui): update attack surface endpoint URL to match backend API
b8134c4
@Alan-TheGentleman
refactor(ui): separate AttackSurfaceCardItem and AttackSurfaceSkeleto…
402ad66 
…n into own files
@Alan-TheGentleman Alan-TheGentleman requested a review from a team as a code owner December 2, 2025 12:08
@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2025
edited
Loading

✅ All necessary CHANGELOG.md files have been updated.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2025
edited
Loading

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@Alan-TheGentleman Alan-TheGentleman self-assigned this Dec 2, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2025
edited
Loading

🔒 Container Security Scan

Image: prowler-ui:eba021f
Last scan: 2025-12-02 12:44:27 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

@Alan-TheGentleman Alan-TheGentleman merged commit 5e03332 into master Dec 2, 2025
31 checks passed
@Alan-TheGentleman Alan-TheGentleman deleted the PROWLER-447-Attack-surface-component-Front branch December 2, 2025 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Alan-TheGentleman Alan-TheGentleman

Labels

component/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alan-TheGentleman