feat(ui): add Risk Pipeline View with Sankey chart to Overview page (#9320)

Co-authored-by: alejandrobailo <alejandrobailo94@gmail.com>

Author: Alan-TheGentleman

ui/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to the **Prowler UI** are documented in this file.
 
+## [1.15.0] (Unreleased)
+
+### 🚀 Added
+
+- Compliance Watchlist component to Overview page [(#9199)](https://github.com/prowler-cloud/prowler/pull/9199)
+- Service Watchlist component to Overview page [(#9316)](https://github.com/prowler-cloud/prowler/pull/9316)
+- Risk Pipeline component with Sankey chart to Overview page [(#9317)](https://github.com/prowler-cloud/prowler/pull/9317)
+
 ## [1.14.0] (Prowler v5.14.0)
 
 ### 🚀 Added
@@ -15,8 +23,6 @@ All notable changes to the **Prowler UI** are documented in this file.
 - External resource link to IaC findings for direct navigation to source code in Git repositories [(#9151)](https://github.com/prowler-cloud/prowler/pull/9151)
 - New Overview page and new app styles [(#9234)](https://github.com/prowler-cloud/prowler/pull/9234)
 - Use branch name as region for IaC findings [(#9296)](https://github.com/prowler-cloud/prowler/pull/9296)
-- Compliance Watchlist component to Overview page [(#9199)](https://github.com/prowler-cloud/prowler/pull/9199)
-- Service Watchlist component to Overview page [(#9316)](https://github.com/prowler-cloud/prowler/pull/9316)
 
 ### 🔄 Changed
 
@@ -27,7 +33,7 @@ All notable changes to the **Prowler UI** are documented in this file.
 
 ---
 
-## [1.13.1]
+## [1.13.1] (Prolwer v5.13.1)
 
 ### 🔄 Changed
 

ui/actions/overview/index.ts

@@ -1,2 +1,3 @@
 export * from "./overview";
+export * from "./overview.adapter";
 export * from "./types";

ui/actions/overview/overview.adapter.ts

@@ -0,0 +1,210 @@
+import {
+  FindingsSeverityOverviewResponse,
+  ProviderOverview,
+  ProvidersOverviewResponse,
+} from "./types";
+
+/**
+ * Sankey chart node structure
+ */
+export interface SankeyNode {
+  name: string;
+}
+
+/**
+ * Sankey chart link structure
+ */
+export interface SankeyLink {
+  source: number;
+  target: number;
+  value: number;
+}
+
+/**
+ * Sankey chart data structure
+ */
+export interface SankeyData {
+  nodes: SankeyNode[];
+  links: SankeyLink[];
+}
+
+/**
+ * Provider display name mapping
+ * Maps provider IDs to user-friendly display names
+ * These names must match the COLOR_MAP keys in sankey-chart.tsx
+ */
+const PROVIDER_DISPLAY_NAMES: Record<string, string> = {
+  aws: "AWS",
+  azure: "Azure",
+  gcp: "Google Cloud",
+  kubernetes: "Kubernetes",
+  github: "GitHub",
+  m365: "Microsoft 365",
+  iac: "Infrastructure as Code",
+  oraclecloud: "Oracle Cloud Infrastructure",
+};
+
+/**
+ * Aggregated provider data after grouping by provider type
+ */
+interface AggregatedProvider {
+  id: string;
+  displayName: string;
+  pass: number;
+  fail: number;
+}
+
+/**
+ * Provider types to exclude from the Sankey chart
+ */
+const EXCLUDED_PROVIDERS = new Set(["mongo", "mongodb", "mongodbatlas"]);
+
+/**
+ * Aggregates multiple provider entries by provider type (id)
+ * Since the API can return multiple entries for the same provider type,
+ * we need to sum up their findings
+ *
+ * @param providers - Raw provider overview data from API
+ * @returns Aggregated providers with summed findings
+ */
+function aggregateProvidersByType(
+  providers: ProviderOverview[],
+): AggregatedProvider[] {
+  const aggregated = new Map<string, AggregatedProvider>();
+
+  for (const provider of providers) {
+    const { id, attributes } = provider;
+
+    // Skip excluded providers
+    if (EXCLUDED_PROVIDERS.has(id)) {
+      continue;
+    }
+
+    const existing = aggregated.get(id);
+
+    if (existing) {
+      existing.pass += attributes.findings.pass;
+      existing.fail += attributes.findings.fail;
+    } else {
+      aggregated.set(id, {
+        id,
+        displayName: PROVIDER_DISPLAY_NAMES[id] || id,
+        pass: attributes.findings.pass,
+        fail: attributes.findings.fail,
+      });
+    }
+  }
+
+  return Array.from(aggregated.values());
+}
+
+/**
+ * Severity display names in order
+ */
+const SEVERITY_ORDER = [
+  "Critical",
+  "High",
+  "Medium",
+  "Low",
+  "Informational",
+] as const;
+
+/**
+ * Adapts providers overview and findings severity API responses to Sankey chart format
+ *
+ * Creates a 2-level flow visualization:
+ * - Level 1: Cloud providers (AWS, Azure, GCP, etc.)
+ * - Level 2: Severity breakdown (Critical, High, Medium, Low, Informational)
+ *
+ * The severity distribution is calculated proportionally based on each provider's
+ * fail count relative to the total fails across all providers.
+ *
+ * @param providersResponse - Raw API response from /overviews/providers
+ * @param severityResponse - Raw API response from /overviews/findings_severity
+ * @returns Sankey chart data with nodes and links
+ */
+export function adaptProvidersOverviewToSankey(
+  providersResponse: ProvidersOverviewResponse | undefined,
+  severityResponse?: FindingsSeverityOverviewResponse | undefined,
+): SankeyData {
+  if (!providersResponse?.data || providersResponse.data.length === 0) {
+    return { nodes: [], links: [] };
+  }
+
+  // Aggregate providers by type
+  const aggregatedProviders = aggregateProvidersByType(providersResponse.data);
+
+  // Filter out providers with no findings (only need fail > 0 for severity view)
+  const providersWithFailures = aggregatedProviders.filter((p) => p.fail > 0);
+
+  if (providersWithFailures.length === 0) {
+    return { nodes: [], links: [] };
+  }
+
+  // Build nodes array: providers first, then severities
+  const providerNodes: SankeyNode[] = providersWithFailures.map((p) => ({
+    name: p.displayName,
+  }));
+
+  const severityNodes: SankeyNode[] = SEVERITY_ORDER.map((severity) => ({
+    name: severity,
+  }));
+
+  const nodes = [...providerNodes, ...severityNodes];
+
+  // Calculate severity start index (after provider nodes)
+  const severityStartIndex = providerNodes.length;
+
+  // Build links from each provider to severities
+  const links: SankeyLink[] = [];
+
+  // If we have severity data, distribute proportionally
+  if (severityResponse?.data?.attributes) {
+    const { critical, high, medium, low, informational } =
+      severityResponse.data.attributes;
+
+    const severityValues = [critical, high, medium, low, informational];
+    const totalSeverity = severityValues.reduce((sum, v) => sum + v, 0);
+
+    if (totalSeverity > 0) {
+      // Calculate total fails across all providers
+      const totalFails = providersWithFailures.reduce(
+        (sum, p) => sum + p.fail,
+        0,
+      );
+
+      providersWithFailures.forEach((provider, sourceIndex) => {
+        // Calculate this provider's proportion of total fails
+        const providerRatio = provider.fail / totalFails;
+
+        severityValues.forEach((severityValue, severityIndex) => {
+          // Distribute severity proportionally to this provider
+          const value = Math.round(severityValue * providerRatio);
+
+          if (value > 0) {
+            links.push({
+              source: sourceIndex,
+              target: severityStartIndex + severityIndex,
+              value,
+            });
+          }
+        });
+      });
+    }
+  } else {
+    // Fallback: if no severity data, just show fail counts to a generic "Fail" node
+    const failNode: SankeyNode = { name: "Fail" };
+    nodes.push(failNode);
+    const failIndex = nodes.length - 1;
+
+    providersWithFailures.forEach((provider, sourceIndex) => {
+      links.push({
+        source: sourceIndex,
+        target: failIndex,
+        value: provider.fail,
+      });
+    });
+  }
+
+  return { nodes, links };
+}

ui/actions/overview/overview.ts

@@ -4,7 +4,11 @@ import { redirect } from "next/navigation";
 import { apiBaseUrl, getAuthHeaders } from "@/lib";
 import { handleApiResponse } from "@/lib/server-actions-helper";
 
-import { ServicesOverviewResponse } from "./types";
+import {
+  FindingsSeverityOverviewResponse,
+  ProvidersOverviewResponse,
+  ServicesOverviewResponse,
+} from "./types";
 
 export const getServicesOverview = async ({
   filters = {},
@@ -39,7 +43,12 @@ export const getProvidersOverview = async ({
   query = "",
   sort = "",
   filters = {},
-}) => {
+}: {
+  page?: number;
+  query?: string;
+  sort?: string;
+  filters?: Record<string, string | string[] | undefined>;
+} = {}): Promise<ProvidersOverviewResponse | undefined> => {
   const headers = await getAuthHeaders({ contentType: false });
 
   if (isNaN(Number(page)) || page < 1) redirect("/providers-overview");
@@ -52,7 +61,7 @@ export const getProvidersOverview = async ({
 
   // Handle multiple filters
   Object.entries(filters).forEach(([key, value]) => {
-    if (key !== "filter[search]") {
+    if (key !== "filter[search]" && value !== undefined) {
       url.searchParams.append(key, String(value));
     }
   });
@@ -111,24 +120,21 @@ export const getFindingsByStatus = async ({
 };
 
 export const getFindingsBySeverity = async ({
-  page = 1,
-  query = "",
-  sort = "",
   filters = {},
-}) => {
+}: {
+  filters?: Record<string, string | string[] | undefined>;
+} = {}): Promise<FindingsSeverityOverviewResponse | undefined> => {
   const headers = await getAuthHeaders({ contentType: false });
 
-  if (isNaN(Number(page)) || page < 1) redirect("/");
-
   const url = new URL(`${apiBaseUrl}/overviews/findings_severity`);
 
-  if (page) url.searchParams.append("page[number]", page.toString());
-  if (query) url.searchParams.append("filter[search]", query);
-  if (sort) url.searchParams.append("sort", sort);
   // Handle multiple filters, but exclude unsupported filters
-  // The overviews/findings_severity endpoint does not support status or muted filters
   Object.entries(filters).forEach(([key, value]) => {
-    if (key !== "filter[search]" && key !== "filter[muted]") {
+    if (
+      key !== "filter[search]" &&
+      key !== "filter[muted]" &&
+      value !== undefined
+    ) {
       url.searchParams.append(key, String(value));
     }
   });

ui/actions/overview/types.ts

@@ -1,3 +1,35 @@
+// Providers Overview Types
+// Corresponds to the /overviews/providers endpoint
+
+export interface ProviderOverviewFindings {
+  pass: number;
+  fail: number;
+  muted: number;
+  total: number;
+}
+
+export interface ProviderOverviewResources {
+  total: number;
+}
+
+export interface ProviderOverviewAttributes {
+  findings: ProviderOverviewFindings;
+  resources: ProviderOverviewResources;
+}
+
+export interface ProviderOverview {
+  type: "providers-overview";
+  id: string;
+  attributes: ProviderOverviewAttributes;
+}
+
+export interface ProvidersOverviewResponse {
+  data: ProviderOverview[];
+  meta: {
+    version: string;
+  };
+}
+
 // Services Overview Types
 // Corresponds to the /overviews/services endpoint
 
@@ -62,6 +94,30 @@ export interface ThreatScoreResponse {
   data: ThreatScoreSnapshot[];
 }
 
+// Findings Severity Overview Types
+// Corresponds to the /overviews/findings_severity endpoint
+
+export interface FindingsSeverityAttributes {
+  critical: number;
+  high: number;
+  medium: number;
+  low: number;
+  informational: number;
+}
+
+export interface FindingsSeverityOverview {
+  type: "findings-severity-overview";
+  id: string;
+  attributes: FindingsSeverityAttributes;
+}
+
+export interface FindingsSeverityOverviewResponse {
+  data: FindingsSeverityOverview;
+  meta: {
+    version: string;
+  };
+}
+
 // Filters for ThreatScore endpoint
 export interface ThreatScoreFilters {
   snapshot_id?: string;