feat(ui): add Resources Inventory feature

[alejandrobailo]

Context

Screen.Recording.2026-01-15.at.14.32.55.mov

This PR implements the Resources Inventory feature for the Overview page, providing a visual breakdown of cloud resources organized by resource groups (Compute, Storage, IAM, Network, etc.) with their associated security findings.

Description

New Features

Resources Inventory Component:

• New section in the Overview page displaying resource groups as interactive cards
• Each card shows:
  • Resource group name and icon (Compute, Container, Serverless, Database, Storage, Network, IAM, etc.)
  • Total resource count for that group
  • Failed findings count with severity-based styling
  • New failed findings indicator
• Cards are clickable and navigate to the Resources page with the appropriate group filter applied
• Supports current page filters (provider, account, etc.) when navigating

API Integration:

• Connects to the new /api/v1/overviews/resource-groups endpoint
• Fetches aggregated metrics per resource group from the latest completed scans
• Displays data only from non-muted findings

Resources Page Updates:

• Added "Group" filter dropdown to filter resources by resource group
• Updated filter key from group__in to groups__in to match API spec
• Added spacing between filter rows for better visual alignment

Technical Changes

• ui/actions/overview/resources-inventory/ - Server actions and types for resource group overview API
• ui/app/(prowler)/_overview/resources-inventory/ - SSR component, skeleton, and card components
• ui/components/shadcn/card/resource-stats-card.tsx - Reusable card component for resource statistics
• Updated ui/app/(prowler)/resources/page.tsx with group filter support

Important Notes

• The Overview shows data from the latest completed scan per provider only
• Muted findings are excluded from the counts displayed
• The Resources page shows all historical resources matching filters, which may show different totals

Checklist

• Are there new checks included in this PR? No
• Review if the code is being covered by tests.
• Review if code is being documented
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated. (Handled in separate PR feat(api): add resource group overview endpoint and filtering #9694)
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

Dependencies

This PR depends on the API changes in PR #9694 which adds:

• /api/v1/overviews/resource-groups endpoint
• resource_groups field to findings
• groups field to resources
• filter[groups__in] for resources endpoint
• filter[resource_groups__in] for findings endpoint

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:d3fef67
Last scan: 2026-01-15 13:44:24 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler-api:2c86b04
Last scan: 2025-12-31 13:59:06 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	11
Total	11

10 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[alejandrobailo]

Code Review Comments

1. Hardcoded Row Limit

File: ui/app/(prowler)/_overview/resources-inventory/_components/resources-inventory.tsx:19-20

const firstRow = items.slice(0, 4);
const secondRow = items.slice(4, 8);

This silently drops items beyond index 8 (there are 16 resource groups defined). Consider either:

• Making row count configurable
• Adding "Show More" functionality
• Sorting by importance/findings count

---

2. Type Assertion in Resources Page

File: ui/app/(prowler)/resources/page.tsx:53-55

const providerDetails = providersData
  ? (createProviderDetailsMappingById(providerIds, providersData) as {
      [id: string]: FilterEntity;
    }[])
  : [];

The type assertion suggests a potential type mismatch. Consider fixing the return type of createProviderDetailsMappingById instead.

---

3. Error Handling Inconsistency

File: ui/actions/overview/resources-inventory/resources-inventory.ts:29-32

} catch (error) {
  console.error("Error fetching resource group overview:", error);
  return undefined;
}

Silent failure with console.error may hide issues in production. Consider:

• Using a centralized error handler
• Adding error boundaries at the component level
• Logging to a proper monitoring service

---

4. Unused Function Export

File: ui/actions/overview/resources-inventory/index.ts:5

export { getEmptyResourceInventoryItems } from "./resources-inventory.adapter";

getEmptyResourceInventoryItems is exported but not used anywhere in the codebase. Remove if not needed.

---

5. Minor: Hardcoded Hover Color

File: ui/app/(prowler)/_overview/resources-inventory/_components/resources-inventory-card-item.tsx:86

className="flex-1 cursor-pointer transition-all hover:border-rose-500/60"

Uses hardcoded rose-500 instead of a semantic color variable. Consider using a design token.