feat(ens): support PDF reporting

[pedrooot]

Description

This PR adds the support of PDF reporting for the ENS compliance framework.

Screen.Recording.2025-11-04.at.13.49.47.mov

Steps to review

Please add a detailed description of how to review this PR.

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:4bf62ea
Last scan: 2025-11-19 17:51:34 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[github-actions]

🔒 Container Security Scan

Image: prowler-api:c587cfd
Last scan: 2025-11-19 15:19:35 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	4
Total	4

3 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[codecov]

Codecov Report

❌ Patch coverage is 94.60154% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.05%. Comparing base (219bc12) to head (25f3ad8).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #9158       +/-   ##
===========================================
+ Coverage   69.37%   93.05%   +23.68%     
===========================================
  Files          89      153       +64     
  Lines        6138    20705    +14567     
===========================================
+ Hits         4258    19268    +15010     
+ Misses       1880     1437      -443     

Flag	Coverage Δ
api	93.05% <94.60%> (?)
prowler-py3.10-kubernetes	?
prowler-py3.10-lib	?
prowler-py3.11-kubernetes	?
prowler-py3.11-lib	?
prowler-py3.12-kubernetes	?
prowler-py3.12-lib	?
prowler-py3.9-kubernetes	?
prowler-py3.9-lib	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	∅ <ø> (∅)
api	93.05% <94.60%> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[alejandrobailo]

I’ve refactored the code with a focus on future extensibility.
Here’s a breakdown of what changed and why.

---

Summary of Changes

1. Centralized Type System

File: ui/lib/compliance/compliance-report-types.ts (new)

• Introduced a new type-safe system for compliance reports.
• Defined COMPLIANCE_REPORT_TYPES (currently supports ThreatScore and ENS).
• Added supporting constants for display names and button labels.
• Mapped frameworks to report types with FRAMEWORK_TO_REPORT_TYPE.
• Added helper functions:
  • getReportTypeForFramework()
  • frameworkSupportsPdfReport()

Result: Adding a new compliance framework now only requires updating this one file—no more scattered string updates.

---

2. Updated Server Actions

File: ui/actions/scans/scans.ts

• Replaced union types with the new ComplianceReportType.
• Removed magic strings by using centralized display name constants.
• Updated documentation to clarify extensibility.

---

3. Helper Functions

File: ui/lib/helper.ts

• Applied the new ComplianceReportType type.
• Replaced hardcoded strings with constant lookups.
• Improved documentation and clarity.

---

4. Shared Component Organization

Moved:
compliance-download-button.tsx → ui/components/compliance/

• Followed the Scope Rule: components used by two or more frameworks now live in shared locations.
• Updated exports in components/compliance/index.ts.
• Used the new button label constants.

---

5. Removed Duplicate Logic

File: ui/app/(prowler)/compliance/[compliancetitle]/page.tsx

• Consolidated duplicate ThreatScore/ENS rendering into a single conditional block.
• Automatically detects the correct report type using getReportTypeForFramework().
• Imports now point to the new shared component location.

---

6. ThreatScore Badge Update

File: ui/components/compliance/threatscore-badge.tsx

• Replaced "threatscore" string with the constant from COMPLIANCE_REPORT_TYPES.

---

How to Add New Compliance PDF Reports

Adding a new framework is now straightforward:

// 1. ui/lib/compliance/compliance-report-types.ts
export const COMPLIANCE_REPORT_TYPES = {
  THREATSCORE: "threatscore",
  ENS: "ens",
  CIS: "cis", // new type
} as const;

export const COMPLIANCE_REPORT_DISPLAY_NAMES = {
  ...existing,
  cis: "CIS Benchmark",
};

export const COMPLIANCE_REPORT_BUTTON_LABELS = {
  ...existing,
  cis: "PDF CIS Report",
};

export const FRAMEWORK_TO_REPORT_TYPE = {
  ...existing,
  "CIS-1.5": COMPLIANCE_REPORT_TYPES.CIS,
};

That’s it—the UI automatically supports the new type.

---

Benefits

Benefit	Impact
Type Safety	Compile-time validation for all report types
DRY Principle	Eliminates duplicate logic
Maintainability	Single source of truth for report metadata
Extensibility	Add new frameworks by editing one file
Consistency	Centralized labels and display names
Organization	Shared components follow the Scope Rule

---

Files Touched

Created:

• ui/lib/compliance/compliance-report-types.ts

Modified:

• ui/actions/scans/scans.ts
• ui/lib/helper.ts
• ui/components/compliance/index.ts
• ui/app/(prowler)/compliance/[compliancetitle]/page.tsx
• ui/components/compliance/threatscore-badge.tsx

Moved:

• compliance-download-button.tsx → ui/components/compliance/compliance-download-button.tsx

Please @pedrooot make a functional testing again, thanks!

[josemazo]

Amazing layout work!