SBoM export failing with: `Invalid CycloneDX report: property '/metadata/tools/0' is not of type: object`
Summary
There are jobs failing in production where Dependencies::ExportWorker
fails because it is producing an invalid SBoM report.
Backtrace
"ee/app/services/dependencies/export_serializers/sbom/pipeline_service.rb:28:in `execute'",
"ee/app/services/dependencies/export_serializers/sbom/pipeline_service.rb:14:in `execute'",
"ee/app/services/dependencies/export_service.rb:73:in `exported_object'",
"ee/app/services/dependencies/export_service.rb:69:in `file_content'",
"ee/app/services/dependencies/export_service.rb:61:in `block in create_export_file'",
"/usr/lib/ruby/3.1.0/tempfile.rb:317:in `open'",
"ee/app/services/dependencies/export_service.rb:60:in `create_export_file'",
"ee/app/services/dependencies/export_service.rb:49:in `create_export'",
"ee/app/services/dependencies/export_service.rb:27:in `execute'",
"ee/app/services/dependencies/export_service.rb:17:in `execute'",
"ee/app/workers/dependencies/export_worker.rb:25:in `perform'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:210:in `execute_job'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:180:in `block (4 levels) in process'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:180:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/skip_jobs.rb:51:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/database/load_balancing/sidekiq_server_middleware.rb:29:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/duplicate_jobs/strategies/until_executing.rb:16:in `perform'",
"lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb:44:in `perform'",
"lib/gitlab/sidekiq_middleware/duplicate_jobs/server.rb:8:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/concurrency_limit/middleware.rb:32:in `perform'",
"lib/gitlab/sidekiq_middleware/concurrency_limit/server.rb:8:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/click_house/migration_support/sidekiq_middleware.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/pause_control/strategies/base.rb:31:in `perform'",
"lib/gitlab/sidekiq_middleware/pause_control/strategy_handler.rb:22:in `perform'",
"lib/gitlab/sidekiq_middleware/pause_control/server.rb:8:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/worker_context.rb:9:in `wrap_in_optional_context'",
"lib/gitlab/sidekiq_middleware/worker_context/server.rb:19:in `block in call'",
"lib/gitlab/application_context.rb:133:in `block in use'",
"gitlab-labkit (0.36.0) lib/labkit/context.rb:35:in `with_context'",
"lib/gitlab/application_context.rb:133:in `use'",
"lib/gitlab/application_context.rb:66:in `with_context'",
"lib/gitlab/sidekiq_middleware/worker_context/server.rb:17:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_status/server_middleware.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_versioning/middleware.rb:9:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/query_analyzer.rb:7:in `block in call'",
"lib/gitlab/database/query_analyzer.rb:40:in `within'",
"lib/gitlab/sidekiq_middleware/query_analyzer.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/admin_mode/server.rb:14:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/instrumentation_logger.rb:9:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/batch_loader.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/extra_done_log_metadata.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/server_metrics.rb:111:in `block in call'",
"lib/gitlab/sidekiq_middleware/server_metrics.rb:139:in `block in instrument'",
"lib/gitlab/metrics/background_transaction.rb:33:in `run'",
"lib/gitlab/sidekiq_middleware/server_metrics.rb:139:in `instrument'",
"lib/gitlab/sidekiq_middleware/server_metrics.rb:110:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/request_store_middleware.rb:8:in `block in call'",
"gems/gitlab-safe_request_store/lib/gitlab/safe_request_store.rb:66:in `enabling_request_store'",
"gems/gitlab-safe_request_store/lib/gitlab/safe_request_store.rb:59:in `ensure_request_store'",
"lib/gitlab/sidekiq_middleware/request_store_middleware.rb:7:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/sidekiq/server.rb:21:in `block in call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:180:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/sidekiq/context/server.rb:16:in `block in call'",
"gitlab-labkit (0.36.0) lib/labkit/context.rb:35:in `with_context'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/sidekiq/context/server.rb:15:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:173:in `invoke'",
"gitlab-labkit (0.36.0) lib/labkit/middleware/sidekiq/server.rb:20:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/monitor.rb:10:in `block in call'",
"lib/gitlab/sidekiq_daemon/monitor.rb:46:in `within_job'",
"lib/gitlab/sidekiq_middleware/monitor.rb:9:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/shard_awareness_validator.rb:10:in `block in call'",
"lib/gitlab/sidekiq_sharding/validator.rb:42:in `enabled'",
"lib/gitlab/sidekiq_middleware/shard_awareness_validator.rb:9:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"lib/gitlab/sidekiq_middleware/size_limiter/server.rb:13:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"marginalia (1.11.1) lib/marginalia/sidekiq_instrumentation.rb:9:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"sentry-sidekiq (5.17.3) lib/sentry/sidekiq/sentry_context_middleware.rb:26:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:183:in `block in traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/metrics/tracking.rb:26:in `track'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/metrics/tracking.rb:122:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:182:in `traverse'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/middleware/chain.rb:173:in `invoke'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:179:in `block (3 levels) in process'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:140:in `block (6 levels) in dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/job_retry.rb:114:in `local'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:139:in `block (5 levels) in dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/rails.rb:16:in `block in call'",
"activesupport (7.0.8.1) lib/active_support/execution_wrapper.rb:92:in `wrap'",
"activesupport (7.0.8.1) lib/active_support/reloader.rb:72:in `block in wrap'",
"activesupport (7.0.8.1) lib/active_support/execution_wrapper.rb:92:in `wrap'",
"activesupport (7.0.8.1) lib/active_support/reloader.rb:71:in `wrap'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/rails.rb:15:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:135:in `block (4 levels) in dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:271:in `stats'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:130:in `block (3 levels) in dispatch'",
"lib/gitlab/sidekiq_logging/structured_logger.rb:21:in `call'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:129:in `block (2 levels) in dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/job_retry.rb:81:in `global'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:128:in `block in dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/job_logger.rb:39:in `prepare'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:127:in `dispatch'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:178:in `block (2 levels) in process'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:177:in `handle_interrupt'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:177:in `block in process'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:176:in `handle_interrupt'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:176:in `process'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:82:in `process_one'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/processor.rb:72:in `run'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/component.rb:10:in `watchdog'",
"vendor/gems/sidekiq-7.1.6/lib/sidekiq/component.rb:19:in `block in safe_thread'"
Edited by Brian Williams