Database timeout in Dependencies List CSV export for nested groups

Summary

A GitLab Ultimate customer reported the following issue in ZD 659403

Subscription: GitLab Ultimate
Product: gitlab.com
Priority: customer severity4 priority4

Dependency List CSV exports fail with ActiveRecord::RecordNotFound errors for nested groups due to database query timeouts during the initial export process, while JSON exports work successfully for the same data.

Steps to reproduce

Navigate to a nested group (group containing subgroups) with substantial Dependency data
Go to Security & Compliance > Dependency List
Click Export and select CSV format
Wait for the export to complete
Observe that the export fails with an error

Example Project

This issue affects nested group structures with substantial Dependency data, specifically:

Groups containing multiple subgroups
Large numbers of SBOM occurrences across the group hierarchy
Complex traversal_ids filtering requirements

The specific group is mentioned in the ZD Ticket.

What is the current bug behavior?

CSV exports for nested groups fail with the following error sequence:

Initial Query Timeout (Sep 30, 2025 @ 12:22:18.732): Database query times out after ~26 seconds:

PG::QueryCanceled: ERROR: canceling statement due to statement timeout
Export Record Cleanup: The failed export record gets marked as failed and scheduled for deletion
Retry Failure (Oct 1, 2025 @ 05:38:38.877): Later retry attempts fail with:

ActiveRecord::RecordNotFound: Couldn't find Dependencies::DependencyListExport with 'id'="<GlobalID>"

The timing out query involves complex traversal_ids filtering.

What is the expected correct behavior?

CSV exports should work successfully for nested groups, just like JSON exports do. The export should complete without timing out and provide the user with a downloadable CSV file containing the SBOM data.

Relevant logs and/or screenshots

Query Timeout Log (Initial Failure):

Sep 30, 2025 @ 12:22:18.732 - PG::QueryCanceled: ERROR: canceling statement due to statement timeout Stack trace: ee/app/services/sbom/exporters/csv_service.rb:81:in `generate' Correlation ID: [REDACTED] User: user/[REDACTED] ([REDACTED]) Group: [REDACTED]

GlobalID Resolution Failure (Retry Attempts):

Oct 1, 2025 @ 05:38:38.877 - ActiveRecord::RecordNotFound: Couldn't find Dependencies::DependencyListExport with 'id'="[REDACTED]" Stack trace: ee/app/workers/gitlab/export/segmented_export_worker.rb:14:in `perform' Multiple retry attempts with same correlation ID: [REDACTED]

Timing Out SQL Query:

SELECT "sbom_occurrences"."id" FROM "sbom_occurrences" 
WHERE (sbom_occurrences.traversal_ids >= $1 AND $2 > sbom_occurrences.traversal_ids) 
AND "sbom_occurrences"."archived" = $3 
AND ("sbom_occurrences"."traversal_ids", "sbom_occurrences"."id") >= ($4, $5) 
AND ("sbom_occurrences"."traversal_ids", "sbom_occurrences"."id") <= ($6, $7) 
ORDER BY "sbom_occurrences"."id" ASC, "sbom_occurrences"."created_at" ASC 
LIMIT $8

Timeline:

Export Created: Sep 30, 2025 @ 12:21:37.744
Query Timeout: Sep 30, 2025 @ 12:22:18.732 (~41 seconds later)
Retry Failures: Oct 1, 2025 @ 05:37:59.545 - 05:38:38.877 (~17 hours later)

The logs show a clear pattern where the initial CSV export fails due to a database statement timeout, the export record gets cleaned up, and subsequent retry attempts fail because the export record no longer exists.