CycloneDX reports ingested as array instead of hash cause specVersion lookup to throw exception

Summary

We have received an exception caused by a type mismatch. These errors are not shown to users and are not caught by the rescue because they are not of the expected type.

Steps to reproduce

1. Create a valid CycloneDX report using the Dependency Scanning analyzer.
2. Enclose it in a JSON array using [].
3. Upload that report as a cyclonedx report using a CI/CD pipeline configuration.
4. Verify that the Security tab is empty with no error.

Example Project

N/A

What is the current bug behavior?

An exception is thrown, and a failure happens silently on ingestion.

What is the expected correct behavior?

We should catch the exception for the type mismatch, and then show it to users who can then adjust/fix their uploaded report format.

Relevant logs and/or screenshots

Related to GITLABCOM-ASZR.

Possible fixes

1. Catch the TypeError exception, and show it as an error.