Impact
At least one user observed issues with security scans not completing successfully. The issue started on UTC-5 25-11-06 05:10 and was proactively discovered 5 hours (TTD) later by a staff member who noticed that, after a recent update to the database used by our SCA and SBOM scanning processes, an essential data table was missing. This omission caused all automated analyses and reattacks to fail to finish properly. As a result, multiple SCA, SBOM, and SAST jobs were temporarily unable to complete, though no customer reports were received. Approximately 1200 executions across Spots, Labels, and Skims were affected. The problem was resolved in 43.2 minutes (TTF), resulting in a total window of exposure of 5.7 hours (WOE) [1].
Cause
During a major update to the internal process that builds the database used by these scans, a required table was accidentally left out from the final version, which caused all jobs depending on it to fail [2].
Solution
The database generation logic was fixed to include the missing table. A corrected version was generated and deployed manually, restoring normal operation. The change was later merged so that future updates will include this fix automatically [3].
Conclusion
Additional automated tests were added to ensure all required data is present in the database before deployment. Versioning of the database will be implemented to allow faster recovery in case of future issues, and improvements are planned to make the generation process more robust overall. INCOMPLETE_PERSPECTIVE < MISSING_TEST