{
  "schema_version": "security_finding_v1",
  "finding_id": "sample-kali-112-harbor-scan-failure-20260513",
  "scan_run_id": "sample-kali-112-contract-only-20260513",
  "scanner": "kali",
  "scanner_version": "nmap:7.99;nikto:2.6.0;nuclei:3.8.0",
  "asset_key": "tool:harbor-image-scan",
  "target_type": "tool",
  "target": "harbor_image_scan_redacted",
  "category": "supply_chain",
  "severity": "MEDIUM",
  "confidence": "MEDIUM",
  "status": "new",
  "recommended_mode": "warn",
  "evidence_ref": "docs/security/KALI-INTEGRATION-STATUS.md#4-仍未完成的整合",
  "summary": "Kali 112 週期性 Harbor image scan 目前有 target、project、auth 或 certificate chain 不一致的跡象；此 sample 只作為契約驗證，不代表 runtime ingestion 已啟用。",
  "recommended_action": "先修正 Harbor target/project/credential/certificate chain，確認 scanner evidence 穩定後再納入正式 ingestion；不得自動修復或阻擋部署。",
  "owner_team": "security-commander",
  "labels": {
    "source_host": "host:kali-112",
    "runtime_ingested": "false",
    "redacted": "true",
    "blocking": "false"
  }
}