Optimize cold source health probes

08-threat-intel/generated/dashboard/docs/architecture-library.html

@@ -87,7 +87,7 @@
       <h1>当前架构库镜像</h1>
       <div class="meta">工作台内置镜像页：当前架构库结构化数据镜像。</div>
       <pre>{
-  &quot;generated_at&quot;: &quot;2026-03-19T09:17:16+00:00&quot;,
+  &quot;generated_at&quot;: &quot;2026-03-19T09:30:58+00:00&quot;,
   &quot;title&quot;: &quot;当前架构库&quot;,
   &quot;summary&quot;: &quot;工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。&quot;,
   &quot;sections&quot;: [
@@ -137,7 +137,7 @@
         },
         {
           &quot;label&quot;: &quot;生成时间&quot;,
-          &quot;value&quot;: &quot;2026-03-19T09:17:16+00:00&quot;
+          &quot;value&quot;: &quot;2026-03-19T09:30:58+00:00&quot;
         }
       ],
       &quot;links&quot;: [

08-threat-intel/generated/dashboard/docs/retired-sources.html

@@ -350,6 +350,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "gitlab-ce",
+    "display_name": "GitLab CE",
+    "source_name": "GitLab Security Releases",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+    "replacement_sources": [
+      "GitLab Security Releases Atom"
+    ],
+    "url": "https://about.gitlab.com/releases/categories/releases/"
+  },
   {
     "system_id": "gitlab-ce",
     "display_name": "GitLab CE",
@@ -399,6 +411,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "jenkins",
+    "display_name": "Jenkins",
+    "source_name": "Jenkins Security Advisories",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Jenkins Security Advisories RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+    "replacement_sources": [
+      "Jenkins Security Advisories RSS"
+    ],
+    "url": "https://www.jenkins.io/security/advisories/"
+  },
   {
     "system_id": "jenkins",
     "display_name": "Jenkins",
@@ -425,6 +449,18 @@
     ],
     "url": ""
   },
+  {
+    "system_id": "kibana",
+    "display_name": "Kibana",
+    "source_name": "Elastic Security Announcements",
+    "bucket": "official_sources",
+    "kind": "html-links",
+    "retired_reason": "Elastic Security Announcements RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.",
+    "replacement_sources": [
+      "Elastic Security Announcements RSS"
+    ],
+    "url": "https://discuss.elastic.co/c/announcements/security-announcements/31"
+  },
   {
     "system_id": "kibana",
     "display_name": "Kibana",

08-threat-intel/generated/dashboard/docs/source-catalog-audit.html

@@ -88,11 +88,11 @@
       <div class="meta">工作台内置镜像页：active/retired source、replacement map 与覆盖摘要。</div>
       <pre># Source Catalog Audit
 
-- generated_at: `2026-03-19T09:17:03+00:00`
+- generated_at: `2026-03-19T09:30:54+00:00`
 - systems: `62`
 - sources: `179`
-- active_sources: `113`
-- retired_sources: `66`
+- active_sources: `110`
+- retired_sources: `69`
 - systems_with_active_official: `61/62`
 - systems_with_machine_readable_source: `61/62`
 
@@ -119,12 +119,15 @@
 - `fastify` `GitHub Global Advisories` -&gt; replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
 - `flask` `GitHub Global Advisories` -&gt; replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
 - `ghost` `NVD Ghost` -&gt; replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
+- `gitlab-ce` `GitLab Security Releases` -&gt; replacements: `GitLab Security Releases Atom` | reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `gitlab-ce` `NVD GitLab` -&gt; replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
 - `hapi` `GitHub Global Advisories` -&gt; replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
 - `haproxy` `HAProxy Security Advisories` -&gt; replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
 - `haproxy` `NVD HAProxy` -&gt; replacements: `HAProxy Blog Feed` | reason: HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.
+- `jenkins` `Jenkins Security Advisories` -&gt; replacements: `Jenkins Security Advisories RSS` | reason: Jenkins Security Advisories RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `jenkins` `NVD Jenkins` -&gt; replacements: `Jenkins Security Advisories, Jenkins Security Advisories RSS` | reason: Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.
 - `joomla` `NVD Joomla` -&gt; replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
+- `kibana` `Elastic Security Announcements` -&gt; replacements: `Elastic Security Announcements RSS` | reason: Elastic Security Announcements RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
 - `kibana` `NVD Kibana` -&gt; replacements: `Elastic Security Announcements, Elastic Security Announcements RSS` | reason: Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.
 - `koa` `GitHub Global Advisories` -&gt; replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
 - `laravel` `GitHub Global Advisories` -&gt; replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.

08-threat-intel/generated/dashboard/docs/source-map.html

@@ -2316,6 +2316,9 @@ systems:
         advisory_mode: core
         keywords: [security release, gitlab]
         max_items: 50
+        status: retired
+        retired_reason: GitLab Security Releases Atom is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
+        replacement_sources: [GitLab Security Releases Atom]
       - name: GitLab Security Releases Atom
         kind: atom-feed
         url: https://about.gitlab.com/security-releases.xml
@@ -2363,6 +2366,9 @@ systems:
         advisory_mode: core
         keywords: [jenkins]
         max_items: 60
+        status: retired
+        retired_reason: Jenkins Security Advisories RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
+        replacement_sources: [Jenkins Security Advisories RSS]
       - name: Jenkins Security Advisories RSS
         kind: rss-feed
         url: https://www.jenkins.io/security/advisories/rss.xml
@@ -2434,6 +2440,9 @@ systems:
         advisory_mode: core
         keywords: [kibana, elastic, security]
         max_items: 60
+        status: retired
+        retired_reason: Elastic Security Announcements RSS is the official machine-readable replacement; keeping both active adds duplicate cold-start cost without added coverage.
+        replacement_sources: [Elastic Security Announcements RSS]
       - name: Elastic Security Announcements RSS
         kind: rss-feed
         url: https://discuss.elastic.co/c/announcements/security-announcements/31.rss

08-threat-intel/generated/dashboard/docs/testing-completeness-report.html

@@ -88,15 +88,15 @@
       <div class="meta">工作台内置镜像页：89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
       <pre># 全库 Advisory 完整度报告
 
-- 生成时间: `2026-03-19T09:17:16+00:00`
+- 生成时间: `2026-03-19T09:30:58+00:00`
 - 最新 advisory 完整度: `89/89` `verified-real`
 - 合成验证数量: `0`
 - 阻塞数量: `0`
 - 人工/待补证据数量: `0`
 - 完整度百分比: `100.0%`
-- active source 全绿: `113/113`
+- active source 全绿: `110/110`
 - source open alerts: `0`
-- 最近一次 source 全绿: `2026-03-19T09:17:08+00:00`
+- 最近一次 source 全绿: `2026-03-19T09:30:54+00:00`
 
 ## 系统覆盖矩阵
 
@@ -118,8 +118,8 @@
 ## Ingest / Source 健康度
 
 - source failures: `0`
-- active sources: `113`
-- green sources: `113`
+- active sources: `110`
+- green sources: `110`
 - open alerts: `0`
 
 ## 剩余风险说明