Switch dedup method

Author: mfyll

dojo/settings/settings.dist.py

@@ -1659,7 +1659,7 @@ def saml2_attrib_map_format(din):
     "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE,
     "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE,
     "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE,
-    "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
+    "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var

dojo/tools/openreports/parser.py

@@ -268,12 +268,9 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r
             if policy.startswith("CVE-"):
                 finding.unsaved_vulnerability_ids = [policy]
 
-            # Create unique_id_from_tool for deduplication
-            # Use the report UID if available (from metadata.uid), otherwise fall back to service_name
-            # Format: report_uid:policy:package_name (preferred) or policy:package_name:service_name (fallback)
-            # This uses the stable UID from the OpenReports API that won't change on reimport
-            unique_id_components = [report_uid, policy, pkg_name] if report_uid else [policy, pkg_name, service_name]
-            finding.unique_id_from_tool = ":".join(unique_id_components)
+            # Set vuln_id_from_tool to the policy field for deduplication
+            # This allows using DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE
+            finding.vuln_id_from_tool = policy
 
             return finding  # noqa: TRY300 - This is intentional
 

unittests/tools/test_openreports_parser.py

@@ -34,10 +34,7 @@ def test_single_report(self):
             self.assertTrue(finding1.fix_available)
             self.assertEqual(1, len(finding1.unsaved_vulnerability_ids))
             self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0])
-            self.assertEqual(
-                "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3",
-                finding1.unique_id_from_tool,
-            )
+            self.assertEqual("CVE-2025-9232", finding1.vuln_id_from_tool)
             self.assertIn("vulnerability scan", finding1.tags)
             self.assertIn("image-scanner", finding1.tags)
             self.assertIn("Deployment", finding1.tags)
@@ -56,7 +53,7 @@ def test_single_report(self):
             self.assertTrue(finding2.fix_available)
             self.assertEqual(1, len(finding2.unsaved_vulnerability_ids))
             self.assertEqual("CVE-2025-47907", finding2.unsaved_vulnerability_ids[0])
-            self.assertEqual("b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-47907:stdlib", finding2.unique_id_from_tool)
+            self.assertEqual("CVE-2025-47907", finding2.vuln_id_from_tool)
 
             # Test third finding (non-CVE policy, fail/low severity)
             finding3 = findings[2]
@@ -72,10 +69,7 @@ def test_single_report(self):
             self.assertTrue(finding3.fix_available)
             # Non-CVE policies should not have vulnerability IDs
             self.assertIsNone(finding3.unsaved_vulnerability_ids)
-            self.assertEqual(
-                "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server",
-                finding3.unique_id_from_tool,
-            )
+            self.assertEqual("CIS-BENCH-001", finding3.vuln_id_from_tool)
             self.assertIn("compliance check", finding3.tags)
             self.assertIn("compliance-scanner", finding3.tags)
             self.assertIn("Deployment", finding3.tags)