feat(parsers): configure Xygeni deduplication algorithms

Wire the three Xygeni scan types into DEDUPLICATION_ALGORITHM_PER_PARSER
in settings.dist.py so re-imports dedup against the vendor-stable
uniqueHash instead of the legacy heuristic:

- Xygeni SAST Scan, Xygeni Secrets Scan: DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL.
- Xygeni SCA Scan: DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE with
  HASHCODE_FIELDS_PER_SCANNER set to (vulnerability_ids, component_name,
  component_version) and HASHCODE_ALLOWS_NULL_CWE: True, enabling
  cross-tool dedup with other SCA parsers when a CVE matches a package
  at the same version.

Document the per-scan-type algorithm in the parser docs page.

Refs: #14755

Author: lmrb-1968

docs/content/supported_tools/parsers/file/xygeni.md

@@ -62,7 +62,18 @@ The kind-specific payload then follows:
 Sample Xygeni JSON reports can be found
 [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/xygeni).
 
-### Default Deduplication Hashcode Fields
-The parser sets `unique_id_from_tool` from each finding's vendor-stable
-`uniqueHash`, so re-importing the same Xygeni report does not duplicate
-findings. `vuln_id_from_tool` is set from `issueId`.
+### Deduplication
+
+Every finding carries `unique_id_from_tool` (set from Xygeni's vendor-stable
+`uniqueHash`) and `vuln_id_from_tool` (set from `issueId`). The deduplication
+algorithm is configured per scan type:
+
+| Scan type            | Algorithm                          | Hash-code fields (fallback)                                    |
+| -------------------- | ---------------------------------- | -------------------------------------------------------------- |
+| Xygeni SAST Scan     | `unique_id_from_tool`              | n/a                                                            |
+| Xygeni SCA Scan      | `unique_id_from_tool_or_hash_code` | `vulnerability_ids`, `component_name`, `component_version`     |
+| Xygeni Secrets Scan  | `unique_id_from_tool`              | n/a                                                            |
+
+For SCA the hash-code fallback enables cross-tool deduplication: the same
+CVE on the same package@version reported by Xygeni and another SCA scanner
+(Snyk, Trivy, etc.) collapse into a single Finding.

dojo/settings/settings.dist.py

@@ -1512,6 +1512,7 @@ def saml2_attrib_map_format(din):
     "n0s1 Scanner": ["description"],
     "IriusRisk Threats Scan": ["title", "component_name"],
     "Orca Security Alerts": ["title", "component_name"],
+    "Xygeni SCA Scan": ["vulnerability_ids", "component_name", "component_version"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1586,6 +1587,7 @@ def saml2_attrib_map_format(din):
     "Cyberwatch scan (Galeax)": True,
     "OpenVAS Parser v2": True,
     "OpenReports": True,
+    "Xygeni SCA Scan": True,
 }
 
 # List of fields that are known to be usable in hash_code computation)
@@ -1781,6 +1783,9 @@ def saml2_attrib_map_format(din):
     "OpenReports": DEDUPE_ALGO_HASH_CODE,
     "IriusRisk Threats Scan": DEDUPE_ALGO_HASH_CODE,
     "Orca Security Alerts": DEDUPE_ALGO_HASH_CODE,
+    "Xygeni SAST Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
+    "Xygeni SCA Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
+    "Xygeni Secrets Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
 }
 
 # Override the hardcoded settings here via the env var