Fix Duplicate Findings in Github SAST Scan by Improving Hash Code

docs/content/supported_tools/parsers/file/github_sast.md

@@ -5,5 +5,7 @@ toc_hide: true
 Import findings in JSON format from Github Code Scanning REST API:
 <https://docs.github.com/en/rest/code-scanning/code-scanning>
 
+It is important to note that DefectDojo creates a hash code for Github SAST Scan findings based on the `html_url` field in the uploaded alert. If your organization goes through an Enterprise Managed Users (EMU) migration, or an Enterprise Cloud or Serve migration, this field could change. This would cause some duplication in findings.
+
 ### Sample Scan Data
 Sample Github SAST scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/github_sast).

dojo/settings/settings.dist.py

@@ -1354,7 +1354,7 @@
     "JFrog Xray On Demand Binary Scan": ["title", "component_name", "component_version"],
     "Scout Suite Scan": ["file_path", "vuln_id_from_tool"],  # for now we use file_path as there is no attribute for "service"
     "Meterian Scan": ["cwe", "component_name", "component_version", "description", "severity"],
-    "Github SAST Scan": ["vuln_id_from_tool", "severity", "file_path", "line"],
+    "Github SAST Scan": ["vuln_id_from_tool", "severity", "file_path", "url"], # url is the github alert url
     "Github Vulnerability Scan": ["title", "severity", "component_name", "vulnerability_ids", "file_path"],
     "Github Secrets Detection Report": ["title", "file_path", "line"],
     "Solar Appscreener Scan": ["title", "file_path", "line", "severity"],