With commit id being included in the report of every secret found, I was surprised to discover that the commit id was actually just that of HEAD at the time of scanning. This seems to me like an error, but it looks deliberate from this comment:
# Set commit as current head when found, not when secret was addedpotential_secret_dict['commit'] = repo.storage.get_last_commit_hash()
When multiple commits have been made since the last scan, I think it's more appropriate to return the commit actually introducing a given secret. Is there a good explanation for the current behavior?
With commit id being included in the report of every secret found, I was surprised to discover that the commit id was actually just that of HEAD at the time of scanning. This seems to me like an error, but it looks deliberate from this comment:
# Set commit as current head when found, not when secret was added
potential_secret_dict['commit'] = repo.storage.get_last_commit_hash()
When multiple commits have been made since the last scan, I think it's more appropriate to return the commit actually introducing a given secret. Is there a good explanation for the current behavior?