sparr
commented
1 year ago scan will include staged changes that aren't yet present in the repo history, so if you have new secrets that you're preparing to commit then scan will produce those results that scan-history will not.
Barring that, I share your expectation. Can you produce a test case that has more results for scan than for scan-history?
Running commands
If I then SED, sort & uniq on the containing filenames I get a lot more results for the scan of the current version of the repo than I do for a history scan.
I was expecting the latter to be a super set of the former.
Am I missing something in how I should expect them to work ?
Thanks