Unreachable commits are not scanned

[rbailey-godaddy]

🐛 Bug Report

Tartufo does not scan commits that are not reachable from a currently existing branch.

To Reproduce

$ python tartufo/__main__.py --output-format compact --no-entropy scan-remote-repo https://mysite/my-tartufo-test
[Regular Expression Match] rename-1/test-4.txt: -----BEGIN RSA PRIVATE KEY----- (3d5afab43ae058e4456244f7f50dba17e7f116ee0aaa7b27a41625d6a4471072, RSA private key)
[Regular Expression Match] rename-1/test-2.txt: -----BEGIN RSA PRIVATE KEY----- (aa7b31d036f8ca1b10ad0b197d046faeebe844bfeb170b0e5e9eac92761e615f, RSA private key)
[Regular Expression Match] rename-1/test-1.txt: -----BEGIN RSA PRIVATE KEY----- (098e066119a30055c8675291a97369e619b0cfa4823ed15729e7d6194b0c20e6, RSA private key)

This repository contains the following commit which contains a secret:

$ git show 3b52809f7e265cc7495ea39badb13ccdd454ba16
commit 3b52809f7e265cc7495ea39badb13ccdd454ba16
Author: Scott Bailey <scott.bailey@godaddy.com>
Date:   Tue Dec 7 10:22:14 2021 -0500

    This commit contains a file with a regex match and should generate
    a finding when scanned.

diff --git a/delete-1/test-1.txt b/delete-1/test-1.txt
new file mode 100644
index 0000000..ff3822c
--- /dev/null
+++ b/delete-1/test-1.txt
@@ -0,0 +1,2 @@
+-----BEGIN RSA PRIVATE KEY-----
+this isn't really a key, but nobody cares about that

This scenario was constructed by creating a new branch, adding the above commit to it, pushing it to the repository, and then deleting the branch. Because the branch was never merged, there is no path from any existing branch to the offending commit and therefore the secret is not reported.

Expected Behavior

A finding should be generated for the above commit.