NuGetDefence.lib: scanning twice does not report the vulnerabilities on secound scan

[chiluap]

Describe the bug When we scan twice, the vulnerable packages only get reported on the first scan.

To Reproduce Steps to reproduce the behavior:

1. scan a project or solution (I used nuke)

using Nuke.Common;
using Nuke.Common.IO;
using System;
using System.Diagnostics.CodeAnalysis;
using System.IO;
using NuGetDefense;


[SuppressMessage("ReSharper", "InconsistentNaming")]
[SuppressMessage("ReSharper", "UnusedMember.Local")]
[SuppressMessage("ReSharper", "MissingAnnotation")]
partial class Build

{
    Target DependencyCheck => _ => _
        .DependsOn(Compile)
        .Executes(() =>
        {
            ScanOptions options = new ScanOptions()
            {
                ProjectFile = new FileInfo("./path/to/some.csproj"),
                CheckTransitiveDependencies = true,
                WarnOnly = false,    
            };
            Scanner scanner = new Scanner();
            int retVal = scanner.Scan(options);
            Console.WriteLine($"depcheck returned {retVal}");

            if (retVal != 0)
            {
                throw new Exception($"Dependency check failed, vulnarable packages detected {retVal}");
            }
        });
}

2. run this twice

Expected behavior vulnarable packages get reported both times

Tools (please complete the following information):

• IDE: [Rider 2023.2, VS2022, NUKE]
• OS: [Windows 10 Latest Patch]