The Snyk Dockerfile scanning is different from the Docker container image scanning. When you import and scan just the Dockerfile, Snyk will provide recommendations for the base image and the user instructions in the Dockerfile. You can read more about it Detect vulnerable bases images from Dockerfile
On the other hand when you scan the container image i.e via the CLI or the by importing the image through the container registry integration. Snyk scans the container image itself, it will go through the image layer by layer for vulnerabilities this will include any installed application packages and project manifest files if any manifest file is present. If you pass the Dockerfile along with the image as you can see in the suggestions you will also get base image suggestions.
In the web app, to get a combined result of both i.e container image scanning with base image scanning, you will need to attach Dockerfile to the container image for this you can follow our guide Adding your Dockerfile and test your base image. After this you can compare the two results as the scanning scenarios will be similar.
The result of scanning just the Dockerfile(via the web app) and scanning the image itself will always be different as explained above.