Open
Description
It doesn't look like your scanner checks for regexes vulnerable to catastrophic backtracking (-> REDOS).
To do that you could use some tools I built here. The underlying detectors incur dependencies (2 rely on Java, one relies on OCaml).
If dependencies are a problem, I am hosting a server that answers queries, see docs and code here. This requires shipping regexes to my server though.