No, Microsoft is keeping all of that stuff under the wraps. They have a "secret scanning partner program" where they allow companies to have a endpoint GitHub can use for figuring out if something is a secret or not, so it's not just a library with a bunch of regex, seems like a service in itself and Microsoft doesn't really open source stuff like that.
You are correct. Though, speaking of regex, they work with partners to create the most accurate regexes possible using non-public information like expected entropy or checksums.
Sorry, I should clarify that some of those things are _in addition_ to regex. You are correct that it uses Hyperscan to find initial matches, then their first-party patterns go through some additional local processing magic.
(This is my understanding based on conversations with people working on the secret scanning feature at GitHub, I don't have firsthand knowledge.)
