Security for Jira allows you to create custom scanning rules using regular expressions. You can create and edit custom rules from the Settings page, under “Custom rules”:
Only Jira administrators can access these settings.
Our application uses the built-in JDK java regex library (Java 8), which you can compare to other regex engines here.
Security for Jira imposes hard limits on how much memory a rule can use and how long a rule can take to scan a page fragment. Scanning rules which exceed these limits will be automatically disabled, and the scan will be marked as failed.
If a secret in a single page fragment matches more than one rule (built-in or custom), only the first match will be reported.
Here are some example custom rules:
Bitcoin Address
^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$
Youtube Links
<a\s+(?:[^>]*)href=\"((?:https|http):\/\/\w{0,3}.youtube+\.\w{2,3}\/watch\?v=[\w-]{11})">(?:.*?)<\/a>