diff --git a/demo-output.yaml b/demo-output.yaml
index 12864c19..55460685 100644
--- a/demo-output.yaml
+++ b/demo-output.yaml
@@ -309,6 +309,16 @@
         variables:
           name: junit.junit
           version: "4.11"
+    jboss-eap5-7-xml-02000:
+      description: ""
+      category: potential
+      incidents:
+      - uri: file:///analyzer-lsp/examples/java/jboss-app.xml
+        message: JBoss 5.x EAR descriptor (jboss-app.xml) was found with public-id
+        variables:
+          data: module
+          innerText: "\n        jboss-example-service\n    "
+          matchingXML: <service>jboss-example-service</service>
     lang-ref-001:
       description: ""
       category: potential
diff --git a/examples/java/jboss-app.xml b/examples/java/jboss-app.xml
new file mode 100644
index 00000000..57ab37f7
--- /dev/null
+++ b/examples/java/jboss-app.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<jboss-app>
+    <loader-repository>
+    </loader-repository>
+    <module public-id="JBoss DTD Java EE 5">
+        <service>jboss-example-service</service>
+    </module>
+</jboss-app>
diff --git a/provider/internal/builtin/provider.go b/provider/internal/builtin/provider.go
index 23e63c2e..3bb03814 100644
--- a/provider/internal/builtin/provider.go
+++ b/provider/internal/builtin/provider.go
@@ -40,6 +40,10 @@ var capabilities = []provider.Capability{
 		Name:            "xml",
 		TemplateContext: openapi3.SchemaRef{},
 	},
+	{
+		Name:            "xmlPublicID",
+		TemplateContext: openapi3.SchemaRef{},
+	},
 	{
 		Name:            "json",
 		TemplateContext: openapi3.SchemaRef{},
@@ -54,6 +58,7 @@ type builtinCondition struct {
 	Filecontent              fileContentCondition `yaml:"filecontent"`
 	File                     fileCondition        `yaml:"file"`
 	XML                      xmlCondition         `yaml:"xml"`
+	XMLPublicID              xmlPublicIDCondition `yaml:"xmlPublicID"`
 	JSON                     jsonCondition        `yaml:"json"`
 	HasTags                  []string             `yaml:"hasTags"`
 	provider.ProviderContext `yaml:",inline"`
@@ -76,6 +81,12 @@ type xmlCondition struct {
 	Filepaths  []string          `yaml:"filepaths"`
 }
 
+type xmlPublicIDCondition struct {
+	Regex      string            `yaml:"regex"`
+	Namespaces map[string]string `yaml:"namespaces"`
+	Filepaths  []string          `yaml:"filepaths"`
+}
+
 type jsonCondition struct {
 	XPath     string   `yaml:'xpath'`
 	Filepaths []string `yaml:"filepaths"`
diff --git a/provider/internal/builtin/service_client.go b/provider/internal/builtin/service_client.go
index 77be39da..e9fa2f3c 100644
--- a/provider/internal/builtin/service_client.go
+++ b/provider/internal/builtin/service_client.go
@@ -147,46 +147,19 @@ func (p *builtinServiceClient) Evaluate(ctx context.Context, cap string, conditi
 		if query == nil || err != nil {
 			return response, fmt.Errorf("could not parse provided xpath query '%s': %v", cond.XML.XPath, err)
 		}
-		//TODO(fabianvf): how should we scope the files searched here?
-		var xmlFiles []string
-		patterns := []string{"*.xml", "*.xhtml"}
-		xmlFiles, err = provider.GetFiles(p.config.Location, cond.XML.Filepaths, patterns...)
+		xmlFiles, err := findXMLFiles(p.config.Location, cond.XMLPublicID.Filepaths)
 		if err != nil {
-			return response, fmt.Errorf("unable to find files using pattern `%s`: %v", patterns, err)
+			return response, fmt.Errorf("Unable to find XML files: %v", err)
 		}
 
 		for _, file := range xmlFiles {
-			f, err := os.Open(file)
+			nodes, err := queryXMLFile(file, query)
 			if err != nil {
-				fmt.Printf("unable to open file '%s': %v\n", file, err)
 				continue
 			}
-			// TODO This should start working if/when this merges and releases: https://github.com/golang/go/pull/56848
-			var doc *xmlquery.Node
-			doc, err = xmlquery.ParseWithOptions(f, xmlquery.ParserOptions{Decoder: &xmlquery.DecoderOptions{Strict: false}})
-			if err != nil {
-				if err.Error() == "xml: unsupported version \"1.1\"; only version 1.0 is supported" {
-					// TODO HACK just pretend 1.1 xml documents are 1.0 for now while we wait for golang to support 1.1
-					b, err := os.ReadFile(file)
-					if err != nil {
-						fmt.Printf("unable to parse xml file '%s': %v\n", file, err)
-						continue
-					}
-					docString := strings.Replace(string(b), "<?xml version=\"1.1\"", "<?xml version = \"1.0\"", 1)
-					doc, err = xmlquery.Parse(strings.NewReader(docString))
-					if err != nil {
-						fmt.Printf("unable to parse xml file '%s': %v\n", file, err)
-						continue
-					}
-				} else {
-					fmt.Printf("unable to parse xml file '%s': %v\n", file, err)
-					continue
-				}
-			}
-			list := xmlquery.QuerySelectorAll(doc, query)
-			if len(list) != 0 {
+			if len(nodes) != 0 {
 				response.Matched = true
-				for _, node := range list {
+				for _, node := range nodes {
 					ab, err := filepath.Abs(file)
 					if err != nil {
 						ab = file
@@ -210,6 +183,52 @@ func (p *builtinServiceClient) Evaluate(ctx context.Context, cap string, conditi
 			}
 		}
 
+		return response, nil
+	case "xmlPublicID":
+		regex, err := regexp.Compile(cond.XMLPublicID.Regex)
+		if err != nil {
+			return response, fmt.Errorf("Could not parse provided public-id regex '%s': %v", cond.XMLPublicID.Regex, err)
+		}
+		query, err := xpath.CompileWithNS("//*[@public-id]", cond.XMLPublicID.Namespaces)
+		if query == nil || err != nil {
+			return response, fmt.Errorf("Could not parse public-id xml query '%s': %v", cond.XML.XPath, err)
+		}
+		xmlFiles, err := findXMLFiles(p.config.Location, cond.XMLPublicID.Filepaths)
+		if err != nil {
+			return response, fmt.Errorf("Unable to find XML files: %v", err)
+		}
+
+		for _, file := range xmlFiles {
+			nodes, err := queryXMLFile(file, query)
+			if err != nil {
+				continue
+			}
+
+			for _, node := range nodes {
+				// public-id attribute regex match check
+				for _, attr := range node.Attr {
+					if attr.Name.Local == "public-id" {
+						if regex.MatchString(attr.Value) {
+							response.Matched = true
+							ab, err := filepath.Abs(file)
+							if err != nil {
+								ab = file
+							}
+							response.Incidents = append(response.Incidents, provider.IncidentContext{
+								FileURI: uri.File(ab),
+								Variables: map[string]interface{}{
+									"matchingXML": node.OutputXML(false),
+									"innerText":   node.InnerText(),
+									"data":        node.Data,
+								},
+							})
+						}
+						break
+					}
+				}
+			}
+		}
+
 		return response, nil
 	case "json":
 		query := cond.JSON.XPath
@@ -372,3 +391,44 @@ func findFilesMatchingPattern(root, pattern string) ([]string, error) {
 	})
 	return matches, err
 }
+
+func findXMLFiles(baseLocation string, filePaths []string) ([]string, error) {
+	patterns := []string{"*.xml", "*.xhtml"}
+	// TODO(fabianvf): how should we scope the files searched here?
+	xmlFiles, err := provider.GetFiles(baseLocation, filePaths, patterns...)
+	return xmlFiles, err
+}
+
+func queryXMLFile(filePath string, query *xpath.Expr) ([]*xmlquery.Node, error) {
+	f, err := os.Open(filePath)
+	if err != nil {
+		fmt.Printf("unable to open file '%s': %v\n", filePath, err)
+		return nil, err
+	}
+	defer f.Close()
+	// TODO This should start working if/when this merges and releases: https://github.com/golang/go/pull/56848
+	var doc *xmlquery.Node
+	doc, err = xmlquery.ParseWithOptions(f, xmlquery.ParserOptions{Decoder: &xmlquery.DecoderOptions{Strict: false}})
+	if err != nil {
+		if err.Error() == "xml: unsupported version \"1.1\"; only version 1.0 is supported" {
+			// TODO HACK just pretend 1.1 xml documents are 1.0 for now while we wait for golang to support 1.1
+			var b []byte
+			b, err = os.ReadFile(filePath)
+			if err != nil {
+				fmt.Printf("unable to parse xml file '%s': %v\n", filePath, err)
+				return nil, err
+			}
+			docString := strings.Replace(string(b), "<?xml version=\"1.1\"", "<?xml version = \"1.0\"", 1)
+			doc, err = xmlquery.Parse(strings.NewReader(docString))
+			if err != nil {
+				fmt.Printf("unable to parse xml file '%s': %v\n", filePath, err)
+				return nil, err
+			}
+		} else {
+			fmt.Printf("unable to parse xml file '%s': %v\n", filePath, err)
+			return nil, err
+		}
+	}
+	nodes := xmlquery.QuerySelectorAll(doc, query)
+	return nodes, err
+}
diff --git a/rule-example.yaml b/rule-example.yaml
index 81c957e1..fa75f844 100644
--- a/rule-example.yaml
+++ b/rule-example.yaml
@@ -173,6 +173,11 @@
     builtin.xml:
       xpath:
         invalid-query: "test"
+- message: "JBoss 5.x EAR descriptor (jboss-app.xml) was found with public-id"
+  ruleID: jboss-eap5-7-xml-02000
+  when:
+    builtin.xmlPublicID:
+      regex: .*JBoss.+DTD Java EE.+5.*
 - message: "Tags {{tags}} found, creating message and new tag both"
   ruleID: multiple-actions-001
   tag: