{"id":101572,"date":"2025-05-06T06:58:56","date_gmt":"2025-05-06T04:58:56","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=learn&#038;p=101572"},"modified":"2025-05-06T07:00:36","modified_gmt":"2025-05-06T05:00:36","slug":"implementing-policy-management-for-container-security-compliance","status":"publish","type":"learn","link":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/","title":{"rendered":"Implementing Policy Management for Container Security Compliance"},"content":{"rendered":"<p>Understanding the risks that accompany containerized technology and implementing sustainable, enforceable container policies that meet security\/compliance mandates without breaking developer workflows is essential today. We\u2019ve previously broken down <a href=\"https:\/\/checkmarx.com\/product\/container-security\/\">container security<\/a> and <a href=\"https:\/\/checkmarx.com\/learn\/container-security\/container-security-checklist-guide\/\">container security best practices<\/a>, but guidance only goes so far. Execution is what counts.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-190.pdf\">NIST\u2019s Application Container Security Guide<\/a> is a helpful place to start \u2013 it offers recommendations on real-world policy management strategies, turning theory into action with help from modern container security tools. Let\u2019s look at some of the highlights.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\"><strong>Policy Is a Program, Not Just a Configuration<\/strong><\/h2>\n\n\n\n<p>Too many organizations treat policy management like a technical checkbox: Define a few rules, push them into Kubernetes, and call it secure. That approach fails the moment something breaks in production or slows down a sprint. According to the NIST guide, true container security begins with reshaping operational culture and technical workflows. Containers aren\u2019t just another layer in the stack; they change how applications are developed, deployed, and secured.<\/p>\n\n\n\n<p>This means adapting traditional practices. Patching strategies built for virtual machines or bare metal servers don\u2019t work in immutable, ephemeral container environments. Security must shift left, embedded into the build process through container security scanning and image validation. But it also must extend right into runtime and operations, where policies guard against misconfigurations, rogue containers, and drift.<\/p>\n\n\n\n<p>What matters is designing policy with lifecycle thinking. Start by defining your acceptable risk tolerances. Then build a policy program that spans the development pipeline, registry governance, deployment gates, and production enforcement. Think of it not as a product feature, but a continuous function of your security posture.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\"><strong>Translating NIST Recommendations into Practical Policy<\/strong><\/h2>\n\n\n\n<p>The NIST Application Container Security Guide highlights risks across images, registries, orchestrators, containers, and host OSs \u2013 each presenting unique opportunities for policy enforcement. For instance, unscanned or outdated images may carry known vulnerabilities. Policies should require that all images be scanned as part of the CI pipeline and blocked if critical CVEs are found. Similarly, containers should never run as root unless explicitly permitted. That\u2019s not just a best practice; it\u2019s a NIST-endorsed control that can be enforced through Kubernetes security contexts or admission controllers.<\/p>\n\n\n\n<p><a href=\"https:\/\/checkmarx.com\/glossary\/what-is-secrets-detection\/\">Secrets management<\/a> is another critical area. Embedding cleartext credentials in image layers is a common but dangerous pattern. Instead, secrets should be injected at runtime using orchestrator-native mechanisms like external vaults. Your policy framework should mandate this and provide developers with templates to ensure consistency.<\/p>\n\n\n\n<p>Network policy is also central. Containers often launch with open egress, giving them the ability to communicate with any external system, a recipe for data exfiltration in the event of a compromise. Policies should restrict outbound traffic to only necessary domains or IPs and isolate sensitive workloads on separate networks to avoid lateral movement.<\/p>\n\n\n\n<p>None of this needs to be hypothetical. Container security tools can define these policies declaratively, map them to compliance requirements, and enforce them in CI\/CD and Kubernetes environments alike.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\"><strong>Enforcing Policy Without Derailing DevOps<\/strong><\/h2>\n\n\n\n<p>One of the most common tensions in security leadership is the fear of slowing down developers, and it\u2019s a valid concern. Poorly introduced policies often get bypassed, ignored, or rolled back under pressure. That\u2019s why the rollout phase is as important as the rules themselves.<\/p>\n\n\n\n<p>Start by introducing policy in \u201calert-only\u201d mode. Let teams see where they would fail enforcement and give them space to remediate on their own. NIST highlights the importance of education and culture here: Success depends not just on configuration, but on buy-in. Provide contextual alerts in the developer\u2019s workflow, whether that\u2019s in GitHub pull requests, Jenkins logs, or Slack notifications. Each failed policy should come with a remediation guide, not just a red flag.<\/p>\n\n\n\n<p>Over time, elevate from alerting to enforcement, beginning with high-impact policies like blocking untrusted base images or denying privileged containers. Pair each enforcement move with a clear service level agreement (SLA) and exception handling process. Make exceptions transparent and time-bound; an expired bypass should auto-revert to policy enforcement unless renewed with justification.<\/p>\n\n\n\n<p>Ultimately, good policy management is part governance, part diplomacy. Frame it not as an obstacle, but a tool that helps teams ship more securely with less firefighting downstream.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\"><strong>Policy Across the Container Lifecycle<\/strong><\/h2>\n\n\n\n<p>NIST&#8217;s container lifecycle model spans from image creation to deployment and operation. Your policies should travel the same path.<\/p>\n\n\n\n<p>In CI\/CD, container security tools should evaluate every image against your defined baselines, whether that\u2019s CVE thresholds, configuration checks, or embedded secret scans. Approved images should be signed and pushed to a secure registry, while outdated or stale images should be deprecated or removed. At deployment, admission controllers should validate pod configurations, enforce resource limits, and block any runtime behaviors that violate your rules.<\/p>\n\n\n\n<p>In production, runtime policies become your final guardrail. For example, containers shouldn\u2019t be allowed to write to host volumes or make outbound calls to unapproved IP ranges. These policies not only harden your environment, but also reduce alert fatigue by catching only what matters.<\/p>\n\n\n\n<p>All of this must be observable. Policy violations, exceptions, and compliance metrics should feed into a centralized dashboard accessible to both security and engineering leads.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\"><strong>Metrics That Prove Impact and Support Audits<\/strong><\/h2>\n\n\n\n<p>Policy is only as good as the insights it provides. To maintain momentum and satisfy compliance and audit requirements, you need to measure effectiveness.<\/p>\n\n\n\n<p>Track pass\/fail rates for CI builds against policy, and monitor remediation times across teams. Log every policy violation and its resolution. Measure how many exceptions were granted, how long they lasted, and whether they became permanent.<\/p>\n\n\n\n<p>Use this data not only for internal governance, but to map your program to <a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final\">NIST SP 800-53<\/a> controls or Cybersecurity Framework subcategories. For example, policies enforcing non-root containers align with AC-6 (least privilege), while vulnerability-based image gating supports SI-2 (flaw remediation).<\/p>\n\n\n\n<p>These metrics are your evidence when working with auditors and your leverage when making the case for scaling the program across more teams.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\"><strong>Policy as Your Compliance Engine<\/strong><\/h2>\n\n\n\n<p>Container security policy isn\u2019t about restricting developers. Done right, it empowers them to build and deploy with confidence. Backed by NIST 800-190 and enforced through modern container security tools, your policy framework becomes a control plane for risk, compliance, and speed.<\/p>\n\n\n\n<p>Start with culture. Build with clarity. Enforce with empathy. And let policy become the backbone of a secure, compliant container ecosystem that keeps pace with the business.Take the next step and explore <a href=\"https:\/\/checkmarx.com\/product\/container-security\/\">Checkmarx Container Security<\/a>.<\/p>","protected":false},"author":11,"featured_media":98105,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"learn-cat":[864],"class_list":["post-101572","learn","type-learn","status-publish","has-post-thumbnail","hentry","learn-cat-container-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Implementing Policy Management for Container Security Compliance<\/title>\n<meta name=\"description\" content=\"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Implementing Policy Management for Container Security Compliance\" \/>\n<meta property=\"og:description\" content=\"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-06T05:00:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\"},\"author\":{\"name\":\"Checkmarx Team\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/25482b0b490209da942049e2c8b0d3aa\"},\"headline\":\"Implementing Policy Management for Container Security Compliance\",\"datePublished\":\"2025-05-06T04:58:56+00:00\",\"dateModified\":\"2025-05-06T05:00:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\"},\"wordCount\":1084,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\",\"url\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\",\"name\":\"Implementing Policy Management for Container Security Compliance\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp\",\"datePublished\":\"2025-05-06T04:58:56+00:00\",\"dateModified\":\"2025-05-06T05:00:36+00:00\",\"description\":\"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp\",\"width\":1200,\"height\":600,\"caption\":\"container security best practices\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/25482b0b490209da942049e2c8b0d3aa\",\"name\":\"Checkmarx Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/cropped-cx_favicon-150x150.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/cropped-cx_favicon-150x150.webp\",\"caption\":\"Checkmarx Team\"},\"url\":\"https:\/\/checkmarx.com\/author\/checkmarx-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Implementing Policy Management for Container Security Compliance","description":"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/","og_locale":"en_US","og_type":"article","og_title":"Implementing Policy Management for Container Security Compliance","og_description":"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.","og_url":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2025-05-06T05:00:36+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/"},"author":{"name":"Checkmarx Team","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/25482b0b490209da942049e2c8b0d3aa"},"headline":"Implementing Policy Management for Container Security Compliance","datePublished":"2025-05-06T04:58:56+00:00","dateModified":"2025-05-06T05:00:36+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/"},"wordCount":1084,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/","url":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/","name":"Implementing Policy Management for Container Security Compliance","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp","datePublished":"2025-05-06T04:58:56+00:00","dateModified":"2025-05-06T05:00:36+00:00","description":"This guide helps AppSec leaders enforce compliance, secure container environments, and streamline container security scanning using best-in-class container security tools.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/learn\/container-security\/implementing-policy-management-for-container-security-compliance\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/09\/container_security_ideo_thumbnail-e1746507502919.webp","width":1200,"height":600,"caption":"container security best practices"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/25482b0b490209da942049e2c8b0d3aa","name":"Checkmarx Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/cropped-cx_favicon-150x150.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/cropped-cx_favicon-150x150.webp","caption":"Checkmarx Team"},"url":"https:\/\/checkmarx.com\/author\/checkmarx-team\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/101572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/learn"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/101572\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/98105"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=101572"}],"wp:term":[{"taxonomy":"learn-cat","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn-cat?post=101572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}