{"id":102220,"date":"2025-06-11T12:03:41","date_gmt":"2025-06-11T10:03:41","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=102220"},"modified":"2025-07-24T10:04:46","modified_gmt":"2025-07-24T08:04:46","slug":"repository-health-monitoring-part-2-essential-practices-for-secure-repositories","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/","title":{"rendered":"Repository Health Monitoring Part 2: Essential Practices for Secure Repositories\u00a0"},"content":{"rendered":"

In Part 1<\/a> of this blog post series, we introduced the topic of repository health monitoring and explained how overlooking this weak link in your software supply chain security strategy can expose your enterprise to cyberattacks. <\/p>\n\n\n\n

In this post, we drill down into the critical security and maintenance best practices required to ensure that your code repositories do not provide threat actors with an unprotected attack surface. <\/p>\n\n\n\n

\nEssential Practices for Healthy Repositories<\/strong> <\/h2>\n\n\n\n

A robust repository health solution automatically and continuously tracks the security and quality practices in place for your code repositories. Each repository should be assessed against a set of established security policies and best practices, and remediated as necessary.  <\/p>\n\n\n\n

 To build strong, secure repositories, your teams should consistently implement the following best practices; each one addresses a key aspect of repository health and risk mitigation. And to make sure that best practices remain in place, ongoing repository health monitoring is critical. <\/p>\n\n\n\n

\nPerform Code Review Before Merge<\/strong> <\/h3>\n\n\n\n

Code review before merge ensures that all changes are examined by at least one other qualified developer before being incorporated into the main codebase. This practice is crucial because it helps catch security vulnerabilities, logical errors, and design flaws early in the development process, substantially reducing the risk of introducing security gaps or unstable code. <\/p>\n\n\n\n

By enforcing this \u201csecond set of eyes\u201d approach, organizations not only improve code quality but also facilitate knowledge sharing and collective ownership across development teams, ultimately producing more secure and maintainable applications. <\/p>\n\n\n\n

\nEnsure Branch Protection<\/strong> <\/h3>\n\n\n\n

Branch protection implements guardrails that prevent unauthorized or unreviewed changes from being directly pushed to critical branches like main or master. This protective measure is vital because it maintains the integrity of production-ready code by enforcing required reviews, passing status checks, and preventing history rewrites that could introduce security vulnerabilities. <\/p>\n\n\n\n

Proper branch protection rules serve as a fundamental security control that ensures all code meets quality standards before deployment, significantly reducing the risk of both accidental mistakes and malicious code injections that could compromise your entire application. <\/p>\n\n\n\n

\nEnforce Pinned Dependencies<\/strong> <\/h3>\n\n\n\n

Pinning dependencies involves explicitly specifying exact versions of the libraries and packages your application relies on, rather than using version ranges or latest versions. This precision is essential because it creates reproducible builds and prevents \u201cdependency confusion\u201d attacks where malicious packages could be automatically introduced during builds. <\/p>\n\n\n\n

When dependencies are pinned, teams gain complete control over when updates occur, allowing for proper security review of new versions before adoption and ensuring that supply chain attacks targeting dependencies are less likely to affect your application without deliberate action. <\/p>\n\n\n\n

\nUse Actively Maintained Dependencies<\/strong> <\/h3>\n\n\n\n

Using actively maintained dependencies means incorporating libraries and frameworks that receive regular updates, security patches, and have an engaged developer community. This factor is critical because abandoned dependencies quickly become security liabilities as new vulnerabilities are discovered but never patched, creating permanent weak points in your application. <\/p>\n\n\n\n

Projects relying on well-maintained dependencies benefit from rapid security fixes, performance improvements, and compatibility updates, significantly reducing the \u201csecurity debt\u201d that accumulates when using outdated software components that may contain known but unfixed vulnerabilities. <\/p>\n\n\n\n

\nMinimize the Presence of Executable\/Binary Artifacts<\/strong> <\/h3>\n\n\n\n

The presence of executable or binary artifacts in repositories represents a significant security risk because these opaque files can contain malware, backdoors, or vulnerable components that cannot be easily inspected through normal code review processes. Unlike source code, binary artifacts lack transparency and can execute arbitrary commands when deployed, potentially compromising entire systems. <\/p>\n\n\n\n

Minimizing or eliminating binary artifacts from repositories is important because it ensures all components can be properly audited, reduces the attack surface for supply chain attacks, and enforces the security principle of maintaining complete visibility into all software components deployed to production environments. <\/p>\n\n\n\n

\nRequire Fuzzing Tests<\/strong> <\/h3>\n\n\n\n

Fuzzing required means mandating automated testing that bombards your application with random, unexpected, or malformed inputs to discover vulnerabilities that standard testing might miss. Many critical security issues, such as buffer overflows, SQL injections, and format string vulnerabilities, often only emerge under unusual input conditions that developers rarely anticipate. <\/p>\n\n\n\n

By systematically implementing fuzzing in your development pipeline, you can proactively discover and remediate potential security issues before attackers can exploit them, significantly enhancing your application\u2019s resilience against both known attack patterns and novel exploitation techniques. <\/p>\n\n\n\n

\nEstablish and Enforce a Detailed Security Policy<\/strong> <\/h3>\n\n\n\n

A detailed security policy provides clear guidance on vulnerability reporting, patching timelines, security support periods, and responsible disclosure practices for your project. This documentation is essential because it establishes trust with users, sets expectations for security response, and creates clear processes for handling discovered vulnerabilities. <\/p>\n\n\n\n

Organizations with well-defined security policies demonstrate their commitment to security, improve coordination during incidents, and provide crucial information that helps security researchers responsibly report issues rather than leaving vulnerabilities undisclosed or, worse, publicly exposed without allowing time for remediation. <\/p>\n\n\n\n

\nTest the CI Pipeline <\/strong> <\/h3>\n\n\n\n

Continuous integration (CI) pipeline tests automatically verify that code changes don\u2019t break functionality or introduce vulnerabilities before they are merged into the main codebase. This automation is crucial because it provides consistent, repeatable validation that catches issues early when they are least expensive to fix, regardless of developer oversight or time constraints. <\/p>\n\n\n\n

By incorporating security-focused tests like SAST<\/a> (Static Application Security Testing), SCA<\/a> (Software Composition Analysis), malicious package detection<\/a>, secrets detection<\/a>, and container security<\/a> scanning directly into CI workflows, organizations create a security safety net that prevents vulnerable code from progressing toward production, establishing security as a non-negotiable quality gate rather than an afterthought. <\/p>\n\n\n\n

\nAvoid Dangerous GitHub Action Workflows<\/strong> <\/h3>\n\n\n\n

Dangerous GitHub Action workflows represent configurations that grant excessive permissions, use untrusted third-party actions, or handle secrets insecurely within your CI\/CD pipeline. Identifying and remediating these risky patterns is critical because compromised workflows can lead to supply chain attacks, credential theft, or unauthorized code modifications that affect all downstream consumers of your software. <\/p>\n\n\n\n

By enforcing least-privilege principles in CI\/CD configurations and carefully vetting all third-party actions, organizations prevent their automation infrastructure from becoming an attack vector, protecting not only their own environment but also all users and systems that depend on their code. <\/p>\n\n\n\n

\nImplement Signed Releases<\/strong> <\/h3>\n\n\n\n

Signed releases cryptographically verify the authenticity and integrity of published software packages, confirming they were created by trusted maintainers and haven\u2019t been tampered with. This verification is increasingly important in an era of sophisticated supply chain attacks because it allows you to validate that the libraries your developers are implementing are legitimate, rather than blindly trusting package repositories. <\/p>\n\n\n\n

By consistently signing releases with secure keys and documenting verification procedures, projects create a chain of trust that makes it significantly harder for attackers to inject malicious code into your software components, even if package repositories or distribution channels are compromised. <\/p>\n\n\n\n

\nUse Secure Packaging<\/strong> <\/h3>\n\n\n\n

Secure packaging encompasses the practices that ensure software is bundled, distributed, and installed in ways that maintain security throughout the delivery process. This comprehensive approach matters because even perfectly secure code can be compromised during distribution if packaging methods introduce vulnerabilities, include unnecessary components, or fail to validate integrity. <\/p>\n\n\n\n

By implementing proper package signing, minimizing attack surface through careful inclusion of dependencies, providing clean installation methods, and ensuring that packages can be verified before use, organizations extend their security posture beyond code development to protect the entire software supply chain from source repository all the way to deployment in the cloud. <\/p>\n\n\n\n

Taken together, these practices form a comprehensive blueprint for securing your code repositories against modern supply chain threats. <\/p>\n\n\n\n

\nBegin Securing Your Code Repositories Today<\/strong> <\/h2>\n\n\n\n

As supply chain attacks continue to increase, securing your code repositories is no longer optional\u2014it\u2019s a business imperative. Comprehensive repository health monitoring gives you the visibility and control needed to protect your software supply chain from its earliest stages. <\/p>\n\n\n\n

Click here to learn more or request a personalized demo<\/a> to see how Checkmarx Repository Health<\/a> \u2013 a part of the comprehensive Checkmarx One<\/a> application security platform \u2013 can strengthen your organization\u2019s software supply chain security and overall AppSec posture.\u00a0

<\/p>\n\n\n\n","protected":false},"excerpt":{"rendered":"

In Part 1 of this blog post series, we introduced the topic of repository health monitoring and explained how overlooking this weak link in your software supply chain security strategy can expose your enterprise to cyberattacks.  In this post, we drill down into the critical security and maintenance best practices required to ensure that your […]<\/p>\n","protected":false},"author":118,"featured_media":102216,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":true,"footnotes":""},"categories":[84,844],"tags":[1299],"class_list":["post-102220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-supply-chain-security","tag-repository-health"],"acf":[],"yoast_head":"\n12 Best Practices for Secure Code Repositories (2025 Guide)<\/title>\n<meta name=\"description\" content=\"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"12 Best Practices for Secure Code Repositories (2025 Guide)\" \/>\n<meta property=\"og:description\" content=\"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-11T10:03:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-24T08:04:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1352\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Joel Rose\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joel Rose\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\"},\"author\":{\"name\":\"Joel Rose\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078\"},\"headline\":\"Repository Health Monitoring Part 2: Essential Practices for Secure Repositories\u00a0\",\"datePublished\":\"2025-06-11T10:03:41+00:00\",\"dateModified\":\"2025-07-24T08:04:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\"},\"wordCount\":1365,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp\",\"keywords\":[\"repository health\"],\"articleSection\":[\"Blog\",\"Supply Chain Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\",\"name\":\"12 Best Practices for Secure Code Repositories (2025 Guide)\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp\",\"datePublished\":\"2025-06-11T10:03:41+00:00\",\"dateModified\":\"2025-07-24T08:04:46+00:00\",\"description\":\"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp\",\"width\":2560,\"height\":1352},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078\",\"name\":\"Joel Rose\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg\",\"caption\":\"Joel Rose\"},\"url\":\"https:\/\/checkmarx.com\/author\/joelr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"12 Best Practices for Secure Code Repositories (2025 Guide)","description":"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/","og_locale":"en_US","og_type":"article","og_title":"12 Best Practices for Secure Code Repositories (2025 Guide)","og_description":"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.","og_url":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2025-06-11T10:03:41+00:00","article_modified_time":"2025-07-24T08:04:46+00:00","og_image":[{"width":2560,"height":1352,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp","type":"image\/webp"}],"author":"Joel Rose","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Joel Rose","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/"},"author":{"name":"Joel Rose","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078"},"headline":"Repository Health Monitoring Part 2: Essential Practices for Secure Repositories\u00a0","datePublished":"2025-06-11T10:03:41+00:00","dateModified":"2025-07-24T08:04:46+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/"},"wordCount":1365,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp","keywords":["repository health"],"articleSection":["Blog","Supply Chain Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/","url":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/","name":"12 Best Practices for Secure Code Repositories (2025 Guide)","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp","datePublished":"2025-06-11T10:03:41+00:00","dateModified":"2025-07-24T08:04:46+00:00","description":"Learn 12 practices to secure code repositories and reduce supply chain risk\u2014from branch protection to signed releases and secure packaging.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/supply-chain-security\/repository-health-monitoring-part-2-essential-practices-for-secure-repositories\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/repository_health_monitoring_blogs_part_2-scaled.webp","width":2560,"height":1352},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/8cc863d656a4de523dab9b35c0756078","name":"Joel Rose","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/03\/MicrosoftTeams-image-13-150x150.jpg","caption":"Joel Rose"},"url":"https:\/\/checkmarx.com\/author\/joelr\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/102220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/118"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=102220"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/102220\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/102216"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=102220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=102220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=102220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}