{"id":4812,"date":"2013-12-09T21:17:51","date_gmt":"2013-12-09T21:17:51","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=4812"},"modified":"2026-04-13T22:44:19","modified_gmt":"2026-04-13T20:44:19","slug":"vulnerability-scan","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/","title":{"rendered":"Vulnerability Scan"},"content":{"rendered":"<p>A developer-first guide to vulnerability scanning across <a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\">SAST<\/a>, <a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">SCA<\/a>, <a href=\"https:\/\/checkmarx.com\/checkmarx-dast\/\">DAST<\/a>, and <a href=\"https:\/\/checkmarx.com\/product\/iac-security\/\">IaC Security<\/a>\u2014and how to operationalize it in CI\/CD.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">Definition<\/h2>\n\n\n\n<p>A <strong>vulnerability scan<\/strong> is an automated check for known weaknesses and misconfigurations across your software surface &#8211; source code, third\u2011party packages, running web apps\/APIs, and<a href=\"https:\/\/checkmarx.com\/glossary\/infrastructure-as-code-iac\/\"> infrastructure as code<\/a>. In modern programs, scanning is continuous, shift\u2011left, and integrated with developer workflows to find and fix issues early.<span style=\"color: #333333;\"><\/span><wp-block data-block=\"core\/more\"><\/wp-block><\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">How a vulnerability scan works<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<strong>Discovery\/Targeting<\/strong> &#8211; enumerate repos, services, endpoints, IaC files, containers, and <a href=\"https:\/\/checkmarx.com\/product\/sbom\/\">SBOM<\/a>s.<\/li>\n\n\n\n<li>\n<strong>Automated analysis<\/strong> &#8211; run the right engines:\n<ul class=\"wp-block-list\">\n<li>\n<strong>SAST<\/strong> for insecure code\/dataflows<\/li>\n\n\n\n<li>\n<strong>SCA<\/strong> for CVEs, license risks, transitive deps<\/li>\n\n\n\n<li>\n<strong>DAST<\/strong> for runtime issues in web apps\/APIs<\/li>\n\n\n\n<li>\n<strong>IaC Security<\/strong> for cloud misconfigurations<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\n<strong>Prioritization<\/strong> &#8211;  severity + exploitability + asset criticality<\/li>\n\n\n\n<li>\n<strong>Developer remediation<\/strong> &#8211; actionable guidance in the IDE\/PR with auto\u2011tickets<\/li>\n\n\n\n<li>\n<strong>Verification<\/strong> &#8211; re\u2011scan, measure MTTR and fix rate<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">Types of vulnerability scans (for AppSec)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>SAST (code):<\/strong> analyze source\/build artifacts for insecure patterns. \u2192 <em><a href=\"https:\/\/checkmarx.com\/cxsast-source-code-scanning\/\">Checkmarx SAST<\/a><\/em>\n<\/li>\n\n\n\n<li>\n<strong>SCA (open source):<\/strong> detect vulnerable\/licensed components; support SBOMs. \u2192 <em><a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">Checkmarx SCA<\/a><\/em>\n<\/li>\n\n\n\n<li>\n<strong>DAST (runtime):<\/strong> scan live apps\/APIs for auth\/session flaws, injections, etc. \u2192 <em><a href=\"https:\/\/checkmarx.com\/checkmarx-dast\/\">Checkmarx DAST<\/a><\/em>\n<\/li>\n\n\n\n<li>\n<strong>IaC Security:<\/strong> validate Terraform\/CloudFormation\/Kubernetes and more pre\u2011deploy. \u2192 <em><a href=\"https:\/\/checkmarx.com\/product\/iac-security\/\">Checkmarx IaC Security<\/a><\/em>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">Vulnerability scan vs. vulnerability assessment vs. pen test<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Vulnerability scan:<\/strong> automated, breadth\u2011first detection.<\/li>\n\n\n\n<li>\n<strong>Vulnerability assessment:<\/strong> adds expert review and risk context.<\/li>\n\n\n\n<li>\n<strong>Penetration test:<\/strong> human\u2011led exploitation to validate impact.<br>See also: <strong><a href=\"https:\/\/checkmarx.com\/glossary\/vulnerability-assessments\/\">Vulnerability Assessments<\/a><\/strong> and <a href=\"https:\/\/checkmarx.com\/glossary\/vulnerability-assessment-and-penetration-testing\/\"><strong>VAPT<\/strong> <\/a>(Vulnerability Assessment &amp; Penetration Testing).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\">Best practices &amp; tips<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Secure the pipeline:<\/strong> sign artifacts, verify SBOMs, <a href=\"https:\/\/checkmarx.com\/product\/container-security\/\">scan containers.<\/a>\n<\/li>\n\n\n\n<li>\n<strong>Shift left:<\/strong> SAST\/SCA on each PR; IaC\/DAST on merges + nightly.<\/li>\n\n\n\n<li>\n<strong>Right\u2011size rules:<\/strong> tune rulesets, standardize suppressions.<\/li>\n\n\n\n<li>\n<strong>Prioritize by exploitability:<\/strong> severity + <a href=\"https:\/\/checkmarx.com\/learn\/software-composition-analysis\/what-is-reachability-analysis\/\">reachability <\/a>+ criticality.<\/li>\n\n\n\n<li>\n<strong>Fix in the IDE:<\/strong> shorten feedback loops.<\/li>\n\n\n\n<li>\n<strong>Own the backlog:<\/strong> time\u2011box triage, auto\u2011ticket, track MTTR.<br>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\">\n<br>Key metrics<\/h2>\n\n\n\n<p>Fix rate (7\/30\/90\u2011day), <strong>MTTR<\/strong> by severity, exploitable\/high\u2011severity backlog, scan <strong>coverage<\/strong> across repos\/services, <strong>false\u2011positive rate<\/strong>, and <strong>policy\u2011gate pass rate<\/strong>.<\/p>\n\n\n\n<section class=\"section-accordion\">\n    <div class=\"main-wrapper section-accordion__wrapper\">\n        <h2 class=\"section-title article-anchor\" id=\"article-anchor-7\">FAQ<\/h2>\n        <div class=\"fag-accordion__wrapper\">\n            <div class=\"js-accordion fag-accordion\">\n                <div>\n\n                                            <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Is a vulnerability scan the same as DAST?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>No. <a href=\"https:\/\/checkmarx.com\/checkmarx-dast\/\">DAST<\/a> is one type of vulnerability scanning focused on live web apps\/APIs. Pair it with SAST, SCA, and IaC scanning for coverage.<\/p>\n                            <\/div>\n                        <\/div>\n                                                <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                How do we reduce noise and false positives?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Tune rules, enable reachability signals, standardize suppressions, and fix in\u2011IDE. Track false\u2011positive rate as a KPI.<\/p>\n                            <\/div>\n                        <\/div>\n                        <\/div>\n<div>                        <div class=\"js-accordion__item fag-accordion__item \">\n                            <h3 class=\"js-accordion__btn fag-accordion__btn\">\n                                <svg width=\"34px\" height=\"23px\" viewbox=\"0 0 34 23\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                    <g id=\"Page-1\" stroke=\"none\" stroke-width=\"1\" fill=\"none\" fill-rule=\"evenodd\">\n                                        <g id=\"Shape\" transform=\"translate(0.939453, 1.530000)\" stroke-width=\"3\">\n                                            <path d=\"M19.810947,20.4179 L31.029947,9.14 M30.029947,10.1989 L0,10.1989 M31.029947,11.26 L19.810947,0\"><\/path>\n                                        <\/g>\n                                    <\/g>\n                                <\/svg>\n                                Where should we start?                            <\/h3>\n                            <div class=\"js-accordion-content fag-accordion__content\">\n                                <p>Start with SAST\/SCA on PRs, then add DAST on main merges and IaC scanning for cloud posture.<\/p>\n                            <\/div>\n                        <\/div>\n                                        <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n\n\n<script type=\"application\/ld+json\">{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"url\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"Is a vulnerability scan the same as DAST?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"No. DAST is one type of vulnerability scanning focused on live web apps\/APIs. Pair it with SAST, SCA, and IaC scanning for coverage.\"}},{\"@type\":\"Question\",\"name\":\"How do we reduce noise and false positives?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Tune rules, enable reachability signals, standardize suppressions, and fix in\u2011IDE. Track false\u2011positive rate as a KPI.\"}},{\"@type\":\"Question\",\"name\":\"Where should we start?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Start with SAST\/SCA on PRs, then add DAST on main merges and IaC scanning for cloud posture.\"}}]}<\/script>\n\n\n<p><strong>Next step:<\/strong> See how <a href=\"https:\/\/checkmarx.com\/product\/application-security-platform\/\">Checkmarx One<\/a> unifies SAST, SCA, DAST, IaC Security, and more &#8211; built for developers and AppSec to ship secure software faster.<\/p>","protected":false},"excerpt":{"rendered":"<p>A developer-first guide to vulnerability scanning across SAST, SCA, DAST, and IaC Security\u2014and how to operationalize it in CI\/CD. Definition A vulnerability scan is an automated check for known weaknesses and misconfigurations across your software surface &#8211; source code, third\u2011party packages, running web apps\/APIs, and infrastructure as code. In modern programs, scanning is continuous, shift\u2011left, [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":102070,"template":"","glossary-tags":[6],"class_list":["post-4812","glossary","type-glossary","status-publish","has-post-thumbnail","hentry","glossary-tags-application-security-testing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Vulnerability Scan: Definition, How It Works &amp; Best Practices | Checkmarx<\/title>\n<meta name=\"description\" content=\"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Scan: Definition, How It Works &amp; Best Practices | Checkmarx\" \/>\n<meta property=\"og:description\" content=\"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-13T20:44:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1279\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\",\"name\":\"Vulnerability Scan: Definition, How It Works & Best Practices | Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp\",\"datePublished\":\"2013-12-09T21:17:51+00:00\",\"dateModified\":\"2026-04-13T20:44:19+00:00\",\"description\":\"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp\",\"width\":2560,\"height\":1279,\"caption\":\"Breaking Down False Positives in Secrets Scanning\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Scan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability Scan: Definition, How It Works & Best Practices | Checkmarx","description":"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Scan: Definition, How It Works & Best Practices | Checkmarx","og_description":"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.","og_url":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-04-13T20:44:19+00:00","og_image":[{"width":2560,"height":1279,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/","url":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/","name":"Vulnerability Scan: Definition, How It Works & Best Practices | Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp","datePublished":"2013-12-09T21:17:51+00:00","dateModified":"2026-04-13T20:44:19+00:00","description":"A vulnerability scan is an automated check for security weaknesses. Learn how application vulnerability scanning works (SAST, SCA, DAST, IaC), how to add it to CI\/CD, and the metrics dev and AppSec teams track.","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/06\/Breaking-Down-False-Positives-in-Secrets-Scanning_2x-scaled.webp","width":2560,"height":1279,"caption":"Breaking Down False Positives in Secrets Scanning"},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/vulnerability-scan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Scan"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/4812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/4812\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/102070"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=4812"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=4812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}