Acceptable Quality Level

Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities

Method of Assessment

Clean tests from a static testing SaaS (such as npm audit) and from OWASP ZAP, along with documentation explaining any false positives

Performance Standard(s)

OWASP Application Security Verification Standard 4.0, Level 2