Acceptable Quality Level
Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities
Method of Assessment
Clean tests from a static testing SaaS (such as npm audit) and from OWASP ZAP, along with documentation explaining any false positives
Performance Standard(s)
OWASP Application Security Verification Standard 4.0, Level 2