We’re starting the development of a new app and want to make sure we don’t have any issues when we get to the review stage. The new app registration mentions a few items to check, are all of these required for passing the review process?
Specifically the 3rd party penetration testing, or soc2 compliance, or iso27000 compliance.
We do use SAST and SSDLC practices.
The items in the Security section are not necessarily hard requirements. If you use use SAST and SSDLC practices, then describe this in detail in your Technical Design Document, and the Security Team will follow up with if they have questions.
You can read more about Security best practices for Marketplace apps here: Security Best Practices