aren’t fully confident that code isn’t free of vulns before going live in production
If you're fully confident that your code has no vulnerabilities whatsoever, you've either performed a deep and expensive audit of your code and every library it calls...or you're delusional.
We can try for best effort and not thinking that there are any vulnerabilities (management permitting), but that's absolutely not the same thing as "fully confident".