search

OWASP / owasp-masvs

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
2.04k stars 433 forks source link

Add support for OWASP CycloneDX Standards/Requirements format #714

Closed stevespringett closed 2 months ago

stevespringett commented 1 year ago

The OWASP CycloneDX community has been working hard over the last three months to provide a way for the standard to represent:

This capability will be included in the next version (v1.6) of CycloneDX, currently under development. This ticket is to formally request the MASVS project to produce a machine readable CycloneDX file (JSON) in addition to the existing MASVS-specific YAML.

https://github.com/CycloneDX/official-3rd-party-standards is a directory where we will be storing 3rd-party standards. We currently have BSIMM and ASVS completed with SSDF in progress. The goal is to have all OWASP standards represented in this directory as well.

In addition to being able to output CycloneDX from a script, the resulting cdx.json should also be included as part of future MASVS releases.

cpholguera commented 1 year ago

Hi @stevespringett! This is awesome! I'll take a look and see if we can integrate it in our pipeline so that on each new MASVS release it'll be automatically generated and you'll have a fixed URL to get it. Thank you very much!