As of now in order to set up SKF we have a data initialiser file where we hardcode all the ASVS requirements and also set up the first ASVS projects. Whenever ASVS does a new update it is a tremendous amount of work to update this file to get it up to date with the latest ASVS release. Therefore, it always takes a significant amount of time after an ASVS release before this is updated in the OWASP SKF. We need to create an automated way to import the ASVS into the SKF and refactor the init data file.
As of now in order to set up SKF we have a data initialiser file where we hardcode all the ASVS requirements and also set up the first ASVS projects. Whenever ASVS does a new update it is a tremendous amount of work to update this file to get it up to date with the latest ASVS release. Therefore, it always takes a significant amount of time after an ASVS release before this is updated in the OWASP SKF. We need to create an automated way to import the ASVS into the SKF and refactor the init data file.
Maybe create yaml structure that we can consume?