Add support for OWASP CycloneDX Standards/Requirements format

[stevespringett]

The OWASP CycloneDX community has been working hard over the last three months to provide a way for the standard to represent:

• standards
• requirements
• attestations
• claims
• evidence
• ...

This capability will be included in the next version (v1.6) of CycloneDX, currently under development. This ticket is to formally request the MASVS project to produce a machine readable CycloneDX file (JSON) in addition to the existing MASVS-specific YAML.

https://github.com/CycloneDX/official-3rd-party-standards is a directory where we will be storing 3rd-party standards. We currently have BSIMM and ASVS completed with SSDF in progress. The goal is to have all OWASP standards represented in this directory as well.

In addition to being able to output CycloneDX from a script, the resulting cdx.json should also be included as part of future MASVS releases.

[cpholguera]

Hi @stevespringett! This is awesome! I'll take a look and see if we can integrate it in our pipeline so that on each new MASVS release it'll be automatically generated and you'll have a fixed URL to get it. Thank you very much!