The current CycloneDX export is invalid and does not validate against the spec.
Specifically, the spec requires that the standards array be in the definitions property. The current ASVS export puts them in the declarations property, which is specific to attestations, not standards.
The current CycloneDX export is invalid and does not validate against the spec.
Specifically, the spec requires that the
standardsarray be in thedefinitionsproperty. The current ASVS export puts them in thedeclarationsproperty, which is specific to attestations, not standards.