CycloneDX · mrutkows · Jan 2, 2026 · Jan 1, 2026 · Jan 1, 2026 · Jan 1, 2026
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
-[![License](https://img.shields.io/badge/CycloneDX-v1.2,1.3,1.4,1.5,1.6-darkcyan.svg)](https://github.com/CycloneDX/specification)
+[![License](https://img.shields.io/badge/CycloneDX-v1.2,1.3,1.4,1.5,1.6,1.7-darkcyan.svg)](https://github.com/CycloneDX/specification)
 [![License](https://img.shields.io/badge/SPDX-v2.1,2.2,2.3-purple.svg)](https://github.com/spdx/spdx-spec)
 [![Go Report Card](https://goreportcard.com/badge/github.com/CycloneDX/sbom-utility)](https://goreportcard.com/badge/github.com/CycloneDX/sbom-utility)
 <!--![CodeQL](https://github.com/CycloneDX/sbom-utility/actions/workflows/codeql.yml/badge.svg)-->
@@ -326,7 +326,7 @@ See each command's section for contextual examples of the `--where` flag filter
 
 ### Validate
 
-This command will parse standardized SBOMs and validate it against its declared format and version (e.g., SPDX 2.3, CycloneDX 1.6).
+This command will parse standardized SBOMs and validate it against its declared format and version (e.g., SPDX 2.3, CycloneDX 1.7).
 
 - Custom  variants of standard JSON schemas can be used for validation by supplying the `--variant` name as a flag.
 - Explicit JSON schemas can be specified using the `--force` flag.
@@ -2226,7 +2226,8 @@ This command supports the `--format` flag with any of the following values:
 ```bash
 name            variant      format     version   file                                             url
 ----            -------      ------     -------   ----                                             ---
-CycloneDX v1.6  (latest)     CycloneDX  1.6       schema/cyclonedx/1.6/bom-1.6.schema.json         https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.6.schema.json
+CycloneDX v1.7  (latest)     CycloneDX  1.7       schema/cyclonedx/1.7/bom-1.7.schema.json         https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.7.schema.json
+CycloneDX v1.6.1(latest)     CycloneDX  1.6       schema/cyclonedx/1.6/bom-1.6.schema.json         https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.6.schema.json
 CycloneDX v1.5  (latest)     CycloneDX  1.5       schema/cyclonedx/1.5/bom-1.5.schema.json         https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.5.schema.json
 CycloneDX v1.4  (latest)     CycloneDX  1.4       schema/cyclonedx/1.4/bom-1.4.schema.json         https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.4.schema.json
 CycloneDX v1.4  custom       CycloneDX  1.4       schema/test/bom-1.4-custom.schema.json

diff --git a/cmd/diff_test.go b/cmd/diff_test.go
@@ -45,7 +45,7 @@ const (
 // Test CycloneDX BOM deltas
 const (
 	TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA = "test/diff/cdx-1-4-mature-example-1-delta.json"
-	TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_2_DELTA = "test/diff/cdx-1-4-mature-example-2-delta.json"
+	TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_2_DELTA = "test/diff/cdx-1-4-mature-example-1-delta2.json"
 
 	TEST_DIFF_CDX_1_5_VULNERABILITY_BASE     = "test/diff/vulnerability/cdx-1-5-vulnerabilities-base.bom.json"
 	TEST_DIFF_CDX_1_5_VULNERABILITY_ADD_1    = "test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-add-1.bom.json"

diff --git a/cmd/validate_cdx_test.go b/cmd/validate_cdx_test.go
@@ -27,6 +27,7 @@ const (
 	TEST_CDX_1_4_MIN_REQUIRED = "test/cyclonedx/cdx-1-4-min-required.json"
 	TEST_CDX_1_5_MIN_REQUIRED = "test/cyclonedx/cdx-1-5-min-required.json"
 	TEST_CDX_1_6_MIN_REQUIRED = "test/cyclonedx/1.6/cdx-1-6-min-required.json"
+	TEST_CDX_1_7_MIN_REQUIRED = "test/cyclonedx/1.7/cdx-1-7-min-required.json"
 )
 
 // Tests for MLBOM subtypes
@@ -78,6 +79,11 @@ const (
 	TEST_CDX_SPEC_1_6_1_VALID_SPDX_LICENSE  = "test/cyclonedx/1.6/specification/valid-license-spdx-licenses-1.6.1.json"
 )
 
+const (
+	TEST_CDX_SPEC_1_7_VALID_CRYPTO_CITATION = "test/cyclonedx/1.7/cdx-1-7-valid-crypto-citation.json"
+	TEST_CDX_SPEC_1_7_COMP_VERSION_RANGE    = "test/cyclonedx/1.7/cdx-1-7-comp-version-range.json"
+)
+
 // -----------------------------------------------------------
 // CycloneDX - Min. requirement & Mature tests
 // -----------------------------------------------------------
@@ -102,6 +108,11 @@ func TestValidateCdx16MinRequiredBasic(t *testing.T) {
 	innerTestValidate(t, *vti)
 }
 
+func TestValidateCdx17MinRequiredBasic(t *testing.T) {
+	vti := NewValidateTestInfoMinimum(TEST_CDX_1_7_MIN_REQUIRED)
+	innerTestValidate(t, *vti)
+}
+
 func TestValidateCdx13Mature(t *testing.T) {
 	vti := NewValidateTestInfoMinimum(TEST_CDX_1_3_MATURE_EXAMPLE_1_BASE)
 	innerTestValidate(t, *vti)
@@ -195,3 +206,14 @@ func TestValidateCdx16SpdxLicense(t *testing.T) {
 	vti := NewValidateTestInfoMinimum(TEST_CDX_SPEC_1_6_1_VALID_SPDX_LICENSE)
 	innerTestValidate(t, *vti)
 }
+
+// 1.7 Tests
+func TestValidateCdx17CryptoCitation(t *testing.T) {
+	vti := NewValidateTestInfoMinimum(TEST_CDX_SPEC_1_7_VALID_CRYPTO_CITATION)
+	innerTestValidate(t, *vti)
+}
+
+func TestValidateCdx17ComponentVersionRange(t *testing.T) {
+	vti := NewValidateTestInfoMinimum(TEST_CDX_SPEC_1_7_COMP_VERSION_RANGE)
+	innerTestValidate(t, *vti)
+}
diff --git a/resources/config/config.json b/resources/config/config.json
@@ -154,7 +154,7 @@
                     "development": "https://github.com/CycloneDX/specification/blob/master/schema/bom-1.7.schema.json",
                     "url": "https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.7.schema.json",
                     "default": true,
-                    "dependencies": ["jsf-0.82.schema.json", "spdx.schema.json"]
+                    "dependencies": ["jsf-0.82.schema.json", "spdx.schema.json", "cryptography-defs.schema"]
                 },
                 {
                     "version": "1.3",