diff --git a/docs/cli/how-tos/fetch-sboms.mdx b/docs/cli/how-tos/fetch-sboms.mdx
index 276ac6476..5fd3701c8 100644
--- a/docs/cli/how-tos/fetch-sboms.mdx
+++ b/docs/cli/how-tos/fetch-sboms.mdx
@@ -1,6 +1,10 @@
# How to fetch SBOMs for Sourcegraph
-Sourcegraph generates and cryptographically signs a Software Bill of Materials (SBOM) for each container image in every release. These SBOMs are stored in our container registry alongside their corresponding images.
+
+**Deprecated:** As of Sourcegraph 7.0.2852, we no longer generate SBOMs as part of the release process. The `src sbom fetch` command will only work for Sourcegraph releases between 5.9.0 and 7.0.2852. For questions about software supply chain security, please contact your Sourcegraph account team.
+
+
+Sourcegraph generated and cryptographically signed a Software Bill of Materials (SBOM) for each container image in releases 5.9.0 through 7.0.2852. These SBOMs are stored in our container registry alongside their corresponding images.
Use the Sourcegraph CLI (`src`) to fetch SBOMs for a specific release.
@@ -14,7 +18,7 @@ Use the Sourcegraph CLI (`src`) to fetch SBOMs for a specific release.
1. Determine the Sourcegraph version to verify. Use either a [recent release](https://sourcegraph.com/changelog/releases) or your instance's current version.
- > **Note:** SBOMs are only available only for Sourcegraph release 5.9.0 and later.
+ > **Note:** SBOMs are only available for Sourcegraph releases 5.9.0 through 7.0.2852.
To find your instance's current version, check your deployment or view the Settings page on your Sourcegraph instance (version shown in bottom left corner).
diff --git a/docs/cli/how-tos/index.mdx b/docs/cli/how-tos/index.mdx
index c32c04c73..5cf06d835 100644
--- a/docs/cli/how-tos/index.mdx
+++ b/docs/cli/how-tos/index.mdx
@@ -5,5 +5,5 @@ The following how-tos apply to the `src` command line interface to Sourcegraph:
- [Creating an access token](/cli/how-tos/creating-an-access-token)
- [Revoking an access token](/cli/how-tos/revoking-an-access-token)
- [Managing access tokens](/cli/how-tos/managing-access-tokens)
-- [How to fetch SBOMs for Sourcegraph](/cli/how-tos/fetch-sboms)
-- [How to verify container signatures for Sourcegraph releases](/cli/how-tos/verify-container-signatures)
+- [How to fetch SBOMs for Sourcegraph (deprecated)](/cli/how-tos/fetch-sboms)
+- [How to verify container signatures for Sourcegraph releases (deprecated)](/cli/how-tos/verify-container-signatures)
diff --git a/docs/cli/how-tos/verify-container-signatures.mdx b/docs/cli/how-tos/verify-container-signatures.mdx
index 14011c573..ee32e5cc3 100644
--- a/docs/cli/how-tos/verify-container-signatures.mdx
+++ b/docs/cli/how-tos/verify-container-signatures.mdx
@@ -1,6 +1,10 @@
# How to verify container signatures for Sourcegraph releases
-Sourcegraph publishes cryptographic signatures for all container images included in each release. These signatures can be used to verify the authenticity and integrity of the downloaded images.
+
+**Deprecated:** As of Sourcegraph 7.0.2852, we no longer publish container signatures as part of the release process. The `src signature verify` command will only work for Sourcegraph releases between 5.11.4013 and 7.0.2852. For questions about software supply chain security, please contact your Sourcegraph account team.
+
+
+Sourcegraph published cryptographic signatures for all container images included in releases 5.11.4013 through 7.0.2852. These signatures can be used to verify the authenticity and integrity of the downloaded images.
To verify signatures for a specific release, use the Sourcegraph CLI (`src`). This tool validates that all images in the release were signed by Sourcegraph and displays the SHA256 hashes of the verified images.
@@ -14,7 +18,7 @@ To verify signatures for a specific release, use the Sourcegraph CLI (`src`). Th
1. Determine the Sourcegraph version to verify. Use either a [recent release](https://sourcegraph.com/changelog/releases) or your instance's current version.
- > **Note:** Signature verification is available only for Sourcegraph release 5.11.4013 and later.
+ > **Note:** Signature verification is available only for Sourcegraph releases 5.11.4013 through 7.0.2852.
To find your instance's current version, check your deployment or view the Settings page on your Sourcegraph instance (version shown in bottom left corner).
diff --git a/docs/cli/references/index.mdx b/docs/cli/references/index.mdx
index 5f606371d..c511872ba 100644
--- a/docs/cli/references/index.mdx
+++ b/docs/cli/references/index.mdx
@@ -15,11 +15,11 @@
* [`lsp`](references/lsp)
* [`orgs`](references/orgs)
* [`repos`](references/repos)
-* [`sbom`](references/sbom)
+* [`sbom` (deprecated)](references/sbom)
* [`search`](references/search)
* [`search-jobs`](references/search-jobs)
* [`serve-git`](references/serve-git)
-* [`signature`](references/signature)
+* [`signature` (deprecated)](references/signature)
* [`snapshot`](references/snapshot)
* [`teams`](references/teams)
* [`users`](references/users)
diff --git a/docs/cli/references/sbom.mdx b/docs/cli/references/sbom.mdx
index 76dd910b3..e3750cf6a 100644
--- a/docs/cli/references/sbom.mdx
+++ b/docs/cli/references/sbom.mdx
@@ -1,11 +1,13 @@
# `src sbom`
-
+
+**Deprecated:** SBOMs are no longer generated for Sourcegraph releases after version 7.0.2852.
+
## Usage
```
-'src sbom' fetches and verifies SBOM (Software Bill of Materials) data for Sourcegraph containers.
+'src sbom' fetches and verifies SBOM (Software Bill of Materials) data for Sourcegraph containers for releases 5.9.0 through 7.0.2852.
Usage:
diff --git a/docs/cli/references/signature.mdx b/docs/cli/references/signature.mdx
index a335f9ca9..b050db010 100644
--- a/docs/cli/references/signature.mdx
+++ b/docs/cli/references/signature.mdx
@@ -1,11 +1,13 @@
# `src signature`
-
+
+**Deprecated:** Container signatures are no longer published for Sourcegraph releases after version 7.0.2852.
+
## Usage
```
-'src signature' verifies published signatures for Sourcegraph containers.
+'src signature' verifies published signatures for Sourcegraph containers for releases 5.11.4013 through 7.0.2852.
Usage: