sourcegraph · DaedalusG · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026 · Mar 13, 2026
diff --git a/docs/cli/how-tos/fetch-sboms.mdx b/docs/cli/how-tos/fetch-sboms.mdx
@@ -1,6 +1,10 @@
 # How to fetch SBOMs for Sourcegraph
 
-Sourcegraph generates and cryptographically signs a Software Bill of Materials (SBOM) for each container image in every release. These SBOMs are stored in our container registry alongside their corresponding images.
+<Callout type="warning">
+**Deprecated:** As of Sourcegraph 7.0.2852, we no longer generate SBOMs as part of the release process. The `src sbom fetch` command will only work for Sourcegraph releases between 5.9.0 and 7.0.2852. For questions about software supply chain security, please contact your Sourcegraph account team.
+</Callout>
+
+Sourcegraph generated and cryptographically signed a Software Bill of Materials (SBOM) for each container image in releases 5.9.0 through 7.0.2852. These SBOMs are stored in our container registry alongside their corresponding images.
 
 Use the Sourcegraph CLI (`src`) to fetch SBOMs for a specific release.
 
@@ -14,7 +18,7 @@ Use the Sourcegraph CLI (`src`) to fetch SBOMs for a specific release.
 
 1. Determine the Sourcegraph version to verify. Use either a [recent release](https://sourcegraph.com/changelog/releases) or your instance's current version.
 
-    > **Note:** SBOMs are only available only for Sourcegraph release 5.9.0 and later.
+    > **Note:** SBOMs are only available for Sourcegraph releases 5.9.0 through 7.0.2852.
 
     To find your instance's current version, check your deployment or view the Settings page on your Sourcegraph instance (version shown in bottom left corner).
 

diff --git a/docs/cli/how-tos/index.mdx b/docs/cli/how-tos/index.mdx
@@ -5,5 +5,5 @@ The following how-tos apply to the `src` command line interface to Sourcegraph:
 -   [Creating an access token](/cli/how-tos/creating-an-access-token)
 -   [Revoking an access token](/cli/how-tos/revoking-an-access-token)
 -   [Managing access tokens](/cli/how-tos/managing-access-tokens)
--   [How to fetch SBOMs for Sourcegraph](/cli/how-tos/fetch-sboms)
--   [How to verify container signatures for Sourcegraph releases](/cli/how-tos/verify-container-signatures)
+-   [How to fetch SBOMs for Sourcegraph (deprecated)](/cli/how-tos/fetch-sboms)
+-   [How to verify container signatures for Sourcegraph releases (deprecated)](/cli/how-tos/verify-container-signatures)
diff --git a/docs/cli/how-tos/verify-container-signatures.mdx b/docs/cli/how-tos/verify-container-signatures.mdx
@@ -1,6 +1,10 @@
 # How to verify container signatures for Sourcegraph releases
 
-Sourcegraph publishes cryptographic signatures for all container images included in each release. These signatures can be used to verify the authenticity and integrity of the downloaded images.
+<Callout type="warning">
+**Deprecated:** As of Sourcegraph 7.0.2852, we no longer publish container signatures as part of the release process. The `src signature verify` command will only work for Sourcegraph releases between 5.11.4013 and 7.0.2852. For questions about software supply chain security, please contact your Sourcegraph account team.
+</Callout>
+
+Sourcegraph published cryptographic signatures for all container images included in releases 5.11.4013 through 7.0.2852. These signatures can be used to verify the authenticity and integrity of the downloaded images.
 
 To verify signatures for a specific release, use the Sourcegraph CLI (`src`). This tool validates that all images in the release were signed by Sourcegraph and displays the SHA256 hashes of the verified images.
 
@@ -14,7 +18,7 @@ To verify signatures for a specific release, use the Sourcegraph CLI (`src`). Th
 
 1. Determine the Sourcegraph version to verify. Use either a [recent release](https://sourcegraph.com/changelog/releases) or your instance's current version.
 
-    > **Note:** Signature verification is available only for Sourcegraph release 5.11.4013 and later.
+    > **Note:** Signature verification is available only for Sourcegraph releases 5.11.4013 through 7.0.2852.
 
     To find your instance's current version, check your deployment or view the Settings page on your Sourcegraph instance (version shown in bottom left corner).
 

diff --git a/docs/cli/references/index.mdx b/docs/cli/references/index.mdx
@@ -15,11 +15,11 @@
 * [`lsp`](references/lsp)
 * [`orgs`](references/orgs)
 * [`repos`](references/repos)
-* [`sbom`](references/sbom)
+* [`sbom` (deprecated)](references/sbom)
 * [`search`](references/search)
 * [`search-jobs`](references/search-jobs)
 * [`serve-git`](references/serve-git)
-* [`signature`](references/signature)
+* [`signature` (deprecated)](references/signature)
 * [`snapshot`](references/snapshot)
 * [`teams`](references/teams)
 * [`users`](references/users)

diff --git a/docs/cli/references/sbom.mdx b/docs/cli/references/sbom.mdx
@@ -1,11 +1,13 @@
 # `src sbom`
 
-
+<Callout type="warning">
+**Deprecated:** SBOMs are no longer generated for Sourcegraph releases after version 7.0.2852.
+</Callout>
 
 ## Usage
 
 ```
-'src sbom' fetches and verifies SBOM (Software Bill of Materials) data for Sourcegraph containers.
+'src sbom' fetches and verifies SBOM (Software Bill of Materials) data for Sourcegraph containers for releases 5.9.0 through 7.0.2852.
 
 Usage:
 

diff --git a/docs/cli/references/signature.mdx b/docs/cli/references/signature.mdx
@@ -1,11 +1,13 @@
 # `src signature`
 
-
+<Callout type="warning">
+**Deprecated:** Container signatures are no longer published for Sourcegraph releases after version 7.0.2852.
+</Callout>
 
 ## Usage
 
 ```
-'src signature' verifies published signatures for Sourcegraph containers.
+'src signature' verifies published signatures for Sourcegraph containers for releases 5.11.4013 through 7.0.2852.
 
 Usage: