diff --git a/docs/software-supply-chain-assurance/artifact-security/sign-verify/sign-artifacts.md b/docs/software-supply-chain-assurance/artifact-security/sign-verify/sign-artifacts.md
index 30fb869f4ec..9256ed68f43 100644
--- a/docs/software-supply-chain-assurance/artifact-security/sign-verify/sign-artifacts.md
+++ b/docs/software-supply-chain-assurance/artifact-security/sign-verify/sign-artifacts.md
@@ -49,7 +49,7 @@ Artifact Signing step supports both [**container**](/docs/software-supply-chain-
### Container Images
-You can search for **Artifact Signing** and add it to either the **Build** or **Security** stage of a Harness pipeline
+You can search for **Artifact Signing** and add it to either the **Build** , **Deploy**, or **Security** stage of a Harness pipeline
:::note
diff --git a/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data.md b/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data.md
index 8c987c9765d..a10d78d475b 100644
--- a/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data.md
+++ b/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data.md
@@ -7,11 +7,13 @@ redirect_from:
- /docs/software-supply-chain-assurance/sbom/ingest-sbom-data
---
-import CosignKeyGeneration from '/docs/software-supply-chain-assurance/shared/generate-cosign-key-pair.md';
-A [Software Bill of Materials (SBOM)](https://cyclonedx.org/capabilities/sbom/) is a list of all the components, libraries, and other dependencies used in a software application. While Harness SCS enables you to [generate SBOMs](/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories), it also supports the ingestion of SBOMs in JSON, [SPDX](https://spdx.dev/learn/overview/) or [CycloneDx](https://cyclonedx.org/specification/overview/) formats, generated by any third-party tool.
-This document provides a step-by-step guide to configuring the SBOM Orchestration step within SCS to seamlessly ingest SBOMs. To illustrate the process, we'll walk through generating an SBOM using the Trivy CLI in a CI Run step, followed by its ingestion using the SBOM Orchestration step.
+A [Software Bill of Materials (SBOM)](https://cyclonedx.org/capabilities/sbom/) is a list of all the components, libraries, and other dependencies used in a software application. While Harness SCS enables you to [generate SBOMs](/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories), it also supports the ingestion of SBOMs in JSON, [SPDX](https://spdx.dev/learn/overview/) or [CycloneDX](https://cyclonedx.org/specification/overview/) formats, generated by any third-party tool.
+
+Configure the SBOM Orchestration step in SCS to seamlessly ingest SBOM. In this example, we will generate an SBOM using the Trivy CLI in a CI Run step, and then ingest it using the SBOM Orchestration step.
+
+You can ingest SBOM for both [container](/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data#container-images) and [non-container](/docs/software-supply-chain-assurance/open-source-management/ingest-sbom-data#non-container-images) images.
-## Generate the keys for SBOM Attestation - optional
-
-import GenerateKeysPrerequisite from '/docs/software-supply-chain-assurance/shared/generate-consign-keys-prerequisite.md';
-
-
-
## Configure your pipeline to ingest SBOM
1. In your Harness pipeline, Navigate to the stage where you want to ingest the SBOM, and select the **Overview** tab.
@@ -55,28 +51,69 @@ import GenerateKeysPrerequisite from '/docs/software-supply-chain-assurance/shar
::: -->
4. If your SBOM tool can't output directly to your **Shared Path**, then add commands or a **Run** step to copy the SBOM into the directory specified in **Shared Paths**.
-5. Add an [SBOM Orchestration step](/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories) configured to ingest the SBOM:
:::info
**SBOM Orchestration** step in deploy stage can only be used in the [Containerized Step Groups](/docs/continuous-delivery/x-platform-cd-features/cd-steps/containerized-steps/containerized-step-groups.md)
:::
+
+### Container Images
+
+Follow the instructions below to ingest the SBOM for container images:
+
* **Step Mode:** Set the step mode to **Ingestion**.
* **SBOM File Path:** enter the path to the SBOM file generated by your SBOM tool.
* **Source:** Set the source, which can be Docker Registry, ECR, GCR, ACR or Repository. Depending on your selection, a unique set of fields will appear, each specific to the source you've chosen. Address these fields as required, this is similar to configuring the source in SBOM Orchestration step. For more details of what each field entails, please refer to the [documentation on SBOM Orchestration](/docs/software-supply-chain-assurance/open-source-management/generate-sbom-for-repositories). If you are using Docker Registry, you can follow along.
* **Image:** Enter the name of your image with tag or digest, such as `my-docker-org/repo-name:tag` or `my-docker-org/repo-name@sha256:digest` .
-
- Generate key pairs using Cosign for SBOM Attestation
-
+ You can securely sign the artifacts using **Cosign** or **Cosign with Secret Manager**
+
+import GenerateKeysPrerequisite from '/docs/software-supply-chain-assurance/shared/generate-cosign-artifact.md';
+
+
+
+
+
+
+
+### Non-Container Images:
-
+Artifacts aren’t limited to container images. With the SBOM Orchestration step, you can also ingest SBOMs for non-container artifacts, with each artifact uniquely identified by its digest (SHA).
+
+The following are the non-container artifact types are supported:
+
+- Helm (`.tgz`)
+- YAML manifest (`.yaml`, `.yml`)
+- Jar (`.jar`)
+- War (`.war`)
+- Artifacts that are not listed above will be considered as `Unknown` type.
+
+
+Follow the instructions below to ingest the SBOM for non-container images:
+
+**Name:** Provide a name for the sbom step.
+
+**SBOM File Path:** Enter the path to the SBOM file generated by the SBOM tool.
+
+**Artifact Source:** Select the Harness Local Stage as the source of the artifact.
+
+**Workspace Artifact Path:** Provide the exact path to the artifact within the workspace. Ensure that you run a custom step to pull the artifact into the workspace directory.
+
+**Target Detection:** Choose between Auto and Manual.
+
+**Auto (default):** Automatically sets the artifact name from the provided path.
+
+**Manual:** Allows you to manually specify the artifact name and version.
+
+:::note
+
+SBOM ingestion for non-container artifacts does not currently support attestation, and the SBOM policy enforcement step.
+
+:::
- * **Private Key (optional):** Input your Private key from the [Harness file secret](/docs/platform/secrets/add-file-secrets).
- * **Password (optional):** Input your Password for the Private key from the [Harness file secret](/docs/platform/secrets/add-file-secrets).
+
-
## Run the pipeline
diff --git a/docs/software-supply-chain-assurance/open-source-management/static/sbom-ingestion-step.png b/docs/software-supply-chain-assurance/open-source-management/static/sbom-ingestion-step.png
new file mode 100644
index 00000000000..0e97e856f38
Binary files /dev/null and b/docs/software-supply-chain-assurance/open-source-management/static/sbom-ingestion-step.png differ
diff --git a/docs/software-supply-chain-assurance/open-source-management/static/sbom-non-container.png b/docs/software-supply-chain-assurance/open-source-management/static/sbom-non-container.png
new file mode 100644
index 00000000000..fa4d1621f92
Binary files /dev/null and b/docs/software-supply-chain-assurance/open-source-management/static/sbom-non-container.png differ