Update SBOM docs to align with signature verification

Author: willdollman

docs/cli/how-tos/fetch_sboms.mdx

@@ -1,16 +1,26 @@
 # How to fetch SBOMs for Sourcegraph
 
-Sourcegraph publishes a Software Bill of Materials (SBOM) for each of its container images. The SBOMs for each Sourcegraph release are signed, and stored in our container registry alongside our published container images.
+Sourcegraph generates and cryptographically signs a Software Bill of Materials (SBOM) for each container image in every release. These SBOMs are stored in our container registry alongside their corresponding images.
 
-To retrieve the SBOMs for a specific release, you can use the `src` command line interface for Sourcegraph:
+Use the Sourcegraph CLI (`src`) to fetch SBOMs for a specific release.
 
-1. Install `src` by following the [Quickstart](../quickstart.mdx).
-2. Install `cosign` by following the [Installation Guide](https://docs.sigstore.dev/cosign/system_config/installation/).
-3. Identify the version of Sourcegraph your require SBOMs for. This may be a [recent release](../../CHANGELOG.mdx), or your instance's current version.
-    1. SBOMs are only available for Sourcegraph release 5.9.0 and later.
-    2. Find your instance's current version by checking your deployment, or by visiting the Settings page on your Sourcegraph instance and checking the version shown in the bottom left corner.
-    ![](https://storage.googleapis.com/sourcegraph-assets/docs/images/settings/view-version-scaled.png)
-4. Run `src sbom fetch -v <version>` to fetch SBOMs for all containers in this release. `src` will automatically validate that all SBOMs were signed by Sourcegraph.
+## Prerequisites
+
+1. Install `src` following the [Quickstart](../quickstart.mdx).
+
+2. Install `cosign` following the [Installation Guide](https://docs.sigstore.dev/cosign/system_config/installation/).
+
+## Fetching SBOMs
+
+1. Determine the Sourcegraph version to verify. Use either a [recent release](../../CHANGELOG.mdx) or your instance's current version.
+
+   > **Note:** SBOMs are only available only for Sourcegraph release 5.9.0 and later.
+
+   To find your instance's current version, check your deployment or view the Settings page on your Sourcegraph instance (version shown in bottom left corner).
+
+   ![Version location in settings](https://storage.googleapis.com/sourcegraph-assets/docs/images/settings/view-version-scaled.png)
+
+2. Run `src sbom fetch -v <version>` to fetch SBOMs for all containers in this release. `src` will automatically validate that all SBOMs were signed by Sourcegraph.
     ```
     # Fetch SBOMs for Sourcegraph release 5.9.0
     $ src sbom fetch -v 5.9.0
@@ -29,6 +39,6 @@ To retrieve the SBOMs for a specific release, you can use the `src` command line
 
     Your Sourcegraph deployment may not use all of these images. Please check your deployment to confirm which images are used.
     ```
-5. Once completed, you can find the set of validated SBOMs under `sourcegraph-sboms/sourcegraph-<version>/`.
+3. Once completed, find the set of validated SBOMs under `sourcegraph-sboms/sourcegraph-<version>/`.
 
-**Note:** `src sbom fetch` will retrieve SBOMs for **all** containers that make up a Sourcegraph release. Your Sourcegraph instance will use only a subset of these containers - please check your deployment to determine which SBOM files are relevant to your deployment.
+**Important:** `src sbom fetch` will retrieve SBOMs for **all** containers that make up a Sourcegraph release. Your Sourcegraph instance will use only a subset of these containers - please check your deployment to determine which SBOM files are relevant to your deployment.