diff --git a/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml b/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2c562febac1aa9e334a022fb1691bff83eb5cccc
--- /dev/null
+++ b/data/deprecations/16-9-dependency-scanning-incorrect-sbom-medatada.yml
@@ -0,0 +1,20 @@
+- title: "Dependency Scanning incorrect SBOM metadata properties"
+  removal_milestone: "17.0"
+  announcement_milestone: "16.9"
+  breaking_change: true
+  reporter: gonzoyumo
+  stage: Secure
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438779
+  body: |  # (required) Don't change this line.
+    GitLab 17.0 removes support for the following metadata properties in CycloneDX SBOM reports:
+
+    - `gitlab:dependency_scanning:input_file`
+    - `gitlab:dependency_scanning:package_manager`
+
+    These were added in GitLab 15.7 to the SBOM produced by Dependency Scanning. However, these properties were incorrect and didn't align with the [GitLab CycloneDX property taxonomy](https://docs.gitlab.com/ee/development/sec/cyclonedx_property_taxonomy.html).
+    The following correct properties were added in GitLab 15.11 to address this:
+
+    - `gitlab:dependency_scanning:input_file:path`
+    - `gitlab:dependency_scanning:package_manager:name`
+
+    The incorrect properties were kept for backward compatibility. They are now deprecated and will be removed in 17.0.
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index 7a7cac197405cf6bb1df27af3c1a21e0220658dc..500cbb40e62df0029752cdb981a663eee2b0c086 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -402,6 +402,31 @@ To help avoid being impacted by this breaking change, create new access tokens w
 
 <div class="deprecation breaking-change" data-milestone="17.0">
 
+### Dependency Scanning incorrect SBOM metadata properties
+
+<div class="deprecation-notes">
+- Announced in GitLab <span class="milestone">16.9</span>
+- Removal in GitLab <span class="milestone">17.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/438779).
+</div>
+
+GitLab 17.0 removes support for the following metadata properties in CycloneDX SBOM reports:
+
+- `gitlab:dependency_scanning:input_file`
+- `gitlab:dependency_scanning:package_manager`
+
+These were added in GitLab 15.7 to the SBOM produced by Dependency Scanning. However, these properties were incorrect and didn't align with the [GitLab CycloneDX property taxonomy](https://docs.gitlab.com/ee/development/sec/cyclonedx_property_taxonomy.html).
+The following correct properties were added in GitLab 15.11 to address this:
+
+- `gitlab:dependency_scanning:input_file:path`
+- `gitlab:dependency_scanning:package_manager:name`
+
+The incorrect properties were kept for backward compatibility. They are now deprecated and will be removed in 17.0.
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="17.0">
+
 ### Dependency Scanning support for sbt 1.0.X
 
 <div class="deprecation-notes">