Update vulnerabilities.md

docs/docs/ref/policies/vulnerabilities.md

@@ -6,7 +6,7 @@ sidebar_position: 60
 # Known Vulnerabilities Policy
 
 For every pull request submitted to a repository, this rule will check if the pull request
-adds a new dependency with known vulnerabilities. If it does, the rule will fail and the
+adds a new dependency with known vulnerabilities based on the [OSV database](https://osv.dev/). If it does, the rule will fail and the
 pull request will be rejected or commented on.
 
 ## Entity
@@ -23,12 +23,12 @@ pull request will be rejected or commented on.
 The `pr_vulnerability_check` rule has the following options:
 
 - `action` (string): The action to take if a vulnerability is found. Valid values are:
-    - `review` - minder will review the PR, suggest changes and mark the PR as changes requested if a vulnerability is found
-    - `commit_status` - mediator will comment and suggest changes on the PR if a vulnerability is found. Additionally, mediator
+    - `review`: Minder will review the PR, suggest changes and mark the PR as changes requested if a vulnerability is found
+    - `commit_status`: Minder will comment and suggest changes on the PR if a vulnerability is found. Additionally, Minder
       will set the commit_status of the PR `HEAD` to `failed` to prevent the commit from being merged
-    - `comment` - mediator will comment and suggest changes on the PR if a vulnerability is found, but not request changes
-    - `summary` - the evaluator engine will add a single summary comment with a table listing the vulnerabilities found
-    - `profile_only` - the evaluator engine will merely pass on an error, marking the profile as failed if a vulnerability is found
+    - `comment`: Minder will comment and suggest changes on the PR if a vulnerability is found, but not request changes
+    - `summary`: The evaluator engine will add a single summary comment with a table listing the vulnerabilities found
+    - `profile_only`: The evaluator engine will merely pass on an error, marking the profile as failed if a vulnerability is found
 - `ecosystem_config`: An array of ecosystem configurations to check. Each ecosystem configuration has the following options:
     - `name` (string): The name of the ecosystem to check. Currently `npm`, `go` and `pypi` are supported.
     - `vulnerability_database_type` (string): The kind of vulnerability database to use. Currently only `osv` is supported.
@@ -39,11 +39,11 @@ The `pr_vulnerability_check` rule has the following options:
         - `url` (string): The URL of the Go sum repository to use.
 
 Note that if the `review` action is selected, `minder` will only be able to mark the PR as changes requested if the submitter
-is not the same as the minder identity. If the submitter is the same as the
-minder identity, the PR will only be commented on.
+is not the same as the Minder identity. If the submitter is the same as the
+Minder identity, the PR will only be commented on.
 
 Also note that if `commit_status` action is selected, the PR can only be prevented from merging if the branch protection rules
-are set to require a passing commit status check on the `minder.stacklok.dev/pr-vulncheck` status.
+are set to require a passing commit status.
 
 ## Examples
 
@@ -64,4 +64,4 @@ are set to require a passing commit status check on the `minder.stacklok.dev/pr-
       url: https://proxy.golang.org
     sum_repository:
       url: https://sum.golang.org
-```
+```