fix: broken links

.github/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+Thank you for your interest in contributing to the Security Insights Specification!
+
+## How to Contribute
+
+1. [Fork](https://docs.github.com/en/get-started/quickstart/fork-a-repo) the repository to your own GitHub account.
+2. Make changes or improvements to the specification document in your forked repository.
+3. Create a [Pull Request](https://docs.github.com/en/get-started/quickstart/opening-a-pull-request) with a clear title and description of your changes.
+
+## Issue Reporting
+
+If you find issues or inconsistencies in the specification, please [open an issue](https://docs.github.com/en/get-started/quickstart/opening-an-issue) with a detailed description.
+
+## Review Process
+
+Our team will review your contributions and provide feedback. Once approved, we'll merge your changes.
+
+Reach out to us on [Slack](https://openssf.slack.com/messages/security_insights) or join a [community meeting](https://calendar.google.com/calendar?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) for the Metrics & Metadata working group.
+
+## Code of Conduct
+
+Please adhere to our [Code of Conduct](https://github.com/ossf/.github/CODE_OF_CONDUCT.md) when participating in this project.
+
+## Licensing
+
+By contributing, you agree that your contributions will be licensed under the [project's license](LICENSE.md).
+
+## Thanks!
+
+Thank you for helping improve the Security Insights Specification!

.github/SECURITY.md

@@ -0,0 +1,7 @@
+# Reporting Security Issues
+
+To report a security issue or vulnerability, submit a [private vulnerability report via GitHub](https://github.com/ossf/security-insights-spec/security/advisories/new) to the repository maintainers with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within 7 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
+
+Other contacts: [email protected]

specification-details/aliases.md

@@ -97,13 +97,18 @@ A list of objects describing various release attestations or artifacts.
 
 ## Validation Types
 
-- `date`
+### `date`
+
   - **Type**: `string`
   - **Description**: A date in ISO 8601 format (`YYYY-MM-DD`).
-- `email`
+
+### `email`
+
   - **Type**: `string`
   - **Matches Pattern**: `^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}$`
-- `url`
+
+### `url`
+
   - **Type**: `string`
   - **Matches Pattern**: `^https?://[^\\s]+$`
 

specification-details/header.md

@@ -46,6 +46,6 @@ The `header` object captures high-level metadata about the schema.
 
 ---
 
-[URL]: #url
-[Email]: #email
-[Date]: #date
+[URL]: ./aliases.md#url
+[Email]: ./aliases.md#email
+[Date]: ./aliases.md#date

specification-details/project.md

@@ -31,7 +31,7 @@ Optional:
 
 ## `project.administrators`
 
-- **Type**: `slice` of [contacts]
+- **Type**: `slice` of [Contact]
 - **Description**: A list of individuals who have administrative access to the project's resources.
 
 ---
@@ -157,4 +157,3 @@ An object containing references to key documentation URLs.
 
 [URL]: ./aliases.md#url
 [Contact]: ./aliases.md#contact
-[contacts]: ./aliases.md#contact

specification-details/repository.md

@@ -70,7 +70,7 @@ Optional top-level fields:
 
 ## `repository.core-team`
 
-- **Type**: `slice` of [contacts]
+- **Type**: `slice` of [Contact]
 - **Description**: A list of core team members for this repository, such as maintainers or approvers.
 
 ---
@@ -203,7 +203,6 @@ An object describing release-related details for this repository.
 ---
 
 [Assessment]: ./aliases.md#assessment
-[contacts]: ./aliases.md#contact
 [Contact]: ./aliases.md#contact
 [License]: ./aliases.md#license
 [Link]: ./aliases.md#link