Minor updates to the governance docs

CONTRIBUTING.md

@@ -1,7 +1,7 @@
-# Contributing to osv-mcp <!-- omit from toc -->
+# Contributing to `osv-mcp` <!-- omit from toc -->
 
 First off, thank you for taking the time to contribute to osv-mcp! :+1: :tada:
-osv-mcp is released under the MIT license. If you would like to
+osv-mcp is released under the Apache 2.0 license. If you would like to
 contribute something or want to hack on the code, this document should help you
 get started. You can find some hints for starting development in osv-mcp's
 [README](https://github.com/StacklokLabs/osv-mcp/blob/main/README.md).
@@ -14,7 +14,6 @@ get started. You can find some hints for starting development in osv-mcp's
   - [Using GitHub Issues](#using-github-issues)
   - [Not sure how to start contributing?](#not-sure-how-to-start-contributing)
   - [Pull request process](#pull-request-process)
-  - [Contributing to docs](#contributing-to-docs)
   - [Commit message guidelines](#commit-message-guidelines)
 
 ## Code of conduct
@@ -37,8 +36,8 @@ security vulnerabilities using GitHub issues; instead, please follow this
 ### Using GitHub Issues
 
 We use GitHub issues to track bugs and enhancements. If you have a general usage
-question, please ask in
-[osv-mcp's discussion forum](https://discord.gg/stacklok).
+question, please ask in the #mcp-servers channel of the
+[Stacklok Discord server](https://discord.gg/stacklok).
 
 If you are reporting a bug, please help to speed up problem diagnosis by
 providing as much information as possible. Ideally, that would include a small
@@ -51,7 +50,10 @@ PRs to resolve existing issues are greatly appreciated and issues labeled as
 are a great place to start!
 
 ### Pull request process
--All commits must include a Signed-off-by trailer at the end of each commit message to indicate that the contributor agrees to the Developer Certificate of Origin. For additional details, check out the [DCO instructions](dco.md).
+
+-All commits must include a Signed-off-by trailer at the end of each commit
+message to indicate that the contributor agrees to the Developer Certificate of
+Origin. For additional details, check out the [DCO instructions](dco.md).
 
 - Create an issue outlining the fix or feature.
 - Fork the osv-mcp repository to your own GitHub account and clone it locally.
@@ -66,10 +68,6 @@ are a great place to start!
 - Once approved, all of your commits will be squashed into a single commit with
   your PR title.
 
-### Contributing to docs
-
-TBD
-
 ### Commit message guidelines
 
 We follow the commit formatting recommendations found on
@@ -80,4 +78,4 @@ We follow the commit formatting recommendations found on
 1. Capitalize the subject line
 1. Do not end the subject line with a period
 1. Use the imperative mood in the subject line
-1. Use the body to explain what and why vs. how
+1. Use the body to explain what and why vs. how

SECURITY.md

@@ -1,7 +1,7 @@
 # Security Policy
 
-The StacklokLabs community take security seriously! We appreciate your efforts to
-disclose your findings responsibly and will make every effort to acknowledge
+The StacklokLabs community take security seriously! We appreciate your efforts
+to disclose your findings responsibly and will make every effort to acknowledge
 your contributions.
 
 ## Reporting a vulnerability
@@ -46,8 +46,8 @@ with the fix and release process.
 
 ## Patch, release, and public communication
 
-For each vulnerability, the StacklokLabs security team will coordinate to create the
-fix and release, and notify the rest of the community.
+For each vulnerability, the StacklokLabs security team will coordinate to create
+the fix and release, and notify the rest of the community.
 
 All of the timelines below are suggestions and assume a Private Disclosure.
 
@@ -137,7 +137,7 @@ realistic timeline can be communicated to users.
   version. An announcement template is available below. The announcement will be
   sent to the following channels:
 - A link to fix will be posted to the
-  [Stacklok Discord Server](https://discord.gg/stacklok) in the #osv-mcp
+  [Stacklok Discord Server](https://discord.gg/stacklok) in the #mcp-servers
   channel.
 
 ## Retrospective
@@ -150,4 +150,4 @@ retrospective process
   [Stacklok Discord Server](https://discord.gg/stacklok) including details on
   everyone involved, the timeline of the process, links to relevant PRs that
   introduced the issue, if relevant, and any critiques of the response and
-  release process.
+  release process.

dco.md

@@ -1,17 +1,27 @@
 # Developer Certificate of Origin (DCO)
-In order to contribute to the project, you must agree to the Developer Certificate of Origin. A [Developer Certificate of Origin (DCO)](https://developercertificate.org/)
-is an affirmation that the developer contributing the proposed changes has the necessary rights to submit those changes.
-A DCO provides some additional legal protections while being relatively easy to do. 
+
+In order to contribute to the project, you must agree to the Developer
+Certificate of Origin. A
+[Developer Certificate of Origin (DCO)](https://developercertificate.org/) is an
+affirmation that the developer contributing the proposed changes has the
+necessary rights to submit those changes. A DCO provides some additional legal
+protections while being relatively easy to do.
 
 The entire DCO can be summarized as:
-- Certify that the submitted code can be submitted under the open source license of the project (e.g. MIT)
-- I understand that what I am contributing is public and will be redistributed indefinitely
 
+- Certify that the submitted code can be submitted under the open source license
+  of the project (e.g. MIT)
+- I understand that what I am contributing is public and will be redistributed
+  indefinitely
 
 ## How to Use Developer Certificate of Origin
-In order to contribute to the project, you must agree to the Developer Certificate of Origin. To confirm that you agree, your commit message must include a Signed-off-by trailer at the bottom of the commit message. 
+
+In order to contribute to the project, you must agree to the Developer
+Certificate of Origin. To confirm that you agree, your commit message must
+include a Signed-off-by trailer at the bottom of the commit message.
 
 For example, it might look like the following:
+
 ```bash
 A commit message
 
@@ -20,14 +30,23 @@ Closes gh-345
 Signed-off-by: jane marmot <jmarmot@example.org>
 ```
 
-The Signed-off-by [trailer](https://git-scm.com/docs/git-interpret-trailers) can be added automatically by using the [-s or –signoff command line option](https://git-scm.com/docs/git-commit/2.13.7#Documentation/git-commit.txt--s) when specifying your commit message:
+The Signed-off-by [trailer](https://git-scm.com/docs/git-interpret-trailers) can
+be added automatically by using the
+[-s or –signoff command line option](https://git-scm.com/docs/git-commit/2.13.7#Documentation/git-commit.txt--s)
+when specifying your commit message:
+
 ```bash
 git commit -s -m
 ```
-If you have chosen the [Keep my email address private](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#about-commit-email-addresses) option within GitHub, the Signed-off-by trailer might look something like:
+
+If you have chosen the
+[Keep my email address private](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address#about-commit-email-addresses)
+option within GitHub, the Signed-off-by trailer might look something like:
+
 ```bash
 A commit message
 
 Closes gh-345
 
-Signed-off-by: jane marmot <462403+jmarmot@users.noreply.github.com>
+Signed-off-by: jane marmot <462403+jmarmot@users.noreply.github.com>
+```