fix: vuln report doc (#45)

docs/external plugins/Verifier/vulnerabilityreport.md

@@ -8,10 +8,16 @@ This document outlines how Ratify can be used to verify vulernability reports. T
 
 ## Table of Contents
 
-* [Example Scenario](#example-scenario)
-* [Configuration](#configuration)
-* [Vulnerability Report with Signature Validation](#vulnerability-report-with-signature-validation)
-* [Passthrough Mode](#passthrough-mode)
+- [Vulnerability Report](#vulnerability-report)
+  - [Table of Contents](#table-of-contents)
+  - [Example Scenario](#example-scenario)
+    - [Recording](#recording)
+    - [Walkthrough](#walkthrough)
+  - [Configuration](#configuration)
+    - [Kubernetes](#kubernetes)
+    - [CLI](#cli)
+  - [Vulnerability Report with Signature Validation](#vulnerability-report-with-signature-validation)
+  - [Passthrough Mode](#passthrough-mode)
 
 ## Example Scenario 
 
@@ -40,17 +46,16 @@ helm install ratify \
     --set featureFlags.RATIFY_CERT_ROTATION=true \
     --set vulnerabilityreport.enabled=true \
     --set vulnerabilityreport.maximumAge="24h" \
-    --set vulnerabilityreport.notaryProjectSignatureRequired=true \
-    --set vulnerabilityreport.disallowedSeverities={"high","critical"} \
+    --set vulnerabilityreport.disallowedSeverities="{"high","critical"}" \
     --set vulnerabilityreport.denylistCVEs={"CVE-2021-44228"}
 ```
 
 Next, install the vulnerability report constraint template and constraint. The Constraint Template defines the policy "all container images used in K8s resources have at least one valid most recent vulnerability report attached to the image and the report has a valid Notary Project signature"
 
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/main/library/vulnerability-report-validation/template.yaml
+kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/v1.1.0/library/vulnerability-report-validation/template.yaml
 
-kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/main/library/vulnerability-report-validation/samples/constraint.yaml
+kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/v1.1.0/library/vulnerability-report-validation/samples/constraint.yaml
 ```
 
 An image `myregistry.io/vuln/alpine:3.18.2` is scanned and a vulnerability report is generated. A reference artifact is generated:
@@ -66,7 +71,7 @@ An image `myregistry.io/vuln/alpine:3.18.2` is scanned and a vulnerability repor
         --artifact-type application/sarif+json \
         --annotation "org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \
         myregistry.io/vuln/alpine:3.18.2 \
-        trivy-sarif.json:application/sarif+json
+        trivy-sarif.json
     ```
 
 The resulting image will have a single SARIF vulnerability report artifact attached:
@@ -226,16 +231,16 @@ helm install ratify \
     --set vulnerabilityreport.enabled=true \
     --set vulnerabilityreport.maximumAge="24h" \
     --set vulnerabilityreport.notaryProjectSignatureRequired=true \
-    --set vulnerabilityreport.disallowedSeverities={"high","critical"} \
+    --set vulnerabilityreport.disallowedSeverities="{"high","critical"}" \
     --set vulnerabilityreport.denylistCVEs={"CVE-2021-44228"}
 ```
 
 Next, install the vulnerability report constraint template and constraint. The Constraint Template defines the policy "all container images used in K8s resources have at least one valid most recent vulnerability report attached to the image and the report has a valid Notary Project signature"
 
 ```shell
-curl https://raw.githubusercontent.com/deislabs/ratify/main/library/vulnerability-report-validation/template.yaml | sed 's/require_signature := false/require_signature := true/' | kubectl apply -f -
+curl https://raw.githubusercontent.com/deislabs/ratify/v1.1.0/library/vulnerability-report-validation/template.yaml | sed 's/require_signature := false/require_signature := true/' | kubectl apply -f -
 
-kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/main/library/vulnerability-report-validation/samples/constraint.yaml
+kubectl apply -f https://raw.githubusercontent.com/deislabs/ratify/v1.1.0/library/vulnerability-report-validation/samples/constraint.yaml
 ```
 
 An image `myregistry.io/vuln/alpine:3.18.2` is scanned and a vulnerability report is generated. A reference artifact is generated:
@@ -251,7 +256,7 @@ An image `myregistry.io/vuln/alpine:3.18.2` is scanned and a vulnerability repor
         --artifact-type application/sarif+json \
         --annotation "org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \
         myregistry.io/vuln/alpine:3.18.2 \
-        trivy-sarif.json:application/sarif+json
+        trivy-sarif.json
     ```
 3. Use [`notation`](https://notaryproject.dev/) to sign the report
   ```shell