From 0f8f55ab2e074a52ca855aa27b2a5d86c0d26a26 Mon Sep 17 00:00:00 2001 From: Brian Shand Date: Thu, 7 May 2026 15:59:57 +0100 Subject: [PATCH 1/2] Include SECURITY.md file Update GitHub actions dependencies automatically every 6 months --- .github/dependabot.yml | 3 ++- SECURITY.md | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 SECURITY.md diff --git a/.github/dependabot.yml b/.github/dependabot.yml index dcd4439..b2690c3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,7 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "cron" + cronjob: "0 9 1 1,7 *" # Runs every 6 months at 9am on 1 January and 1 July cooldown: default-days: 7 # Wait 7 days after publication diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..db20ebd --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,35 @@ +# Security + +NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below. + +## Table of Contents + +- [Security](#security) + - [Table of Contents](#table-of-contents) + - [Reporting a vulnerability](#reporting-a-vulnerability) + - [Email](#email) + - [NCSC](#ncsc) + - [General Security Enquiries](#general-security-enquiries) + +## Reporting a vulnerability + +Please note, email is our preferred method of receiving reports. + +### Email + +If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it. + +You can reach us at: + +- [Brian.Shand@nhs.net](Brian.Shand@nhs.net) +- [cybersecurity@nhs.net](cybersecurity@nhs.net) + +### NCSC + +You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary. + +You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting) + +## General Security Enquiries + +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) From 17084849325b943a8a0a86269e8cdd0396e4877f Mon Sep 17 00:00:00 2001 From: Brian Shand Date: Thu, 7 May 2026 16:46:52 +0100 Subject: [PATCH 2/2] Use mailto links for security notification --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index db20ebd..eb78a32 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,8 +21,8 @@ If you wish to notify us of a vulnerability via email, please include detailed i You can reach us at: -- [Brian.Shand@nhs.net](Brian.Shand@nhs.net) -- [cybersecurity@nhs.net](cybersecurity@nhs.net) +- [Brian.Shand@nhs.net](mailto:Brian.Shand@nhs.net) +- [cybersecurity@nhs.net](mailto:cybersecurity@nhs.net) ### NCSC