diff --git a/.github/dependabot.yml b/.github/dependabot.yml index dcd4439..b2690c3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,7 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "cron" + cronjob: "0 9 1 1,7 *" # Runs every 6 months at 9am on 1 January and 1 July cooldown: default-days: 7 # Wait 7 days after publication diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 38e0bc8..0000000 --- a/.travis.yml +++ /dev/null @@ -1,12 +0,0 @@ -sudo: false -language: ruby -cache: bundler -rvm: -- 2.5 -- 2.6 -- 2.7 -before_install: gem install bundler -v 2.0.1 -notifications: - slack: - rooms: - secure: mcI1Fu2EB7zWv3iE83+fy7A7fe42YEr5zQYq36gvj1gPb0xVxPcDb/JarjO1ZQKrOGhNdtgGkPDUS+lC+jP6Sn/b6ONiqIAlSjaYEqi0WkqN9EuVxabIMFb4OXrw18xLU+YgBafd9TlLLB29HbWmbNNVOSAeVd78PvDjCrkAohzZmJ1Kr2E3dfJKB8B8khtXnFI35wjHS/7RXlssZE4EHpT+ZqPRmUN0gtSE0rT5T6uY2eiiHznsDzHVBqwrBzqD8nrOl8y9qFtqsqgSfpnsG4Vx6lNTrPszveQ2WRs7vCcRzpR1wkcwT82FxEvSuV2RAdv0s/eQE/qI/LD61F7Mnk/OEk7zQEQUBR2RktcF9nf36iYpLLLa06OPR3heZyMj39YibfhMwRXPJxVFEONbL0yjuof8PCIoNxwfOD0l1C+Rf57GdcdPzI8UTPhWehX6ESvIoMNK1l30MpWK6XSVgu0CWJfxdbqsj0z7fuE+Qf/6cYCbh3HG8dcIrdaL5ikFhAb7oStOTSpjffmIHEZVb2AM8PeqMtkPk4f8n/goZQ23X0KIazAXrtsvQ0buLLHAv6/4fGDVtH3dVYB7q4XCjiFjYdd8Rn96uk0imxl8Z1fwsg/eB3+o4b4AuEc31sC27p1bASE7SzPyDHT+pqCsvoJ11JhiYPvQMEbjpSIkExI= diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..eb78a32 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,35 @@ +# Security + +NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below. + +## Table of Contents + +- [Security](#security) + - [Table of Contents](#table-of-contents) + - [Reporting a vulnerability](#reporting-a-vulnerability) + - [Email](#email) + - [NCSC](#ncsc) + - [General Security Enquiries](#general-security-enquiries) + +## Reporting a vulnerability + +Please note, email is our preferred method of receiving reports. + +### Email + +If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it. + +You can reach us at: + +- [Brian.Shand@nhs.net](mailto:Brian.Shand@nhs.net) +- [cybersecurity@nhs.net](mailto:cybersecurity@nhs.net) + +### NCSC + +You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary. + +You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting) + +## General Security Enquiries + +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) diff --git a/ndr_lookup.gemspec b/ndr_lookup.gemspec index 1ec20b6..b7e8dc7 100644 --- a/ndr_lookup.gemspec +++ b/ndr_lookup.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |spec| spec.license = 'MIT' gem_files = %w[CHANGELOG.md CODE_OF_CONDUCT.md LICENSE.txt README.md Rakefile - app config db lib] + SECURITY.md app config db lib] spec.files = `git ls-files -z`.split("\x0"). select { |f| gem_files.include?(f.split('/')[0]) } spec.bindir = 'exe'