From 67420765c9e207142e64be5affd6220d0335d7ac Mon Sep 17 00:00:00 2001 From: kieran-broomhall-nhs <265510135+kieran-broomhall-nhs@users.noreply.github.com> Date: Fri, 1 May 2026 15:03:48 +0100 Subject: [PATCH 1/2] FIX: Update security md --- .github/SECURITY.md | 35 ----------------------------------- SECURITY.md | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 35 deletions(-) delete mode 100644 .github/SECURITY.md create mode 100644 SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md deleted file mode 100644 index 241f1e337..000000000 --- a/.github/SECURITY.md +++ /dev/null @@ -1,35 +0,0 @@ -# Security - -NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below. - -## Table of Contents - -- [Security](#security) - - [Table of Contents](#table-of-contents) - - [Reporting a vulnerability](#reporting-a-vulnerability) - - [Email](#email) - - [NCSC](#ncsc) - - [General Security Enquiries](#general-security-enquiries) - -## Reporting a vulnerability - -Please note, email is our preferred method of receiving reports. - -### Email - -If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it. - -You can reach us at: - -- _[ A product team email address ]_ -- [cybersecurity@nhs.net](cybersecurity@nhs.net) - -### NCSC - -You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary. - -You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting) - -## General Security Enquiries - -If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..20f9aa16a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +# Security + +We take security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems or private data managed by our systems, please do not hesitate to contact us using the method outlined below. + +## Table of Contents + +- [Security](#security) + - [Table of Contents](#table-of-contents) + - [Reporting a vulnerability](#reporting-a-vulnerability) + - [General Security Enquiries](#general-security-enquiries) + +## Reporting a vulnerability + +If you believe you have found a security issue in this repository, please report it using GitHub's private vulnerability reporting: + +1. [Report a vulnerability](https://github.com/NHSDigital/vaccinations-app/security/advisories/new) +2. Provide details of the issue and steps to reproduce + +This creates a private channel for discussion and allows us to coordinate a fix before any public disclosure. + +## General Security Enquiries + +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) \ No newline at end of file From 3f7f78634a54e5dd7743b8627d570153d2e98987 Mon Sep 17 00:00:00 2001 From: kieran-broomhall-nhs <265510135+kieran-broomhall-nhs@users.noreply.github.com> Date: Fri, 1 May 2026 15:14:04 +0100 Subject: [PATCH 2/2] FIX: Failing checks and markdown issues --- SECURITY.md | 2 +- scripts/config/vale/styles/config/vocabularies/words/accept.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 20f9aa16a..8c91a5c56 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,4 +20,4 @@ This creates a private channel for discussion and allows us to coordinate a fix ## General Security Enquiries -If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net) \ No newline at end of file +If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](mailto:cybersecurity@nhs.net) diff --git a/scripts/config/vale/styles/config/vocabularies/words/accept.txt b/scripts/config/vale/styles/config/vocabularies/words/accept.txt index 78bfe5403..8f22e66d8 100644 --- a/scripts/config/vale/styles/config/vocabularies/words/accept.txt +++ b/scripts/config/vale/styles/config/vocabularies/words/accept.txt @@ -39,3 +39,4 @@ jq JMeter access_denied (?i)url +cybersecurity