Include SECURITY.md file

Update GitHub actions automatically every 6 months

Author: bshand

.github/dependabot.yml

@@ -8,6 +8,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "cron"
+      cronjob: "0 9 1 1,7 *" # Runs every 6 months at 9am on 1 January and 1 July
     cooldown:
       default-days: 7 # Wait 7 days after publication

SECURITY.md

@@ -0,0 +1,35 @@
+# Security
+
+NHS England takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below.
+
+## Table of Contents
+
+- [Security](#security)
+  - [Table of Contents](#table-of-contents)
+  - [Reporting a vulnerability](#reporting-a-vulnerability)
+    - [Email](#email)
+    - [NCSC](#ncsc)
+  - [General Security Enquiries](#general-security-enquiries)
+
+## Reporting a vulnerability
+
+Please note, email is our preferred method of receiving reports.
+
+### Email
+
+If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it.
+
+You can reach us at:
+
+- [Brian.Shand@nhs.net](Brian.Shand@nhs.net)
+- [cybersecurity@nhs.net](cybersecurity@nhs.net)
+
+### NCSC
+
+You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS England if necessary.
+
+You can report vulnerabilities here: [https://www.ncsc.gov.uk/information/vulnerability-reporting](https://www.ncsc.gov.uk/information/vulnerability-reporting)
+
+## General Security Enquiries
+
+If you have general enquiries regarding our cybersecurity, please reach out to us at [cybersecurity@nhs.net](cybersecurity@nhs.net)