From 4fffdc4381333e0dc6c0e7a3e8ef93d1cdff0251 Mon Sep 17 00:00:00 2001
From: AlJHill <97447298+AlJHill@users.noreply.github.com>
Date: Mon, 8 Apr 2024 12:37:14 +0100
Subject: [PATCH 1/3] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 92aa199..25d9722 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,9 @@
 
 This provides one example of how a WireMock service can be packaged for deployment.
 
-> For many testing needs WireMock can be used __inline__ directly from your test code, which is even more convenient than using a deployed instance. Whether you use a deployed app, a standalone instance running locally, or start an instance of wiremock directly from your code is a matter of choosing the best design for the purpose at hand. 
+> For many testing needs WireMock can be used __inline__ directly from your test code. Inline use is often more convenient, and the mock code can be kept closer to the test code than when using a deployed instance. Deciding whether to use a deployed instance, a standalone instance running locally, or start an instance of wiremock directly from your code is a matter of choosing the best test design for the purpose at hand. A deployed mock might only make sense for tests run against a deployed system or service.
 
-See https://github.com/WireMock-Net/WireMock.Net/wiki for an outline of the different use cases (unit tesing, standalone and deployed).
+See https://github.com/WireMock-Net/WireMock.Net/wiki for an outline of the different use cases (including 'unit tesing', standalone and deployed).
 
 ## Start up
 

From 8f0a1881905b499e5795f87c6e75e911e02cc7e8 Mon Sep 17 00:00:00 2001
From: AlJHill <97447298+AlJHill@users.noreply.github.com>
Date: Mon, 8 Apr 2024 15:33:18 +0100
Subject: [PATCH 2/3] Update README.md

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 25d9722..c1056c0 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,9 @@ This provides one example of how a WireMock service can be packaged for deployme
 
 > For many testing needs WireMock can be used __inline__ directly from your test code. Inline use is often more convenient, and the mock code can be kept closer to the test code than when using a deployed instance. Deciding whether to use a deployed instance, a standalone instance running locally, or start an instance of wiremock directly from your code is a matter of choosing the best test design for the purpose at hand. A deployed mock might only make sense for tests run against a deployed system or service.
 
+> **Threat modelling**: This template is a minimal functional demonstration of wiremock as a tool. Features like authentication and authorisation are not demonstrated, though these can be implemented at the wiremock layer if not available at the hosting layer. You will need to conduct your own threat modelling as part of your project. Deploying the application in this template *as is* will grant unrestricted access to the mock server in a given network context.
+
+
 See https://github.com/WireMock-Net/WireMock.Net/wiki for an outline of the different use cases (including 'unit tesing', standalone and deployed).
 
 ## Start up
@@ -16,7 +19,7 @@ Running `dotnet run` from TemplateForWiremock\WireMockTemplate will start the we
 - A starting point for using more advanced features of WireMock.
 
 ## Other considerations
-- When hosting as a web application in Azure, consider attaching a blob storage container or similar to a web applicaiton at the path `__admin\mappings` where the mappings are held, so that mock behavior can be changed in-flight by just modifying the mapping files.
+- When hosting as a web application in Azure, consider attaching a blob storage container or similar to a web application at the path `__admin\mappings` where the mappings are held, so that mock behavior can be changed in-flight by just modifying the mapping files.
 - There is a library available for remotely controlling deployed WireMock instances from .net projects: https://www.nuget.org/packages/WireMock.Net.RestClient
 
 ## Example mappings
@@ -25,3 +28,7 @@ Running `dotnet run` from TemplateForWiremock\WireMockTemplate will start the we
     - At the endpoint `/my_stub_endpoint`, POST requests not matching other rules should be given a 200 OK response. 
     - To demonstrate request matching, If the POST request to `/my_stub_mapping` contained an XML body:
         `<PRODUCTNAME>000XX5</PRODUCTNAME>` with `XX5` in `<PRODUCTNAME>`, the server is set to return a 500 Server Error.  With `XX0` in the product name, the server is set to delay a 200 OK response by 10 seconds.
+
+## Contributing
+
+Currently we are not accepting contributions to this repository. You can read the [UKHO's Open Source Policy here](https://github.com/UKHO/docs/blob/main/software-engineering-policies/OpenSourceContribution/OpenSourceContributionPolicy.md)

From c6ab6cf81720dcb9a2a11537b989ecff6579e2e2 Mon Sep 17 00:00:00 2001
From: AlJHill <97447298+AlJHill@users.noreply.github.com>
Date: Mon, 8 Apr 2024 15:34:46 +0100
Subject: [PATCH 3/3] Create SECURITY.md

---
 SECURITY.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..10e79c6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security Notice
+
+The UK Hydrographic Office (UKHO) supplies hydrographic information to protect lives at sea. Maintaining the confidentially, integrity and availability of our services is paramount. Found a security bug? Please report it to us at UKHO-ITSO@gov.co.uk