diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 64257580..fbf5af8a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -11,7 +11,6 @@
       "USER_GID": "${localEnv:GROUP_ID:}"
     }
   },
-  "postCreateCommand": "bash -lc 'if ! git config --get-all secrets.patterns | grep -Fq AKIA; then git-secrets --register-aws; fi; if ! git config --get-all secrets.providers | grep -Fxq \"cat /usr/share/secrets-scanner/nhsd-rules-deny.txt\"; then git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt; fi'",
   "mounts": [
     "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
     "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 697fee92..928703ab 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,7 +16,7 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
 
   ###################################
   # Poetry  #########################
@@ -32,7 +32,7 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
 
   ###################################
   # NPM workspace  ##################
@@ -48,4 +48,4 @@ updates:
     commit-message:
       prefix: "Upgrade: [dependabot] - "
     cooldown:
-      default-days: 3
+      default-days: 7
diff --git a/.github/workflows/sync_copilot.yml b/.github/workflows/sync_copilot.yml
new file mode 100644
index 00000000..4cf9edce
--- /dev/null
+++ b/.github/workflows/sync_copilot.yml
@@ -0,0 +1,22 @@
+name: Sync Copilot Instructions
+
+on:
+    workflow_dispatch:
+    schedule:
+        - cron: "0 6 * * 1"
+
+jobs:
+    sync-copilot-instructions:
+        runs-on: ubuntu-22.04
+        environment: create_pull_request
+        permissions:
+            contents: read
+
+        steps:
+            - name: Sync shared instructions
+              uses: NHSDigital/eps-copilot-instructions@a7849a16aabd5c1edef13e29467a480fa08555f8
+              with:
+                  copilot_instructions_ref: main
+                  calling_repo_base_branch: main
+                  CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
+                  CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
diff --git a/.github/workflows/update_dev_container_version.yml b/.github/workflows/update_dev_container_version.yml
index 6ccd8801..adaebd84 100644
--- a/.github/workflows/update_dev_container_version.yml
+++ b/.github/workflows/update_dev_container_version.yml
@@ -1,19 +1,23 @@
-name: Update Devcontainer Version
+name: Update devcontainer version
 
 on:
     workflow_dispatch:
     schedule:
-        - cron: "0 18 * * 4"
+        - cron: "0 6 * * 4"
+permissions: {}
 
 jobs:
-    update_devcontainer_version:
-        uses: NHSDigital/eps-common-workflows/.github/workflows/update-dev-container-version.yml@23342d86a245c076937abd6aecdd0ce06446b1e6
+    update-devcontainer-version:
+        runs-on: ubuntu-22.04
+        environment: create_pull_request
         permissions:
             contents: read
             packages: read
-            pull-requests: write
-        with:
-            base_branch: main
-        secrets:
-            CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
-            CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
+
+        steps:
+            - name: Update devcontainer version
+              uses: NHSDigital/eps-update-devcontainer@dc3a8c5f11e7226ee4f5f2bb35bd0d1265092306
+              with:
+                  calling_repo_base_branch: main
+                  CREATE_PULL_REQUEST_APP_ID: ${{ secrets.CREATE_PULL_REQUEST_APP_ID }}
+                  CREATE_PULL_REQUEST_PEM: ${{ secrets.CREATE_PULL_REQUEST_PEM }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d4d23aeb..5f265b9d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,6 +23,26 @@ repos:
 
   - repo: local
     hooks:
+      - id: check-commit-signing
+        name: Check commit signing
+        description: Ensures that commits are GPG signed
+        entry: bash
+        args:
+          - -c
+          - |
+            if ! git config --get commit.gpgsign | grep -q "true" > /dev/null 2>&1; then
+              echo "Error: Commit signing is not enabled."
+              echo "Please enable commit signing with:"
+              echo "  git config commit.gpgsign true"
+              echo ""
+              echo "For more information, see: https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
+              exit 1
+            fi
+            echo "Commit signing is properly configured."
+        language: system
+        pass_filenames: false
+        always_run: true
+
       - id: lint-githubactions
         name: Lint github actions
         entry: make