diff --git a/README.md b/README.md
index f26993c..54ead71 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,7 @@ Then customize the code for your repository:
     * update `.goreleaser.yaml` to build `cmd/$YOUR_COMMAND`
     * update the links at the top of `README.md`
     * update the contact email in `SECURITY.md`
+    * if you aren't [in an enterprise that has code quality enabled](https://github.com/orgs/community/discussions/194833#discussioncomment-17174472), delete the coverage workflow (`.github/workflows/coverage.yaml`)
 
 1. Commit and push:
 
@@ -92,13 +93,14 @@ Configure the repository:
         * Allow auto-merge
         * Automatically delete head branches
 
-1. Go to repository Settings > Advanced Security, and enable:
+1. Go to repository Settings > Advanced Security, and ensure these are enabled:
 
     * Private vulnerability reporting
 
     * Dependabot
 
         * Dependabot alerts
+        * Dependabot malware alerts
         * Dependabot security updates
         * Grouped security updates
         * Dependabot on Actions runners