From 752ba3ac54366ac5463562db2da83216863752b6 Mon Sep 17 00:00:00 2001
From: Ryan Parman <rparman@northwood-labs.com>
Date: Thu, 14 Mar 2024 12:12:19 -0600
Subject: [PATCH] docs: Updates CONTRIBUTING.md.

Signed-off-by: Ryan Parman <rparman@northwood-labs.com>
---
 CONTRIBUTING.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9a47fa9f..6ed3599b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -666,6 +666,14 @@ To enable debugging for this Terraform provider:
 | `generator/` | Scaffolding that generates stubs for new functions in the Terraform provider.               |
 | `tools/`     | Includes the libraries that are part of the build process, but not part of the application. |
 
+## Automated SHA tagging of actions and Dependabot configuration
+
+[stepsecurity.io → northwood-labs/terraform-provider-corefunc](https://app.stepsecurity.io/securerepo?repo=https://github.com/northwood-labs/terraform-provider-corefunc)
+
+1. DO NOT select "Add CodeQL Workflow (SAST Tool)". (We already have this configured with GitHub's built-in integration.)
+1. DO NOT select "Update the pre-commit configuration" with `gitleaks`. We use TruffleHog instead.
+1. Other recommended changes are fine to accept. Open a PR from this tool.
+
 ## Tagging and releasing
 
 * [ ] `make godeps tidy` — Update all Go dependencies to their latest releases.