diff --git a/SECURITY.md b/SECURITY.md
index b267db6bb..191b42ec9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,3 +7,6 @@ TFLint always supports only the latest version and does not provide security upd
 ## Reporting a Vulnerability
 
 If you find a vulnerability, please do not report it in an issue or a discussion. You can discuss vulnerabilities internally with maintainers using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
+
+Please do not just report the results of a security scanner such as Trivy. In many cases, maintainers are already aware of the existence of vulnerable libraries via Dependabot alerts.
+We welcome reports of exploits and their impact that you have analyzed based on the output of security scanners.