diff --git a/README.md b/README.md
index 6e6675b..86951d9 100644
--- a/README.md
+++ b/README.md
@@ -30,11 +30,7 @@ composer recipes
 composer recipes:install THE/DEPENDENCY --force -v
 ```
 
-### roave/security-advisories 
-
-```bash
-composer require --dev roave/security-advisories:dev-master
-```
+### composer audit (security-advisories)
 
 ```yaml 
 # grumphp.yaml
@@ -42,6 +38,22 @@ parameters:
     run_security_advisories: true
 ```
 
+You might want to alter the default composer audit configuration in your local composer.json file.
+
+For example if you don't want to fail CI on usage of abandoned packages:
+
+```json
+{
+    "config": {
+        "audit": {
+            "abandoned": "report"
+        }
+    }
+}
+```
+
+[See official docs for more information.](https://getcomposer.org/doc/06-config.md#audit)
+
 ### phpstan/phpstan
 
 ```bash
diff --git a/grumphp-convention.yml b/grumphp-convention.yml
index ed507ff..dc5ec5f 100644
--- a/grumphp-convention.yml
+++ b/grumphp-convention.yml
@@ -3,7 +3,7 @@ parameters:
     stop_on_first_failure: false
     run_phpstan: false
     run_psalm: false
-    run_security_advisories: false
+    run_security_advisories: true
     grumhp_exec_command: kevin app php
     phpstan.level: "max"
     phpunit.parallel: true
@@ -61,9 +61,7 @@ grumphp:
         phpcsfixer:
             config: ".php-cs-fixer.php"
             config_contains_finder: true
-        securitychecker_roave:
-            jsonfile: ./composer.json
-            lockfile: ./composer.lock
+        securitychecker_composeraudit:
             run_always: true
             metadata:
                 enabled: "%run_security_advisories%"