{"meta":{"title":"Dependabot security updates reference","intro":"Find usage information for Dependabot security updates.","product":"Security and code quality","breadcrumbs":[{"href":"/en/code-security","title":"Security and code quality"},{"href":"/en/code-security/reference","title":"Reference"},{"href":"/en/code-security/reference/supply-chain-security","title":"Supply chain security"},{"href":"/en/code-security/reference/supply-chain-security/dependabot-security-updates","title":"Dependabot security updates"}],"documentType":"article"},"body":"# Dependabot security updates reference\n\nFind usage information for Dependabot security updates.\n\n## Priority of grouped security update settings\n\nSettings for grouped Dependabot security updates are applied in the following order, from highest to lowest priority:\n\n1. Settings defined in a `dependabot.yml` file. See [About the `dependabot.yml` file](/en/code-security/reference/supply-chain-security/dependabot-options-reference#about-the-dependabotyml-file).\n2. Repository-level settings defined in the UI\n3. Organization-level settings defined in the UI\n\n## Enablement for forked repositories\n\nIf you create a fork of a repository that has security updates enabled, GitHub will automatically disable Dependabot security updates for the fork. You can then decide whether to enable Dependabot security updates on the specific fork."}