This version of GitHub Enterprise Server will be discontinued on 2026-03-17. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Dependabot security updates reference

Find usage information for Dependabot security updates.

In this article

Priority of grouped security update settings

Settings for grouped Dependabot security updates are applied in the following order, from highest to lowest priority:

  1. Settings defined in a dependabot.yml file. See About the dependabot.yml file.
  2. Repository-level settings defined in the UI
  3. Organization-level settings defined in the UI

Enablement for forked repositories

If you create a fork of a repository that has security updates enabled, GitHub will automatically disable Dependabot security updates for the fork. You can then decide whether to enable Dependabot security updates on the specific fork.