Priority of grouped security update settings
Settings for grouped Dependabot security updates are applied in the following order, from highest to lowest priority:
- Settings defined in a
dependabot.ymlfile. See About thedependabot.ymlfile. - Repository-level settings defined in the UI
- Organization-level settings defined in the UI
Enablement for forked repositories
If you create a fork of a repository that has security updates enabled, GitHub will automatically disable Dependabot security updates for the fork. You can then decide whether to enable Dependabot security updates on the specific fork.