diff --git a/changelogs/unreleased/37278-DS_DISABLE_DIND-true.yml b/changelogs/unreleased/37278-DS_DISABLE_DIND-true.yml
new file mode 100644
index 0000000000000000000000000000000000000000..36c068c5c8df4a0b98595d6de92c26ea008ec6df
--- /dev/null
+++ b/changelogs/unreleased/37278-DS_DISABLE_DIND-true.yml
@@ -0,0 +1,5 @@
+---
+title: 'Disable Docker-in-Docker for Dependency Scanning by default'
+merge_request: 31588
+author:
+type: changed
diff --git a/ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb b/ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb
index a6466890f3d47701cb9a10be9ed7b7bce0db944c..72b1cf2e1656307b9b9f67ada66181088c8471a5 100644
--- a/ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb
+++ b/ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb
@@ -33,7 +33,11 @@
         allow(License).to receive(:current).and_return(license)
       end
 
-      context 'by default' do
+      context 'when DS_DISABLE_DIND=false' do
+        before do
+          create(:ci_variable, project: project, key: 'DS_DISABLE_DIND', value: 'false')
+        end
+
         it 'includes orchestrator job' do
           expect(build_names).to match_array(%w[dependency_scanning])
         end
@@ -49,11 +53,7 @@
         end
       end
 
-      context 'when DS_DISABLE_DIND=true' do
-        before do
-          create(:ci_variable, project: project, key: 'DS_DISABLE_DIND', value: 'true')
-        end
-
+      context 'by default' do
         describe 'language detection' do
           using RSpec::Parameterized::TableSyntax
 
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index 24c5d73f8d1428d6901f5814d5ea153bfd1f01c3..0052d9c496c3571e28aedee8864dc809a5fe3e73 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -14,7 +14,7 @@ variables:
 
   DS_DEFAULT_ANALYZERS: "bundler-audit, retire.js, gemnasium, gemnasium-maven, gemnasium-python"
   DS_MAJOR_VERSION: 2
-  DS_DISABLE_DIND: "false"
+  DS_DISABLE_DIND: "true"
 
 dependency_scanning:
   stage: test