When you publish from Replit, your project can receive real traffic. Replit security tools help you find vulnerabilities, fix accepted issues with Agent, and keep evidence for audits.Documentation Index
Fetch the complete documentation index at: https://docs.replit.com/llms.txt
Use this file to discover all available pages before exploring further.
Why security matters
- Published projects can be reached from the open internet, including public routes and APIs.
- Modern projects depend on many packages, and new CVEs can appear after you publish.
- AI-generated code still needs security review, especially around authentication, database queries, secrets, and data handling.
- Compliance programs often require evidence of dependency inventory, vulnerability tracking, and remediation.
Where to start
- Working in a single project? Use the Project Security Center.
- Auditing across your workspace? Use the Workspace Security Center.
- Need a definition? Read Security concepts.
Where security lives in the product
In a project
Open the Security pane to review project-level findings, run Agent security scans, and inspect dependency vulnerabilities before publishing.
In your workspace
Select Security from the home sidebar to review vulnerabilities across projects, prioritize findings by exposure, and track workspace-level scan history.
In publishing and settings
- In Publish > Advanced, use Block publishing of critical vulnerabilities to stop critical findings from shipping.
- In Settings > Account > Advanced, set the Auto-Protect severity threshold for Agent-prepared dependency remediations.