> ## Documentation Index > Fetch the complete documentation index at: https://docs.replit.com/llms.txt > Use this file to discover all available pages before exploring further. # Workspace Security Center > Scan your workspace's projects for vulnerabilities, view CVE details by severity, fix issues with Agent, and export SBOMs for compliance. The Workspace Security Center is available across all plans. Use it to scan project [dependencies](/core-concepts/security/concepts#dependency) across your workspace and review [CVE](/core-concepts/security/concepts#cve) findings by [severity](/core-concepts/security/concepts#severity). You can fix issues with Replit Agent, [republish](/core-concepts/security/concepts#republish) affected projects, and export Software Bill of Materials ([SBOM](/core-concepts/security/concepts#sbom)) reports for compliance. To scan a single project instead, open the [Project Security Center](/core-concepts/security/project-security-center) from the **Security** pane inside that project. New to dependency security? See [Security concepts](/core-concepts/security/concepts) for definitions of CVE, SBOM, exposure, Fix with Agent, Republish, and Auto-Protect. ## Features ### CVE detection See vulnerabilities across all projects in your workspace: * Identify vulnerable projects, prioritized by [exposure](/core-concepts/security/concepts#exposure) (publishing status and visibility) * See affected package names, versions, and severity (critical, high, medium, and low) * Access remediation guidance for each project The Dependency vulnerabilities table in the Workspace Security Center listing CVE ID, severity, package, and version for each finding ### Affected projects view Identify which projects contain vulnerabilities and prioritize what to fix first: * See an overview of vulnerable projects grouped by exposure: total projects, published projects, and publicly published projects * See a detailed breakdown of affected Replit projects * Search by CVE ID or project name and filter by severity, owner, publishing status (Published / Not published), and visibility (Public / Private) * Expand any project row to see every CVE finding (severity, package, version, CVE ID) without leaving the page An expanded CVE row in the Workspace Security Center revealing the workspace projects affected by the vulnerability ### Fix with Agent and republish Resolve vulnerabilities and redeploy without leaving the Security Center: * Select **[Fix with Agent](/core-concepts/security/concepts#fix-with-agent)** on any affected project to draft a patch as a background task in the project. Review and apply the generated change before republishing. * Track remediation status through **Task in progress**, **Apply changes**, **Republish**, and the terminal states **Republished** or **Failed**. * One-click **Republish** with a confirmation dialog redeploys the build using its existing configuration once the fix is merged. * Take bulk actions such as unpublishing or notifying project owners about vulnerabilities in their projects. ### SBOM export Export Software Bill of Materials for compliance and auditing: * Download SBOMs in standard formats ([SPDX](/core-concepts/security/concepts#spdx-and-cyclonedx), [CycloneDX](/core-concepts/security/concepts#spdx-and-cyclonedx)) * Generate reports for individual projects or your entire workspace * Browse SBOMs grouped by scan run, with the timestamp, project count, and the user who triggered the run * Download every SBOM in a scan run as a single bulk zip * Meet compliance requirements for software supply chain transparency Bulk SBOM downloads are available on Enterprise plans. Workspaces on other plans see an Enterprise upsell in the SBOM section. ## Accessing the Workspace Security Center To open the Workspace Security Center: 1. Go to [replit.com](https://replit.com) and sign in to your account. 2. Select **Security** from the left navigation on the home page. The Replit home page with Security highlighted in the left navigation ## Scanning your workspace The Workspace Security Center landing view with total scans, total vulnerabilities, and CVEs grouped by severity 1. Open the Workspace Security Center. 2. Select **Run security scan** to initiate a scan across the workspace. 3. Review the results organized by impacted project, severity, and deployment exposure. 4. From any affected project, select **Fix with Agent**, then **Republish** once the fix is applied. Scans analyze dependencies in the workspace's Replit projects and flag known vulnerabilities from public vulnerability records. ## Auto-Protect Admins can opt their account into **[Auto-Protect](/core-concepts/security/concepts#auto-protect)**, which continuously monitors newly disclosed CVEs against every project's dependencies. When a match is found, Replit Agent prepares a tested patch and builders receive an email with a direct link to apply it. See [Auto-Protect](/core-concepts/security/project-security-center#auto-protect) for the full workflow and setup steps, including the admin-only severity threshold in **Settings** > **Account** > **Advanced**. Contact the dedicated account manager for help configuring the Workspace Security Center or integrating SBOM exports into compliance workflows.