> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Learn why security matters when you publish from Replit, where Security tools live, and which page to use for project or workspace reviews.

When you publish from Replit, your project can receive real traffic. Replit security tools help you find vulnerabilities, fix accepted issues with Agent, and keep evidence for audits.

## Why security matters

* Published projects can be reached from the open internet, including public routes and APIs.
* Modern projects depend on many packages, and new CVEs can appear after you publish.
* AI-generated code still needs security review, especially around authentication, database queries, secrets, and data handling.
* Compliance programs often require evidence of dependency inventory, vulnerability tracking, and remediation.

## Where to start

* Working in a single project? Use the [Project Security Center](/references/security/project-security-center).
* Auditing across your workspace? Use the [Workspace Security Center](/references/security/workspace-security-center).
* Need a definition? Read [Security concepts](/references/security/concepts).

Most security work follows the same loop: scan, review findings, fix with Agent, republish, and export evidence when needed.

## Where security lives in the product

### In a project

Open the **Security** pane to review project-level findings, run Agent security scans, and inspect dependency vulnerabilities before publishing.

<Frame>
  <img src="https://mintcdn.com/replit/MuLW6SmzOLVKbNrI/images/project-security-center/review-security-button.png?fit=max&auto=format&n=MuLW6SmzOLVKbNrI&q=85&s=f242cc14d62a515060f1a065f6ee7bb5" alt="The Review security button in the project's Publish flow, which opens the Security pane" width="1440" height="900" data-path="images/project-security-center/review-security-button.png" />
</Frame>

### In your workspace

Select **Security** from the home sidebar to review vulnerabilities across projects, prioritize findings by exposure, and track workspace-level scan history.

<Frame>
  <img src="https://mintcdn.com/replit/tKBBH2gX68wdecLj/images/workspace-security-center/security-overview.png?fit=max&auto=format&n=tKBBH2gX68wdecLj&q=85&s=4c83d21d65638841dbb724081daa6bfd" alt="The Workspace Security Center landing view with total scans, total vulnerabilities, and CVEs grouped by severity" width="3438" height="1984" data-path="images/workspace-security-center/security-overview.png" />
</Frame>

### In publishing and settings

* In **Publish** > **Advanced**, use **Block publishing of critical vulnerabilities** to stop critical findings from shipping.
* In **Settings** > **Account** > **Advanced**, set the Auto-Protect severity threshold for Agent-prepared dependency remediations.

## Further reading

* [How Replit Secures AI-Generated Code](https://blog.replit.com/securing-ai-generated-code)