To scan a single app instead, open the Project Security Center
from the Security pane inside that Project.
Features
CVE detection
See vulnerabilities across all dependencies in your organization:- View CVEs organized by severity (critical, high, medium, and low)
- See affected package names and versions
- Access remediation guidance for each vulnerability
Affected apps view
Identify which apps contain vulnerabilities:- See a detailed breakdown of affected Replit Apps
- Filter by severity level to prioritize remediation
- View dependency chains to understand how vulnerabilities were introduced
SBOM export
Export Software Bill of Materials for compliance and auditing:- Download SBOMs in standard formats (SPDX, CycloneDX)
- Generate reports for individual apps or your entire organization
- Meet compliance requirements for software supply chain transparency
Accessing the Workspace Security Center
To open the Workspace Security Center:- Go to replit.com and sign in to your account.
- Select Security Center from the left navigation on the home page.
Scanning your organization
- Open the Workspace Security Center.
- Select Scan All Apps to initiate a scan across the organization.
- Review the results organized by severity level.
Auto-Protect
Admins can opt their account into Auto-Protect, which continuously monitors newly disclosed CVEs against every project’s dependencies. When a match is found, Replit Agent prepares a tested patch and builders receive an email with a direct link to apply it. See Auto-Protect for the full workflow and setup steps, including the admin-only severity threshold in Settings > Account > Advanced.Contact the dedicated account manager for help configuring the Workspace Security Center or integrating SBOM exports into compliance workflows.