Replit — Security Center 2.0: Act on vulnerabilities in bulk across all your apps

Replit is the most secure place to vibe code. Today, we're making it dramatically easier to use the Security Center to understand your security posture across all Replit projects in your business. We’re also making it possible to remediate urgent security holes, such as active critical vulnerabilities on multiple published projects, in seconds.

You can reach the Security Center from the Replit Homepage, or your Settings. When you land there, the first thing we want to answer is simple: which of my projects are actually at risk right now?

Start with what's urgent

At the top of Security Center, we break your exposure down by critical and high severity vulnerabilities. You'll see how many of your projects have critical or high CVEs, how many of those projects are published, and — most importantly — how many are both published and public.

That last number on the right is the one you probably want to look at first. From the same top section, you can optionally kick off a security scan that runs a dependency scan across every project in your account and produces a software bill of materials. We run these in the background every few hours, as well as whenever a new CVE is published, so your projects stay up to date.

Take action across all your projects

Below the overview is a table listing all dependency vulnerabilities, grouped by project. The goal of this table is to let you take action on vulnerabilities across your entire fleet of projects from one place, instead of hunting through them individually. At launch, we support the following set of bulk actions:

Notifying all project owners for selected apps that their projects are vulnerable
Unpublishing apps meeting the selected criteria — depending on your risks, it can be better to be down than insecure

A typical flow might look like this: filter down to critical vulnerabilities, narrow further to projects that are published and public, and then notify the owners of every project in that filtered set.

dependency-vulnerabilites-search-example

Help people ship the fix, not just flag the problem

Notifying and bulk unpublishing are blunt instruments. In some cases, you’ll need to help the project owner ship the fix. From the dependency vulnerability table, you can click “Fix with Agent” on a project. Behind the scenes, this creates a task with the proposed patch for the selected vulnerabilities in a project. The project owner only needs to review the changes, apply them, and republish the project.

We deliberately keep this a per-project action rather than a bulk one. A project might have other changes in flight. Once again, the parallelism offered by Replit background tasks enables making changes without disrupting current work in flight. But projects still deserve a human review before republishing.

Software bill of materials

Finally, if you are an Enterprise customer, the software bill of materials (SBOM) obtained from bulk scans lives at the bottom of Security Center, the same way it does today. It's the standardized artifact your security and compliance teams use to answer questions like "are we affected by this newly disclosed CVE?". An SBOM is a complete inventory of every dependency your projects pull in — direct and transitive — along with their versions and licenses.

To retrieve an SBOM for your workspace, you’ll need to click “Run Scan” at the top of the Security Center.

Build a custom Shopify storefront on Replit

Starting today, anyone can design and launch a custom Shopify storefront by chatting with the Replit Agent. Describe the store you want, and Agent generates a custom front end, creates a new Shopify store, and adds your products from the same conversation. When you're ready to sell, claim the store in Shopify, activate payments, and use Replit to deploy your storefront to a domain. From the first prompt to taking real orders is roughly ten minutes. Why we built this Replit builders already ship real software, from internal tools, to side projects, to full businesses. But selling physical products is different: managing physical inventory, fulfillment, tax compliance, shipping, and multi-channel selling. Shopify is the gold standard for that, powering retail businesses of every size. What was missing was a way to design a storefront for Shopify with the same conversational workflow Replit builders already use for everything else. That's what this integration adds: a beautifully designed front end generated from a prompt, with Shopify provisioned, configured, and managed from inside Replit itself. You describe what you want, and Agent builds it. The result is yours to refine, backed by Shopify's commerce infrastructure end to end. How it works Most of the experience happens inside Replit. You'll only need to visit Shopify once to sign in or create an account, claim your store, set up payments, and publish. After that, you can build your storefront, manage products, and run your store directly from Replit.

Meet Replit SEO Agent

You shipped your app. Now what? Publishing is only the beginning. Your app may look great, but if no one can find it, it stays invisible. Getting discovered on Google or recommended by AI chatbots used to mean learning SEO and GEO from scratch- writing meta tags, guessing what crawlers want, and hoping it works. Most builders skip it entirely. But done well, SEO turns a published app into one people can actually find. What's new Today, we are introducing Replit SEO Agent, which helps your apps get discovered on web search and AI search . It runs a full scan of your app, points out what's making it hard for users to find your app, then can fix what's needed to improve your app discoverability. SEO Agent lives in the new Growth dashboard, where you can monitor traffic and track how your published apps grow over time. Alongside SEO Agent, we've upgraded Replit Agent's defaults so new apps ship with semantic elements like <header>, <main>, <nav>, and <footer>, accessibility baked in, pre-populated meta tags, Open Graph rich social previews, and robots.txt and sitemap.xml generated out of the box. This will make your Replit apps more discoverable by web and AI search crawlers out of the box.

Unlocking a New Way to Build Enterprise Data Apps with Microsoft Fabric

We believe enterprise software should move at the speed of ideas. Today, we’re collaborating with Microsoft to make it dramatically easier for enterprises to build AI-powered apps in Replit and deploy them directly into Microsoft Fabric with enterprise-grade governance and security built in. The integration helps teams go from prompt to production faster- turning governed enterprise data into internal tools, dashboards, workflows, and AI applications in a fraction of the time traditional development requires. Bringing AI-Native Development to the Microsoft Data Ecosystem Microsoft Fabric is a unified platform for enterprise data, bringing together analytics, governance, storage, and business intelligence into a single environment. At the same time, Replit has emerged as one of the fastest ways to build software using AI-assisted development. With the introduction of Rayfin, a new open-source SDK and CLI for building application backends, business teams can now go beyond simply connecting to data. They can define and deploy complete, production-ready applications directly on top of it. This enables a new workflow: applications can be described, generated, and deployed directly to Fabric, where enterprise data already lives.

Pro

Enterprise

Use Cases

Roles

Enterprise

Small Businesses

Get Started

Inspiration

Security Center 2.0: Act on vulnerabilities in bulk across all your apps