What is Root?
Root is a secure supply platform that delivers end-to-end vulnerability remediation for container images and application dependencies. Unlike security tools that only scan, triage, or recommend fixes, Root actually fixes vulnerabilities—automatically, continuously, and without breaking your existing stack.
The Problem
The CVE Treadmill
Every day, new vulnerabilities are discovered across thousands of packages. Your options are limited:
- Wait days or weeks for manual patches while systems remain exposed
- Upgrade to latest versions and break existing functionality
- Rebuild from source and migrate to vendor-specific registries
- Accept the risk and hope nothing gets exploited
Traditional approaches can't keep pace with the volume of vulnerabilities, and they create new problems (breaking changes, migrations, vendor lock-in) while trying to solve security issues.
Why Existing Approaches Fall Short
Most security solutions address only part of the vulnerability problem:
- Scanners find vulnerabilities but don't fix them
- Triage tools prioritize issues but still require manual remediation
- Recommendation engines suggest upgrades that break applications
- Secure image providers rebuild from source, forcing migrations and breaking compatibility
The result: organizations face a continuous cycle of vulnerability discovery, manual patching, and forced upgrades that break production systems.
Root's Solution: End-to-End Secure Supply
Root is different because we handle the entire remediation process—from detection to delivery. We don't just scan, triage, or recommend. We actually fix vulnerabilities in your existing software stack.
Zero Effective Vulnerabilities
Root's goal is to deliver zero effective vulnerabilities in your container images and application dependencies. This means:
- Vulnerabilities are fixed, not just detected
- Fixes are applied automatically, without manual intervention
- Your stack stays yours—no forced migrations or breaking upgrades
- Continuous maintenance ensures new vulnerabilities are remediated as they're discovered
How Root Works
Root operates as a secure supply platform:
- Discovery - Root automatically discovers what images and libraries you use
- Remediation - When vulnerabilities are found, Root's AVR Factory automatically patches them
- Delivery - Secured artifacts (images and libraries) are delivered ready to use
- Maintenance - Continuous monitoring and patching ensures ongoing security
This end-to-end approach means you get actual fixes, not just reports or recommendations.
What Makes Root Unique
No Migration Required
Root works with your existing infrastructure. You don't need to:
- Migrate to new registries
- Rebuild your entire stack
- Change your development workflows
- Accept breaking upgrades
You stay on your current container images ecosystem—easy to onboard, easy to offboard.
Pinned Versions, Not Forced Upgrades
Root patches the versions you're actually running, not the latest versions. This means:
- No breaking changes - your applications continue to work
- EOL and LTS support - legacy systems can be secured
- Version pinning - stay on the versions that work for you
- Reduced upgrade pain - security fixes without application rewrites
Complete Coverage
Root provides end-to-end coverage:
- Base images (OS, runtimes, system packages) via Root Image Catalog
- Application libraries (npm, PyPI, Maven) via Root Library Catalog
- Transitive dependencies - the 80% of vulnerabilities that live deep in dependency trees
One platform. One SLA. Complete coverage.
The Root Platform
Root delivers secure supply through two integrated products:
Root Image Catalog (RIC)
Secure, continuously maintained container images. Drop-in replacements for Docker Hub images with zero Critical/High CVEs.
Root Library Catalog
Patched, pinned library versions for npm, PyPI, Maven, and more. Fix dependency vulnerabilities without breaking applications.
Both products are powered by Root's AVR Factory—an automated remediation system that patches vulnerabilities faster than manual processes and without the breaking changes of forced upgrades.
Advanced Capabilities
Root Patches / Patch Stream (Enterprise engagements) Root also offers standalone patch artifacts delivered as reproducible fix build streams—a unique capability that no competitor provides. This advanced capability delivers patch feeds as direct deliverables for enterprise CI/CD pipelines. Contact your Enterprise Support Team to learn more about this capability.
Why Root Matters
Root delivers actual security fixes, not just security reports.
Traditional security tools tell you what's wrong. Root fixes what's wrong—automatically, continuously, and without breaking your stack.
The result: you can achieve zero effective vulnerabilities in your software supply chain without the operational overhead, breaking changes, or vendor lock-in that come with traditional approaches.
Updated 11 days ago