Security Posture

Secure Development Practices
Infrastructure Security
Vulnerability Disclosure Policy
Penetration Testing
Data Handling

Root applies the same rigor to its own software supply chain that it applies to its customers’. This page documents Root’s security practices for procurement and security review purposes.

Secure Development Practices

[SSDLC, code review policy, dependency management (Root eats its own cooking — uses RLC/RIC internally), secret scanning coming soon]

Infrastructure Security

[Cloud provider, network segmentation, encryption at rest and in transit, access control coming soon]

Vulnerability Disclosure Policy

[How to report a vulnerability to Root, Root’s response SLA, Hall of Fame coming soon]

Penetration Testing

[Frequency of third-party pen tests, how to request a summary report coming soon]

Data Handling

[What data Root collects about package pulls and image usage, retention policy, data processing locations coming soon]

Trust & Compliance Overview Certifications & Attestations

⌘I

Getting Started

Root Image Catalog

Root Library Catalog

Core Concepts

Registry Integrations

Reports & Insights

Reference

Trust & Compliance

Security Posture

Secure Development Practices

Infrastructure Security

Vulnerability Disclosure Policy

Penetration Testing

Data Handling

Getting Started

Root Image Catalog

Root Library Catalog

Core Concepts

Registry Integrations

Reports & Insights

Reference

Trust & Compliance

​Secure Development Practices

​Infrastructure Security

​Vulnerability Disclosure Policy

​Penetration Testing

​Data Handling

Secure Development Practices

Infrastructure Security

Vulnerability Disclosure Policy

Penetration Testing

Data Handling