Vulnerabilities Statuses
Every vulnerability (CVE) detected in your subscribed images or libraries is assigned a status that reflects its current position in Root's remediation pipeline. These statuses help you understand what Root is actively working on, what has been resolved, and where remediation is blocked by external factors. This doc can help you plan your security response accordingly.
Under SLA
A fix candidate has been found, Root is actively working on a patch, and the SLA clock is ticking (7 days for Critical, 14 for High, 60 for Medium)
Fixed
Root has produced and applied a remediated version of the affected package
No Fix Available
"No Fix Available" means that Root has detected a vulnerability (CVE) in your subscribed images or libraries, but there is currently no upstream fix or applicable patch candidate that Root can use to remediate it. This means Root's SLA clock has not started for these vulnerabilities.
Updated about 5 hours ago