Skip to main content
Root patches are recognized by all major vulnerability scanners. When you scan a Root image or package, these scanners correctly report patched CVEs as fixed — no configuration required.

Supported Scanners

ScannerRoot patches recognized
Grype
Trivy
Wiz
Orca Security
Sysdig
Ox Security
Mend
GitLab
VMware Harbor
Qualys
Jit
Rancher
Datadog

Verifying with Wiz

See the Wiz integration guide for a before/after example showing the reduction in findings when scanning a Root image vs. its upstream Docker Hub equivalent.