The dashboard is the first screen after login. It provides a live view of Root’s agentic work across your environment, combining real-time pipeline activity with cumulative protection metrics.
Agentic Factory
The top of the dashboard shows the Agentic Factory — a live visualization of Root’s remediation pipeline operating on your organization’s security findings. A badge in the top right shows how many findings Root is actively working on (e.g., “Actively working on 553 Security Findings”).
Current Factory Work
The Current Factory Work panel displays findings flowing through each stage of the pipeline:
| Stage | Description | Scope |
|---|
| Detected | New security findings discovered | Past 24 hours |
| Researching | Agent researching for potential fix candidates | All current |
| Creating a Patch | Applicable fix candidate found — creating the patch | All current |
| Patch is Available | Patch is ready, hasn’t yet been applied on the asset | All current |
| Fixed | Findings resolved | Past 24 hours |
Security findings — Detected and Fixed (Last 7 Days)
Below the factory, two summary cards show 7-day trends:
- Detected — count of new findings with a severity breakdown (Critical, High, Medium) and a sparkline trend chart
- Fixed — count of resolved findings with a sparkline trend chart, plus verification steps completed: “Patch Fully Tested”, “Merge Request Created”, “Validated and Approved by a Human”
Protection Overview
The Protection Overview section shows cumulative metrics across your organization. A badge in the top right displays the overall protection percentage (e.g., “Protection: 96% Findings Resolved”).
Summary panels
| Panel | What it shows |
|---|
| Total Detected | Total security findings discovered across all subscribed images and libraries, with Critical/High/Medium breakdown |
| Total Fixed | Total findings Root has remediated, with Critical/High/Medium breakdown |
| Total Monitored Libraries | Count of libraries secured by Root |
| Total Monitored Images | Count of container images secured by Root |
Security Findings Detected vs. Fixed Over Time
A line chart plots the cumulative count of detected findings and fixed findings over time, showing how remediation keeps pace with discovery.
Recent Security Findings Updates
A tabbed feed showing the most recent findings across four status tabs:
| Tab | What it shows |
|---|
| Fixed | Recently resolved CVEs with package name, version, and severity |
| Patch is Available | CVEs where Root has a patch ready |
| Creating a Patch | CVEs where Root’s agents are generating a fix |
| Researching | CVEs where Root’s agents are investigating fix candidates |
Complete Autonomous Protection
A gauge showing the percentage of actionable security findings that Root has resolved. When protection is high (e.g., 96%), the panel displays: “Root has everything under control. Root has resolved 96% of all actionable security findings in your environment — every backport patched, fully tested, and delivered as a validated merge request.”
Security Findings page
The Security Findings page (accessible from the sidebar) lists every vulnerability across your subscribed images and discovered packages.
This page may still appear as “Vulnerabilities” in parts of the sidebar while the rename rolls out.
Status tabs
| Tab | Meaning |
|---|
| Fixed | Root has applied a patch — the vulnerability is resolved |
| Working on a Patch | Root’s agents are actively researching or generating a fix |
| No Fix Available | No upstream fix exists; Root is monitoring |
Group by CVE
A single CVE can affect multiple assets — the same package across several images, plus libraries your organization uses. Use the Group by CVE option to see the total impact and scope of each vulnerability across your environment, rather than viewing each affected asset as a separate row.
Medium vulnerabilities toggle
A global Medium vulns toggle controls whether Medium-severity findings appear in dashboard charts, the inventory vulnerability reduction column, and reports. Medium vulnerabilities are shown by default.
Filtering
Filter the security findings table by:
- Search — package name or CVE ID
- Ecosystem — PyPI, APK, APT, npm, Maven
- Severity — Critical, High, Medium, Low, Unknown
- Status tab — Fixed / Working on a Patch / No Fix Available
Filters combine. For example: High-severity PyPI packages currently being worked on.
SLA targets
Root defines two SLA tiers. Standard is included with all paid subscriptions; Enhanced is available at additional charge per Order Form.
Standard SLA:
| Severity | Timeline | CISA KEV |
|---|
| Critical | 30 calendar days | 72 hours |
| High | 30 calendar days | 72 hours |
| Medium | 60 calendar days | — |
| Low | Commercially reasonable | — |
| Severity | Timeline | CISA KEV |
|---|
| Critical | 7 calendar days | 48 hours |
| High | 14 calendar days | 48 hours |
| Medium | 30 calendar days | — |
| Low | Commercially reasonable | — |
Exporting metrics
CSV export:
From the Security Findings page, use the export button to download the current filtered view as CSV. The export includes CVE ID, severity, CVSS score, package, ecosystem, OS, SLA status, and fix date.
API access:
All dashboard data is available via the Root API for integration with BI tools, dashboards, and SIEM:
# Get all fixed CVEs for your organization
curl -H "Authorization: Bearer $ROOT_TOKEN" \
"https://api.root.io/v1/patches?ticket_statuses=done&order=updated_at:desc"
# Get CVEs currently being worked on
curl -H "Authorization: Bearer $ROOT_TOKEN" \
"https://api.root.io/v1/patches?ticket_statuses=open,in_progress"
# Get subscribed images with patch metadata
curl -H "Authorization: Bearer $ROOT_TOKEN" \
"https://api.root.io/v1/subscriptions/"
- Dashboard — this page
- Security Findings — the full CVE table with filtering
- Libraries — Library Catalog and My Library
- Images — Image Catalog and My Images
- Patcher Flow — the Agentic Patching visualization
- Settings — organization and account settings
- Invite Teammates — add team members to your organization
- Documentation — links to docs.root.io
- Get Help — contact Root support
