> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Image Catalog & My Images

> Browse Root's catalog of secure container images and manage your subscribed images.

Root provides two views for working with container images: the **Image Catalog** (the full directory of available images) and **My Images** (the images your organization is subscribed to).

## Image Catalog

The Image Catalog lists all container images available through Root Image Catalog at `cr.root.io`. Access it at [app.root.io/images/catalog](https://app.root.io/images/catalog).

<Frame caption="The Image Catalog — browse and filter images by Base Images, Community, Applications, AI, Dev Tools, or FIPS.">
  <img src="https://mintcdn.com/root-939307ed/cCjlTIX-fOzNh_rn/images/image-catalog-grid.png?fit=max&auto=format&n=cCjlTIX-fOzNh_rn&q=85&s=fdc525c40c54ae6551a181abdbcdf039" width="2648" height="1590" data-path="images/image-catalog-grid.png" />
</Frame>

### What you see

The catalog displays images that have active subscriptions. Each image card shows:

* **Image name** (e.g., `python`, `node`, `postgres`)
* **Available tags** with architecture indicators (amd64, arm64)
* **Vulnerability reduction chart** - a before/after comparison of Critical and High CVEs between the upstream image and Root's patched version

<Note>
  Images that are not actively subscribed by any customer may not appear in the public catalog. Any image can be added within 48 hours upon request — contact Root at [root.io/contact](https://www.root.io/contact).
</Note>

### Subscribing to an image

<Steps>
  <Step title="Find the image">
    Browse or search the catalog for the image you need.
  </Step>

  <Step title="Select a tag">
    Click the image to view available tags. Choose the tag matching your current usage (e.g., `3.11-slim-bookworm`).
  </Step>

  <Step title="Subscribe">
    Click **Subscribe** on the tag. Root begins scanning for vulnerabilities and generating patched versions.
  </Step>

  <Step title="Pull the image">
    Pull the patched image from Root's registry:

    ```bash theme={null}
    docker pull cr.root.io/python:3.11-slim-bookworm
    ```
  </Step>
</Steps>

### Vulnerability charts

Each image tag page includes a before/after vulnerability chart showing how Root reduces Critical and High CVEs over time. The chart plots counts across successive scans so you can see the remediation trend.

<Info>
  For images based on older distributions (e.g., Debian Bullseye, Amazon Linux), Root may not achieve zero vulnerabilities because backports are not always available. The chart indicates when this is the case.
</Info>

### Architecture support

Root images are available for both `amd64` and `arm64`. The catalog shows which architectures are available for each tag. Docker automatically selects the correct architecture when pulling.

***

## My Images

**My Images** shows the images your organization is currently subscribed to.

<Frame caption="My Images — track subscribed images, before/after CVE counts, and open patches or reports for each.">
  <img src="https://mintcdn.com/root-939307ed/cCjlTIX-fOzNh_rn/images/my-images-table.png?fit=max&auto=format&n=cCjlTIX-fOzNh_rn&q=85&s=110727d716f33b3fd9b0f36acc7054fc" width="2648" height="1416" data-path="images/my-images-table.png" />
</Frame>

### What you see

| Column           | Description                                                  |
| ---------------- | ------------------------------------------------------------ |
| **Image:Tag**    | The image name and tag                                       |
| **Architecture** | amd64, arm64, or both                                        |
| **Before**       | Critical + High CVE count in the upstream image              |
| **After**        | Critical + High CVE count in Root's patched version          |
| **Status**       | Whether the image is up to date, pending scan, or has issues |

### Image reports

Click **View Report** on any subscribed image to open the Image Report:

* **Vulnerability breakdown** by severity (Critical, High, Medium, Low)
* **Security Findings table** listing each finding with status, severity, and SLA information
* **Before/after chart** showing remediation progress over time
* **Package details** for every OS package in the image

<Warning>
  After subscribing to a new image, security findings data may take a few minutes to become available. During this period the report may show a loading state.
</Warning>

### FIPS images

Root offers FIPS 140-3 validated images for regulated environments, identified with a FIPS badge in the catalog. See [FIPS Images](/ric/fips-images) for details.

***

## Pulling Root images

<Frame caption="Configure catalog access — authenticate with the Root container registry using your API token.">
  <img src="https://mintcdn.com/root-939307ed/cCjlTIX-fOzNh_rn/images/image-catalog-configure-access.png?fit=max&auto=format&n=cCjlTIX-fOzNh_rn&q=85&s=44da2a8eb69ac51faed37119a522f312" width="2650" height="1358" data-path="images/image-catalog-configure-access.png" />
</Frame>

Replace Docker Hub references with the Root equivalent:

```dockerfile theme={null}
# Before (upstream)
FROM python:3.11-slim-bookworm

# After (Root-secured)
FROM cr.root.io/python:3.11-slim-bookworm
```

Same tags, same behavior, same package versions - with Critical and High CVEs removed.

For full setup, see [Getting Started with RIC](/ric/getting-started). For registry mirror configuration (ECR, JFrog Artifactory), see the **Registry Mirrors** section under Root Image Catalog in the sidebar.