Skip to main content
The Root platform at app.root.io gives you visibility into your organization’s images, libraries, and vulnerability posture. This section documents the key screens and features.

Platform pages

Image Catalog & My Images

Browse secure container images, subscribe to tags, and track before/after vulnerability reduction.

Library Catalog

Explore Root-secured packages across Python, JavaScript, and Java ecosystems.

My Library

Track discovered packages in your organization and identify which have Root-secured versions.

Security Findings

View and filter all CVEs across your subscribed images and libraries.

CVE Details

Deep-dive into any CVE - affected assets, patch status, remediation timeline, and the affected assets graph.

Agentic Patching

Watch Root’s AI agents research, patch, and validate fixes in real time.

How the platform fits together

The platform is organized around two flows: Supply flow - where you get secure artifacts: Visibility flow - where you monitor your security posture:
  • My Images and My Library show what your organization is using and the CVE status of each.
  • Security Findings is the central table of all vulnerabilities across your subscriptions.
  • CVE Details lets you drill into any individual CVE to see affected assets, patch artifacts, and the agentic patching flow.
  • The Dashboard provides aggregate metrics and trends.

Additional platform capabilities

AI-driven malware checks — Root runs AI-driven malware analysis on all packages it builds. This catches zero-day malware before it enters your supply chain — for example, compromised package versions like the axios attack are blocked from being built. Malware checks run automatically; no configuration is needed. Token Management — Root supports org-level service tokens for programmatic access. Tokens are not tied to individual users, so pipelines don’t break when someone leaves the team. Features include permission scoping (Admin, Member, Read-only), token naming, created-by visibility, last-used tracking, and optional expiration dates. Token management is available under Settings in the app sidebar.
Dedicated documentation pages for malware checks and token management are coming soon.
From the app sidebar:
  • Dashboard - fleet-wide metrics
  • Security Findings (labeled “Vulnerabilities” in some views) - the main CVE table
  • My Images - your subscribed container images
  • My Library - your discovered application and OS packages
  • Image Catalog - browse all available images
  • Library Catalog - browse all available packages