API Reference

Authentication
Base URL
Endpoints
Artifacts
Patches
SBOMs
VEX
Reports
Rate Limits
SDKs

Root exposes a REST API for programmatic access to patch status, SBOM and VEX data, vulnerability reports, and registry management.

Authentication

[API token generation, Bearer token usage, token scopes and permissions coming soon]

Base URL

https://api.root.io/v1

Endpoints

[Full OpenAPI specification and interactive reference coming soon]

Artifacts

[GET /images, GET /packages — list artifacts with patch status coming soon]

Patches

[GET /patches — query Root Patches by artifact, CVE, or date range coming soon]

SBOMs

[GET /sbom/ — retrieve current SBOM for an artifact coming soon]

VEX

[GET /vex/ — retrieve VEX statements for an artifact coming soon]

Reports

[GET /reports/vulnerabilities — bulk vulnerability report export coming soon]

Rate Limits

[Request limits, rate limit headers, retry guidance coming soon]

SDKs

[Official Python and JavaScript SDK documentation coming soon]

FAQ CLI Reference

⌘I

Getting Started

Root Image Catalog

Root Library Catalog

Core Concepts

Registry Integrations

Reports & Insights

Reference

Trust & Compliance

API Reference

Authentication

Base URL

Endpoints

Artifacts

Patches

SBOMs

VEX

Reports

Rate Limits

SDKs

Getting Started

Root Image Catalog

Root Library Catalog

Core Concepts

Registry Integrations

Reports & Insights

Reference

Trust & Compliance

​Authentication

​Base URL

​Endpoints

​Artifacts

​Patches

​SBOMs

​VEX

​Reports

​Rate Limits

​SDKs

Authentication

Base URL

Endpoints

Artifacts

Patches

SBOMs

VEX

Reports

Rate Limits

SDKs