> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Glossary

> Definitions for key terms used throughout Root's documentation.

## AVR - Agentic Vulnerability Remediation

Root's core technology. A fleet of AI agents - with human-in-the-loop oversight - that automates the full lifecycle of vulnerability remediation: research, patch, test, and deliver. See [AVR](/concepts/avr).

## Backported Patch

A fix taken from a newer version of a package and applied to an older version, preserving the version you declared while eliminating the vulnerability. One of two Root Patch types. See [Root Patches](/concepts/root-patches).

## Native Distribution Package Upgrade

A vulnerability fix delivered by applying the package maintainer's or Linux distribution's own updated package - used when an upstream fix is available and safe to apply. One of two Root Patch types. See [Root Patches](/concepts/root-patches).

## RIC - Root Image Catalog

Root's secure container image registry at `cr.root.io`. Provides drop-in replacements for standard base images with vulnerabilities patched by AVR. See [Root Image Catalog](/ric/overview).

## RLC - Root Library Catalog

Root's secure application package registry at `pkg.root.io`. Serves patched versions of Python, JavaScript, Java, and Go packages. See [Root Library Catalog](/rlc/overview).

## Root Patch

The unit of remediation in Root's platform. The smallest safe change that eliminates a known vulnerability in a package or image, applied in-place without forcing version upgrades. See [Root Patches](/concepts/root-patches).

## SBOM - Software Bill of Materials

A machine-readable inventory of all components in a software artifact. Root generates and maintains SBOMs for every artifact in its registries, updated whenever a Root Patch is applied. See [SBOMs](/concepts/sbom).

## Shift Out

Root's movement and philosophy: open source should arrive clean and secure by default, shifting remediation out of Engineering and AppSec workflows entirely.

## VEX - Vulnerability Exploitability eXchange

A machine-readable document that asserts whether a known vulnerability in a specific software component is actually exploitable. Root generates VEX statements alongside every Root Patch. See [VEX Statements](/concepts/vex).

## Vulnerable Package

A package or image component that contains a known security vulnerability (CVE). Root's preferred term - not "infected package."