> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Reports & Insights Overview

> Visibility into vulnerability coverage, patch status, SBOMs, and VEX statements across your Root-managed supply chain.

Root provides a suite of reports and dashboards that give AppSec and Security Leadership continuous visibility into the state of your supply chain - what's been patched, what's still exposed, and how your posture has changed over time.

## Available Reports

| Report                                                  | Description                                                          |
| ------------------------------------------------------- | -------------------------------------------------------------------- |
| [Vulnerability Reports](/reports/vulnerability-reports) | CVE coverage and patch status across all adopted images and packages |
| [SBOM Reports](/reports/sbom-reports)                   | Current SBOMs for every artifact in your environment                 |
| [VEX Reports](/reports/vex-reports)                     | VEX statement coverage and scanner integration                       |
| [Dashboard & Metrics](/platform/dashboard)              | CVE backlog trends, MTTR, and patch coverage metrics                 |

## Accessing Reports

**Root platform UI:**

The dashboard and all report views are accessible from the Root platform at `app.root.io`. Log in with your organization credentials. The left sidebar provides navigation to:

* **Dashboard** - fleet-wide metrics at a glance
* **Vulnerabilities** - full CVE table with filtering and export
* **Reports** - vulnerability reduction graphs and per-artifact views
* **Subscriptions** - per-image and per-package patch status

**Root API:**

Every report is accessible programmatically via the Root REST API at `https://api.root.io/v1`. Authenticate with a Bearer token:

```bash theme={null}
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=done&limit=100"
```

See the [API Reference](/reference/api) for the full endpoint list.

**Export formats:**

| Format           | Available From                          |
| ---------------- | --------------------------------------- |
| CSV              | Vulnerabilities page (UI export button) |
| JSON             | API endpoints                           |
| CycloneDX / SPDX | SBOM and VEX download endpoints         |

**Webhook notifications:**

Root can deliver patch events to a webhook endpoint in real time - when a patch is applied to a subscribed artifact, Root sends a notification to your endpoint. Integrate with Slack, PagerDuty, Jira, or your SIEM. [Contact Root](https://root.io) to configure webhooks.

## Integrating with Your Security Stack

Root reports are designed to integrate with existing security tooling:

**Vulnerability scanners (Grype, Trivy):**
Import Root SBOM and VEX files into your scanner to suppress findings for patched CVEs. See [VEX Reports](/reports/vex-reports) for scanner-specific instructions.

**ASPM platforms (Wiz, Orca, Snyk):**
Use VEX statements to update finding status in your ASPM. Root's VEX marks patched CVEs as `fixed`, suppressing them from active alert queues.

**SIEM (Splunk, Elastic):**
Poll the Root API on a schedule to ingest patch events. Use the `/patches` endpoint filtered by `updated_at` to get incremental updates.

**Dependency-Track:**
Import Root SBOMs (CycloneDX format) directly into Dependency-Track projects for continuous monitoring and policy evaluation.

**Ticketing (Jira, ServiceNow):**
Use webhooks or API polling to automatically close vulnerability tickets when Root delivers a patch.