Skip to main content
Root maintains a current SBOM for every artifact in its registries. SBOMs are updated automatically when Root Patches are applied and are available for download at any time.

SBOM Report Types

[Per-image SBOM, per-package SBOM, fleet-wide SBOM rollup coming soon]

Accessing SBOMs

[Root platform UI, Root API endpoints, OCI annotations on images (cosign / ORAS) coming soon]

SBOM Formats

[SPDX 2.3, CycloneDX 1.5 — which fields are populated, Root-specific extensions coming soon]

Continuous SBOM Updates

[How SBOMs are versioned, how to detect changes between versions, SBOM diff endpoint coming soon]

Integrating SBOMs with External Tools

[Grype, Trivy, Dependency-Track, Anchore — how to ingest Root SBOMs coming soon]