Skip to main content
Vulnerability reports give you a real-time view of every known CVE across your Root-managed images and packages - which are patched, which are pending, and which have no fix available yet.

What’s Included

Each vulnerability report includes: Per-CVE status:
StatusMeaning
FixedRoot has applied a patch; the CVE is no longer exploitable
Under SLARoot is actively working on a patch within the committed SLA
No Fix AvailableNo upstream fix exists yet; Root is monitoring
Not Affected (VEX)The CVE exists in a dependency but is not exploitable in this artifact
Per-entry fields:
  • CVE ID (e.g., CVE-2024-1234)
  • Severity: Critical, High, Medium, Low
  • CVSS score
  • Package name, version, and ecosystem (PyPI, APK, APT, npm, Maven)
  • OS distro and release
  • Number of affected assets in your environment
  • SLA deadline (for CVEs under active remediation)
  • Date patched (for fixed CVEs)

Report Format

Web UI: The Vulnerabilities page displays an interactive table with all CVEs across your subscribed artifacts. Columns include CVE ID, ecosystem, package, version, OS distro, affected asset count, severity, CVSS score, and SLA status. CSV export: Download the current report as a CSV file from the Vulnerabilities page. The export includes all columns visible in the table and reflects your active filters. JSON (API): The API returns structured JSON with the same fields, suitable for ingestion into SIEM, ASPM, or ticketing systems.

Accessing Reports

Via the Root platform UI:
  1. Navigate to Vulnerabilities in the sidebar
  2. View CVEs grouped by status: Fixed, Under SLA, No Fix Available
  3. Use the search bar to find a specific CVE ID
  4. Click any CVE to see which images and packages are affected
The Reports page provides a vulnerability reduction graph - a before/after view showing how many CVEs Root has eliminated across your subscribed artifacts. Via the Root API: 
# List patches (fixed CVEs) for your organization
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=done&order=created_at:desc&limit=100"

# Filter by severity
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?severities=critical,high&ticket_statuses=done"

# Get patch details for a specific CVE
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?cve_id=CVE-2024-1234"
Public patch feed (no auth required): 
# All patches for a specific ecosystem
curl "https://api.root.io/external/patch_feed?ecosystem=alpine"
curl "https://api.root.io/external/patch_feed?ecosystem=debian"
curl "https://api.root.io/external/patch_feed?ecosystem=pypi"

Filtering and Scoping

In the UI, filter by:
  • Package name - find all CVEs in a specific library
  • Ecosystem - narrow to PyPI, APK, APT, npm, Maven
  • Severity - Critical, High, Medium, Low, Unknown
  • SLA status - Met, Active (under SLA), Breached, Not Applicable
  • Fix status - Fixed, Not Fixed
Via the API, use query parameters: 
# Filter by ecosystem and severity
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ecosystem=pypi&severities=critical,high"

# Filter by package
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?package_src_name=requests"

# Filter by CVE status
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=open,in_progress"

# Paginate results
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?limit=100&after={cursor}"

Integrating with SIEM and ASPM

Webhook delivery: Root can push vulnerability status updates to a webhook endpoint whenever a patch is applied. This enables real-time integration with ticketing and SIEM systems. Splunk / Elastic: Use the API to pull patch and vulnerability data on a schedule and ingest it into your SIEM: 
# Example: poll every 15 minutes for newly patched CVEs
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=done&order=updated_at:desc&limit=50"
Wiz / Orca / Snyk: Export vulnerability reports and VEX statements from Root and import them into your ASPM platform to update finding status and suppress patched CVEs from active alert queues. See VEX Reports for scanner-specific suppression instructions.