> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Vulnerability Reports

> Per-artifact and fleet-wide reports on CVE coverage and Root Patch status.

Vulnerability reports give you a real-time view of every known CVE across your Root-managed images and packages - which are patched, which are pending, and which have no fix available yet.

## What's Included

Each vulnerability report includes:

**Per-CVE status:**

| Status                 | Meaning                                                                |
| ---------------------- | ---------------------------------------------------------------------- |
| **Fixed**              | Root has applied a patch; the CVE is no longer exploitable             |
| **Under SLA**          | Root is actively working on a patch within the committed SLA           |
| **No Fix Available**   | No upstream fix exists yet; Root is monitoring                         |
| **Not Affected (VEX)** | The CVE exists in a dependency but is not exploitable in this artifact |

**Per-entry fields:**

* CVE ID (e.g., `CVE-2024-1234`)
* Severity: Critical, High, Medium, Low
* CVSS score
* Package name, version, and ecosystem (PyPI, APK, APT, npm, Maven, Go)
* OS distro and release
* Number of affected assets in your environment
* SLA deadline (for CVEs under active remediation)
* Date patched (for fixed CVEs)

## Report Format

**Web UI:** The Vulnerabilities page displays an interactive table with all CVEs across your subscribed artifacts. Columns include CVE ID, ecosystem, package, version, OS distro, affected asset count, severity, CVSS score, and SLA status.

**CSV export:** Download the current report as a CSV file from the Vulnerabilities page. The export includes all columns visible in the table and reflects your active filters.

**JSON (API):** The API returns structured JSON with the same fields, suitable for ingestion into SIEM, ASPM, or ticketing systems.

## Accessing Reports

**Via the Root platform UI:**

1. Navigate to **Vulnerabilities** in the sidebar
2. View CVEs grouped by status: **Fixed**, **Under SLA**, **No Fix Available**
3. Use the search bar to find a specific CVE ID
4. Click any CVE to see which images and packages are affected

The **Reports** page provides a vulnerability reduction graph - a before/after view showing how many CVEs Root has eliminated across your subscribed artifacts.

**Via the Root API:**

```bash theme={null}
# List patches (fixed CVEs) for your organization
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=done&order=created_at:desc&limit=100"

# Filter by severity
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?severities=critical,high&ticket_statuses=done"

# Get patch details for a specific CVE
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?cve_id=CVE-2024-1234"
```

**Public patch feed** (no auth required):

```bash theme={null}
# All patches for a specific ecosystem
curl "https://api.root.io/external/patch_feed?ecosystem=alpine"
curl "https://api.root.io/external/patch_feed?ecosystem=debian"
curl "https://api.root.io/external/patch_feed?ecosystem=pypi"
```

## Filtering and Scoping

**In the UI**, filter by:

* **Package name** - find all CVEs in a specific library
* **Ecosystem** - narrow to PyPI, APK, APT, npm, Maven, Go
* **Severity** - Critical, High, Medium, Low, Unknown
* **SLA status** - Met, Active (under SLA), Breached, Not Applicable
* **Fix status** - Fixed, Not Fixed

**Via the API**, use query parameters:

```bash theme={null}
# Filter by ecosystem and severity
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ecosystem=pypi&severities=critical,high"

# Filter by package
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?package_src_name=requests"

# Filter by CVE status
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=open,in_progress"

# Paginate results
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?limit=100&after={cursor}"
```

## Integrating with SIEM and ASPM

**Webhook delivery:**

Root can push vulnerability status updates to a webhook endpoint whenever a patch is applied. This enables real-time integration with ticketing and SIEM systems.

**Splunk / Elastic:**

Use the API to pull patch and vulnerability data on a schedule and ingest it into your SIEM:

```bash theme={null}
# Example: poll every 15 minutes for newly patched CVEs
curl -H "Authorization: Bearer $ROOT_TOKEN" \
  "https://api.root.io/v1/patches?ticket_statuses=done&order=updated_at:desc&limit=50"
```

**Wiz / Orca / Snyk:**

Export vulnerability reports and VEX statements from Root and import them into your ASPM platform to update finding status and suppress patched CVEs from active alert queues. See [VEX Reports](/reports/vex-reports) for scanner-specific suppression instructions.