> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting Started with RIC

> Subscribe, authenticate, pull your first secure image, and verify CVE remediation with Trivy.

This guide walks through subscribing to an image in Root Image Catalog, authenticating to `cr.root.io`, pulling a secure image, and verifying its patch coverage.

## Prerequisites

* Docker Desktop (macOS) or Docker Engine (Linux) installed and running
* Access to Root Image Catalog - [contact Root](https://root.io) to get credentials
* A scanner for verification (recommended: [Trivy](https://trivy.dev) - `brew install trivy`)

## Step 1: Subscribe to an Image

Subscribing to an image activates continuous scanning, SLA-backed remediation, and notifications for that image. Root will begin monitoring it for new CVEs and automatically patch them according to the remediation SLA.\*

1. Open **Image Catalog** in the Root platform UI
2. Find the image family you want (for example, **Python 3.12**)
3. Click **Subscribe**
4. Verify it appears in your **Inventory**

<Info>
  \* Continuous scanning, SLA-backed remediation, and notifications are available on paid plans only and are not included in free trials.
</Info>

## Step 2: Authenticate to cr.root.io

Generate an API token from the Root UI, then authenticate Docker:

```bash theme={null}
export ROOT_TOKEN="your-token-here"
echo "$ROOT_TOKEN" | docker login cr.root.io -u root --password-stdin
```

You can also use **Configure Catalog Access** in the Root UI for step-by-step credential instructions.

## Step 3: Pull a Secure Image

Replace your existing image reference with the Root equivalent. Tags are identical:

```bash theme={null}
# Standard image
docker pull python:3.12

# Root secure image - same tag, zero Critical/High CVEs
docker pull cr.root.io/python:3.12
```

## Step 4: Update Your Dockerfile

```dockerfile theme={null}
# Before
FROM python:3.12

# After
FROM cr.root.io/python:3.12
```

No other changes required.

## Step 5: Verify with Trivy

Run a side-by-side scan to confirm vulnerability reduction:

```bash theme={null}
# Scan the standard image
trivy image python:3.12
# Typical result: ~1,300 vulnerabilities

# Scan the Root image
trivy image cr.root.io/python:3.12
# Typical result: zero Critical/High vulnerabilities
```

<Info>
  Some low-severity findings may still appear in scanner output. Download the SBOM and VEX artifacts from the Root UI or API to provide auditors with full remediation documentation - VEX statements tell scanners like Trivy which findings are fixed and why they're not exploitable.
</Info>

## Next Steps

<CardGroup cols={2}>
  <Card title="Supported Images" icon="list" href="/ric/supported-images">
    See all available image families and tags.
  </Card>

  <Card title="Root Patches for Images" icon="shield-check" href="/ric/root-patches">
    Learn how patches are applied and what artifacts ship with each image.
  </Card>
</CardGroup>