What Root Image Catalog Provides
- The same images you pull from Docker Hub today - same tags, same behavior
- CVEs remediated - typically 2+ Critical and 15+ High vulnerabilities reduced to zero
- Continuously maintained - when new CVEs are disclosed, AVR patches them automatically
- SLA-backed remediation - Critical CVEs patched within hours, not days or weeks
- No breaking changes - same tags, same compatibility, no ecosystem migration required
Who Should Use RIC
Root Image Catalog is for teams that:- Need secure base images without rebuilding applications
- Want continuous security maintenance without manual patching
- Can’t absorb breaking changes from forced upstream upgrades
- Need verifiable security artifacts (SBOM, VEX, provenance) for compliance
RIC vs. Standard Images
vs. Official Images (Docker Hub)
vs. Other Secure Image Providers
Continuous Maintenance
Root Image Catalog provides ongoing security coverage - not a one-time snapshot:- Automatic scanning - all subscribed images are scanned continuously for new CVEs
- Automatic patching - when new vulnerabilities are detected, AVR remediates them without any action on your part
- Same tags maintained - updated images keep the same tags, so your existing references stay valid
- SLA-backed - Critical CVEs remediated within hours; High within 14 days; Medium within 60 days
Security Artifacts
Every image fromcr.root.io ships with:
- SBOM - complete inventory of all components and their versions, including patched packages
- VEX statement - records which CVEs were fixed and confirms non-exploitability of others
- Provenance - cryptographic attestation proving the image came from Root’s AVR pipeline
Get Started
Authenticate and pull your first secure image.
Supported Images
Browse available image families and tags.