Root Library Catalog provides a Maven-compatible repository at pkg.root.io/maven/.
Prerequisites
Root Library Catalog supports two integration approaches depending on your build tool:
- Maven: uses the Root Patcher CLI (
rootio_patcher) to patch your pom.xml before building.
- Gradle: uses the Root.io Gradle Plugin, which patches at build time — no CLI needed. Skip to the Gradle section.
Install the CLI if you’re using Maven:
For macOS Intel and Windows, see the full installation instructions.
Then set your API key:
Maven
~/.m2/settings.xml
Configure Root as a mirror for Maven Central and add your credentials:
Keep your Root token out of source control. Use environment variable interpolation (${env.ROOT_TOKEN}) in settings.xml and export the token in your shell or CI environment.
Patch dependencies
After running the patcher, rebuild:
CI/CD Configuration
Use environment variable interpolation in settings.xml to inject the token safely:
Gradle
The Root.io Gradle Plugin automatically patches vulnerable dependencies at build time with zero changes to your dependency declarations.
Installation
Apply the plugin in build.gradle.kts:
The plugin is published to the Gradle Plugin Portal — no extra repository configuration needed. If your pluginManagement block explicitly lists repositories, make sure gradlePluginPortal() is included.
If your organization uses JFrog Artifactory, you can also host the plugin there or route patched artifact resolution through an Artifactory proxy - see Private JFrog Artifactory in the Gradle integration guide.
Configuration
Build
For full details, see the Gradle integration guide.
Troubleshooting