Skip to main content
Root Library Catalog provides a Maven-compatible repository at pkg.root.io/maven/.

Prerequisites

Root Library Catalog supports two integration approaches depending on your build tool:
  • Maven: uses the Root Patcher CLI (rootio_patcher) to patch your pom.xml before building.
  • Gradle: uses the Root.io Gradle Plugin, which patches at build time — no CLI needed. Skip to the Gradle section.
Install the CLI if you’re using Maven:
For macOS Intel and Windows, see the full installation instructions. Then set your API key:

Maven

~/.m2/settings.xml

Configure Root as a mirror for Maven Central and add your credentials:
Keep your Root token out of source control. Use environment variable interpolation (${env.ROOT_TOKEN}) in settings.xml and export the token in your shell or CI environment.

Patch dependencies

After running the patcher, rebuild:

CI/CD Configuration

Use environment variable interpolation in settings.xml to inject the token safely:

Gradle

The Root.io Gradle Plugin automatically patches vulnerable dependencies at build time with zero changes to your dependency declarations.

Installation

Apply the plugin in build.gradle.kts:
The plugin is published to the Gradle Plugin Portal — no extra repository configuration needed. If your pluginManagement block explicitly lists repositories, make sure gradlePluginPortal() is included. If your organization uses JFrog Artifactory, you can also host the plugin there or route patched artifact resolution through an Artifactory proxy - see Private JFrog Artifactory in the Gradle integration guide.

Configuration

Build

For full details, see the Gradle integration guide.

Troubleshooting