# Root.io Inc.
*Also known as Root*

- Website: https://www.root.io
- Location: Boston, MA, USA
- Agent profile: https://directory.haycion.ai/agents/root-io

> Root is a security platform delivering agentic, SLA-backed vulnerability remediation for container images and application dependencies.

Root is a security platform that automates vulnerability remediation across container images and their dependencies. It integrates into existing development pipelines to secure software without slowing teams. The platform discovers and patches vulnerabilities directly in place, across base images and libraries, delivering SLA-backed fixes, provenance and attestations, SBOMs, and security analytics. It is used by teams in finance, software-as-a-service, defense, and data governance to reduce CVEs, accelerate releases, and maintain compliance while preserving developer velocity.

**Mission:** Keep your workflow, fix your problems. Root helps teams secure containerized software in seconds—without disrupting workflows or overhauling existing tools.

## Products & Services

### [Root Image Catalog (RIC)](https://www.root.io/ric)
*Platform*
Instantly secure and remediate over 2,000 container images with zero workflow changes.

- **2,000+ Curated Base Images** — Access A Vast Catalog
- **Drop-in Replacement** — Replace Easily
- **In-Place Remediation** — Remediate Seamlessly
- **Automated Remediation to Zero CVEs** — Achieve Zero CVEs
- **CI/CD and Registry Integration** — Integrate Seamlessly
- **Enhanced SLA** — Accelerated Responses
- **Standard SLA** — Reliable Timelines
- **Proof Chain and Provenance** — Maintain Trust

### [Root Library Catalog (RLC)](https://www.root.io/rlc)
*Platform*
Automated remediation for application dependencies without disruptive upgrades.

- **Backported Fixes** — Apply Safe Patches Without Upgrades
- **No Forced Upgrades** — Avoid Disruptive Upgrades
- **Automatic Library Discovery** — Discover Your Libraries Seamlessly
- **In-Place Library Remediation** — Patch Libraries In Place
- **Provenance and SBOM for Patches** — Complete Audit Trail For Every Fix
- **Language Ecosystem Coverage** — Support For Multiple Languages
- **SLA-Backed Fix Throughput** — Predictable Patch Delivery
- **Patch History** — Access Detailed Patch Records

## Market Segments

- **Container image security**: Capabilities that provide hardened, continuously patched base container images and in-place remediation to reduce image CVEs and maintain registry provenance.
- **Open-source dependency remediation**: Automated discovery and in-place remediation of application libraries including backported fixes for pinned versions, patch history, and language ecosystem coverage.
- **Supply chain provenance and SBOM management**: Generation and management of SBOMs, attestations, and provenance for fixes to support audits, compliance, and traceability of image and library changes.
- **Remediation automation for CI/CD**: Integration with registries and CI/CD workflows to deliver automated, in-place remediation with SLA-backed throughput while preserving developer velocity.
