Skip to content

Add Root.io scanning support #9074

New issue
New issue
Closed
Feature
#9073
Closed
Add Root.io scanning support#9074
Feature
#9073
Labels
kind/featureCategorizes issue or PR as related to a new feature.scan/vulnerabilityIssues relating to vulnerability scanning
Milestone
v0.64.0
@knqyf263

Description

@knqyf263
knqyf263
opened on Jun 25, 2025

Summary

Add support for scanning Root.io environments in Trivy. Root.io provides security patches for Debian, Ubuntu, and Alpine-based systems with enhanced vulnerability detection using version constraint ranges instead of single fixed versions.

Background

Root.io is a security service that provides patches for vulnerabilities in three base environments:

  • Debian/Ubuntu: Packages with .root.io in version strings (e.g., 2.31-13+deb11u4.root.io)
  • Alpine: Packages with -r\d007\d patterns (e.g., -r10071, -r20072)

Unlike traditional distributions that specify single fixed versions, Root.io uses version constraint ranges (e.g., >= 1.2.0, < 2.0.0) requiring flexible version comparison with five operators: >, <, >=, <=, ==.

Use Cases

  • Container image scanning with Root.io patches
  • Filesystem scanning of Root.io-patched systems
  • SBOM analysis for Root.io environments

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.scan/vulnerabilityIssues relating to vulnerability scanning

    Type

    Feature

    Projects

    Trivy Roadmap

    Status

    No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions