Introducing Root’s Images Catalog: Free Curated Low-Vulnerability Container Image Repository

A Smarter Start to Secure Containers

Every engineering team using containers faces the same problem: the images they rely on are riddled with vulnerabilities. The world’s most popular base images are bloated, outdated, and a security liability. If you’re starting with “latest” images from public repositories, you’re inheriting hundreds—sometimes thousands—of known vulnerabilities before you’ve even written a single line of application code or deployed v0.1 of your cloud infra.

At Root, we think that’s unacceptable. That’s why we’re launching images.root.io—a free, curated repository of secure, maintained, and developer-friendly container images. These images are built to be “just right”—secure, lightweight, easy to use, and continuously updated—so teams can focus on building, not battling vulnerabilities.

Why Container Image Security Is Broken Today.

Most teams don’t start secure—they start with whatever’s easiest to pull from a public repository. That often means grabbing the “latest” version of a base image, which comes with major problems:

• Massive Attack Surface – “Latest” images are bloated with unnecessary dependencies, creating a security and compliance nightmare.

• Persistent Vulnerabilities – Public images frequently contain hundreds to thousands of known CVEs (Common Vulnerabilities and Exposures), many of which go unpatched for extended periods.

• Unpredictable Performance – Lightweight images like Alpine introduce compatibility and debugging headaches, while Debian- and Ubuntu-based images provide more reliable behavior.

• Security Isn’t Static – Even if an image was secure at one point, it can become vulnerable overnight when upstream packages get updated and new CVEs emerge.

What Makes Root’s Images Different?

Root’s curated images solve these issues by giving teams a secure, developer-friendly foundation. Here’s what sets them apart:

• Radically Fewer Vulnerabilities – Root images have 10x fewer vulnerabilities than their “latest” counterparts. We strip out insecure and unnecessary components while maintaining usability.

• Based on Trusted, Supported OSs – We use Debian and Ubuntu, ensuring the best balance of security, performance, and ecosystem support. Unlike Alpine, which has well-documented performance issues, Root’s images are optimized for real-world workloads.

• Curated for Usability & Compatibility – Not too big, not too small. These images include just enough tooling and dependencies for developers to work efficiently—without the bloat that introduces security risk.

• Continuously Maintained by Root Labs – Our team monitors, updates, and patches these images daily. When upstream vulnerabilities appear, we act fast so you don’t have to.

We compared 50 of Root’s Starter Images to their “Latest” equivalents and found that Root’s images reduce critical vulnerabilities by over 50% and high vulnerabilities by more than 90%—giving teams a more secure foundation from the start.

From Hundreds of Vulnerabilities to Zero: How This Fits with Root AVR

Starting with a Root curated image immediately cuts down your security risk, often reducing vulnerability counts from hundreds or thousands to just tens. But for teams that need the absolute lowest risk, these images integrate seamlessly with Root AVR (Automated Vulnerability Remediation). Here’s how to get started:

• Use images.root.io – Get a secure starting point with our curated images, free for anyone.

• Apply Root AVR – Paid Root customers can drive vulnerabilities to zero (critical/high) in minutes, without switching base images or rebuilding infrastructure.

• Works on Any Compatible Image – Root AVR isn’t limited to Root’s curated images—it works on any Debian- or Ubuntu-based container, making it the most flexible way to reach a zero-vulnerability state.

Why Root’s Approach Is Better Than Alternative Solutions

Other companies offer “golden images” or secure container solutions—but most come with trade-offs:

• Chainguard: Requires switching to their proprietary base images, which can be expensive, time-consuming, and restrictive.

• RapidFort: Focuses on minimizing attack surface by automatically stripping out unneeded image components – this approach is brittle and can lead to lots of break-fix.

Root’s approach is fundamentally different:

• We don’t force you to rebase your images—use the OSs and frameworks you already trust.

• No hidden costs or ecosystem lock-in—our free images are open for everyone, and AVR is available to those who need enterprise-grade security.

• A developer-friendly experience—our images “just work” while still dramatically reducing security risk.

Always Expanding: More Images, More Security

We’re always adding more images to images.root.io, but we don’t aim to provide an exhaustive list like some vendors. Why? Because Root AVR works on any compatible image, meaning you can secure whatever your organization already uses.

However, if there’s an image you’d like to see in our curated set, let us know! We’re committed to making security easier for everyone, and we’re happy to add images that benefit the broader community.

Get Started: Your Path to Zero Vulnerabilities Begins Today

1. Explore images.root.io – Start using secure, low-vulnerability images today, free of charge.

2. Join Root AVR – For teams that need zero critical/high vulnerabilities, Root AVR automates remediation for your entire container fleet.

3. Secure Your Cloud Workloads with Ease – No painful rebasing. No security headaches. Just safe, fast, and developer-friendly images.

Security Doesn’t Have to Be Hard

Most teams don’t have the resources to constantly monitor and update their container images for security. That’s why we do it for you. Whether you use Root’s free curated images or take the next step with Root AVR, we make it easy to ship secure, reliable software—without slowing you down.

Try images.root.io today, and take your first step toward a zero-vulnerability future.