Track pending updates and CVEs across a Linux fleet, then approve and run patches from one dashboard
- Stars3k
- Forks129
- Open Issues245
AGPL-3.0
- JavaScript
- Go
- Shell
About PatchMon
PatchMon tracks patch status across a fleet of Linux servers, with FreeBSD and Windows agents supported too. A lightweight agent reports installed packages, available updates, and repository config from each host, so the dashboard shows outdated and vulnerable packages and which hosts need attention. The agent connects outbound only, so monitored hosts need no inbound ports, SSH, or WinRM exposure.
From there you can act on what you see. A dry-run previews the exact package transaction on a host, one-click approval turns it into a real run, and patch policies schedule when updates apply. Live patch streaming shows agent output in the browser, and every run is logged with exit code, packages touched, and approver. Patching works across apt, dnf, yum, apk, pacman, and FreeBSD pkg.
Compliance scanning runs OpenSCAP CIS Benchmarks and Docker Bench, with RBAC and OIDC single sign-on for access. It deploys as one Go binary with the React UI embedded, backed by PostgreSQL and Redis.
Key features
- Agent reports installed packages, updates, and repos per host
- Fleet dashboard of outdated and vulnerable packages by host
- Dry-run, approve, schedule, and stream patch runs from the UI
- Patching across apt, dnf, yum, apk, pacman, and FreeBSD pkg
- OpenSCAP CIS and Docker Bench compliance scanning, RBAC, OIDC SSO
Details
- First released
- 2025
- Targets
- Debian · Ubuntu · RHEL · CentOS
- Platforms
- Linux · FreeBSD · Windows
- Deployment
- Docker · Proxmox LXC
- License
- AGPL v3
- Language
- Go · React