PatchMon is an open-source patch management platform for Linux, FreeBSD, and Windows. It monitors pending updates across six package managers, deploys patches with approval workflows, runs OpenSCAP CIS compliance scans, and provides browser-based SSH and RDP access -- all from a single self-hosted dashboard.

Is PatchMon really free?

Yes. Community is free under AGPLv3 with no host limits, no user limits, and no feature gates. Cloud plans add managed operations: we host the instance, apply updates, run backups, and include tiered support.

How long does it take to set up PatchMon?

About five minutes. Use the Docker setup from GitHub, run docker compose up -d, complete the admin wizard, then use Hosts → Add host to copy the install command for each machine. Your first server appears within a couple of minutes.

What operating systems does PatchMon support?

PatchMon supports Ubuntu, Debian, RHEL, CentOS, Rocky Linux, AlmaLinux, Fedora, Alpine, Arch Linux, openSUSE, FreeBSD, pfSense, and Windows Server. Agents build for amd64, arm64, i386, and arm architectures.

How does PatchMon differ from Ansible for patching?

Ansible is a general-purpose automation tool. PatchMon is purpose-built for patch management with a permanent dashboard, compliance scanning, approval workflows, audit trails, and alerting. You can use both together -- PatchMon provides an Ansible dynamic inventory plugin.

Open source - AGPLv3 licensed

Deploy and monitor Linux patches.
Prove your compliance.

Name: PatchMon
Author: PatchMon

Open-source patch management for Linux, FreeBSD, and Windows. Secure by design. Self-host or deploy a trial instantly with PatchMon Cloud.

55K+

Servers monitored globally

4K+

Live installations

2.4K

GitHub Stars

500+

Discord community

Why PatchMon

Stop SSH-ing into boxes
to check for updates.

What takes 45 minutes with shell scripts every Monday morning takes 3 seconds with PatchMon. What takes two full days to compile into a compliance report is ready instantly.

Patch Management

6 package managers. Dry-run first. Then apply.

See every pending update across APT, DNF/YUM, APK, Pacman, FreeBSD pkg, and Windows Update in one view. Define patch policies with scheduling (immediate, delayed, or fixed maintenance windows). Preview what will change with dry-run mode. Require approval before production patches execute. Every run captures full shell output for your audit trail.

Learn more

Compliance

The compliance report your auditor actually wants.

Run OpenSCAP CIS benchmark scans against your servers and Docker Bench assessments against your container hosts. See exactly which rules pass and fail, with severity levels and remediation steps for each failure. Track compliance scores over time. When the auditor asks for evidence, the report is ready in minutes, not days.

Learn more

Remote Access

SSH and RDP from your browser. Zero exposed ports.

Click on any host and open a terminal or RDP session directly in PatchMon. Connections can route through the agent's outbound link so SSH and RDP are not broadly exposed on managed hosts. No VPN required. An optional AI terminal assistant can help with commands and error diagnosis when you need it.

Learn more

And much more

Every patch management feature, included.

Patch Management

Track pending updates across APT, DNF/YUM, APK, Pacman, FreeBSD pkg, and Windows Update. Dry-run before you commit. Approval workflows for production systems.

Learn more

Compliance Scanning

Run OpenSCAP CIS benchmarks and Docker Bench assessments. Track pass/fail per rule with severity levels, remediation steps, and compliance scores over time.

Learn more

Remote Access

Browser-based SSH and RDP routed through the agent. Zero ports exposed on managed hosts. Optional AI terminal assistant for command help.

Learn more

Docker Monitoring

Inventory every container, image, volume, and network across your fleet. Detect outdated base images with digest comparison and security severity tracking.

Learn more

Alerting

Route alerts by severity and host group to Slack, Discord, email, or ntfy. Assign to team members, track to resolution. Host-down detection on a steady cadence.

Learn more

RBAC & Security

Granular roles and custom permissions. OIDC/SSO, Discord sign-in, TOTP two-factor auth, session management, and separate agent credentials.

Learn more

What others say

Trusted by teams managing
real infrastructure.

“PatchMon gave us visibility we never had. We run a mix of Ubuntu, RHEL, and Debian across hundreds of hosts. Before PatchMon we were flying blind - now we know exactly what's pending, when it was last checked, and we can apply patches with policy controls. The audit trail alone has saved us in compliance reviews.”

“We evaluated several patch management tools. Most were Windows-centric or cost per-host. PatchMon was the only one that understood our Linux-first stack. The outbound-only agent model meant security signed off immediately. We deployed in under an hour and had our first patch run the same day.”

“As a small team, we couldn't justify enterprise pricing for patch management. PatchMon's Community edition gave us full visibility for free. The browser-based SSH means we rarely need to leave the dashboard. It handles our Ubuntu servers, the FreeBSD firewalls, and even the Windows boxes the dev team insisted on.”

Read all testimonials

Integrations

Connects with your existing stack.

Extend PatchMon with Proxmox auto-enrolment, Ansible inventory, dashboard widgets, and a full REST API.

Proxmox LXC Ansible GetHomepage REST API Docker OpenSCAP Slack Discord SMTP Webhooks Open SSH Windows RDP Claude OpenAI

View all integrations

Cross-platform package manager support

APT, DNF/YUM, APK, Pacman, FreeBSD pkg, and Windows Update (with WSUS).

APTDNF / YUMAPKPacmanFreeBSD pkgWindows Update

Time to Value

From zero to patching in under 30 minutes.

5 min

Deploy

setup script, then docker compose up — default http://localhost:3000

2 min

First server visible

Install the agent, it appears in your dashboard

10 min

First compliance scan

Run an OpenSCAP CIS benchmark against your fleet

15 min

First patch policy

Define when and how patches get applied

See your entire fleet.
Patch with confidence.

Start a Cloud trial and we handle updates, backups, and support, or run Community yourself when you want full control in your own stack.

Start Free Cloud Trial

Deploy and monitor Linux patches.Prove your compliance.

33+ Integrations

Stop SSH-ing into boxesto check for updates.

6 package managers. Dry-run first. Then apply.

The compliance report your auditor actually wants.

SSH and RDP from your browser. Zero exposed ports.

Every patch management feature, included.

Patch Management

Compliance Scanning

Remote Access

Docker Monitoring

Alerting

RBAC & Security

Trusted by teams managingreal infrastructure.

Connects with your existing stack.

Cross-platform package manager support

From zero to patching in under 30 minutes.

Deploy

First server visible

First compliance scan

First patch policy

See your entire fleet.Patch with confidence.

Deploy and monitor Linux patches.
Prove your compliance.

Stop SSH-ing into boxes
to check for updates.

Trusted by teams managing
real infrastructure.

See your entire fleet.
Patch with confidence.