Skip to main content
PathMon
Security & Compliance

Your compliance report should take
five minutes, not two days.

Generating compliance evidence manually means SSH-ing into servers, running commands, copying output into documents, and cross-referencing CVE databases. PatchMon runs CIS benchmarks automatically, tracks scores over time, and gives you rule-level results with remediation steps -- ready for the auditor.

PatchMon - Compliance Dashboard

How it works

Everything you need to know, at a glance.

OpenSCAP CIS Benchmarks

Run industry-standard CIS benchmark scans against your hosts using OpenSCAP with SCAP Security Guide (SSG) datastreams. Get detailed rule-level results showing exactly which security controls pass, fail, or need attention -- with remediation guidance for every finding.

  • Configurable compliance profiles per host
  • Rule-level results: pass, fail, warning, skipped, not applicable
  • Severity tracking per rule (low, medium, high, critical)
  • Remediation guidance for each failed rule
  • On-demand or scheduled scans with compliance mode per host (disabled, enabled, on-demand)
  • Automatic SSG content management -- outdated datastreams are detected and updated

Docker Bench for Security

Assess your Docker hosts against the CIS Docker Benchmark. Docker Bench checks host configuration, Docker daemon settings, container runtime parameters, and security operations against established best practices.

  • Automated CIS Docker Benchmark assessment
  • Container and host configuration checks
  • Integrated into the same compliance tracking system
  • Long-running scans are detected and cleaned up automatically

Compliance Trend Tracking

Track compliance scores over time to measure progress, catch regressions early, and demonstrate continuous improvement to auditors. Historical data shows your security posture is trending in the right direction, not just a point-in-time snapshot.

  • Aggregate scores: total rules, passed, failed, warnings, skipped, overall score
  • Historical score charts per host
  • Per-host compliance drill-down to individual rules
  • Built-in scan rate limits to keep large fleets stable

Ready to see it in action?

Deploy the Community edition in minutes, or talk to us about PRO and Cloud.

View on GitHubView Plans