Skip to main content
PathMon
Core Feature

See every pending update
across every distribution.

You manage servers running Ubuntu, Debian, RHEL, Alpine, Arch, FreeBSD, and Windows. Each uses a different package manager with different output formats. PatchMon gives you one view across all of them -- with dry-run validation, approval workflows, and a complete audit trail.

PatchMon - Patch Runs Overview

How it works

Everything you need to know, at a glance.

Cross-Platform Package Visibility

Agents detect the package manager automatically and report installed packages, available updates, and security flags. Your FreeBSD firewalls, Ubuntu web servers, and Windows domain controllers all show up in the same dashboard with the same level of detail.

  • APT (Debian, Ubuntu), DNF/YUM (RHEL, CentOS, Fedora, AlmaLinux), APK (Alpine), Pacman (Arch), FreeBSD pkg, and Windows Update
  • Security update flagging -- know which updates are critical
  • Multi-architecture support: amd64, i386, arm64, arm
  • Configurable check intervals with efficient reporting
  • Package version history and trend tracking over time

Patch Policies

Define how and when patches are applied. Schedule updates for your maintenance window, not whenever someone remembers. Assign policies to individual hosts or host groups, with per-host exclusions for systems that need special handling.

  • Flexible scheduling: immediate, delayed, or fixed time with timezone support
  • Assign policies to individual hosts or host groups
  • Per-host exclusions from group policies
  • Package exclusion lists to skip specific packages
  • Timezone-aware scheduling for global teams

Dry-Run Validation and Approval Workflows

Patching is inherently risky. PatchMon lets you preview exactly what will change before anything runs. Dry-run mode simulates the patch and reports what would be updated. Approval workflows gate critical systems so nothing reaches production without sign-off.

  • Dry-run mode shows exactly which packages will change and to which versions
  • Clear workflow from validation through approval, scheduling, and completion
  • Approval step records who approved and when
  • Dry-run results preserved alongside the real run as audit evidence
  • Command output captured for every patch run

Complete Audit Trail

When the auditor asks 'show me every patch applied to your production database server in the last 90 days,' you pull it up in seconds. Every run is a permanent, timestamped record with who triggered it, who approved it, what policy was active, what changed, and the full shell output.

  • Every run records triggered-by user, approved-by user, and timestamps
  • Policy snapshot frozen at execution time -- even if the policy changes later
  • Command output and errors captured per run
  • Structured records of packages affected, not just unstructured logs
  • Filter by host, status, patch type, and date range

Ready to see it in action?

Deploy the Community edition in minutes, or talk to us about PRO and Cloud.

View on GitHubView Plans