AGPLv3 Licensed

The full platform. Not open-core.

Name: PatchMon
Author: PatchMon

PatchMon Community is not a stripped-down version with the good parts hidden behind a paywall. It is the complete platform - patch monitoring, patch deployment, compliance scanning, remote access, Docker monitoring, alerting, RBAC, and reporting. No host caps. No user limits. No feature gates. Self-host on your own infrastructure under AGPLv3.

View on GitHub Read the Docs

Why open source matters for infrastructure tools

Inspect the Code

Security tools should be auditable. Read every line, verify every network call, and confirm that PatchMon does exactly what it says - nothing more.

Own Your Data

Self-hosted means your patch data stays on your infrastructure. No third-party cloud, no telemetry, no data leaving your network without your explicit action.

No Vendor Lock-In

AGPLv3 guarantees you can run, modify, and distribute PatchMon. No artificial limitations, no phone-home requirements, no features disabled to push you to a paid tier. If we disappeared tomorrow, you'd still have a fully functional, maintainable platform.

Community-Driven

Bug reports, feature requests, and contributions come from people running PatchMon in production. The roadmap reflects real needs, not investor priorities.

Extend and Integrate

Build custom integrations, modify the agent for your environment, or contribute features back. The codebase is structured for contributions.

Cross-Platform Agents

The agent builds for Linux (amd64, i386, arm64, arm), FreeBSD (amd64, i386, arm64, arm), and Windows (amd64, i386) - 10 binary variants. ARM support is real, not theoretical.

Everything included. No upgrade required.

Every feature listed here ships in the Community edition. PRO and Cloud add managed hosting, priority support, and convenience - they do not remove capabilities from Community.

Patch monitoring and deployment

Patch policies with dry-run and approval

Cross-platform agents (Linux, FreeBSD, Windows)

Browser-based SSH and RDP

OpenSCAP compliance scanning

Docker container monitoring

Alerting with Slack, Discord, email, webhooks

RBAC with OIDC/SSO and 2FA

Scheduled compliance reports

Auto-enrollment for fleet onboarding

Host groups and policy targeting

Unlimited hosts and users

Get started in minutes.

Production installs use the published Docker Compose files from GitHub (PostgreSQL 17, Redis 7, PatchMon server, and guacd for browser RDP). Here's the recommended path — the same flow documented in the PatchMon Docker directory.

1. Run the setup script and start the stack

From an empty directory, the script downloads docker-compose.yml and env.example, generates required secrets, and walks you through URL and timezone. Then start the services:

mkdir patchmon && cd patchmon
curl -fsSL https://raw.githubusercontent.com/PatchMon/PatchMon/refs/heads/main/docker/setup-env.sh | bash
docker compose up -d

Prefer manual steps or pinning image tags? See docker/README.md (including ghcr.io/patchmon/patchmon-server tags and updates).

2. Open the dashboard and complete setup

Open the URL you configured (default: http://localhost:3000) and finish the first-time wizard to create your admin account.

3. Install an agent on each host

In PatchMon, open Hosts → Add host, copy the install command, and run it on each machine you want to manage.

Contributions welcome.

PatchMon is built in Go (server + agent) and React (frontend). Whether it's a bug fix, a new feature, documentation improvements, or distribution-specific packaging - we welcome pull requests.

View Open Issues Join Discord

Need more than Community?

PRO adds advanced modules and priority support. Cloud handles the infrastructure for you.

Compare Plans