Welcome to PatchMon

PatchMon is an open-source Linux patch management system that gives system administrators centralised visibility over patches and packages across their infrastructure.

It works with standard Linux package managers - apt, yum, and dnf - and requires no inbound ports on your monitored hosts.

Contributing to documentation

Documentation is an area where we need help :)

How PatchMon Works

PatchMon uses a lightweight agent model with three simple steps:

Deploy the Server - Self-host PatchMon using Docker or the native installer, or use our managed Cloud version.
Install the Agent - Add a host in the dashboard and run the one-liner install command on your Linux server.
Monitor - The agent sends system and package data outbound to PatchMon on a schedule. No inbound ports need to be opened on your servers.

Network requirements: Agents only need outbound access on port 443 (HTTPS). If your systems are behind firewalls that inspect SSL/DNS traffic or are air-gapped, adjust your rules accordingly.

Key Features

Area	Details
Dashboard	Customisable per-user card layout with fleet-wide overview
Host Management	Host inventory, grouping, and OS detail tracking
Package Tracking	Package and Repo inventory, outdated package counts, and repository tracking per host
Agent System	Lightweight GO agents with outbound-only communication connected via Web Sockets
Users & Auth	Multi-user accounts with roles, permissions, and RBAC
OIDC SSO	Single Sign-On via external identity providers
API & Integrations	REST API for managing hosts and data, templates for getHomepage and others available
Proxmox Integration	Auto-enrollment for LXC containers from Proxmox hosts
BETA - Security Compliance	OpenSCAP CIS Benchmarks and Docker Bench for Security with scheduled and on-demand scans
Docker Inventory	Container discovery and tracking across your hosts
SSH Terminal	In-browser SSH terminal with AI assistance
Extensive Configuration	Configurable parameters using .env variables

Quick Links

Architecture

End Users (Browser)  ──HTTPS──▶  nginx (frontend + API proxy)
                                        │
                                        ▼
                                Backend (Node.js / Express / Prisma)
                                        │
                                        ▼
                                   PostgreSQL
                                        ▲
Agents on your servers  ──HTTPS──▶  Backend API (/api/v1)
     (outbound only)

Backend: Node.js, Express, Prisma ORM
Frontend: Vite + React
Database: PostgreSQL
Reverse Proxy: nginx
Service Management: systemd

Support

Discord: patchmon.net/discord
Email: support@patchmon.net
GitHub Issues: Report a bug

License

PatchMon is licensed under AGPLv3.

Installing PatchMon Server on Docker

Installing PatchMon Server on Ubuntu 24

PatchMon Environment Variables Reference

Installation of the PatchMon Agent

First time setup admin page

Installing PatchMon Server on K8S with Helm

Nginx example configuration for PatchMon

Integration API documentation (scoped credentials)

Proxmox LXC Auto-Enrollment Guide

Auto-enrolment api documentation

Ansible Dynamic Library

GetHomepage Integration Guide

Setting up OIDC SSO Single Sign-on integration

1.4.1

1.4.0 (Major)

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.0 (Major)

1.2.8 to 1.3.0 - Upgrade

patchmon-agent Management

config.yml Mangement and parameters

PatchMon Rate Limiting Guide

Errors on dashboard after updating using Proxmox-community scripts

PatchMon Architecture Documentation

WebSockets Information and Design

Metrics collection information