[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-72718":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":42,"readmeContent":43,"aiSummary":44,"trendingCount":15,"starSnapshotCount":15,"syncStatus":45,"lastSyncTime":46,"discoverSource":47},72718,"PatchMon","PatchMon\u002FPatchMon","Linux Patch Management & Automation Platform","https:\u002F\u002Fpatchmon.net",null,"JavaScript",2930,128,16,204,0,19,51,154,57,28.33,"GNU Affero General Public License v3.0",false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41],"apt","apt-get","centos","cis-benchmark","cve","cve-scanning","debian","dnf","docker","linux","open-source","openscap","patching","redhat","ubuntu","updates","yum","2026-06-12 02:03:07","\u003Cdiv align=\"center\">\n\n# PatchMon\n\n### Enterprise-grade Linux patch & server management platform\n\n[![Website](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWebsite-patchmon.net-blue?style=for-the-badge)](https:\u002F\u002Fpatchmon.net)\n[![Cloud](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCloud-patchmon.net%2Fcloud-purple?style=for-the-badge)](https:\u002F\u002Fpatchmon.net\u002Fcloud)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join%20Server-blue?style=for-the-badge&logo=discord)](https:\u002F\u002Fpatchmon.net\u002Fdiscord)\n[![GitHub](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FGitHub-Repository-black?style=for-the-badge&logo=github)](https:\u002F\u002Fgithub.com\u002FPatchMon\u002FPatchMon)\n[![Roadmap](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FRoadmap-View%20Progress-green?style=for-the-badge&logo=github)](https:\u002F\u002Fgithub.com\u002Forgs\u002FPatchMon\u002Fprojects\u002F2)\n[![Documentation](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocs-patchmon.net%2Fdocs-blue?style=for-the-badge)](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002F)\n\n[![Latest Release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FPatchMon\u002FPatchMon?style=for-the-badge&color=blue)](https:\u002F\u002Fgithub.com\u002FPatchMon\u002FPatchMon\u002Freleases)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FPatchMon\u002FPatchMon?style=for-the-badge&color=yellow)](https:\u002F\u002Fgithub.com\u002FPatchMon\u002FPatchMon\u002Fstargazers)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-AGPL%20v3-orange?style=for-the-badge)](LICENSE)\n[![AI-DECLARATION: assist](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI--DECLARATION-assist-fef9c3?style=for-the-badge&labelColor=333333)](AI-DECLARATION.md)\n\n\u003C\u002Fdiv>\n\n---\n\n## What is PatchMon?\n\nPatchMon is an enterprise-grade platform that gives operations teams a single pane of glass to monitor, patch and secure their Linux fleet, with FreeBSD and Windows agent support.\n\nA lightweight agent communicates outbound-only to the PatchMon server on your schedule - no inbound ports required on monitored hosts - delivering real-time visibility into package health, compliance posture and system status across environments of any scale.\n\n![Dashboard Screenshot](https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Fmain\u002Fdashboard.png)\n\n---\n\n## Why PatchMon?\n\n- **Outbound-only agents** - no inbound firewall changes, no SSH or WinRM exposure, no VPN required.\n- **Single binary, bundled UI** - one Go binary with the React frontend embedded. One container, no Node runtime at deploy time.\n- **Open source, with a managed cloud** - AGPL v3 licensed, free to self-host. Production hosting available at [patchmon.net\u002Fcloud](https:\u002F\u002Fpatchmon.net\u002Fcloud).\n- **Multi-OS by design** - Linux (apt, dnf, yum, apk, pacman), FreeBSD (pkg) and Windows, handled by the same agent and control plane.\n\n---\n\n## Quick Start\n\nDocker is the fastest way to try PatchMon:\n\n```bash\nmkdir patchmon && cd patchmon\nbash -c \"$(curl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Frefs\u002Fheads\u002Fmain\u002Fdocker\u002Fsetup-env.sh)\"\ndocker compose up -d\n```\n\nOpen `http:\u002F\u002Flocalhost:3000`, create an admin user, add a host in the UI and copy the generated install command onto the target server.\n\nFull deployment options (Docker manual, Proxmox LXC, PatchMon Cloud) are in the [Deployment](#deployment-options) section.\n\n---\n\n## Features at a Glance\n\n### Patch Management\n\nThe core of PatchMon - orchestrate updates across your fleet with validation, approval and live visibility.\n\n| Capability | What It Does |\n|---|---|\n| **Dry-Run Validation** | Preview the exact package transaction on a host before anything touches production. Every run captures the full plan so you know what would change. |\n| **Approve & Execute** | One-click approval turns a validated dry-run into a real patch run, with a per-host audit trail of who approved what and when. |\n| **Scheduled Patching** | Patch policies decide when updates apply - immediate, maintenance window or delayed rollout. Approve now, execute later. |\n| **Live Patch Streaming** | Watch patch execution in real time from the browser. Agent stdout\u002Fstderr is streamed over WebSocket, with the ability to stop a run mid-flight. |\n| **Selective Patching** | Target specific packages, security-only updates or a full upgrade. Works across apt, dnf, yum, apk, pacman and FreeBSD pkg. |\n| **Patch History & Audit** | Full searchable history of every run - exit code, duration, packages touched, approver and host. |\n\n![Patching Screenshot](https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Fmain\u002Fpatching.png)\n\n### Visibility & Inventory\n\n| Capability | What It Does |\n|---|---|\n| **Personalised Dashboard** | Per-user, drag-and-reorder overview cards showing fleet health, outdated packages, host status and patching activity at a glance. |\n| **Host Inventory** | Browse every enrolled server with OS, uptime, kernel, last check-in and group membership. |\n| **Package Inventory** | View every installed package across your fleet, filter to outdated or vulnerable ones, and see exactly which hosts need attention. |\n| **Repository Tracking** | Every APT \u002F YUM \u002F DNF \u002F APK \u002F pacman repository configured on each host, in one place. |\n| **Docker Monitoring** | Automatic discovery of containers, images, volumes and networks with real-time status pushed over WebSocket. |\n\n### Security & Compliance\n\n| Capability | What It Does |\n|---|---|\n| **Compliance Scanning** | Run OpenSCAP CIS Benchmarks and Docker Bench for Security. Track compliance scores over time with rule-level results and remediation guidance. |\n| **Alerting** | Host-down, pending server updates and agent-update alerts. Filter by severity, type and status; assign to team members. |\n| **Outbound-Only Agent** | No inbound ports on monitored hosts. Agent initiates all traffic, with IP allow-lists for enrolment tokens and rate limiting on every endpoint. |\n| **RBAC** | Multi-user accounts with fully customisable roles and granular permissions - every team member sees only what they need. |\n| **OIDC Single Sign-On** | Authenticate with Authentik, Keycloak, Okta or any OIDC provider. Supports auto user provisioning, group-to-role mapping and SSO-only enforcement. |\n\n![Reporting & Alerts Screenshot](https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Fmain\u002Freporting.png)\n\n![Notification Routing Screenshot](https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Fmain\u002Fnotifications.png)\n\n### Access & Operations\n\n| Capability | What It Does |\n|---|---|\n| **Web SSH Terminal** | Browser-based SSH to any host directly from the UI. Direct or proxy mode (route through the agent, no SSH port exposure). |\n| **AI Terminal Assistant** | Built-in AI chat panel inside the SSH terminal for command suggestions, error diagnosis and context-aware help. Works with OpenRouter, Anthropic, OpenAI or Google Gemini. |\n| **Branding & Theming** | Upload custom logos and favicon, choose colour themes and toggle light \u002F dark mode per user. |\n\n![AI Terminal Assistant Screenshot](https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Fmain\u002Fai-remote-ssh.png)\n\n### Platform\n\n| Capability | What It Does |\n|---|---|\n| **Integrations** | 33+ integrations including Proxmox LXC auto-enrolment, getHomepage, Ansible and more. |\n| **REST API** | Full `\u002Fapi\u002Fv1` with JWT authentication and interactive Swagger \u002F OpenAPI docs at `\u002Fapi-docs`. |\n\n---\n\n## Deployment Options\n\n### PatchMon Cloud\n\n> **14-day trial** at **[patchmon.net\u002Fpricing](https:\u002F\u002Fpatchmon.net\u002Fpricing)**\n\nFully managed PatchMon hosting with zero infrastructure overhead. We handle provisioning, updates, backups and scaling so you can focus on your fleet instead of the tooling behind it.\n\n### Self-Hosted - Docker (Officially supported)\n\nDocker is the preferred and supported self-hosted deployment. We use hardened images for security.\n\n**Automated setup** from an empty directory. The setup script downloads `docker-compose.yml` and `env.example`, generates all required secrets, and walks you through URL and `CORS_ORIGIN` configuration interactively:\n\n```bash\nmkdir patchmon && cd patchmon\nbash -c \"$(curl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002FPatchMon\u002FPatchMon\u002Frefs\u002Fheads\u002Fmain\u002Fdocker\u002Fsetup-env.sh)\"\ndocker compose up -d\n```\n\nAccess the application at the URL you configured (default: `http:\u002F\u002Flocalhost:3000`).\n\n**Manual Docker setup:** see [Installing PatchMon Server on Docker](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-operator-guide#installing-patchmon-server-on-docker).\n\n### Self-Hosted - Proxmox LXC\n\nOne-command LXC deployment via the [Proxmox VE Helper-Scripts](https:\u002F\u002Fcommunity-scripts.github.io\u002FProxmoxVE\u002Fscripts?id=patchmon) community script:\n\n```bash\nbash -c \"$(curl -fsSL https:\u002F\u002Fraw.githubusercontent.com\u002Fcommunity-scripts\u002FProxmoxVE\u002Fmain\u002Fct\u002Fpatchmon.sh)\"\n```\n\n### Enrolling Hosts\n\nOnce the server is running:\n\n1. Log in to the UI and add a host under **Hosts**.\n2. PatchMon generates a one-line install command with a per-host API key.\n3. Paste the command on the target server (requires root\u002Fsudo) and the agent enrols itself.\n\nSupported agent platforms: Linux (amd64, 386, arm64, arm), FreeBSD (amd64, 386, arm64, arm), Windows (amd64, 386, arm64).\n\n### Minimum Server Specs\n\n| Resource | Requirement |\n|----------|-------------|\n| CPU | 2 vCPU |\n| RAM | 2 GB |\n| Disk | 15 GB |\n\n---\n\n## Architecture\n\n| Component | Technology |\n|-----------|-----------|\n| Backend | Go, sqlc, chi router |\n| Frontend | React + Vite, embedded in the `patchmon-server` binary |\n| Database | PostgreSQL 17 |\n| Queue | Redis 7 (Asynq) |\n| Agent | Go binary - Linux, FreeBSD, Windows |\n\n```mermaid\nflowchart LR\n    A[Browser \u002F Admin UI] -- HTTPS --> B[Your Reverse Proxy]\n    B -- HTTP --> C[Backend - Go Binary]\n    C -- TCP --> D[(PostgreSQL)]\n    C -- TCP --> R[(Asynq + Redis)]\n    E[Agents on your servers] -- HTTPS + WSS --> C\n```\n\nAgents initiate all communication. HTTPS carries reports and config; WSS (WebSocket over TLS) carries real-time events such as live patch streaming and Docker status.\nEnsure that **Websockets** is supported by your proxy when passing the traffic to PatchMon container :3000 or whichever port you decide to use.\n\n---\n\n## Documentation\n\nFull documentation at **[patchmon.net\u002Fdocs](https:\u002F\u002Fpatchmon.net\u002Fdocs)**.\n\n| Topic | Link |\n|-------|------|\n| Installing on Docker | [Docker install guide](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-operator-guide#installing-patchmon-server-on-docker) |\n| Environment variables | [Env vars reference](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-operator-guide#patchmon-environment-variables-reference) |\n| Integration API | [Integration API docs](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-api-integrations-guide#integration-api-documentation) |\n| Proxmox LXC auto-enrolment | [Proxmox guide](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-api-integrations-guide#proxmox-lxc-auto-enrollment-guide) |\n| getHomepage dashboard card | [getHomepage integration](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-api-integrations-guide#gethomepage-dashboard-card) |\n| Metrics collection | [Metrics info](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002Fpatchmon-admin-guide#metrics-and-telemetry) |\n\n---\n\n## Support\n\n### Community\n\n- **Discord:** [https:\u002F\u002Fpatchmon.net\u002Fdiscord](https:\u002F\u002Fpatchmon.net\u002Fdiscord)\n- **Email:** support@patchmon.net\n\n### Professional & Enterprise\n\n- **PatchMon PRO:** [https:\u002F\u002Fpatchmon.net\u002Fpro](https:\u002F\u002Fpatchmon.net\u002Fpro)\n\n---\n\n## Contributing\n\nWe welcome contributions from the community. See **[CONTRIBUTING.md](CONTRIBUTING.md)** for the full guide: code style, commit conventions, running tests, documentation workflow and the PR process.\n\nQuick summary:\n\n- Follow existing patterns and the Biome \u002F golangci-lint configurations.\n- Use conventional commit messages (`feat:`, `fix:`, `docs:`, etc.).\n- Add tests for new features and ensure the full suite passes.\n- Update documentation alongside code changes.\n\nGood first issues are labelled in the [issue tracker](https:\u002F\u002Fgithub.com\u002FPatchMon\u002FPatchMon\u002Fissues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).\n\n---\n\n## Roadmap\n\nTrack upcoming features and progress on the **[PatchMon Roadmap](https:\u002F\u002Fgithub.com\u002Forgs\u002FPatchMon\u002Fprojects\u002F2)**.\n\n---\n\n## PatchMon PRO - Enterprise & Vendor Support\n\nPatchMon is trusted by teams managing production infrastructure worldwide. We offer global vendor support and enterprise solutions tailored to your organisation's requirements.\n\n| Offering | Details |\n|----------|---------|\n| **PatchMon Cloud** | Fully managed hosting - we handle infrastructure, updates, backups and scaling for you. |\n| **Global Vendor Support** | Dedicated technical support available worldwide with SLA-backed response times. |\n| **Custom Integrations** | Bespoke API endpoints, third-party connectors and tailored dashboards built to your specification. |\n| **On-Premises \u002F Air-Gapped** | Deploy in your own data centre or isolated environment with full support. |\n| **White-Label Solutions** | Brand PatchMon as your own with custom logos, domains and theming, plus multi-context deployment options. |\n| **Training & Onboarding** | Comprehensive team training and onboarding programmes for your organisation. |\n| **Consulting** | Architecture review, deployment planning and migration assistance from the team that builds PatchMon. |\n\n*Contact us at **support@patchmon.net** for enterprise and vendor support enquiries.*\n\n---\n\n## License\n\nAGPL v3 - see [LICENSE](LICENSE) for details.\n \n---\n\n\u003Cdiv align=\"center\">\n\n**Made with ❤️ by the PatchMon Team**\n\nThis project represents hundreds of hours of development work. If PatchMon has saved you time or helped secure your infrastructure, a coffee would genuinely mean the world.\n\n[![Buy Me A Coffee](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FBuy%20Me%20A%20Coffee-support%20the%20project-orange?style=for-the-badge&logo=buy-me-a-coffee)](https:\u002F\u002Fbuymeacoffee.com\u002Fiby___)\n\n> **⭐ If you find PatchMon useful, please star this repo - it helps others discover the project!**\n\n[![Website](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWebsite-patchmon.net-blue?style=for-the-badge)](https:\u002F\u002Fpatchmon.net)\n[![Cloud](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCloud-patchmon.net%2Fcloud-purple?style=for-the-badge)](https:\u002F\u002Fpatchmon.net\u002Fcloud)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join%20Server-blue?style=for-the-badge&logo=discord)](https:\u002F\u002Fpatchmon.net\u002Fdiscord)\n[![GitHub](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FGitHub-Repository-black?style=for-the-badge&logo=github)](https:\u002F\u002Fgithub.com\u002FPatchMon\u002FPatchMon)\n[![Documentation](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocs-patchmon.net%2Fdocs-blue?style=for-the-badge)](https:\u002F\u002Fpatchmon.net\u002Fdocs\u002F)\n\n\u003C\u002Fdiv>\n","PatchMon 是一个企业级的 Linux 补丁管理和自动化平台。其核心功能包括通过轻量级代理实现对外通信，无需在被监控主机上开放入站端口，从而提供实时的软件包健康状况、合规性和系统状态监测。技术特点方面，它采用单个 Go 二进制文件集成 React 前端界面，并支持多操作系统（如Linux、FreeBSD和Windows）。适用于需要集中管理大量服务器的企业环境，特别是在安全性和合规性要求较高的场景下。此外，PatchMon 提供了开源版本及云托管服务选项，便于用户根据自身需求灵活选择部署方式。",2,"2026-06-11 03:43:21","high_star"]