Patcher
Patcher

Keep IaC up to date, even with breaking changes

Understand the state of your IaC, prioritize updates, and automate staying up to date.

Optimized for:
Patcher Diff Screenshot
Trusted by devops teams at

Automate infrastructure updates

Updating infrastructure code is hard, so most teams don't do it until they have to.

XSquare

Manual IaC updates are painful

You have to scan your Terragrunt, OpenTofu, or Terraform code for dependencies, track which versions they’re at, find new versions (if available), and safely apply those updates to each module. And as your infrastructure footprint grows, this becomes more and more untenable.

CloudCheck

Patcher automates your updates

Patcher makes updates to your infrastructure seamless, and will even patch your code to make it work with backward incompatible module releases. Patcher scales to support teams of any size, helping you maintain your infrastructure with confidence.

How it works

Keep your infrastructure up to date in three easy steps.

Patcher takes the grunt work out of regular infra updates.

Step 1

Discover dependencies

Run the Patcher CLI to automatically discover dependencies in your code, the versions they are at, and if new versions are available.

Dependency discovery in patcher
Step 2

Apply hassle-free updates and patches

Choose the desired module and its corresponding version for an update. Patcher automatically modifies your code, applying any patches, and provides step-by-step instructions for any necessary manual changes.

Patch diff
Step 3

Keep code up to date, automatically

Get automatic Pull Requests for dependency updates on your chosen schedule. Customize Pull Requests to include either one or many dependency changes, or updates for specific environments only. Sequentially "promote" updates across environments.

Patch screenshot
Capabilities

Built for infrastructure teams

Patcher is designed specifically for streamlining infrastructure updates.

Keep your modules up to date

Patcher updates your "live" repos with the latest OpenTofu/Terraform module versions, but it also works great for module authors by automatically keeping all module dependencies up to date.

Lightbulb

Distinguish safe updates

Patcher can check release notes to understand the "latest safe version" to update to, and behaves differently for non-breaking vs. breaking changes.

Curly Brackets

Write code transformations in one line

Patcher includes access to Terrapatch, our command-line tool for programmatically editing HCL files, allowing you to write statements like this:

terrapatch upgrade-provider --path . aws ">=v5.0.0"

Build custom reports

With patcher report you can get a JSON file of the current up-to-date status of your repo, allowing you to build unique visualizations and automations.

Platform integration

Works great with Gruntwork IaC Library

Deploy on top of production-grade infrastructure and always stay up to date with:

    Latest releases
    Best practices
    Security patches
    New tooling versions

Commercially maintained

We keep the Infrastructure as Code Library up to date with the latest best practices, security releases, tool versions (e.g., latest versions of Terraform providers, Kubernetes, EKS), and compliance standards (e.g., latest versions of the AWS CIS Foundations Benchmark).

Patches for breaking changes

Every update we make comes out as a new, versioned release. Most breaking changes include a patch to help automate the upgrade process, and Gruntwork SMEs are working to ensure that all will in the future.

Secure by design

Use Patcher to keep your code patched and up-to-date to minimize security vulnerabilities. All patches are executed in a sandbox with strict security controls over network and file system access.

The quality that Gruntwork produces and maintains is outstanding. It has proven time and time again to be a huge accelerator bringing companies forward in terms of stability and quality. It also enables closer collaboration across the engineering organization.
Markus Burgur4 time repeat customer
Get started

Try a Proof of Concept

Take it for a spin with a month-to-month contract. Pay less on an annual plan once you’ve proven the value.

Crossed Arms

Part of the Gruntwork DevOps Platform

Patcher works seamlessly with other Gruntwork products.