Keep your IaC up to date, even with breaking changes
Use Patcher to automatically update your dependency versions, including patching your code to make it work with backward incompatible releases.
Automate infrastructure updates
Updating infrastructure code is hard, so most teams don't do
it until they have to.
Manual IaC updates are painful
You have to scan your Terragrunt, OpenTofu, or Terraform code for dependencies, track which versions they’re at, find new versions (if available), and safely apply those updates to each module. And as your infrastructure footprint grows, this becomes more and more untenable.
Patcher automates your updates
Patcher makes updates to your infrastructure seamless, and will even patch your code to make it work with backward incompatible module releases. Patcher scales to support teams of any size, helping you maintain your infrastructure with confidence.
Keep your infrastructure up
to date in three easy steps.
Patcher takes the grunt work out of regular infra updates.
Discover dependencies
Run the Patcher CLI to automatically discover dependencies in your code, the versions they are at, and if new versions are available.
Apply hassle-free updates and patches
Choose the desired module and its corresponding version for an update. Patcher automatically modifies your code, applying any patches, and provides step-by-step instructions for any necessary manual changes.
Keep code up to date, automatically
Get automatic Pull Requests for dependency updates on your chosen schedule. Customize Pull Requests to include either one or many dependency changes, or updates for specific environments only. Sequentially "promote" updates across environments.
Built for infrastructure teams
Patcher is designed specifically for streamlining infrastructure updates.
Keep your modules up to date
Patcher updates your "live" repos with the latest OpenTofu/Terraform module versions, but it also works great for module authors by automatically keeping all module dependencies up to date.
Distinguish safe updates
Patcher can check release notes to understand the "latest safe version" to update to, and behaves differently for non-breaking vs. breaking changes.
Write code transformations in one line
Patcher includes access to Terrapatch, our command-line tool for programmatically editing HCL files, allowing you to write statements like this:
terrapatch upgrade-provider --path . aws ">=v5.0.0"Build custom reports
With patcher report you can get a JSON file of the current up-to-date status of your repo, allowing you to build unique visualizations and automations.
Works great with Gruntwork IaC Library
Deploy on top of production-grade infrastructure and
always stay up to date with:
Commercially maintained
We keep the Infrastructure as Code Library up to date with the latest best practices, security releases, tool versions (e.g., latest versions of Terraform providers, Kubernetes, EKS), and compliance standards (e.g., latest versions of the AWS CIS Foundations Benchmark).
Patches for breaking changes
Every update we make comes out as a new, versioned release. Most breaking changes include a patch to help automate the upgrade process, and Gruntwork SMEs are working to ensure that all will in the future.
Secure by design
Use Patcher to keep your code patched and up-to-date to minimize security vulnerabilities. All patches are executed in a sandbox with strict security controls over network and file system access.
Try a Proof of Concept
Take it for a spin with a month-to-month contract.
Pay less on an annual plan once you’ve proven the value.
Part of the Gruntwork DevOps Platform
Patcher works seamlessly with other Gruntwork products.
