Skip to main content



To install Patcher, download the appropriate package for your system from the releases page.

For MacOS and Linux users

Patcher runs as a single binary called patcher. Make sure it's available within your PATH.

  1. After downloading Patcher, move it to your desired destination directory. If you're using MacOS, you will have to unzip the package. For other operating systems, the artifact you download is the executable itself.
  2. If necessary, rename the binary to patcher.
mv patcher_linux_amd64 patcher
  1. Move patcher to a location available in your PATH. In the example below, we move to /usr-local/bin.
$ echo $PATH
$ mv patcher /usr/local/bin

Before Running Patcher

To fetch information from GitHub, Patcher requires a GitHub Personal Access Token, with the repo scope. Set the GITHUB_OAUTH_TOKEN environment variable to your GitHub Personal Access token:


Running Patcher

Patcher should be run in a local Terraform or Terragrunt Git repo. It will analyze all modules that belong to the current folder including its children. Patcher supports source values only from GitHub.

If you purchased and deployed our Reference Architecture and have your deployment organized in an infrastructure-live repository, we recommend running Patcher inside each environment folder, e.g. infrastructure-live/dev.

Patcher Report

In v0.2.x, the only available command is patcher report. This is a read-only version of Patcher that shows the changelog per module and its usages. After running patcher report you will end up in the 'Modules View', similar to the screenshot below.

Patcher Report screenshotPatcher Report screenshot

  1. While in the modules view, press u to see the usages. It shows all places where module is being used:

Patcher Usages screenshotPatcher Usages screenshot

  1. While in the modules view, press v to see the changelogs from a module. Press o to open the page in the browser.

Patcher Changelogs screenshotPatcher Changelogs screenshot


Some modules do not have a file. In this case, press o to open the releases page for that repository.

Patcher Changelogs screenshotPatcher Changelogs screenshot

CIS AWS v1.5 Upgrade

In v0.1.x, the only command available is patcher upgrade cis. This will upgrade your service catalogs to the latest module versions in the context of CIS v1.5.

For the CIS AWS Foundations Benchmark v1.5 upgrade, refer to the upgrade guide.


All logs are stored in the folder ~/.patcher/logs. To also send debug logs, run Patcher with the --loglevel debug flag.

patcher report --loglevel debug