Browse documentation
Patch compliance reporting
↩ Patches
Beyond the live view of missing updates, JOATOS summarises how compliant your estate is and lets you export or schedule patch reports.
The compliance summary
The Patch Compliance page rolls your hosts up into a compliance picture:
- Available updates by severity — Critical, High, Moderate, Low, Unspecified.
- Hosts behind — how many hosts have at least one outstanding update.
- Hosts scanned — how many have been checked at least once (a host that's never been scanned counts as unknown, not compliant).
- Critical pending — the headline figure: outstanding Critical updates.
A host is effectively up to date when it's been scanned and has no available updates, behind when it has updates outstanding, and most urgent when it has Critical updates pending.
Patches and CVEs
Where the update source provides it, each update lists the CVEs it fixes (the Fixes column). This links patching to vulnerability findings: a CVE flagged on the Vulnerabilities page can be traced to the exact update that closes it. CVE-to-patch coverage depends on what each platform's advisories report, so it's best-effort rather than exhaustive.
Reviewing and sharing
The Patch Compliance page is your live view — the summary cards and most behind hosts table show where you stand at any moment. For exportable, formatted reports across your estate, the Reports module produces downloads in CSV, Excel, or PDF (and lets you configure scheduled delivery).
Notes & tips
- Use hosts scanned vs hosts behind together — a low "scanned" count means you're not yet seeing the whole picture.
- Schedule a weekly patch-compliance report to stakeholders so patching stays visible without anyone opening the app.