KubePatch

KubePatch is a web app (with optional CLI) that automates Kubernetes security patching with guardrails. It continuously maps running images and node OS versions to known CVEs, then proposes the smallest viable remediation plan: image tag bumps, base-image rebuild triggers, or node pool upgrades. It runs pre-flight checks (policy, compatibility, disruption budgets), simulates rollout impact, and executes staged deployments with automatic pause/rollback based on SLO signals. The product focuses on the messy reality: multiple clusters, mixed ownership, partial GitOps adoption, and limited maintenance windows. It integrates with your registry and CI to produce signed, traceable patch artifacts and creates auditable change records for compliance. This is a combination traditional + AI app: AI helps generate safe patch PRs and rollout plans, but execution is deterministic and policy-driven.