Automated Version Drift Detection
Planekeeper monitors your deployed software against upstream releases and alerts you when versions fall behind. It catches version drift before it turns into a security incident or a month-long migration project.
Your team manages dozens of applications. Helm charts pinned six months ago. Container images locked to tags that stopped receiving patches. Configuration files no one has checked since initial setup. Without active monitoring, these versions silently fall behind.
Critical CVE fixes ship upstream but your pinned versions never pick them up. You only find out during an audit.
When you finally upgrade, the gap is so large that the migration becomes a project in itself. What should take hours takes weeks.
Without a system watching versions, nobody knows what's current and what's stale. Drift happens silently across every team.
Planekeeper was built so your credentials, source code, and repository data never leave your network.
SSH keys, personal access tokens, and registry credentials are configured locally on the agent. They are never sent to or stored on the Planekeeper server.
Agents clone repositories at your site and extract only a version string. Your source code never transits to the Planekeeper server -- only the parsed version is reported back.
Agents only make outbound calls to poll for tasks and push results. No inbound firewall rules are needed at your site -- deploy behind NAT, VPNs, or air-gapped networks.
Define your jobs and rules once. Planekeeper handles everything from there -- gathering releases, scraping your repos, evaluating rules, generating alerts, and notifying your team. Each stage triggers the next automatically.
Poll GitHub, Helm repos, and OCI registries for the latest upstream releases on a schedule.
Clone your Git repos and parse deployed versions from YAML, JSON, or any text file.
Compare versions against your rules -- days behind, major versions behind, or minor versions behind.
Create severity-graded alerts that escalate automatically and resolve when you upgrade.
Deliver webhooks to Slack, Discord, Teams, or PagerDuty with one-click acknowledgment.
Everything you need to enforce version currency across your stack.
Gather releases from GitHub Releases, Helm repository indexes, and OCI container registries. Helm Sync jobs automatically discover every chart in a repository and create gather jobs for each one.
Extract deployed versions from Chart.yaml, package.json, Dockerfiles, or any text file using YQ, JQ, or regex expressions. Support for private repos via SSH keys and HTTPS tokens.
Measure staleness by days behind, major versions behind, or minor versions behind. Each rule defines moderate, high, and critical thresholds so alerts escalate as drift grows. Exclude prereleases with stable-only mode.
One alert per config, updated in place as conditions change. Alerts escalate when drift worsens, reset acknowledgments when versions change, and resolve automatically when you upgrade.
Route alerts to Slack, Discord, Microsoft Teams, PagerDuty, or any webhook. Use Go templates to customize payloads per platform. Notifications include one-click acknowledge URLs with HMAC-signed payloads.
Lightweight agents make only outbound connections -- no inbound firewall rules needed. Deploy alongside your server or at remote sites to scrape private repos behind firewalls.
Every resource belongs to an organization. A shared Global organization provides common release data for popular projects so you don't duplicate work. Scope filters let you view your data, shared data, or both.
When a gather or scrape job completes, rules re-evaluate within seconds. Create or toggle an alert config and see results immediately. No waiting for the next cron cycle.
Track Helm chart and container image versions across clusters.
Monitor infrastructure dependencies and enforce version policies.
Enforce version currency SLOs across services with graded severity alerts.
Ensure timely adoption of patched releases before CVEs become incidents.
Planekeeper reads version information from your actual deployment repositories -- not from a lockfile or package manager. It monitors what is deployed, not what CI last built.
Track releases from any public or private GitHub repository. Tag filtering and version regex extraction included.
kubernetes/kubernetes
Fetch chart versions from any Helm repo index. Helm Sync auto-discovers all charts in a repository.
argoproj.github.io/argo-helm/argo-cd
Read image tags from Docker Hub, GitHub Container Registry, Quay.io, and any OCI-compliant registry.
ghcr.io/owner/image
Set up your first monitor in under 10 minutes. No credit card required.