Kualo / docs
On this page

Patchman: email template editing

Patchman lets you fully customise the layout and content of every notification email it sends, on a per-policy basis.

4 min read Updated 4 Jun 2026

Patchman lets you fully customise the layout and content of every notification email it sends, on a per-policy basis, giving you the flexibility to provide different experiences for different users.

Template types

Each email template consists of two parts:

  • HTML template - the version most users will see when they open their email client, supporting images and rich text layouts. Note that most email clients have limited HTML capabilities. Patchman will inline all CSS automatically when rendering the email, but you should still verify the output in the most popular email clients.
  • Text template - a plain-text fallback used by clients that do not support HTML. When you edit your HTML template (base templates excluded), Patchman will attempt to generate a text template from it automatically.

Editing templates

When editing a template, you can choose between a rich text editor and an HTML editor. The rich text editor is convenient for simple changes, but it can become unwieldy when you use many Mustache tags. In that case, switch to the HTML editor for more control.

A live preview is shown using an example Mustache context. This preview is indicative only - the actual email may look different due to email client limitations and CSS inlining. Use the Send test email option to send a message to your own address and verify how the email actually renders.

Base templates

If you want a consistent wrapper around all emails in the same policy, you can define a base template for both HTML and text. This lets you keep the individual mail templates focused on the message content rather than its presentation.

Base templates must contain placeholders for the message content and for the Patchman branding. Make sure the branding is visible and not obscured by any other element.

Because base templates can be complex, Patchman does not provide a full editor for them. If you are not familiar with HTML, you can use the default template provided, or build your own using a framework such as Zurb's Ink.

Special tags (Mustache)

Patchman uses Mustache as its template engine. Below is a quick reference. Full documentation is available on the Mustache website.

Variables

Display the value of a variable with {{var}}. If the variable is not available, an empty string is shown.

Dear {{username}},

Verbatim (unescaped output)

To output a variable unescaped - for example, in text templates - use {{&var}}.

{{&message_body}}

Sections: list

When a variable is a list, use a section to repeat a block for each item. Inside the section you can access the attributes of each list item.

{{#detections}}
We found a detection of {{name}}.
{{/detections}}

Sections: conditional

Sections also act as conditional statements. Content inside the section is only shown when the variable is present or truthy.

{{#definition_multiple}}
The detection consists of {{definition_count}} vulnerabilities.
{{/definition_multiple}}

Sections: inverted

Use the caret (^) to show content when a variable is absent, empty, or false.

{{^definition_multiple}}
The detection consists of only one vulnerability.
{{/definition_multiple}}

Comments

Add a comment that will not appear in the rendered output.

{{! This is a comment }}

Partials

Include a sub-template (partial) with {{>partial}}. Partials are used by policy generic templates to include sub-templates. You must always include the {{>content}} and {{>branding}} partials in your base templates.

{{>content}}
{{>branding}}

Template context

The following variables are available in all templates.

Variable Description
username The username of the affected user.
domains A list of all domains belonging to this user.
domain A single comma-separated string of all domains.
affected_domains A list of all domains with detections for this user.
affected_domain A single comma-separated string of affected domains.
server_hostname The hostname of the server where the detection occurred.
server_ip_address The IP address of the server where the detection occurred.
detections A list of detections (see attributes below).

Detection attributes

Each item in the detections list exposes the following attributes.

Attribute Description
.domains A list of domains affected by this detection.
.domain A single comma-separated string of affected domains.
.definitions A list of definitions found in this file.
.name The name of the definition.
.type The type of the definition.
.definition_count The number of definitions found.
.definition_multiple Boolean - true when multiple definitions were found.
.directory A single comma-separated string of affected directories.
.directories A list of all affected directories.
.applications A list of all software applications associated with this detection.
.application A single comma-separated string of applications.
.files A list of affected file paths.
.file A single comma-separated string of file paths.
Was this helpful?
Your feedback helps us find gaps in the docs.
Related articles
Patchman
An introduction to Patchman
Patchman scans your hosting account for outdated applications, vulnerabilities, and malwar...
Patchman
Accessing Patchman via cPanel
Patchman scans your hosting account for vulnerabilities. Here is how to open its dashboard...
Patchman
Getting started with self-hosted Patchman: kill malware and fix vulnerable websites
Complete your Patchman policy setup to start detecting and remediating malware and vulnera...
Patchman
Understanding account vulnerabilities
Find out why outdated software leaves your website open to attack and what Kualo does to h...
Still need a hand?
Real people, around the clock - start a chat or open a ticket and we'll help you put it right.
Contact us Start a chat