With Aviral Sangal, Director of Metadata Engineering and Automation, Adaptiva
Discover how Adaptiva ensures reliable, customizable autonomous patching across the major platforms by validating and processing metadata for over 80 new patches each day.
The key to effective autonomous patching is a rigorous validation process and rich patch metadata. “Metadata is everything for a patching product,” says Aviral Sangal, Director of Metadata Engineering and Automation at Adaptiva. “We currently support over 20,000 products across Windows, Mac, and Linux, which makes our catalog the largest available in the enterprise space.”
Here’s a behind-the-scenes look at how Adaptiva builds its Patch Library one patch at a time. Each patch is tested and enriched with robust metadata to ensure reliable deployment, usually within hours of its release.
Phase 1: Testing and Validation
Before any newly released patch enters the Patch Library, Adaptiva’s QA engineers evaluate it to ensure it is secure, resilient, and ready for enterprise deployment. “We have a large metadata team doing the manual work of validating each package, running virus scans, and creating the metadata,” explains Sangal.
The validation process includes malware scanning, which automatically blocks threats unless explicitly overridden, and a comprehensive series of checks. These checks confirm that patches install correctly, do not require user interaction (essential for large-scale deployments), are compatible with previous versions, resolve the intended issues, and can be uninstalled cleanly.
This meticulous approach ensures reliable deployment and reduces the burden on IT teams. With hundreds of patches released daily, manual validation is no longer sustainable. According to our 2025 report The State of Patch Management, patch testing is one of the most commonly automated tasks due to its complexity, time demands, and the high risk of human error.
Phase 2: Metadata Coding
Adaptiva’s metadata extends beyond basic vendor specifications. It includes valuable customization options such as disabling auto-updates, managing shortcuts, and adding critical data like CVEs and CVSS scores to help with prioritization and scheduling.
“Metadata defines how an application is deployed, upgraded, or uninstalled,” Sangal explains. “We also provide customizations customers may need through command line switches or scripts. To the customer, it looks like a simple form, but everything on the backend is handled by metadata.”
IT teams remain in full control, with the ability to enable or disable features and input values. Metadata dictates how those values are implemented, whether through a registry change, script, or command line switch.
In enterprise environments, customization is essential. Organizations often need to align patching with maintenance windows, risk-based priorities, phased rollouts, or approval workflows. Previously, IT teams had to manage this manually with every new release. With the increasing number of CVEs, that model is no longer practical.
“There are hundreds of patches released daily,” Sangal notes. “Tracking all of them, validating each application, and applying customizations manually is nearly impossible. With Adaptiva, you can let our customization engine handle it automatically.”
Speed, Reliability, and Control
Adaptiva’s customization engine delivers the speed of autonomous patching with the reliability of tailored deployments, aligned to your organization’s specific needs. You maintain full visibility and control throughout the entire process.
The foundation of this experience is the metadata that powers the 20,000+ products supported in Adaptiva’s Patch Library.
Explore Adaptiva’s extensive library of products for Windows, Mac, and Linux.
