Got another response.
Thank you for your patience and understanding. I did have a conversation with one of our Patchman Engineer’s and this is what he had to say about ClassicPress:
"I see ClassicPress is a fork of WordPress, so we might, to some degree. This is not by express design, but patches are applied based on the code present. If ClassicPress shares (significant portions of) its codebase, down to the file hash level, with regular WordPress— then yes, you may see vulnerabilities that are shared between both apps also patched in both, but we offer no guarantees.
It is worth noting that while we do delineate our patch support by application/version, the detection of vulnerabilities itself is application/version agnostic in the sense that if you were to take one vulnerable file out of an outdated WordPress install and upload it on a hosting account secured by Patchman, it would still be patched, even though there’s no application surrounding it."
It sounds like you should be able to have patches work without issue but if you do have problems you can always set vulnerabilities to alert rather than patch or revert any patches that are applied which are breaking sites. Let me know if that helped to answer your questions.
WooCommerce is also on their list, which could be a problem for Classic Commerce.
There isn’t really a setting to just get alerts.It does send an email before making a patch. However, if you don’t go in and manually block each one, it continues with the patch.