This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

Leveraging Workbrew + JumpCloud to monitor and manage Homebrew

saifshaik
JumpCloud Employee
JumpCloud Employee

‎05-19-2025 07:14 AM

Screenshot 2025-05-19 at 3.58.24 PM.pngIn Install Homebrew 🍺 and deploy Brew formulae on macOS devices remotely via JumpCloud Commands article, we have talked about deploying Homebrew and its formulae, casks remotely via JumpCloud. However once deployed, there was no way to centrally monitor, audit and manage the formulae, casks, packages etc installed by the end users.

Workbrew changed this landscape and has come up with a tool to centrally manage Homebrew. Workbrew lets you leverage the power of Homebrew, whilst ensuring compliance and eliminating security risks.

Prerequisites for Workbrew:

  • Have a Workbrew Workspace or sign up for one. While the Free version offers the basic features, you can chose to opt Pro and Enterprise versions for Advanced features like Advanced package Vulnerability detection and remediation, Single Sign On, Audit-ready with CSV & JSON data export etc.
  • System Requirements:
    1. An Apple Silicon CPU or 64-bit Intel CPU
    2. macOS Ventura 13 or higher
    3. Command Line Tools (CLT) for Xcode (from xcode-select --install or https://developer.apple.com/download/all/) or Xcode
    4. The Bourne-Again SHell for installation (i.e. bash)
  • All the points would already be checked if you've deployed Homebrew following this article on supported macOS and hardware.

Deploy Workbrew:

Once Homebrew has been deployed on the Mac endpoints, you need to deploy Workbrew to begin monitoring Homebrew. To deploy Workbrew:

  • Execute the Workspace API Key Installation script to authenticate the Workbrew Agent to your Workspace
  • Deploy the Workbrew Agent using JumpCloud

Execute the API Key Installation script using JumpCloud Commands:

  • Login to the Workbrew Console and navigate to Settings.
  • Under Workspace section, there'd be 'Workbrew Workspace API key and installation script' option.
  • Expand this section to reveals the API Key Installation script.

Screenshot 2025-05-19 at 4.11.16 PM.png

  • Copy the entire script as-is and navigate to Commands in the JumpCloud Admin Console.
  • Setup a new JumpCloud Command as following:
    • Name - Workbrew Key Installation Script
    • Run As - root
    • Type - Mac
    • Command - PASTE THE ENTIRE SCRIPT
    • Timeout - 200 seconds
  • Assign the Command to target Mac device(s), save and execute the command to configure the Workbrew API Key on the endpioints.

Deploy the Workbrew Agent using JumpCloud:

  • Download the latest Workbrew Installer PKG from here.
  • In the JumpCloud Admin Console, navigate to Apple Software Management and upload this PKG under Private Repo deployment method.
  • Assign the app to target Mac device(s) and save.
  • Workbrew would be silently installed on the endpoint and soon you'd see the device registered in the Workbrew Console's Devices section.

Screenshot 2025-05-19 at 4.21.30 PM.png

On the Devices homescreen, you will see information like the device hostname, Workbrew Agent version, last seen info, last time user ran 'brew' info, number of formulae and casks deployed on that host.

Opening an individual device, you'd see detailed information of the host like serial#, hardware UUID, last seen timestamp, OS version, Homebrew path, Homebrew and Workbrew versions.

Screenshot 2025-05-19 at 4.26.34 PM.png

At the bottom, you can see the list of formulae and casks installed on that device along with an option to remove the device from the Workbrew Console.

Formulae:

Screenshot 2025-05-19 at 4.28.41 PM.png

Casks:

Screenshot 2025-05-19 at 4.29.52 PM.png

Depending on your Workbrew Subscription, you can now manage Homebrew packages, execute Homebrew Commands, track Vulnerable formulae, group devices together to deploy particular formulae on specific Macs, track the brew commands executed by the end user using Analytics etc.

Reference articles from Workbrew:

Labels:
0 Kudos
0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.