Help with scripting


Good day,

I'm working on compliance script which would check the latest OS build in Jamf portal ( Computers > Patch Management > macOS ) and then compares the value on MacBook. If value is greater than equals to value from API script then device would be considered compliance otherwise not compliant.

I'm able to get value using PowerShell but need help to convert PowerShell script to Bash in order to use as extension attribute.

Here is the PowerShell script :-

Set JAMF REST API account credentials and create credentials object

$Username = ""
$JSSAPIPass = ""
$Password = ConvertTo-SecureString -String $JSSAPIPass -AsPlainText -Force
$Credentials = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $Username, $Password

​/patchsoftwaretitles​/id​/{id} Finds a patch software titles by ID - macOS

$deviceurl = ""

$InvokeCommand = Invoke-RestMethod -Uri $deviceurl -Method get -Credential $Credentials -Headers @{"content-type" = "application/xml"}
$latestOSBuild = $InvokeCommand.patch_software_title.versions.version.software_version | Select-Object -First 1

Write-host $latestOSBuild

Any help would be appreciated. TIA

Link for Classic API:


Valued Contributor II

Why are you trying to use the API and EA? If you just need to check if a computer is on the latest version of macOS, you can do that with a Smart Group criteria. It looks like you already have the Patch Definition setup for macOS, just create a criteria like this:

Patch Reporting: macOS is Latest Version

This can be added as a criteria to your compliance group. Is there something else you need to check for?


Thanks for your response @RBlount, we are using SCCM (data from SCCM plugin) + SQL tables to check for values in EA to validate if device is compliant. We rely EA's values (such True/False or compliant or not compliant).
I was able to create EAs for FV2 status, MDTAP version (MSFT Defender) and Firewall.
Comparing OS build with patch management and storing Boolean value in EA is the last step.

We use this process because if user's device is not compliant for any of these EAs, it will help us to assist and troubleshoot for a particular item.