Help

Automate Patch Reporting

spesh
New Contributor III
2 weeks ago

Recently, my organization's Compliance and Security Operations teams requested visibility into how macOS apps are patched. They needed a report showing deployed apps via Jamf and their version status. After two manual reports, I knew there had to be a better way and developed a Python script for automation. Initially, I didn't plan to share the code publicly, thinking it might not be helpful to others. However, a friend, Chris Ball, encouraged me to release it—leading to the creation of Patcher. Manual reporting takes time away from critical tasks like CVE remediation and

policy setup. Automating these processes allows MacAdmins to focus on more pressing matters. The time saved with Patcher has been invaluable for myself, and I hope others will benefit from it too.


What does Patcher do?

Patcher leverages the Jamf Pro API to automate patch management reporting, transforming data into actionable insights. Designed as a Command Line Interface (CLI), it integrates easily with LaunchAgents running on macOS, enabling scheduled report generation. Assuming the organization you work for is called AnyOrg, a generated report could look like the following:

 

Screenshot 2024-11-06 at 3.17.12 PM.png

 

Installation

 

 

Screenshot 2024-11-06 at 3.19.09 PM.png

 

Patcher is distributed via the Python Packaging Index (PyPI) and can be installed by executingScreenshot 2024-11-06 at 3.20.01 PM.png in Terminal. To verify installation was successful, execute Screenshot 2024-11-06 at 3.20.05 PM.png. This will show a list of all options that can be passed to Patcher.


The tool simplifies the process by automatically creating Excel spreadsheets and PDFs with minimal input. For instance, saving reports to the Desktop is as easy as running:

Screenshot 2024-11-06 at 3.24.22 PM.png

Without the Screenshot 2024-11-06 at 3.25.12 PM.png flag, only an Excel file will be generated. Upon successful completion, you’ll find a “Patch Reports” directory with your reports inside.

 

Screenshot 2024-11-06 at 3.26.05 PM.png

 

Single Sign On (SSO) Usage


As the Jamf Pro API does not support SSO, an API role and API client will need to be manually created to be able to pass to Patcher. This is only if your organization uses SSO for Jamf Pro accounts. For specific instructions on creating API Roles and Clients for Patcher, reference the documentation found on Patcher’s website.

Upcoming Features

Functionality we are hoping to introduce in upcoming versions of Patcher include (but are not limited to) the following:

Patch Title Analyzation - identifying which software titles may need more attention than the others.

Automate Patch Reporting 3Installomator Support - determine software titles that have Installomator

labels (AutoPKG recipes to come). CSV Import Support - Analyzing installed/approved applications from CSV

files. Further PDF Customization: Adding branding options, including logos and custom font colors.


Conclusion

Thank you for exploring Patcher. Chris and I appreciate your interest in the project. We believe diverse ideas improve products, so we welcome feedback through pull requests, issue reporting, or feature suggestions. Join the conversation on the MacAdmins Slack channel Screenshot 2024-11-06 at 3.27.36 PM.png—your input will help shape the future of this

tool.

4 Comments