-
Notifications
You must be signed in to change notification settings - Fork 2
Community Showcase
We're grateful to the Jamf community members who are building on jamf-cli and sharing their work. This page highlights community projects, integrations, and write-ups that extend jamf-cli in creative ways.
If you've built something with jamf-cli and would like it featured here, open an issue or pull request on the jamf-cli repository.
| Project | Author | Description | Links |
|---|---|---|---|
| JamfCLI-Runner | Graham Pugh | AutoPkg processor that drives jamf-cli from AutoPkg recipes — create, update, and manage Jamf Pro and Jamf Protect objects as part of automated packaging workflows. Supports file-based templates with variable substitution and multi-step recipes with output variable mapping. | Blog post, GitHub |
| jamf-reports-community | Tony Young | Configuration-driven reporting tool that generates multi-sheet Excel workbooks from Jamf Pro inventory data. Uses jamf-cli for live API access — fleet overview, security posture, EA coverage, patch compliance, software distribution, and more — with offline snapshot caching for report generation without live auth. | GitHub |
| JamfReport | Marco Devliegere | Bash script that generates a self-contained, single-file HTML snapshot of a Jamf Pro instance — security posture gauges, macOS version distribution, flagged devices, MDM/app failure tables, managed software update plan states, check-in compliance, cleanup analysis, and an optional adoption timeline tracked across runs. | GitHub |
Graham Pugh's JamfCLI-Runner bridges AutoPkg and jamf-cli, bringing the CLI's full API coverage into AutoPkg's recipe-driven automation model.
The processor wraps jamf-cli commands by accepting parameters like type, endpoint, and action, then constructs and executes the corresponding CLI invocation. It supports two input modes: file-based templates via from-file (with AutoPkg variable substitution) or inline YAML data converted to JSON on stdin.
A standout feature is output_vars — it maps returned object properties (like id and name) to custom AutoPkg variable names, preventing conflicts when a recipe calls the processor multiple times across different endpoints.
jamf-cli --no-color --no-input pro <endpoint> <action> [<identifier>] [flags]
This approach gives AutoPkg recipes access to every jamf-cli command — Pro, Protect, and Platform API — without needing dedicated processors for each Jamf API endpoint.
Read Graham's full write-up for the design rationale and usage examples.
Tony Young's jamf-reports-community is a Python-based reporting tool that generates comprehensive Excel workbooks from Jamf Pro data — no Power BI or custom infrastructure required.
When configured with jamf-cli, it pulls live data for fleet overview, device summaries, extension attribute coverage, software installs, patch compliance, policy/profile deployment health, and mobile device inventory. It also supports Jamf Protect overview sheets and Platform API blueprint/DDM status (preview).
Key features:
- CSV-driven baseline — works from exported CSVs even without live API access
- Security agent tracking — CrowdStrike, SentinelOne, Splunk installation status
- Custom EA analysis — dedicated sheets driven by extension attribute data
- Embedded trend charts — PNG charts embedded directly in workbook sheets
- Multi-tenant workspaces — manage reports across multiple Jamf instances
- Offline snapshots — cache API data for report generation without live auth
- Scheduled automation — macOS LaunchAgent support for recurring report generation
Marco Devliegere's JamfReport produces a self-contained HTML snapshot of a Jamf Pro instance using jamf-cli — one .html file with no external dependencies, dark-mode toggle included.
All data is pulled through jamf-cli, so it inherits your active profile and credentials without requiring any storage of its own. A single ./report.sh run produces the default report; opt-in flags layer on additional sections as needed.
Default sections:
- Instance overview — server URL, version, health, active alerts, managed/unmanaged counts, DEP token expiry, built-in CA expiry
- Security posture gauges — animated charts for FileVault, Gatekeeper, SIP, and Firewall compliance
-
macOS version distribution — donut chart with
.0patch-variant normalisation - Flagged devices — searchable table of devices failing at least one security check
- Deployment hierarchy — expandable tree grouped by category for policies, profiles, and scripts
- Organisational structure — smart groups, sites, buildings, departments, categories
- Self Service icon — automatically extracted from the local Self Service app and embedded
Opt-in sections:
-
--track-history— macOS adoption timeline across runs (needs ≥ 2 snapshots before it renders) -
--cleanup— disabled policies, unscoped policies/profiles, unused packages, unused scripts -
--patch-status— per-title patch compliance -
--profile-status [--profile-days N]— MDM profile install failures over a configurable window -
--app-status [--app-days N]— MDM app deployment failures -
--update-status— managed software update plan-state pill grid -
--device-compliance [--checkin-days N]— check-in compliance with a configurable stale threshold
Requires jamf-cli ≥ 1.9.0, jq, bash, and sips. report-ui.zsh additionally uses swiftDialog for an interactive wrapper.
Repository · Issues · Releases
jamf-cli Wiki
- Home
- Community
- Getting Started
- CLI Reference
- Product Commands
- Workflows
- Configuration
- Reference
Products
- Jamf Pro —
jamf-cli pro - Jamf Platform API —
jamf-cli pro(platform commands) - Jamf Protect —
jamf-cli protect - Jamf School —
jamf-cli school