Jamf After Dark: How WorkBrew solves Homebrew security and compliance for Mac developers

How to secure and manage Homebrew in the enterprise with WorkBrew

For IT admins managing a fleet of Macs, the term "Homebrew" can be a double-edged sword. On one hand, it’s a powerful package manager that your developers love, giving them instant access to thousands of open-source tools. On the other, it can feel like the Wild West — a shadow IT ecosystem operating outside of your control, posing potential security and compliance risks.

What if you could transform that risk into a secure, managed and efficient part of your IT workflow?

In a recent episode of the Jamf After Dark podcast, co-hosts Kat Garbis and Josh Thornton sat down with John Britton, co-founder and CEO of WorkBrew, to discuss this very challenge. They explored how organizations can embrace the power of Homebrew without sacrificing security or control.

The Homebrew dilemma: innovation vs. security

As Britton explained in the episode, Homebrew is the de facto "app store for developers" on macOS, used on over 30 million Mac devices. It allows engineers to install essential tools with a single command. The problem? Homebrew was designed as a single-player tool. When scaled across an enterprise, it creates significant challenges for IT and security teams:

• Lack of visibility: What tools are your developers actually installing? Are they using outdated, vulnerable versions?

• Security risks: Without oversight, your fleet is exposed to supply-chain attacks, unpatched vulnerabilities and non-compliant software.

• Governance headaches: In regulated industries, the "look the other way" approach to Homebrew simply isn't an option.

WorkBrew: bringing enterprise-grade management to Homebrew

This is where WorkBrew steps in. It’s a platform built to give IT admins the tools they need to manage Homebrew across their entire fleet. Britton broke down WorkBrew's functionality into four key areas:

1. Deployment: Standardize how Homebrew is installed on all your Macs, ensuring a consistent and secure foundation from the start.

2. Visibility: Get a complete inventory of every package installed across every device, so you always know what’s running in your environment.

3. Remote management: Take action from a central dashboard. Remotely install, upgrade or remove software to keep your fleet in sync and up to date.

4. Security and compliance: Receive alerts for known vulnerabilities, automate patching across your entire fleet in minutes and set guardrails to control which software is permitted.

Organizations don’t want to stifle innovation and prevent developers for performing well at their job — this is why they continue to allow access to Homebrew, despite security risks. But WorkBrew allows them to continue offering Homebrew, securely. After implementing Homebrew, developers see little change to their workflows, but IT and Security teams gain peace of mind.

Better together: how WorkBrew integrates seamlessly with Jamf

Britton highlighted that WorkBrew and Jamf work together seamlessly to create a powerful, automated workflow:

• Effortless deployment: Push WorkBrew to your fleet using a policy in Jamf Pro or make it available in Jamf Self Service.

• Synced device groups: WorkBrew pulls in your existing Jamf device groups, allowing you to create different software sets for different teams (e.g., developers, data scientists) automatically.

• Zero-touch onboarding: When a new developer gets a Mac, Jamf enrolls it, WorkBrew is installed, and all their essential tools are provisioned automatically — no tickets, no waiting, no manual packaging for IT.

The result is a huge productivity win for everyone. Developers get the tools they need instantly, and IT admins get back the countless hours they used to spend packaging and updating individual developer tools.

Ready to take control of your Homebrew deployment?

If you’re ready to move from simply tolerating Homebrew to managing it, this podcast episode is an excellent resource. It provides a deep dive into how you can empower your developers while giving your security team peace of mind.

Listen to the full episode now to get all the details, and when you’re ready to get started, head over to WorkBrew’s website. You can sign up for a free plan to gain visibility across your fleet or schedule a demo to see the full power of the platform.