An end-to-end guide on getting the most from Workbrew - whether you're an organization aiming to improve developer productivity while staying compliant, or a developer managing configurations across your work and personal devices.

To start using Workbrew, follow these steps:

• Sign up at console.workbrew.com
• Follow the onboarding tutorial:
  1. Complete profile by entering a username and confirming your email address
  2. User account or Workspace:
     • If you’re part of an organization that wants to start using Workbrew: enter a Workspace name and confirm
     • If you’re part of an organization that is already using Workbrew: ask an existing Workspace user to invite you by your username or email and refresh the page
     • If you’re an individual: choose your User account instead
  3. Connecting Agent to your Device on your User account or Workspace:
     • Connect your Device to the Workbrew Agent by running the included commands (which you can view anytime by opening your Workspace or User settings pages)
     • Once connected, each device will automatically sync immediately and every 15 minutes with the Workbrew Console, enabling you to monitor and manage configurations

Once your first device is set up, you’re ready to add more.

Zero-Touch Deployment via MDM:

• Use Workbrew for zero-touch provisioning, allowing devices to automatically configure and connect to Workbrew at time-of-enrollment via an MDM
• For more details on zero-touch provisioning, see our blog post on Zero-Touch Provisioning with MDM.

Bootstrap:

• Our Bootstrap script provides an easy way to set up a macOS development system with sensible defaults and connect to a Workbrew workspace or User account – allowing you to enroll additional devices even without an MDM
• The Bootstrap script will also pull in developer's personal settings by automatically deploying any dotfiles stored on their GitHub repository

Group devices based on team, department, or specific requirements using Device Groups. Device Groups make it easy to apply remote management configurations and commands to a subsets of devices – streamlining fleet management.

Creating Device Groups:

1. Click on the Devices tab in the sidebar to view all of your Workspace's devices
2. Search for and select more than one device
3. Click Add to groups and then Create a new group from the dropdown
4. Give your group a name and select Create Device group

View and Manage Device Groups:

• Click on Device Groups in the sidebar to view all your Device Groups
• Click on the number of devices in a group to view them filtered on the Devices page
• Add more devices to an existing group by using the Add to groups dropdown

The Dashboard, Vulnerabilities, Analytics, Packages, Taps and Licenses pages in the Workbrew Console provide insight into software usage, trends, and vulnerabilities across your devices.

Dashboard:

• Get a high-level view of your connected devices. Drill down to review specific details about installed packages, usage history, and configurations

Vulnerabilities:

• Identify and click-to-view CVEs for known vulnerabilities across brew packages on all connected devices
• See CVE vulnerability scores at a glance
• Isolate effected devices and run remote commands to remediate on just those devices

Analytics (Workspaces only):

• Search for, view and filter across devices to get insight into how users have run brew on which Workspace devices, when

Packages:

• View and filter by all Formulae and Casks installed across all connected devices
• See which groups of devices are running which packages and whether or not they are up-to-date with the latest versions

Taps:

• View all of the Taps that are hosting package definitions across all your connected devices
• See which groups of devices are accessing Taps and how many packages a tap can install

Licenses:

• Identify and learn more about the open source licenses that installed packages across your connected devices are using

Workbrew’s Brew Commands feature enables you to manage software remotely, executing brew commands across multiple workspace devices from the Console.

Run Commands Remotely:

• Execute any Homebrew command, such as brew install, brew update, or brew upgrade, across one or more devices in your fleet
• Commands can be created by either manually writing and running a Brew Command argument (see example usage below), or by clicking on any of the quick-action 'Run' buttons throughout the Console to pre-fill a Brew Command ready to be created and run
• New commands can be run immediately after creation or scheduled for a specific date and time

Track Status and Logs:

• Every Brew Command is logged in the Console, allowing you to track the status, view execution details, and troubleshoot issues as needed

To install and/or upgrade VS Code on just your developer's devices:

1. Create a Device Group called 'Developers' – adding all of your development team's devices to the group
2. Go to Brew Commands in the sidebar and click New Brew command
3. Add brew install --cask visual-studio-code as an argument
4. From the Run on Devices dropdown select Developers
5. Click Create Brew Command to create the command AND run it now on all devices in the group

Use Default Packages to ensure essential software is consistently installed across your devices.

Define Lists of Essential Packages:

• Create Brewfiles by listing essential packages for different devices, then install them all with a single command

View and Manage All Your Default Packages:

• See all your Default Packages at a glace and know which lists of packages target which groups

Monitor Deployment:

• Track installation logs and status on the Brew Commands page to verify successful deployment across targeted devices

To get your whole team started with a list of pertinent default packages:

1. Click Default Packages in the sidebar
2. Click the New Brewfile button
3. List a combination of essential packages in the Brewfile text field that you'd like installed by default on all devices across your fleet (e.g. brew "git", brew "openssl")
4. Add a label such as 'Essentials-for-Everyone' to descibe the goal and denote that this list of default packages will be installed on every existing and new device in the fleet (as opposed to a label that might denote packages targeted at just a specifc team)
5. From the Run on Devices dropdown select All All Current and New Workspace Devices – so that these packages will automatically be run on all new devices added to your fleet
6. Click Create Brewfile to create the command AND install all of the packages across your fleet

With Brew Configurations, you can apply environment variables to enforce policies, customize settings, and standardize configurations.

Define Security and Compliance Policies:

• Manage package access by specifying allowed taps and restricting certain packages and licenses, ensuring compliance across your organization

Device-Specific Configurations:

• Apply specific configurations for individual devices or Device Groups, providing flexibility and granular control over your fleet’s software environment

Restrict package sources so that all devices can only access packages from the official, Homebrew-moderated taps:

1. Click Brew Configurations in the sidebar
2. Click the New Brew configuration button
3. Set the 'Homebrew environment variable key' to HOMEBREW_ALLOWED_TAPS
4. Set the 'Homebrew environment variable value' to homebrew/homebrew-core homebrew/homebrew-cask

Block a list of VPN applications that you do not want any devices to install:

1. Click Brew Configurations in the sidebar
2. Click the New Brew configuration button
3. Set the 'Homebrew environment variable key' to HOMEBREW_FORBIDDEN_CASKS
4. Set the 'Homebrew environment variable value' to holavpn betternetvpn tigervpn

Block an open source license that is know to be too restrictive:

1. Click Brew Configurations in the sidebar
2. Click the New Brew configuration button
3. Set the 'Homebrew environment variable key' to HOMEBREW_FORBIDDEN_LICENSES
4. Set the 'Homebrew environment variable value' to AGPL-3.0-only AGPL-3.0-or-later