Firstly, I’d like to thank all the individuals who have directly and indirectly helped with this project. Shoutout to @option8 for the main portion of this code and the #patchomator project, @BigMacAdmin for most of the swiftDialog usage in the script, and @dan-snelson for his help and continued refinement of the script.

With that said, I’d like to introduce App Auto-Patch.

In my Jamf Admin experience, I needed a way to make sure that all apps installed on our end-user’s computers were updated. I started to work on an inventory of all applications installed in our environment, but realized quickly that there was no manageable way to make sure that ALL apps on ALL computers were updated using the combination of Jamf App Installers, Patch Management, or Installomator policies and Smart Computer Groups.

When ran on a computer, App Auto-Patch will inventory the applications installed on that computer and attempt to match the applications to an Installomator app label. This information is used to attempt updates on all the inventoried applications on that computer.

With this approach, the Jamf Admin doesn’t necessarily need to have automated patching methods set up in Jamf Pro for all the apps in the environment. App Auto-Patch can do most of the heavy lifting to make sure that applications are updated and could help lessen the blindspot that admins may have in this area.

App Auto-Patch was built to run directly from Jamf Pro and can either be run silently in the background or give end-users a dialog of what apps are being patched via swiftdialog.

Getting Started:

  1. Download the latest App-Auto-Patch-via-Dialog.zsh to your computer. You can use the following command to download the latest script to your downloads folder:
# Download the latest `App-Auto-Patch-via-Dialog.zsh script
curl -o ~/Downloads/App-Auto-Patch-via-Dialog.zsh
  1. Feel free to make any modifications on this script to fit your organizational needs.
  2. Upload the script to Jamf Pro, the current parameter labels are as follows:
    • Parameter 4: Script Log Location [ /var/log/ ] (i.e., Your organization’s default location for client-side logs)
    • Parameter 5: Toggles swiftDialog to use an overlay icon [ true (default) | false ]
    • Parameter 6: Interactive Mode [ true (default) | false ]
    • Parameter 7: A space-separated list of Installomator labels to ignore (i.e., “microsoftonedrive-rollingout zoomgov googlechromeenterprise nudge”)
    • Parameter 8: A space-separated list of required Installomator labels (i.e., “microsoftteams”)
    • Parameter 9: Outdated OS Action [ /System/Library/CoreServices/Software (default) | jamfselfservice://content?entity=policy&id=117&action=view ] (i.e., Jamf Pro Self Service policy ID for operating system ugprades)
  3. Once your script is uploaded to Jamf Pro, the next step is to create a policy.
  4. In your policy, add the script payload and select the App-Auto-Patch script that was uploaded to Jamf Pro. You should fill out your parameter labels to make sure you get the desired results of the script.
  5. Optionally, you can make the policy available in Self Service for users to run on their own time.
  6. After you have your policy set up as you’d like, feel free to test it out.


During discovery, the user will be shown a mini dialog letting them know what is being inventoried.

Dialog will then attempt to patch all applications found in /Applications

Once all titles have been ran through, the user will be shown the Done button and can close out the dialog.

At this point, the apps installed on the computer should be updated. This should be a great tool that admins can use to help keep their third-party apps updated, even if they don’t know what is installed.

Thanks for checking it out!

4 responses to “App Auto-Patch”

  1. Hi there, this seems like an awesome way to patch!!
    Going to try this out. Many thx.

    Do all parameters need to be filled out, we only use Installomator for 2 apps as JAMF App Installers is the heavy lifter.

    So my understanding is that you still need installomator installed and utilized correct?

    Thank you,

    • Thanks for the feedback!

      The script will install installomator locally to process the apps, then clean up at the end so it won’t stay on the computers.

      Parameters don’t need to be all filled out. If a parameter is not filled out there is a default that is used, you should be able to see what the default is by looking at the parameter section of the script.

  2. Hello,

    Testing and really liking this process, one thing I’ve noticed is that my CodeRunner is on the latest version, the script thinks it’s an old version but the pop shows the exact same build. Also DEPNotify seems to always get updated even though it’s the latest, all other apps seem to know that’s it’s on the latest version and passes it by, which is great. Zulu JDK’s seem to just auto installed and do not decipher that my java is the latest build….anything we can do to help the compare logic.?

Leave a Reply

Blog at

%d bloggers like this: