⭐ Add jamf provider

.github/actions/spelling/expect.txt

@@ -139,6 +139,8 @@ ipc
 ipsetforwardedipconfig
 ipsetreferencestatement
 istio
+itunes
+jamf
 jira
 jsonbody
 junos
@@ -258,6 +260,7 @@ secretmanager
 SECRETVALUE
 secureboot
 selfservice
+SInstall
 serviceconnection
 serviceprincipals
 sfn

Makefile

@@ -212,6 +212,7 @@ PROVIDERS := \
 	google-workspace \
 	ipinfo \
 	ipmi \
+	jamf \
 	k8s \
 	mondoo \
 	ms365 \

providers/jamf/config/config.go

@@ -0,0 +1,64 @@
+// Copyright Mondoo, Inc. 2024, 2026
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
+	"go.mondoo.com/mql/v13/providers-sdk/v1/plugin"
+	"go.mondoo.com/mql/v13/providers/jamf/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "jamf",
+	ID:              "go.mondoo.com/cnquery/v9/providers/jamf",
+	Version:         "13.0.0",
+	ConnectionTypes: []string{provider.ConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:  "jamf",
+			Use:   "jamf",
+			Short: "a Jamf Pro account",
+			Long: `Use the Jamf provider to query a Jamf Pro instance.
+
+To access the Jamf Pro API, you need your instance domain and API credentials.
+
+Examples:
+  mql shell jamf --client-id <your-client-id> --client-secret <your-client-secret> --instance-domain https://yourdomain.jamfcloud.com
+  mql scan jamf --client-id <your-client-id> --client-secret <your-client-secret> --instance-domain https://yourdomain.jamfcloud.com
+`,
+			Flags: []plugin.Flag{
+				{
+					Long:    "client-id",
+					Type:    plugin.FlagType_String,
+					Default: "",
+					Desc:    "Jamf Pro API client ID",
+				},
+				{
+					Long:        "client-secret",
+					Type:        plugin.FlagType_String,
+					Default:     "",
+					Desc:        "Jamf Pro API client secret",
+					Option:      plugin.FlagOption_Password,
+					ConfigEntry: "-",
+				},
+				{
+					Long:    "instance-domain",
+					Type:    plugin.FlagType_String,
+					Default: "",
+					Desc:    "Jamf Pro domain (e.g., https://yourdomain.jamfcloud.com)",
+				},
+			},
+		},
+	},
+	AssetUrlTrees: []*inventory.AssetUrlBranch{
+		{
+			PathSegments: []string{"technology=saas", "provider=jamf"},
+			Key:          "kind",
+			Title:        "Kind",
+			Values: map[string]*inventory.AssetUrlBranch{
+				"api": nil,
+			},
+		},
+	},
+}

providers/jamf/connection/connection.go

@@ -0,0 +1,90 @@
+// Copyright Mondoo, Inc. 2024, 2026
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/deploymenttheory/go-api-sdk-jamfpro/sdk/jamfpro"
+	"github.com/rs/zerolog/log"
+	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
+	"go.mondoo.com/mql/v13/providers-sdk/v1/plugin"
+	"go.mondoo.com/mql/v13/providers-sdk/v1/vault"
+)
+
+type JamfConnection struct {
+	plugin.Connection
+	Conf   *inventory.Config
+	asset  *inventory.Asset
+	Client *jamfpro.Client
+}
+
+func NewJamfConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*JamfConnection, error) {
+	conn := &JamfConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+
+	// Extract credentials and options from conf
+	var clientID, clientSecret, instanceDomain string
+	for _, cred := range conf.Credentials {
+		if cred.Type == vault.CredentialType_password {
+			clientID = cred.User
+			clientSecret = string(cred.Secret)
+		}
+	}
+	if domain, ok := conf.Options["instance_domain"]; ok {
+		instanceDomain = domain
+	}
+
+	// Validate that all necessary credentials are provided
+	if instanceDomain == "" || clientID == "" || clientSecret == "" {
+		return nil, errors.New("missing required Jamf credentials: instance_domain, client_id, client_secret")
+	}
+
+	// Create the configuration container
+	config := &jamfpro.ConfigContainer{
+		LogLevel:       "warn",
+		InstanceDomain: instanceDomain,
+		AuthMethod:     "oauth2",
+		ClientID:       clientID,
+		ClientSecret:   clientSecret,
+	}
+
+	// Initialize the Jamf Pro client with the given configuration
+	client, err := jamfpro.BuildClient(config)
+	if err != nil {
+		return nil, err
+	}
+	conn.Client = client
+	log.Info().Msg("jamf> client initialized using BuildClient with ConfigContainer")
+
+	return conn, nil
+}
+
+func (j *JamfConnection) Name() string {
+	return "jamf"
+}
+
+func (j *JamfConnection) Asset() *inventory.Asset {
+	return j.asset
+}
+
+func (j *JamfConnection) PlatformInfo() (*inventory.Platform, error) {
+	return &inventory.Platform{
+		Name:                  "jamf",
+		Title:                 "Jamf Pro",
+		Family:                []string{"jamf"},
+		Kind:                  "api",
+		Runtime:               "jamf",
+		TechnologyUrlSegments: []string{"api", "jamf"},
+	}, nil
+}
+
+func (j *JamfConnection) Identifier() string {
+	domain := j.Conf.Options["instance_domain"]
+	return "//platformid.api.mondoo.app/runtime/jamf/" + strings.ToLower(domain)
+}

providers/jamf/gen/main.go

@@ -0,0 +1,13 @@
+// Copyright Mondoo, Inc. 2024, 2026
+// SPDX-License-Identifier: BUSL-1.1
+
+package main
+
+import (
+	"go.mondoo.com/mql/v13/providers-sdk/v1/plugin/gen"
+	"go.mondoo.com/mql/v13/providers/jamf/config"
+)
+
+func main() {
+	gen.CLI(&config.Config)
+}

providers/jamf/go.mod

@@ -0,0 +1,162 @@
+module go.mondoo.com/mql/v13/providers/jamf
+
+replace go.mondoo.com/mql/v13 => ../..
+
+go 1.25.8
+
+require (
+	github.com/deploymenttheory/go-api-sdk-jamfpro v1.28.0
+	github.com/rs/zerolog v1.35.0
+	go.mondoo.com/mql/v13 v13.4.0
+)
+
+require (
+	cloud.google.com/go v0.115.1 // indirect
+	cloud.google.com/go/auth v0.9.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
+	cloud.google.com/go/iam v1.2.0 // indirect
+	cloud.google.com/go/kms v1.19.0 // indirect
+	cloud.google.com/go/longrunning v0.6.0 // indirect
+	cloud.google.com/go/secretmanager v1.14.0 // indirect
+	cloud.google.com/go/storage v1.43.0 // indirect
+	dario.cat/mergo v1.0.2 // indirect
+	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
+	github.com/99designs/keyring v1.2.2 // indirect
+	github.com/GoogleCloudPlatform/berglas/v2 v2.0.2 // indirect
+	github.com/Masterminds/semver v1.5.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.4.1 // indirect
+	github.com/antchfx/xmlquery v1.4.4 // indirect
+	github.com/antchfx/xpath v1.3.6 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.41.5 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.32.14 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.14 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.72 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.68.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.10 // indirect
+	github.com/aws/smithy-go v1.24.3 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/cloudflare/circl v1.6.3 // indirect
+	github.com/cockroachdb/errors v1.12.0 // indirect
+	github.com/cockroachdb/logtags v0.0.0-20241215232642-bb51bb14a506 // indirect
+	github.com/cockroachdb/redact v1.1.8 // indirect
+	github.com/cyphar/filepath-securejoin v0.6.1 // indirect
+	github.com/danieljoos/wincred v1.2.3 // indirect
+	github.com/deploymenttheory/go-api-http-client v0.4.1 // indirect
+	github.com/deploymenttheory/go-api-http-client-integrations v0.0.13 // indirect
+	github.com/dvsekhvalnov/jose2go v1.8.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/fatih/color v1.19.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/getsentry/sentry-go v0.44.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.8.0 // indirect
+	github.com/go-git/go-git/v5 v5.17.2 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.5 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.4 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
+	github.com/gofrs/uuid v4.4.0+incompatible // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.7.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.7 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-7 // indirect
+	github.com/hashicorp/vault/api v1.23.0 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
+	github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.6.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.4.0 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.21 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mtibben/percent v0.2.1 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
+	github.com/oklog/run v1.2.0 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pjbgf/sha1cd v0.5.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/segmentio/fasthash v1.0.3 // indirect
+	github.com/segmentio/ksuid v1.0.4 // indirect
+	github.com/sergi/go-diff v1.4.0 // indirect
+	github.com/sethvargo/go-retry v0.3.0 // indirect
+	github.com/skeema/knownhosts v1.3.2 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	go.mondoo.com/ranger-rpc v0.8.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
+	go.opentelemetry.io/otel/metric v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect
+	go.uber.org/mock v0.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.4 // indirect
+	golang.org/x/crypto v0.49.0 // indirect
+	golang.org/x/mod v0.34.0 // indirect
+	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/oauth2 v0.36.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/term v0.41.0 // indirect
+	golang.org/x/text v0.35.0 // indirect
+	golang.org/x/time v0.15.0 // indirect
+	golang.org/x/tools v0.43.0 // indirect
+	google.golang.org/api v0.195.0 // indirect
+	google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260120221211-b8f7ae30c516 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d // indirect
+	google.golang.org/grpc v1.80.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	moul.io/http2curl v1.0.0 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
+)