Workbrew’s 2024 Security Audit with Trail of Bits

In the fall of 2024, Workbrew commissioned a Security Audit from reputable cybersecurity firm Trail of Bits. 

The scope of the audit consisted of: 

• The Workbrew console (Rails-based application)
• The Workbrew endpoint agent (Go-based, with integrations into brew)
• The Workbrew installer (macOS installer with associated shell scripts)

The audit focused on reviewing the Workbrew update mechanisms, remote brew command execution, filesystem access controls preventing unauthorized access (by a non-root user), as well as checking for exposure of sensitive‬‭ system secrets.‬

• Items found - 9
• Items resolved - 7
• Items in progress/partially resolved - 2

Findings by severity: 

• Informational: 3
• Low: 4
• Medium: 1
• Undetermined: 1 

Additionally, Homebrew underwent an in-depth security audit in 2023, and interested parties can read that report from Trail of Bits here.

To access the full Workbrew report, please visit our Security page.

Trail of Bits will be joining Workbrew for an upcoming webinar about security audits on March 25, and we'd love to see you there.