I've been tracking an issue where machines here are not getting progressively nagged about overdue macOS updates. It turns out it's due to a bug in Apple's softwareupdate (at least in Big Sur):
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
Software Update found the following new or updated software:
* Label: macOS Big Sur 11.2.3-20D91
Title: macOS Big Sur 11.2.3, Version: 11.2.3, Size: 2383629K, Recommended: YES, Action: restart,
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
No new software available.
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
No new software available.
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
No new software available.
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
No new software available.
bash-3.2$ softwareupdate -l --no-scan
Software Update Tool
Software Update found the following new or updated software:
* Label: macOS Big Sur 11.2.3-20D91
Title: macOS Big Sur 11.2.3, Version: 11.2.3, Size: 2383629K, Recommended: YES, Action: restart,
Does anybody have any terribly bright/clever ideas for working around this issue? The only one I can think of requires the admin to track these and record their availability or due dates somewhere Munki can retrieve independently of Apple (like Apple update metadata).