If you don’t want to leave Software Update to install updates automatically, here are the options for using softwareupdate, SilentKnight and silnite instead.
silnite
Improves reporting of results on T2 and M1 Macs, and clarifies old versions of Gatekeeper seen on newer Macs. Recommended for all users.
This popular command tool performs the same checks as its GUI sibling SilentKnight. Now full compatible with M1 Macs and Monterey, with extended reporting.
Why use them, which to use, what to do with large updates, how to avoid downloading some updates, how they work, error messages, and where to find more info.
If you’re working towards this benchmark (or those for earlier versions of macOS), or want to maintain systems to its requirements, I have something to help you.
LockRattler for manual checks, SilentKnight to check automatically, and silnite for networked Macs and automation.
Extensively revised for improved compatibility with Big Sur and Apple Silicon Macs, with minor fixes for other systems too.
Now that Sierra is unsupported, this update no longer marks its older firmware versions as being errors.
Updates now distinguish between firmware versions for High Sierra and Mojave, and those for Catalina. Recommended for all users.
Important updates if you’re running Catalina, as they add the KEXT blocker back into their checks.
The Eclectic Light Company 