Project security
To prevent potential security risks, CLion lets you decide how to open a project if you're not sure about its source. CLion warns you about tasks or configurations that will be executed during the opening process and lets you configure sources that you can trust.
note
You can configure trusted locations to automatically load projects from particular directories.
When you open a CMake, Makefile, or Gradle project, CLion executes its build scripts during the loading process. These build scripts can contain arbitrary (potentially dangerous) code.
You can select one of the following actions:
Preview in Safe Mode: in this case CLion opens a project in a "preview mode" meaning you can browse the project's sources, but there are restrictions in executing code, performing any build-related activities, or running any scripts (for example, executing Gradle tasks, loading and running CMake or Makefile targets).
tip
If you stay in the Safe Mode, CLion will not show extra notifications for other potentially dangerous features in your project. For example, startup tasks will be skipped silently. For more information, refer to Safe mode preview limitations.
CLion displays a notification on top of the editor area, and you can click the Trust project… link and load your project at any time.
If you try to reload the project or execute targets in case of CMake or Makefile, or run Gradle tasks using menu items, dedicated tool windows, or the Run Anything window, CLion will prompt you to confirm that you trust the project before proceeding:
Trust Project: in this case, CLion opens and loads a project. That means project is initialized, project's plugins are resolved, dependencies are added, and all CLion features are available.
Don't Open: in this case CLion cancels the action.
note
Select the Trust projects in <path> checkbox to trust the directory from which you are trying to open the project. Next time you open a project from that directory, it will be opened and loaded automatically.
When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, CLion displays a notification suggesting that the code you are about to execute might be harmful.
You can review what tasks will be executed and modify the settings.
In the Settings dialog (CtrlAlt0S), go to Tools | Startup Tasks.
On the Startup Tasks settings page, you can review and modify the startup tasks.
If you open a project in the safe mode, the following limitations will apply to the project:
Startup tasks: any scripts or tasks that are executed during the opening process are disabled.
VCS support: the whole VCS support is disabled.
File Watchers scripts will not wake up and run corresponding tools.
You can configure what sources CLion should consider safe and load such projects automatically during the opening process.
You can add your home directory to the trusted locations to disable CLion's warnings about untrusted projects.
In the Settings dialog (CtrlAlt0S), go to Build, Execution, Deployment | Trusted Locations.
On the Trusted Locations settings page, configure the local directories where the projects you consider trusted reside. Click OK to save the changes.
The next time you open a project from one of those locations, CLion will automatically load the project.
Thanks for your feedback!