AppCode
 
2021.2
Shortcuts: macOS
Get AppCode
You are viewing the documentation for an earlier version of AppCode.
  1. Manage your projects
  2. Project security

Project security

Last modified: 17 December 2021

To prevent potential security risks, AppCode lets you decide how to open a project if you're not sure about its source. AppCode warns you about tasks or configurations that will be executed during the opening process and lets you configure sources that you can trust.

note

You can configure trusted locations to automatically load projects from such directories.

Open Xcode projects and Swift packages from unknown sources

Xcode projects that you open from unknown sources may contain malicious code in build scripts. Swift packages included in a project, as well as standalone Swift packages, may also contain untrusted code in their scripts.

Open a project for the first time

When you open an Xcode project or a standalone Swift package from an unknown source for the first time, AppCode displays a warning and lets you decide how to proceed:

Untrusted Project

You can select one of the following actions:

  • Preview in Safe Mode: in this case, AppCode opens a project in a "preview mode" meaning you can browse the project's sources, but it might be unsafe to build the project, resolve Swift package dependencies, load Swift packages and run their code. Code assistance feature for Swift packages will be also unavailable in this mode.

    AppCode displays a notification on top of the editor area, and you can click the Trust project link and load your project at any time.

  • Trust Project: in this case, AppCode opens and loads a project normally. That means that Swift package dependencies are resolved, standalone Swift packages are loaded, run/debug configurations for Swift packages are available.

  • Don't Open: in this case, AppCode cancels the action.

note

Select the Trust projects in <path> checkbox to trust the directory from which you are trying to open the project. Next time you open a project from that directory, it will be opened and loaded automatically.

Open an existing project

If a project you are planning to open was created on a different machine and contains the .idea directory, AppCode opens it in the IDE automatically as if you chose the Preview in Safe Mode action. AppCode cannot resolve remote Swift package dependencies, load and run Swift packages. However, you still can browse the project's sources and open them in the editor.

When trying to update Swift package dependencies, you'll get a notification suggesting you to trust and load the project.

AppCode also displays an editor notification stating that the project is untrusted.

the Trust project notification

If you trust the source, click Trust project and load it.

the Untrusted IDEA project dialog

In this case, AppCode loads the project, adds the necessary dependencies, and so on.

You can also add the source to the trusted locations, so the next time you open your project, AppCode will trust it implicitly.

Startup tasks

When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, AppCode displays a notification suggesting that the code you are about to execute might be harmful.

You can review what tasks will be executed and modify the settings.

Review the startup tasks

  1. In the Preferences dialog ⌃ ⌥ S, go to Tools | Startup Tasks.

  2. On the Startup Tasks settings page, you can review and modify the startup tasks.

Trusted locations

You can configure what sources AppCode should consider safe and load such projects automatically during the opening process.

You can add your home directory to the trusted locations to disable AppCode's warnings about untrusted projects.

Configure trusted locations

  1. In the Preferences dialog ⌃ ⌥ S, go to Build, Execution, Deployment | Trusted Locations.

  2. On the Trusted Locations settings page, configure the local directories where the projects you consider trusted reside. Click OK to save the changes.

    Trusted Locations

    The next time you open a project from one of those locations, AppCode will automatically load the project.