Project security

When you open a Ruby/Rails project, RubyMine runs gem executables that may contain harmful code from the project.

To prevent potential security risks, RubyMine lets you decide how to open a project if it doesn't recognize the project source.

When you open a Ruby/Rails project from an unknown source, RubyMine displays a notification and lets you decide how to proceed.

You can select one of the following actions:

• Trust Project: select this option to open the project and allow RubyMine to check for missing gems, run RuboCop (if enabled), and load a list of available Rake tasks and Rails generators automatically.

• Preview in Safe Mode: select this option to prevent the silent execution of Ruby tools using the project code. In this case, RubyMine's functionality will be limited.

  You can always switch to trusted mode using the notification panel in the editor.

• Don't Open: select this option to cancel opening the project.

RubyMine remembers when you trust a project on the current machine, but you will need to re-trust the project for each machine you open it on.

Until you trust the project, RubyMine will provide limited functionality. When trying to run Rake tasks or Rails generators, RubyMine won't suggest them in the Run Anything window, except for rake --tasks and rails generate.

However, you can still browse the project sources and open them in the editor. Code navigation and completion will be limited to project files and may not include sources of external libraries.

When you open a file in the project, RubyMine will display a notification panel in the editor stating that the project is untrusted. You can click the Trust project link to enable the full RubyMine functionality at any time. If you ignore the notification banner, RubyMine's functionality will still be limited.