Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,389
Community Members
 
Community Events
168
Community Groups

Can't open Sourcetree because Apple cannot check it for malicious software

Just downloaded Sourcetree 4.0.1 from the Sourcetree website and received the following message - "Sourcetree' can’t be opened because Apple cannot check it for malicious software."

Note - I am running macOS 10.15.2. 

3 answers

1 accepted

8 votes
Answer accepted

Solution that helped me 

1) open 'system preferences' 

2) navigate to 'security & privacy' 
3) allow the use of Sourcetree

That is not a good and potentially very dangerous solution.

The only right solution is to move download app into the Trash and contact Atlassian. This build can be compromised and was not notarised. It's very easy to notarise application with Apple in automated fashion. Atlassian should fix this.

Like # people like this

"The only right solution is to move download app into the Trash and contact Atlassian". That is non-solution.

Whenever the advice is to not use a viable product until they meet someone else's demands, then feel free to disregard. Whether or not you trust the brand and product is more important than whether or not it meets the demands of a 3rd party (Apple).

The number of excellent products that are not notarized with Apple is staggering. It's a nice extra step, that provides greater confidence in the implementation of some security precautions and features, but it's far from necessary.

Like # people like this

Do you know what is staggering? The fact that Atlassian still has not solved this issue after at least half a year! The last update of Sourcetree is from januari this year.

Like # people like this

The solution is to validate the download with the hash provided by Atlassian… Atlassian doesn't provide any way to validate?! The trash looks like the best solution to me too. If, however, the trash isn't an option, then you can "right-click" (two finger tap, control-click, or right-click) the app, choose "Open", then click "Open" on the window that appears.

I can understand a company choosing not to use Apple's validation, even a company as big as Atlassian; but I don't understand them also not having their own validation.

Like # people like this

Sourcetree is handling our company's most precious assets - our app's source code. I need to be able to trust it, and notarization is an integral part of the macOS trust and security system. It's ridiculous that after one year, this hasn't been addressed yet. I'm switching to another git client.

Like # people like this

I’ve been using Tower for more than a month now both at home and at work, it’s been treating me well.

Like Tobias likes this

I'm having this issue again with https://product-downloads.atlassian.com/software/sourcetree/ga/Sourcetree_4.1.6_242.zip

 

Is this issue known to be occurring for that version?

Oh Atlassian just declines to certify?!  Seems sketch.

It seams that notarisation issue was resolved. I just tested the version 4.1.2 (238) and I was able to open the app in a normal way. 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events