It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cannot open Soucetree on Catalina

I downloaded Sourcetree from the website on my MacBook Pro, running Catalina, and when I attempt to launch it I get the error below. Does anyone know how to fix this issue?

“Sourcetree” can’t be opened because Apple cannot check it for malicious software.

This software needs to be updated. Contact the developer for more information.

7 answers

If you go to System Preferences > Security and Privacy > General you can click on allow apps downloaded from. Over the you will see that something is blocked from source tree, if you accept it it will open Sourcetree again

This worked for me. Thanks!

Like John_Lennerton likes this

My company policy does not allow me to download from non-app store, non-verified. Am I SOL?

Got it to work using: sudo spctl --master-disable

Don't use the command line mentioned above.

By doing so, you disable an important security feature of the OS.

Like kpdirection likes this

In Mac OS you can also use the finder to go to the Applications directory. When you right-click the "SourceTree" App and select "Open" MAC OS will ask you if you want to open the app anyway. This only works when you right click the App directly!

 

Walter

Like # people like this

Thanks  its working for me.

Thanks Vanderheiden, that worked for me.

It's easy to allow it to open, but is not the bigger question why Atlassian doesn't sign its app?

alex_kent I'm New Here Apr 02, 2020

technically, I think this problem is because Atlassian doesn't use Apple's service to "Notarize" the binary. But the question (and result) is the same.

I can accept this from open source and hobby projects. But if you are an Atlassian sized company, and this integrates into their paid producs.

First reaction to this is to suspect the release pipeline or downloaded zip to be compromised. I can't find any way to validate the download zip (e.g. SHA/MD5 on their website). Not good. 

I have the same problem

Same problem, worked just fine in Mojave.

Many common apps like Skype, WinZip and Sourcetree have such an issue on macOS Catalina. Usually you can bypass this new macOS gateway by opening the app through System Preferences > Security & Privacy > Check Allow apps downloaded from App Store and identified developers > Click Open Anyway (as mentioned by Anouk Hermsen).

app-cannot-be-opened-on-macos-catalina-1.jpg

If it still doesn't work, I assume that you are double clicking on the Sourcetree install icon, yes? Don't do that. Instead right mouse click or control click on it. You should get an Open option in context menu > Select Open > Then the next dialog box you see will be similar to the one you report, but it will also have the Open button added. Choose Open and voila.

app-cannot-be-opened-on-macos-catalina-control-click-2.jpg

I don't have the open button, even when ctrl click or right click. I think it is a company policy. So means I can't use Sourcetree...

Like Joey_Erlandson likes this

1. Open Terminal

2. Run this command:

xattr -d com.apple.quarantine /Applications/SourceTree.app

This does not require the user privileges to change System Preferences.

Thanks men, you safe my life to buy a licence of Fork.

Like Dirk_Diggler likes this

This takes the app out of quarantine & lets it run, but with 10.15.4 (19E266) on a Mac w/ T2, I'm seeing SourceTreeLogin, a child process of ssh which is a child process of git which is launched by launchd.development, repeatedly get some errors

(CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST)

then securityd reports 

[com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple-signed

and it appears the process is killed, then a new one spawned every couple of seconds.

This uses over 100% of a CPU and hammers the network.

@morgue_ann I'm seeing the same thing. I've filed https://jira.atlassian.com/browse/SRCTREE-7272 if you want to chime in there.

@morgue_ann I manage to work around the problem for now by removing *all* accounts from Sourcetree. This causes it to not try to log into those accounts, thus pegging seucrityd with requests.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

3,634 views 0 11
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you