IntelliJ IDEA 2021.2 Help

Project security

To prevent potential security risks, IntelliJ IDEA lets you decide how to open a project if you're not sure about its source. IntelliJ IDEA warns you about tasks or configurations that will be executed during the opening process and lets you configure sources that you can trust.

Projects security in IntelliJ IDEA

When you open a project, such as Gradle or Maven, IntelliJ IDEA executes its build scripts during the loading process that may potentially contain the untrusted code.

Open a project for the first time

When you try to open a Gradle or a Maven project from an unknown source for the first time, IntelliJ IDEA displays a warning and lets you decide how to proceed.

Untrusted Project

You can select one of the following actions:

  • Preview in Safe Mode: in this case, IntelliJ IDEA opens a project in a "preview mode" meaning you can browse the project's sources, but it might be unsafe to execute any tasks or goals, build, or run your project.

    IntelliJ IDEA displays a notification on top of the editor area, and you can click the Trust project… link and load your project at any time.

  • Trust Project: in this case, IntelliJ IDEA opens and loads a project normally. That means build scripts are executed, project's plugins are resolved, dependencies are added, and so on.

  • Don't Open: in this case, IntelliJ IDEA cancels the action.

Open an existing project

If a project you are planning to open was created on a different machine and contains the .idea directory, IntelliJ IDEA opens it in the IDE automatically as if you chose the Preview in Safe Mode action. IntelliJ IDEA doesn't execute build scripts, resolve project's plugins, or add any dependencies. However, you still can browse the project's sources and open them in the editor.

If you try to execute any Maven goals or Gradle tasks through its dedicated tool window or through the Run Anything window, IntelliJ IDEA will display a notification suggesting you to trust and load the project before executing anything.

IntelliJ IDEA also displays an editor notification stating that the project is untrusted.

the Trust project notification

If you trust the source, click Trust project… and load it.

the Untrusted IDEA project dialog

In this case, IntelliJ IDEA loads the project, resolves plugins, adds the necessary dependencies, and so on.

You can also add the source to the trusted locations, so the next time you open your project, IntelliJ IDEA will trust it implicitly.

Startup tasks

When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, IntelliJ IDEA displays a notification suggesting that the code you are about to execute might be harmful.

You can review what tasks will be executed and modify the settings.

Review the startup tasks

  1. In the Settings/Preferences dialog Ctrl+Alt+S, go to Tools | Startup Tasks.

  2. On the Startup Tasks settings page, you can review and modify the startup tasks.

Trusted locations

You can configure what sources IntelliJ IDEA should consider safe and load such projects automatically during the opening process.

You can add your home directory to the trusted locations to disable IntelliJ IDEA's warnings about untrusted projects.

Configure trusted locations

  1. In the Settings/Preferences dialog Ctrl+Alt+S, go to Build, Execution, Deployment | Trusted Locations.

  2. On the Trusted Locations settings page, configure the local directories where the projects you consider trusted reside. Click OK to save the changes.

    Trusted Locations

    The next time you open a project from one of those locations, IntelliJ IDEA will automatically load the project.

Last modified: 02 August 2022