Project security
To prevent potential security risks, PyCharm lets you decide how to open a project if you're not sure about its source. PyCharm warns you about tasks or configurations that will be executed during the opening process and lets you configure sources that you can trust.
Open a project from unknown sources
When you open a project, such as Gradle or Maven, PyCharm executes its build scripts during the loading process. These build scripts can contain arbitrary (potentially dangerous) code.
When you open any project, PyCharm immediately lets you decide how to handle a project that contains unfamiliar source code.
You can select one of the following actions:
Preview in Safe Mode: in this case PyCharm opens a project in a "preview mode" meaning you can browse the project's sources, but there are restrictions in executing code, performing any build-related activities, or running any scripts.
For more information on Safe Mode preview limitations, refer to Safe mode preview limitations.
PyCharm displays a notification on top of the editor area, and you can click the Trust project… link and load your project at any time.
Trust Project: in this case, PyCharm opens and loads a project. That means project is initialized, project's plugins are resolved, dependencies are added, and all PyCharm features are available.
Don't Open: in this case PyCharm cancels the action.
Open a project for the first time
When you try to open a Gradle or a Maven project from an unknown source for the first time, PyCharm displays a warning and lets you decide how to proceed.
You can select one of the following actions:
Preview in Safe Mode: in this case, PyCharm opens a project in a "preview mode" meaning you can browse the project's sources, but it might be unsafe to execute any tasks or goals, build, or run your project.
PyCharm displays a notification on top of the editor area, and you can click the Trust project… link and load your project at any time.
Trust Project: in this case, PyCharm opens and loads a project normally. That means build scripts are executed, project's plugins are resolved, dependencies are added, and so on.
Don't Open: in this case, PyCharm cancels the action.
Open an existing project
If a project you are planning to open was created on a different machine and contains the .idea directory, PyCharm opens it in the IDE automatically as if you chose the Preview in Safe Mode action. PyCharm doesn't execute build scripts, resolve project's plugins, or add any dependencies. However, you still can browse the project's sources and open them in the editor.
If you try to execute any Maven goals or Gradle tasks through its dedicated tool window or through the Run Anything window, PyCharm will display a notification suggesting you to trust and load the project before executing anything.
PyCharm also displays an editor notification stating that the project is untrusted.
If you trust the source, click Trust project… and load it.
In this case, PyCharm loads the project, resolves plugins, adds the necessary dependencies, and so on.
You can also add the source to the trusted locations, so the next time you open your project, PyCharm will trust it implicitly.
Startup tasks
When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, PyCharm displays a notification suggesting that the code you are about to execute might be harmful.
You can review what tasks will be executed and modify the settings.
Review the startup tasks
In the Settings/Preferences dialog (Ctrl+Alt+S), go to .
On the Startup Tasks settings page, you can review and modify the startup tasks.
Safe mode preview limitations
If you open a project in the safe mode, the following limitations will apply to the project:
: any scripts or tasks that are executed during the opening process are disabled.
VCS support: the whole VCS support is disabled.
GDSL scripts: any Groovy DSL scripts will not be executed.
File Watchers scripts will not be executed.
Trusted locations
You can configure what sources PyCharm should consider safe and load such projects automatically during the opening process.
You can add your home directory to the trusted locations to disable PyCharm's warnings about untrusted projects.
Configure trusted locations
In the Settings/Preferences dialog (Ctrl+Alt+S), go to .
On the Trusted Locations settings page, configure the local directories where the projects you consider trusted reside. Click OK to save the changes.
The next time you open a project from one of those locations, PyCharm will automatically load the project.