This macOS Gatekeeper error prevents Git from running because Apple cannot verify the developer's identity. The fix involves either approving the app in Security settings, removing the quarantine attribute, or reinstalling Git from a trusted source like Homebrew.
The "git cannot be opened because the developer cannot be verified" error is a macOS security feature called Gatekeeper. It blocks applications downloaded from outside the Mac App Store that haven't been notarized by Apple. When you download Git from third-party sources (such as git-scm.com or certain package managers), macOS may quarantine the executable and prevent it from running. This error commonly occurs in these scenarios: - **Third-party Git installations** - Git downloaded from websites other than Apple or installed via non-standard methods - **Homebrew-installed Git on new Macs** - Sometimes after macOS updates or on fresh installations - **Git GUI applications** - Third-party Git clients that aren't notarized - **Command-line Git installed manually** - Compiling Git from source or using unofficial packages - **After macOS upgrades** - Security policies may change and previously allowed apps get blocked Gatekeeper is designed to protect your Mac from malware by requiring applications to be signed and notarized by Apple. However, many legitimate developer tools including Git distributions may not have Apple's notarization, triggering this warning.
The easiest fix is to approve Git through macOS Security settings:
1. When you see the "developer cannot be verified" dialog, click Cancel (not "Move to Trash")
2. Open System Settings (or System Preferences on older macOS):
open "x-apple.systempreferences:com.apple.preference.security"3. Go to Privacy & Security
4. Scroll down to the Security section. You should see a message saying:
> "git" was blocked from use because it is not from an identified developer.
5. Click Open Anyway
6. Enter your administrator password when prompted
7. A new dialog will appear - click Open to confirm
Git should now work without the warning. This approval is remembered permanently.
macOS adds a quarantine flag to downloaded files. Removing it allows Git to run:
# First, find where Git is installed
which git
# Common locations:
# /usr/local/bin/git
# /opt/homebrew/bin/git (Apple Silicon Macs)
# /usr/bin/git (Xcode Command Line Tools)
# Remove quarantine attribute (replace path with your git location)
sudo xattr -rd com.apple.quarantine /usr/local/bin/git
# If Git is a complete application bundle
sudo xattr -rd com.apple.quarantine /Applications/Git.app
# For Homebrew installations on Apple Silicon
sudo xattr -rd com.apple.quarantine /opt/homebrew/bin/gitThe -r flag applies recursively to all files in a directory, and -d deletes the attribute. After running this command, Git should execute without the Gatekeeper warning.
The most reliable solution is to install Git via Homebrew, which properly signs and handles macOS security:
# Install Homebrew if you don't have it
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Remove any existing problematic Git installation
# (Skip if Git is the Xcode version at /usr/bin/git)
sudo rm -rf /usr/local/git
# Install Git via Homebrew
brew install git
# Verify installation
git --version
which gitHomebrew-installed Git is typically located at:
- Intel Macs: /usr/local/bin/git
- Apple Silicon Macs: /opt/homebrew/bin/git
Make sure Homebrew's bin directory is in your PATH (Homebrew will provide instructions during installation).
Apple provides a signed and notarized version of Git through Xcode Command Line Tools:
# Install Xcode Command Line Tools (includes Git)
xcode-select --install
# A dialog will appear - click "Install" and accept the license
# After installation, verify Git is available
git --version
# Should show something like: git version 2.39.2 (Apple Git-143)
# Check the path
which git
# Should show: /usr/bin/gitThe Apple-provided Git at /usr/bin/git is always trusted by Gatekeeper. While it may not be the absolute latest version, it's reliable and requires no additional security approvals.
If you're using a Git GUI application (like GitKraken, Sourcetree, or Fork), use the right-click method:
1. Find the Git application in Finder (usually in /Applications)
2. Control-click (or right-click) on the application
3. Select Open from the context menu
4. In the dialog that appears, click Open
This bypasses Gatekeeper for that specific app. Unlike double-clicking, the right-click method gives you the option to override the security check.
For command-line Git that's part of an app bundle:
# Control-click method via Terminal
open /Applications/YourGitApp.app
# Then click Open in the dialogYou can adjust which apps macOS allows:
# Check current Gatekeeper status
spctl --status
# Output: assessments enabled (Gatekeeper is active)
# View security assessment for Git
spctl -a -v /usr/local/bin/gitModify allowed sources in System Settings:
1. Open System Settings > Privacy & Security
2. Under "Allow applications downloaded from:", select:
- App Store and identified developers (recommended)
- App Store (most restrictive - may cause Git issues)
Note: The "Anywhere" option that existed in older macOS versions is no longer available in the GUI. You can enable it via Terminal, but this significantly reduces security:
# NOT RECOMMENDED - disables Gatekeeper entirely
sudo spctl --master-disable
# To re-enable Gatekeeper
sudo spctl --master-enableOnly disable Gatekeeper if absolutely necessary and re-enable it immediately after.
Understanding macOS Gatekeeper:
Gatekeeper is macOS's first line of defense against malware. It checks three things:
1. Code signing - Is the app signed by a registered Apple developer?
2. Notarization - Has Apple scanned the app for malware?
3. Quarantine flag - Was the file downloaded from the internet?
Git distributed via git-scm.com is code-signed but may not be notarized, triggering the warning.
Quarantine Extended Attribute:
# View all extended attributes on the Git binary
xattr -l /usr/local/bin/git
# Example quarantine attribute value:
# com.apple.quarantine: 0083;5f3b8c7d;Chrome;
# List all quarantined files in a directory
find /usr/local/bin -xattr com.apple.quarantine 2>/dev/nullCode Signing Verification:
# Check if Git is properly signed
codesign -dv --verbose=4 /usr/local/bin/git
# Verify signature is valid
codesign --verify --verbose /usr/local/bin/git
# For Homebrew Git, check the certificate
codesign -dvvv /opt/homebrew/bin/git 2>&1 | grep AuthorityEnterprise/MDM Considerations:
In managed environments, your IT department may:
- Deploy Git through an MDM solution with proper signing
- Whitelist specific Git versions in Gatekeeper
- Disable certain security bypasses
Contact your IT department before disabling Gatekeeper on company machines.
Apple Silicon (M1/M2/M3) Specific Notes:
On Apple Silicon Macs:
- Homebrew installs to /opt/homebrew instead of /usr/local
- Rosetta 2 may be required for Intel-compiled Git: softwareupdate --install-rosetta
- Native ARM Git from Homebrew is preferred for performance
Persistent Issues After macOS Updates:
Major macOS updates sometimes reset security approvals:
# Re-approve Git after macOS update
sudo xattr -rd com.apple.quarantine $(which git)
# Or reinstall via Homebrew to get fresh signatures
brew reinstall gitwarning: BOM detected in file, this may cause issues
UTF-8 Byte Order Mark (BOM) detected in file
fatal: Server does not support --shallow-exclude
Server does not support --shallow-exclude
warning: filtering out blobs larger than limit
Git partial clone filtering large blobs warning
fatal: Server does not support --shallow-since
Server does not support --shallow-since in Git
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server