How to run sonar-scanner or SonarQube on macOS Catalina or later

Users of macOS Catalina have almost certainly bumped into the enhanced security restrictions that try to limit what software can be run on the system. If this has gotten in the way of your ability to run analysis, or even a SonarQube instance, on macOS, read on for how you can get through it.

To save time, it’s best if you open the Security & Privacy section of your System Preferences and click the lock to allow changes to be made:

If you’re trying to run a recent release of the sonar-scanner, you may simply have to click OK on the following dialog that pops up during your execution:

You may, however, encounter a more rigid restriction, as I did when starting up the latest SonarQube release:

You certainly don’t want to click Move to Trash, but if you Cancel you’ll be able to allow this app to run after all. Head back to your System Preferences window, where you’ll see you now have a chance to indicate you really want to allow this app to run:

Try to start SonarQube again, and you’ll now have a chance to give the final okay on running this app:

Click Open!

In the case of SonarQube, you’ll probably get interrupted a second time

In which case, repeat the process

Kill SonarQube if necessary, and on your next attempt to start it, you’ll finally get a chance to give the final okay (we promise, this is the last one!)

Once you click Open this final time, you shouldn’t be nagged again. At least not until you install some future version.

If you don’t like the idea of managing these piecemeal approvals, you have other more forceful options. Just be careful, as these may somewhat compromise the intention of the security restrictions in the first place!

  • Allow any executable run from the Terminal: go to System Preferences / Security & Privacy, and in the Privacy tab, scroll in the list for Developer Tools , check the Terminal app. Then restart the Terminal app and re-run your command.
  • Allow all downloaded apps: execute the command sudo spctl --master-disable to allow apps downloaded from anywhere. This really means anywhere!