Command Line Interface (CLI) not properly signed on macOS.

[johnappletree]

Steps To Reproduce

1. Download the latest bw cli client from the bitwarden website.
2. Unzip the archive and execute the bw executable.

Expected Result

A signed exexutable that is compliant with apple's gatekeeper default settings.

Actual Result

Error message when launching the executable: Apple could not verify "bw" is free of malware that may harm your Mac or compromise your privacy.

--> How can I make sure this download/executable has not been compromised?

Screenshots or Videos

Additional Context

No response

Operating System

macOS

Operating System Version

15.0 (24A335) - This issue is also relevant for previous macOS releases.

Shell

Zsh

Build Version

2024.8.2

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[NovaSilentium]

Hi there,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!

[RedMageKnight]

Hi @NovaSilentium,

I just wanted to report that I also experienced issues signing into the CLI on Windows as well with 2024.9.0 - being flagged as malware which is causing an extension I've been working with that uses the CLI to login via API to fail. 2024.8.2 does not experience this issue. I'm running Windows 11, and I use only Windows Defender as my built in AV.

Even unblocking the executable which was only possible after turning off the on-demand active scan process still results in the CLI to fail to authenticate. Just wanted to throw my hat in due to the similarities in the CLI executable being recognized as malware at the OS level.