asc-notarization
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes several macOS system utilities including
security,xcodebuild,codesign,ditto, andhdiutilto manage code signing identities, archive applications, and create distribution packages.- [COMMAND_EXECUTION]: Utilizes theascCLI tool to interact with Apple's Notary API v2 for submitting binaries and checking notarization status.- [COMMAND_EXECUTION]: Performs sensitive keychain operations, such assecurity find-identityandsecurity find-certificate, to locate signing assets.- [COMMAND_EXECUTION]: Includes a troubleshooting step that usessecurity remove-trusted-certto clear custom trust overrides that can interfere with the Developer ID certificate chain.- [EXTERNAL_DOWNLOADS]: Fetches notarization logs from a remote URL (LOG_URL) provided by the service response to debug failures.
Audit Metadata