There don’t appear to be many utilities yet which can inform you which of your apps are notarized, and which are exempt from notarization as they are signed by Apple or distributed through the App Store. With notarization now hurtling towards us in Catalina, and with a preview of what’s to come already in Mojave 10.14.5, I have added this as an option to my free signature scanner Signet.
To check individual apps, I recommend that you use Taccy, or the excellent Max Inspect from the App Store. However, neither of those can scan a folder of apps and report on them.
One of the problems with testing apps for notarization is that, as far as I can see, there’s no simple and reliable method other than making a call to the
spctl tool, such as
spctl -a -v appPath
So checking notarization over a folder containing hundreds of apps is going to require hundreds of such calls, and run very slowly. I therefore recommend that, when using this option, you scan folders with a maximum of around 50 apps in them, if at all possible, and you’ll still need to give Signet plenty of time to work its way through them.
In this version, only apps are checked for notarization, those being bundles with the extension .app. Under Catalina’s new rules, all (newly-signed) executable code is required to be notarized. I’m rather hoping that it will also bring a simpler and quicker way of checking notarization before extending this feature to all executable code.
This option is now enabled in the new Apps checkbox in Signet’s window.