diff --git a/Cargo.lock b/Cargo.lock
index 8da1f8df..59f3d8cc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1032,6 +1032,7 @@ dependencies = [
  "tempfile",
  "thiserror",
  "url",
+ "walkdir",
  "windows",
  "winres",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index 3aabf44d..ee541a2a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -66,6 +66,7 @@ windows = { version = "0.58.0", features = ["Win32_Foundation", "Win32_UI_Shell"
 
 [target.'cfg(target_os = "macos")'.dependencies]
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "native-tls", "socks"] }
+walkdir = "2.5"
 
 [target.'cfg(all(not(target_os = "macos"),not(windows)))'.dependencies]
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls-native-roots", "socks"] }
diff --git a/src/operations.rs b/src/operations.rs
index 9a78dbc5..a6672b81 100644
--- a/src/operations.rs
+++ b/src/operations.rs
@@ -580,6 +580,25 @@ pub fn install_from_url(
         }
     };
 
+    #[cfg(target_os = "macos")]
+    {
+        use std::os::unix::fs::PermissionsExt;
+
+        // TODO Add prompt that asks users to confirm this
+        eprintln!("Code signing");
+        for entry in walkdir::WalkDir::new(temp_dir.path()).into_iter().filter_map(|e| e.ok()) {
+            // TODO Instead of comparing > 0 we need to change this to check for the right permissions on exectuable files and only
+            // sign those
+            if entry.metadata()?.is_file() && entry.metadata()?.permissions().mode() > 0 {
+                std::process::Command::new("codesign")
+                    .arg("--sign")
+                    .arg("-")
+                    .arg(entry.path())
+                    .status()?;
+            }
+        }
+    }
+
     // Query the actual version
     let julia_path = temp_dir
         .path()