Security

SnipWiz is designed to keep your code on your machine and nowhere else. Here's how we secure the app and its supply chain.

Local-Only Storage

Your snippets are stored in a local JSON file on your machine. Version history is powered by a local git repository — it never connects to GitHub or any remote. SnipWiz makes zero network calls — no telemetry, no analytics, no cloud sync, no phone-home. Your data never leaves your computer.

Dependency Scanning

We use GitHub Dependabot to continuously monitor all dependencies for known vulnerabilities. Security alerts trigger automatic pull requests with patched versions, so the supply chain stays clean.

Static Code Analysis

Every commit is scanned with GitHub CodeQL and cargo audit for Rust dependencies. This catches security issues, unsafe patterns, and known CVEs before they reach a release.

Signed & Notarized

macOS builds are signed with an Apple Developer ID certificate and notarized by Apple's notary service. This means Gatekeeper verifies the app is free of known malware before it runs on your Mac.

Minimal Attack Surface

SnipWiz is built with Tauri (Rust) and uses the OS-native WebView — no bundled Chromium, no Node.js runtime. Fewer dependencies means fewer vectors. The ~16 MB binary is one of the smallest in its category.

Open Build Pipeline

Releases are built via GitHub Actions with a reproducible CI pipeline. Build artifacts are generated in a clean environment with pinned dependency versions.

Responsible Disclosure

If you discover a security vulnerability in SnipWiz, please report it responsibly. Email security@snipwiz.com and we'll respond within 48 hours. Please do not open public issues for security reports.