FAQs¶
What is Sensei?¶
Sensei is a dynamic code quality review and remediation tool. Tightly integrated with Intellij as a plugin it flags issues in source code and uses Context Action Intentions to amend and fix the code. Fixes and recipes used can be customised easily within IntelliJ using a simple GUI and collected and shared as Cookbooks. Cookbooks can be shared via Github or embedded in projects for project specific checks. Learn more at securecodewarrior.com/sensei.
What is the difference between this and a Static Analysis tool?¶
Static Analysis tools are designed to find issues, rather than fix issues. Sensei is designed to help you catch issues in real-time and resolve them immediately in the IDE.
A Static Analysis tool tends to work in batch mode. Providing feedback on code during Continuous Integration, or on-demand from the command line or via an IDE plugin. Rule-sets tend to be generic and can be hard to customize or switch on and off.
Instead, Sensei runs in real-time, in the IDE, using custom recipes. Sensei integrates fully in the IDE as Intentions and the normal IntelliJ Intention configuration can be used to switch recipes on and off. The recipes can have multiple options in the Quick Fix suggestions e.g. linking to documentation, amending code, linking to training.
Note that Sensei can also run in batch mode, but the main focus and power is to detect issues while the developer is coding, reducing time in the feedback loop.
What is the difference between this and a real-time Static Analysis tool like SonarLint?¶
Real-time Static Analysis tools which run in the IDE can alert you to issues. Sensei runs in real-time in the IDE to help you both find, and fix issues. Sensei makes it easy to create custom recipes from the in-built GUI. Other tools often require configuration by writing custom classes and are harder to configure.
Can I write my own custom recipes/rules?¶
Yes. Sensei has a built-in GUI to make writing recipes easy and fast. The Search GUI for rule writing shows the matching code in the context of the actual source code file you are working with, so you can see the changes that help refine the search to avoid false-positive identification of issues.
The Fix GUI has a diff view where you can see the results of applying the Quick Fix in the source you are working with.
Languages and IDEs¶
What languages does Sensei support?¶
Sensei supports Java.
What IDEs does Sensei support?¶
Sensei supports all JetBrains IDEs that can work with the Java SDK e.g. IntelliJ Ultimate, IntelliJ Community, Android Studio, EduTools.
Does Sensei support any other IDEs besides IntelliJ?¶
Sensei tightly integrates with IntelliJ to harness features like real-time code checking, issue markup in source code, configuring through Intentions, Show Context Actions, issues found are shown in the “Problems” tab.
Sensei is currently only available for IntelliJ and is freely available from the JetBrains Marketplace.
Sensei Team and CI Support¶
Can Sensei recipes be run in CI (Continuous Integration)?¶
Yes. Sensei harnesses the native IntelliJ execution of inspections from the command line.
Use the built-in Analyze features of IntelliJ to configure and run custom profiles and configurations from the command line and incorporate the execution into Continuous Integration.
You can learn more in this blog post, and it includes a video showing the feature in action.
Getting started¶
How can I install Sensei into IntelliJ?¶
The two recommended options for installing the plugin are using the “Install to IDE” button, and installing from within the IDE.
“Install to IDE” button¶
To “Install to IDE”, have IntelliJ running on your computer (refresh this page if necessary) and click the button below.
Or visit the marketplace page where IntelliJ also have an “Install to IDE” button:
Install from plugins within the IDE¶
To install within the IDE, see the Installing Sensei page.
Does Sensei have any documentation?¶
Yes. The Sensei documentation has both tutorials and reference information.
The Getting Started section should cover installation, a getting started tutorial and links to further information.
The Syntax Reference section explains all the Search and Quick Fix actions and parameters in detail.
Does Sensei ship with pre-defined recipes/rules?¶
Sensei has a default remote cookbook containing security-related recipes which can be turned on using the Sensei Cookbooks tab.
Other collections of recipes can be downloaded from the Public Cookbook repository.
Are there any example recipes/rules I can download and use?¶
Yes. The Public Cookbook repository contains information about, and links to, every public recipe that we know of. We are continually adding more recipes to this repository.
Are there any code example projects which use Sensei so I can try it out?¶
Yes. We are releasing as much code and as many recipes as we can. You can find these on the Secure Code Warrior Github profile github.com/securecodewarrior.
We have released:
https://github.com/SecureCodeWarrior/sensei-blog-examples
All the sample code and recipes used in our blog posts. This is a maven module project to make it easy to checkout and use.
https://github.com/SecureCodeWarrior/challenge-the-sensei
Sample code and recipes used to illustrate some common Java problems. We used this as the basis for our “Challenge the Sensei” quiz
Our public cookbooks project contains some sample code and documented recipes and cookbooks for use in your own projects.
Pricing¶
How much does Sensei cost?¶
Sensei is free.
Will Sensei always be free?¶
Sensei will always be free to use in your IDE as an individual developer and sharing Cookbooks and recipes from local project cookbooks and importing from Github will remain free.
We will introduce paid Enterprise features in the future around support, team management, metrics, and remote configuration of projects and recipes for automated deployment to registered teams.
Privacy¶
Is any of my code ever sent out of the IDE?¶
No, all analysis of code is done directly in the IDE. No code leaves your machine. These types of information are never sent out:
Project name
Paths/filenames
Code
Details about any communication Sensei executes can be found on the Connectivity page.
Do I have to register my details to be able to use Sensei?¶
No. Sensei is free to use without registration.
Does Sensei collect any usage metrics?¶
When you install Sensei, we ask you whether or not you want to opt into providing anonymous metrics to us. But it’s off by default, and users can disable it at any time.
Can we get organizational metrics out of Sensei?¶
We will have optional metrics that organizations can opt into, getting insight into how their developers are using Sensei. This is entirely optional, and is controlled directly by the organization administrators.