Sensei is a dynamic code quality review and remediation tool. Tightly integrated with Intellij as a plugin it flags issues in source code and uses Context Action Intentions to amend and fix the code. Fixes and recipes used can be customised easily within IntelliJ using a simple GUI and collected and shared as Cookbooks. Cookbooks can be shared via Github or embedded in projects for project specific checks. Learn more at securecodewarrior.com/sensei.
Static Analysis tools are designed to find issues, rather than fix issues. Sensei is designed to help you catch issues in real-time and resolve them immediately in the IDE.
A Static Analysis tool tends to work in batch mode. Providing feedback on code during Continuous Integration, or on-demand from the command line or via an IDE plugin. Rule-sets tend to be generic and can be hard to customize or switch on and off.
Instead, Sensei runs in real-time, in the IDE, using custom recipes. Sensei integrates fully in the IDE as Intentions and the normal IntelliJ Intention configuration can be used to switch recipes on and off. The recipes can have multiple options in the Quick Fix suggestions e.g. linking to documentation, amending code, linking to training.
Note that Sensei can also run in batch mode, but the main focus and power is to detect issues while the developer is coding, reducing time in the feedback loop.
Real-time Static Analysis tools which run in the IDE can alert you to issues. Sensei runs in real-time in the IDE to help you both find, and fix issues. Sensei makes it easy to create custom recipes from the in-built GUI. Other tools often require configuration by writing custom classes and are harder to configure.
Yes. Sensei has a built-in GUI to make writing recipes easy and fast. The Search GUI for rule writing shows the matching code in the context of the actual source code file you are working with, so you can see the changes that help refine the search to avoid false-positive identification of issues.
The Fix GUI has a diff view where you can see the results of applying the Quick Fix in the source you are working with.
Sensei supports all JetBrains IDEs that can work with the Java SDK e.g. IntelliJ Ultimate, IntelliJ Community, Android Studio, EduTools.
Sensei tightly integrates with IntelliJ to harness features like real-time code checking, issue markup in source code, configuring through Intentions, Show Context Actions, issues found are shown in the “Problems” tab.
Sensei is currently only available for IntelliJ and is freely available from the JetBrains Marketplace.
Yes. Sensei harnesses the native IntelliJ execution of inspections from the command line.
Use the built-in Analyze features of IntelliJ to configure and run custom profiles and configurations from the command line and incorporate the execution into Continuous Integration.
You can learn more in this blog post, and it includes a video showing the feature in action.
The two recommended options for installing the plugin are using the “Install to IDE” button, and installing from within the IDE.
Yes. The Sensei documentation has both tutorials and reference information.
The Getting Started section should cover installation, a getting started tutorial and links to further information.
The Syntax Reference section explains all the Search and Quick Fix actions and parameters in detail.
Sensei has a default remote cookbook containing security-related recipes which can be turned on using the Sensei Cookbooks tab.
Other collections of recipes can be downloaded from the Public Cookbook repository.
Yes. The Public Cookbook repository contains information about, and links to, every public recipe that we know of. We are continually adding more recipes to this repository.
Yes. We are releasing as much code and as many recipes as we can. You can find these on the Secure Code Warrior Github profile github.com/securecodewarrior.
We have released:
All the sample code and recipes used in our blog posts. This is a maven module project to make it easy to checkout and use.
Sample code and recipes used to illustrate some common Java problems. We used this as the basis for our “Challenge the Sensei” quiz
Our public cookbooks project contains some sample code and documented recipes and cookbooks for use in your own projects.
Sensei will always be free to use in your IDE as an individual developer and sharing Cookbooks and recipes from local project cookbooks and importing from Github will remain free.
We will introduce paid Enterprise features in the future around support, team management, metrics, and remote configuration of projects and recipes for automated deployment to registered teams.
No, all analysis of code is done directly in the IDE. No code leaves your machine. These types of information are never sent out:
Details about any communication Sensei executes can be found on the Connectivity page.
No. Sensei is free to use without registration.
When you install Sensei, we ask you whether or not you want to opt into providing anonymous metrics to us. But it’s off by default, and users can disable it at any time.