Connectivity

There are a few instances where Sensei will try to communicate with other services to work properly. This document will describe each of these scenarios and also explain when these occur.

Overview

action

authentication

startup

periodically

on hub request

  1. Create auth link

yes

  1. License check

yes

yes

  1. Cookbook locations

yes

yes

  1. Download cookbooks

yes

yes

yes

  1. Update check

yes

yes

  1. Metrics reported to SCW platform

yes

yes

  1. Local plugin API

yes

  • authentication: during the authentication process (this may include signing out)

  • startup: happens every time the IDE starts

  • periodically: happens periodically while the IDE is running (but only when Sensei is in use)

  • on hub request: happens when the Sensei Hub request info the the local IntelliJ installation

Details

License check

Sensei will try to fetch and renew its license by calling an endpoint and passing the Sensei user token and a machine identifier. This happens on boot and at the end of the optional authentication process or when signing out if previously authenticated.

The endpoint is ${API}/license?token=${usertoken}&identifier=${machine-identifier}.

In case of a non-authenticated user (anonymous), the token part is omitted.

Cookbook locations

The location of the cookbooks that need to be loaded can be configured remotely. To fetch the latest configuration, Sensei will call the endpoint ${API}/location.txt?token=${usertoken}. This will occur at startup, when signing in or out, and every 24 hours the IDE has been running.

See also

See How to distribute recipes for more information.

Download cookbooks

Configured cookbooks that have a remote location (such as a HTTP(S) or remote git URL) will be loaded by Sensei. Sensei will connect to the given location and download the contents to the disk.

This action will be run at startup, when an user manipulates a cookbook or the cookbook configuration and every 2 hours otherwise.

Update check

Sensei will check if there is a new version available and will prompt to update if there is. Sensei executes the IDE's logic to perform the update check. This will connect to the JetBrains marketplace where Sensei can be downloaded from.

This action will run every 90 minutes (or every 30 minutes in the case of alpha builds).

Metrics reported to SCW platform

Some events about the usage of Sensei and recipes are collected and may be pushed to the Secure Code Warrior platform.

These events are sent to the endpoint: ${API}/track?token=${usertoken}&identifier=${machine-identifer}

In case of a non-authenticated user (anonymous), the token part is omitted.

This action will run every 8 minutes after a 3 minute initial delay.

Opt-in metrics

Opt-in metrics are only sent when both:

  • The flag Sensei Insights ‣ disable data collection has been switched off inside the company preferences section inside the SCW platform. This condition does not apply for non-authenticated (anonymous) Sensei users that do not use an account.

  • the data collection checkbox in the plugin is checked. This checkbox is toggled off by default and is presented when the quick start guide is shown after installing the plugin. This can be toggled at any point in the menu by going to Preferences | Tools | Sensei by Secure Code Warrior ®

Metrics that are only sent when consent is given:

Bootstrap event

This is measured whenever the Sensei plugin has been loaded (= at IDE startup)

Collected data:

  • timestamp

Coding event

This is measured whenever a recipe is triggered, when a triggered recipe is not triggered anymore, and when a Quick Fix has been invoked.

Collected data:

  • timestamp

  • type of event (indicates if it is a new trigger, or deleted trigger, or fix event, and whether the triggered piece of code is considered new or legacy)

  • rule id (this is a UUID)

  • rule error level

  • Code guideline slug

  • is vcs used (whether the IDE's VCS service was used to determine if the event applies to new or legacy code)

Cookbook event

This is measured whenever a cookbook is added/deleted/saved. 'Saved' events occur when pressing the Save button in a recipe editor that was opened from the cookbook manager.

Collected data:

  • timestamp

  • cookbook id

  • action (create or save or delete)

Description event

This is measured whenever the description of a triggered recipe is opened. This happens when a user hovers over a triggered recipe marking and triggers the IDE action that is in the tooltip which will show a more detailed description (in old IntelliJ versions: clicking the more... link in the tooltip, new IntelliJ versions: choosing the description action from the menu within the tooltip).

Collected data:

Generator event

This is measured whenever a code snippet is inserted by using a Sensei generator.

Collected data:

  • timestamp

Note

Sensei generators are deprecated and will be removed in a future update.

Recipe event

This is measured whenever a recipe is created/deleted in the recipe editor, even if the changes are not being saved.

Collected data:

  • timestamp

  • rule id (this is an auto-generated UUID)

  • action (create or delete)

Training event

This is measured when the Take the training provided by Secure Code Warrior Quick Fix option is invoked. This Quick Fix option is appended to the list of possible Quick Fixes when either:

  • the CWE Category field of the recipe's general settings is filled in, or

  • the Category fields of the recipe's general settings are filled in.

Collected data:

  • timestamp

Always enabled metrics

Always enabled metrics are sent regardless of settings and cannot be disabled.

Metrics that are sent regardless of consent:

License check event

This is measured whenever a license check is performed.

Collected data:

  • timestamp

  • whether the company-level metric collection is enabled

  • whether user consent has been given to collect opt-in metrics

Code guideline slug

Some events can include the 'coding guideline slug' of the recipe that is related to the event. This is the value of the Coding policy field that can be configured in the general settings of a recipe.

Note that this specific field will not be included in the event data unless it has been enabled in the company settings inside the SCW platform. Currently this setting cannot be enabled in the SCW platform and is always disabled.

Local plugin API

Sensei adds an endpoint to IntelliJ's builtin local http server. The endpoint only allows requests coming from the securecodewarrior.com domain.

This API receives a request from the Sensei Hub to improve the experience while using the Hub by only showing what is available for the current Sensei version installed and determine what capabilities are available.

This API is also used to launch the "add cookbook" dialog when choosing to install a cookbook by using the Sensei Hub.

Current data send from plugin to hub on request:

Info API
  • IntelliJ version

  • Sensei version

AddCookbook API

Launches "add cookbook" dialog, does not send any info back to the Hub.