Oct 2020

Sensei from Secure Code Warrior is a Java IDE plugin that makes it easy to create and distribute secure code quality guidelines. At ThoughtWorks we often advocate for "tools over rules," that is, make it easy to do the right thing over applying checklist-like governance rules and procedures, and this tool fits this philosophy. Developers create recipes that can be easily shared with team members. These can be simple or complex and are implemented as queries targeting the Java AST. Examples include warnings for SQL injection, cryptographic weakness and many others. Another feature we like: Since it executes on code changes in the IDE, Sensei provides faster feedback than the more traditional static analysis tools.