Published : Oct 28, 2020
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2020
Assess
Worth exploring with the goal of understanding how it will affect your enterprise.
Sensei from Secure Code Warrior is a Java IDE plugin that makes it easy to create and distribute secure code quality guidelines. At ThoughtWorks we often advocate for "tools over rules," that is, make it easy to do the right thing over applying checklist-like governance rules and procedures, and this tool fits this philosophy. Developers create recipes that can be easily shared with team members. These can be simple or complex and are implemented as queries targeting the Java AST. Examples include warnings for SQL injection, cryptographic weakness and many others. Another feature we like: Since it executes on code changes in the IDE, Sensei provides faster feedback than the more traditional static analysis tools.
