Blog

Sharing Cookbooks within a Team

Alan Richardson
Published Nov 23, 2020

Sharing Cookbooks within a Team

When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.

Sensei provides a number of mechanisms for sharing cookbooks:

  • Store Cookbooks in the Project Under Version Control
  • Storing Cookbooks in a shared folder
  • Store Cookbooks in Github
  • Zipped files over HTTP(s)

By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.

For example, sharing a cookbook:

  • helps team members to share useful recipes with each other.
  • supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version. 
  • promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.

The next few sections explain how to implement each of the sharing mechanisms.

Store Cookbooks in the Project Under Version Control

The project .sensei folder is the default option when creating a cookbook file.

  • `project://.sensei`

All cookbooks and recipes would be stored in a .sensei folder in your project.

The easiest approach to sharing is to add the project .sensei folder to version control.

Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.

This is the approach taken for the public sensei-blog-examples project.

The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.

Store Cookbooks in Any Folder

Teams can also use cookbooks stored in central locations.

Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.

The location would be set to the directory path.

Store Recipes in Github

Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.

Github over SSH

SSH Repository access is configured using the following syntax for the Location

git@github.com:SecureCodeWarrior/acookbook.git

For this to work, the repository would contain the contents of a cookbook folder.

It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder

e.g.

  • git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

An SSH key needs to be configured for private repositories.

And the key should not have a passphrase.

Github over HTTPS

It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.

For our blog examples project:

  • https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:



Zipped over HTTP(s)

Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.

e.g. if I had an HTTP server listening locally on port 8000

  • http://localhost:8000/rules.sensei.zip

The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.

Sharing Summary

Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.

More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.

When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.

With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.


---

You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows)  then just search for "sensei secure code".

All the Sensei blog posts code and recipes are on Github in:


View Resource
View Resource

Learn how to share Sensei cookbooks and help everyone in your team improve their code quality and productivity.

Interested in more?

Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Alan Richardson
Published Nov 23, 2020

Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.

Share on:

Sharing Cookbooks within a Team

When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.

Sensei provides a number of mechanisms for sharing cookbooks:

  • Store Cookbooks in the Project Under Version Control
  • Storing Cookbooks in a shared folder
  • Store Cookbooks in Github
  • Zipped files over HTTP(s)

By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.

For example, sharing a cookbook:

  • helps team members to share useful recipes with each other.
  • supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version. 
  • promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.

The next few sections explain how to implement each of the sharing mechanisms.

Store Cookbooks in the Project Under Version Control

The project .sensei folder is the default option when creating a cookbook file.

  • `project://.sensei`

All cookbooks and recipes would be stored in a .sensei folder in your project.

The easiest approach to sharing is to add the project .sensei folder to version control.

Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.

This is the approach taken for the public sensei-blog-examples project.

The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.

Store Cookbooks in Any Folder

Teams can also use cookbooks stored in central locations.

Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.

The location would be set to the directory path.

Store Recipes in Github

Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.

Github over SSH

SSH Repository access is configured using the following syntax for the Location

git@github.com:SecureCodeWarrior/acookbook.git

For this to work, the repository would contain the contents of a cookbook folder.

It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder

e.g.

  • git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

An SSH key needs to be configured for private repositories.

And the key should not have a passphrase.

Github over HTTPS

It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.

For our blog examples project:

  • https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:



Zipped over HTTP(s)

Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.

e.g. if I had an HTTP server listening locally on port 8000

  • http://localhost:8000/rules.sensei.zip

The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.

Sharing Summary

Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.

More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.

When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.

With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.


---

You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows)  then just search for "sensei secure code".

All the Sensei blog posts code and recipes are on Github in:


View Resource
View Resource

Fill out the form below to download the report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Submit
To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.

Sharing Cookbooks within a Team

When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.

Sensei provides a number of mechanisms for sharing cookbooks:

  • Store Cookbooks in the Project Under Version Control
  • Storing Cookbooks in a shared folder
  • Store Cookbooks in Github
  • Zipped files over HTTP(s)

By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.

For example, sharing a cookbook:

  • helps team members to share useful recipes with each other.
  • supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version. 
  • promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.

The next few sections explain how to implement each of the sharing mechanisms.

Store Cookbooks in the Project Under Version Control

The project .sensei folder is the default option when creating a cookbook file.

  • `project://.sensei`

All cookbooks and recipes would be stored in a .sensei folder in your project.

The easiest approach to sharing is to add the project .sensei folder to version control.

Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.

This is the approach taken for the public sensei-blog-examples project.

The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.

Store Cookbooks in Any Folder

Teams can also use cookbooks stored in central locations.

Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.

The location would be set to the directory path.

Store Recipes in Github

Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.

Github over SSH

SSH Repository access is configured using the following syntax for the Location

git@github.com:SecureCodeWarrior/acookbook.git

For this to work, the repository would contain the contents of a cookbook folder.

It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder

e.g.

  • git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

An SSH key needs to be configured for private repositories.

And the key should not have a passphrase.

Github over HTTPS

It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.

For our blog examples project:

  • https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:



Zipped over HTTP(s)

Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.

e.g. if I had an HTTP server listening locally on port 8000

  • http://localhost:8000/rules.sensei.zip

The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.

Sharing Summary

Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.

More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.

When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.

With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.


---

You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows)  then just search for "sensei secure code".

All the Sensei blog posts code and recipes are on Github in:


Access resource

Click on the link below and download the PDF of this resource.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

View reportBook a demo
Share on:
Interested in more?

Share on:
Author
Alan Richardson
Published Nov 23, 2020

Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.

Share on:

Sharing Cookbooks within a Team

When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.

Sensei provides a number of mechanisms for sharing cookbooks:

  • Store Cookbooks in the Project Under Version Control
  • Storing Cookbooks in a shared folder
  • Store Cookbooks in Github
  • Zipped files over HTTP(s)

By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.

For example, sharing a cookbook:

  • helps team members to share useful recipes with each other.
  • supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version. 
  • promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.

The next few sections explain how to implement each of the sharing mechanisms.

Store Cookbooks in the Project Under Version Control

The project .sensei folder is the default option when creating a cookbook file.

  • `project://.sensei`

All cookbooks and recipes would be stored in a .sensei folder in your project.

The easiest approach to sharing is to add the project .sensei folder to version control.

Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.

This is the approach taken for the public sensei-blog-examples project.

The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.

Store Cookbooks in Any Folder

Teams can also use cookbooks stored in central locations.

Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.

The location would be set to the directory path.

Store Recipes in Github

Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.

Github over SSH

SSH Repository access is configured using the following syntax for the Location

git@github.com:SecureCodeWarrior/acookbook.git

For this to work, the repository would contain the contents of a cookbook folder.

It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder

e.g.

  • git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

An SSH key needs to be configured for private repositories.

And the key should not have a passphrase.

Github over HTTPS

It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.

For our blog examples project:

  • https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei

For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:



Zipped over HTTP(s)

Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.

e.g. if I had an HTTP server listening locally on port 8000

  • http://localhost:8000/rules.sensei.zip

The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.

Sharing Summary

Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.

More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.

When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.

With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.


---

You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows)  then just search for "sensei secure code".

All the Sensei blog posts code and recipes are on Github in:


Table of contents

View Resource
Interested in more?

Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demoDownload
Share on:
Resource hub

Resources to get you started

More posts
Resource hub

Resources to get you started

More posts