Sharing Cookbooks within a Team
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Learn how to share Sensei cookbooks and help everyone in your team improve their code quality and productivity.
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demo
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demo
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Table of contents
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Secure code training topics & content
Our industry-leading content is always evolving to fit the ever changing software development landscape with your role in mind. Topics covering everything from AI to XQuery Injection, offered for a variety of roles from Architects and Engineers to Product Managers and QA. Get a sneak peek of what our content catalog has to offer by topic and role.
Cyber Resilience Act (CRA) Aligned Learning Pathways
SCW supports Cyber Resilience Act (CRA) readiness with CRA-aligned Quests and conceptual learning collections that help development teams build the Secure by Design, SDLC, and secure coding skills aligned with the CRA’s secure development principles.
%20(1).avif)
Resources to get you started
Observe and Secure the ADLC: A Four-Point Framework for CISOs and Development Teams Using AI
While development teams look to make the most of GenAI’s undeniable benefits, we’d like to propose a four-point foundational framework that will allow security leaders to deploy AI coding tools and agents with a higher, more relevant standard of security best practices. It details exactly what enterprises can do to ensure safe, secure code development right now, and as agentic AI becomes an even bigger factor in the future.
Cyber Resilience Act Explained: What It Means for Secure by Design Software Development
Learn what the EU Cyber Resilience Act (CRA) requires, who it applies to, and how engineering teams can prepare with secure by design practices, vulnerability prevention, and developer capability building.