Sharing Cookbooks within a Team
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Learn how to share Sensei cookbooks and help everyone in your team improve their code quality and productivity.
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoAlan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoAlan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Sharing Cookbooks within a Team
When one person creates a Sensei recipe to improve their code quality or productivity, everyone on the team can benefit when the cookbooks are shared.
Sensei provides a number of mechanisms for sharing cookbooks:
- Store Cookbooks in the Project Under Version Control
- Storing Cookbooks in a shared folder
- Store Cookbooks in Github
- Zipped files over HTTP(s)
By sharing the cookbooks, Sensei helps teams collaborate on knowledge sharing. The collaboration helps improve communication and embed the agreed code quality approaches.
For example, sharing a cookbook:
- helps team members to share useful recipes with each other.
- supports team leads in codifying agreed coding practices, for junior staff, to identify common violations with a quick fix for the agreed version.
- promotes increased Inter-team co-operation e.g. an AppSec team might create recipes to highlight a problem in the code, and the development team could write the quick fix.
The next few sections explain how to implement each of the sharing mechanisms.
Store Cookbooks in the Project Under Version Control
The project .sensei folder is the default option when creating a cookbook file.
- `project://.sensei`
All cookbooks and recipes would be stored in a .sensei folder in your project.
The easiest approach to sharing is to add the project .sensei folder to version control.
Then the .sensei folder can be managed like any other shared code artifact associated with the project. The cookbooks are stored as YAML configuration, making them easy to merge during any commit and review process.
This is the approach taken for the public sensei-blog-examples project.
The .sensei folder contains the cookbook with all the recipes, and they are available to anyone that clones the repository.
Store Cookbooks in Any Folder
Teams can also use cookbooks stored in central locations.
Saving the cookbook to any folder with shared write access permissions will allow the whole team to update the recipes, and import them into any project that they happen to be working on.
The location would be set to the directory path.
Store Recipes in Github
Sensei can also access recipes that are stored in a Github repo. Both private and public repositories are supported.
Github over SSH
SSH Repository access is configured using the following syntax for the Location
git@github.com:SecureCodeWarrior/acookbook.git
For this to work, the repository would contain the contents of a cookbook folder.
It is also possible to configure the branch and the subfolder for the cookbook e.g. in the master branch in the cookbook subfolder
e.g.
- git@github.com:SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
An SSH key needs to be configured for private repositories.
And the key should not have a passphrase.
Github over HTTPS
It is also possible to access public repositories over HTTPS, and the same repo.git|branch|folder syntax is used e.g.
For our blog examples project:
- https://github.com/SecureCodeWarrior/sensei-blog-examples.git|master|.sensei
For our Basic Protection example set, we can ignore the branch and sub-folder because we will get the master branch by default, and the `rules.sensei` file is in the root folder.:
Zipped over HTTP(s)
Sensei can also access cookbooks which are zipped, over HTTP or HTTPS.
e.g. if I had an HTTP server listening locally on port 8000
- http://localhost:8000/rules.sensei.zip
The zip cookbook file should contain the contents of a cookbook folder e.g the rules.sensei file.
Sharing Summary
Sensei supports using multiple cookbooks so that an individual programmer can have recipes that support their own learning and productivity.
More importantly, we know that teams work most effectively when knowledge is shared. Having shared team repositories, e.g. for a specific project, or a specific library, or for a shared set of migration patterns, can help boost team productivity and codify the team's experience.
When a cookbook is shared, multiple teams can use the same cookbook which can also improve inter-team collaboration from different disciplines e.g. AppSec to development.
With four core sharing mechanisms available, Sensei hopefully has at least one approach you can use to increase collaboration on knowledge sharing.
---
You can install Sensei from within IntelliJ using "Preferences \ Plugins" (Mac) or "Settings \ Plugins" (Windows) then just search for "sensei secure code".
All the Sensei blog posts code and recipes are on Github in:
Table of contents
Alan Richardson has more than twenty years of professional IT experience, working as a developer and at every level of the testing hierarchy from Tester through to Head of Testing. Head of Developer Relations at Secure Code Warrior, he works directly with teams, to improve the development of quality secure code. Alan is the author of four books including “Dear Evil Tester”, and “Java For Testers”. Alan has also created online training courses to help people learn Technical Web Testing and Selenium WebDriver with Java. Alan posts his writing and training videos on SeleniumSimplified.com, EvilTester.com, JavaForTesters.com, and CompendiumDev.co.uk.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Resources to get you started
10 Key Predictions: Secure Code Warrior on AI & Secure-by-Design’s Influence in 2025
Organizations are facing tough decisions on AI usage to support long-term productivity, sustainability, and security ROI. It’s become clear to us over the last few years that AI will never fully replace the role of the developer. From AI + developer partnerships to the increasing pressures (and confusion) around Secure-by-Design expectations, let’s take a closer look at what we can expect over the next year.
OWASP Top 10 For LLM Applications: What’s New, Changed, and How to Stay Secure
Stay ahead in securing LLM applications with the latest OWASP Top 10 updates. Discover what's new, what’s changed, and how Secure Code Warrior equips you with up-to-date learning resources to mitigate risks in Generative AI.
Trust Score Reveals the Value of Secure-by-Design Upskilling Initiatives
Our research has shown that secure code training works. Trust Score, using an algorithm drawing on more than 20 million learning data points from work by more than 250,000 learners at over 600 organizations, reveals its effectiveness in driving down vulnerabilities and how to make the initiative even more effective.
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.