but I don't let IDE rule me and tell me what to do.
Sorry, but I do not understand that.
The IDE does not tell me, what to do. You can configure it. You the IDE is not telling me what to do but it tells me, when I did something wrong. That is simple QA! When you produce something, then you will have some QA that checks the result. So I configure the IDE so that it helps me to do, what I want to do. But that simply requires that you really think about how everything should be. It does not matter, what you create / produce: You should also think about what you are building and what quality you want to build. It is ok to ignore that when you just play around but as soon as you want to build some kind of product, then this is really required.
And the IDE is the tool that is only doing some really easy stuff because it is not capable to do a lot (it can change with plugins. I testes some quite nice pugins in the past but it wasn't worth the money because I was to lazy to work on the configuration and the additional value wasn't there because of the tools I already have in place in my workflows). Most important are:
- all the Tests (As software developer, that are more likely Unit Tests)
- lots of tools that are doing checks: Static Code analysis like PMD, Spotbugs but also AI based stuff like snyk that find much more.
But that are just tools. OWASP (just to name an example) is something that is really important for all software engineers in my eyes. And the most important part is of course the developer that needs to understand:
- why is this important
- what should he do. (If some developer must be forced to follow best practices then this developer is not a professional developer. Sorry, but such a person would be fired from all project teams that I know of! So this is really something that the developer should want. And then the tools are just helping him. It is not a tool that "tells him what he has to do")
But that is just my view.
I do not want to convience you. You have your optinion and you are quite happy with it and that is great. This is mostly for others that read this thread to get a different view, too. (I don't want to say, that this view is better or correct. But I can say that multiple companies have exactly this view! So "Secure Software Engineering" is a mandatory training session once per month for all developers in our department - I am working in a department that is a pure software engineering department so it is simply mandatory for all employees except the few people who onlay have management stuff to do!)