We've made some improvements to the Takumi Blackbox Assessment engine.

Takumi New Feature Release

Dependabot AI Triage is now available on the web console.

View and manage all your Dependabot triage results directly from your browser - no Slack required.

Takumi Blackbox Assessment now supports per-target ownership verification.

Users can now verify ownership of individual target applications and use features involving dynamic network connections against them, without requiring organization-level authentication.

We've released a feature that automatically assigns organization-level roles when inviting new users via Shisho Cloud projects.

This feature enables administrators to flexibly configure permissions so that project members can access certain organization-level features (such as viewing/modifying integration settings, browsing user lists, etc.).

We've released a feature that periodically sends security status reports for Shisho Cloud projects as notifications.　

With this release, you can receive Security Status Reports by Resource Kind within your projects via Slack or email. This makes it easier to continuously monitor security status and share information with stakeholders.

The organization role now includes "Takumi User", allowing takumi managers to assign access to takumi features.

Previously, only the manager role could access all takumi features, which caused inconvenience for large organizations managing takumi users.

We've improved the Takumi by GMO blackbox assessment feature to enable smoother security assessments.

Authentication management is now more flexible, and preference customization is better reflected in the assessment process.

Takumi now supports blackbox assessments.

It can detect a wide range of vulnerabilities, from classic issues like XSS to complex business logic flaws in authentication and authorization. While a full assessment takes several hours to 2 days, you can also run targeted assessments on specific features or vulnerability types as needed.

Shisho Cloud bots can now use static API keys for authentication.

Bot authentication previously only supported keyless authentication (OpenID Connect) for GitHub Actions and GitLab CI. This release enables static API key authentication, allowing access from a wider range of platforms.

If you use Jenkins, GitHub Enterprise Server, or other platforms not currently supported by Shisho Cloud's trust condition feature, please use this API key authentication.

The shishoctl project ... command suite has been expanded with comprehensive project management capabilities. The expanded shishoctl project ... commands now support project creation/deletion, member management including roles, scope configuration, and notification channel setup.

Previously, most Shisho Cloud project operations were limited to the web UI only. This expansion enables you to streamline project operations more efficiently through CLI-based automation.

This expansion is available starting from v0.14.0.