Skip to main content

Takumi Guard: Organization Breach Notifications

· 2 min read
Cheng-Jui Chen
Cheng-Jui Chen
Software Engineer @ GMO Flatt Security Inc.

Takumi Guard now supports organization-level breach notifications. When a package you previously downloaded through Guard is later flagged as malicious, notifications can now be delivered to a webhook endpoint and an email address that your organization chooses.

Overview

With this release, organizations can configure:

  • A webhook endpoint, chosen from the organization's existing outgoing webhooks.
  • An email address, chosen from the organization's email allowlist (must be confirmed).

Either destination, or both, can be enabled. The same breach payload is sent to each configured destination, so teams can plug Guard into their incident response flow — forwarding to Slack / PagerDuty via webhook, paging a shared inbox by email, or both.

Getting Started

Navigate to Guard > Settings in the Takumi / Shisho Cloud console and open the Breach Notifications section.

  • Pick a webhook from the dropdown. If the list is empty, register one in the webhook settings page first.
  • Pick a confirmed email address from the dropdown. If the list is empty, add and confirm one in the email allowlist first.
  • Save. Settings take effect immediately for downloads going forward.

See the breach notifications user guide for the full description of when notifications are sent and how they are delivered.

info

This feature requires an active Takumi subscription with Guard enabled, plus the Takumi Manager or Owner role to access the settings page.

Notes

  • Only downloads made after the destinations are saved are affected. Historical downloads are not re-notified when the configured destinations change.
  • Per-token email notifications for email-verified tokens continue to work as before — no configuration needed.