The organization role now includes "Takumi User", allowing takumi managers to assign access to takumi features.

Previously, only the manager role could access all takumi features, which caused inconvenience for large organizations managing takumi users.

We've improved the Takumi by GMO blackbox assessment feature to enable smoother security assessments.

Authentication management is now more flexible, and preference customization is better reflected in the assessment process.

Takumi now supports blackbox assessments.

It can detect a wide range of vulnerabilities, from classic issues like XSS to complex business logic flaws in authentication and authorization. While a full assessment takes several hours to 2 days, you can also run targeted assessments on specific features or vulnerability types as needed.

Shisho Cloud bots can now use static API keys for authentication.

Bot authentication previously only supported keyless authentication (OpenID Connect) for GitHub Actions and GitLab CI. This release enables static API key authentication, allowing access from a wider range of platforms.

If you use Jenkins, GitHub Enterprise Server, or other platforms not currently supported by Shisho Cloud's trust condition feature, please use this API key authentication.

The shishoctl project ... command suite has been expanded with comprehensive project management capabilities. The expanded shishoctl project ... commands now support project creation/deletion, member management including roles, scope configuration, and notification channel setup.

Previously, most Shisho Cloud project operations were limited to the web UI only. This expansion enables you to streamline project operations more efficiently through CLI-based automation.

This expansion is available starting from v0.14.0.

We've added add and remove subcommands to the /takumi-scopes slash command available in Slack channels where Takumi is present.

Previously, changing the channel scope required a Slack modal. With this release, you can update the scope without opening a modal. The modal-based experience remains available.

Additionally, the previous limitation that prevented connecting more than 100 GitHub repositories at once has been lifted with this release. However, note that Takumi generally performs better when fewer repositories are connected to a channel and the context is more focused.

Takumi New Feature Release

Until now, it was up to users to prepare prompts for Takumi to execute on. Now, with the Active Takumi Security Review feature, preparing prompts is no longer necessary!

In addition, the execution for the security review is closely monitored by our team for maximum effectiveness.

Takumi New Feature Release

We've released the automated AI triage feature for Dependabot Pull Requests.

No more critical vulnerability alerts getting buried.

Takumi's strength in codebase analysis is combined with security update content to notify you only when urgent action is required.

Flatt Security, a respected developer of security solutions, is excited to announce a significant enhancement to its Shisho Cloud product. The latest update introduces fine-grained permission controls and project-focused scopes for the Shisho Cloud security posture dashboards. This new feature enables organizations to have a more controlled and project-specific approach to managing their cloud security, bridging the gap between security and engineering teams.

We're excited to announce that in addition to the Rego language, TypeScript is now available as a language for defining audit rules on Shisho Cloud. This enables you to create custom audit rules tailored to your organization's policies using a familiar language. Please note that managed audit rules by Flatt Security is currently available only in Rego. However, we are actively working on providing TypeScript versions in the near future.