We've released a feature that automatically assigns organization-level roles when inviting new users via Shisho Cloud projects.
This feature enables administrators to flexibly configure permissions so that project members can access certain organization-level features (such as viewing/modifying integration settings, browsing user lists, etc.).
We've released a feature that periodically sends security status reports for Shisho Cloud projects as notifications.
With this release, you can receive Security Status Reports by Resource Kind within your projects via Slack or email. This makes it easier to continuously monitor security status and share information with stakeholders.
The organization role now includes "Takumi User", allowing takumi managers to assign access to takumi features.
Previously, only the manager role could access all takumi features, which caused inconvenience for large organizations managing takumi users.
We've improved the Takumi by GMO blackbox assessment feature to enable smoother security assessments.
Authentication management is now more flexible, and preference customization is better reflected in the assessment process.
Takumi now supports blackbox assessments.
It can detect a wide range of vulnerabilities, from classic issues like XSS to complex business logic flaws in authentication and authorization. While a full assessment takes several hours to 2 days, you can also run targeted assessments on specific features or vulnerability types as needed.
Shisho Cloud bots can now use static API keys for authentication.
Bot authentication previously only supported keyless authentication (OpenID Connect) for GitHub Actions and GitLab CI. This release enables static API key authentication, allowing access from a wider range of platforms.
If you use Jenkins, GitHub Enterprise Server, or other platforms not currently supported by Shisho Cloud's trust condition feature, please use this API key authentication.
The shishoctl project ... command suite has been expanded with comprehensive project management capabilities.
The expanded shishoctl project ... commands now support project creation/deletion, member management including roles, scope configuration, and notification channel setup.
Previously, most Shisho Cloud project operations were limited to the web UI only. This expansion enables you to streamline project operations more efficiently through CLI-based automation.
This expansion is available starting from v0.14.0.
We've added add and remove subcommands to the /takumi-scopes slash command available in Slack channels where Takumi is present.
Previously, changing the channel scope required a Slack modal. With this release, you can update the scope without opening a modal. The modal-based experience remains available.
Additionally, the previous limitation that prevented connecting more than 100 GitHub repositories at once has been lifted with this release. However, note that Takumi generally performs better when fewer repositories are connected to a channel and the context is more focused.
Takumi New Feature Release
Until now, it was up to users to prepare prompts for Takumi to execute on. Now, with the Active Takumi Security Review feature, preparing prompts is no longer necessary!
In addition, the execution for the security review is closely monitored by our team for maximum effectiveness.
Takumi New Feature Release
We've released the automated AI triage feature for Dependabot Pull Requests.
No more critical vulnerability alerts getting buried.
Takumi's strength in codebase analysis is combined with security update content to notify you only when urgent action is required.
