Takumi Guard now supports RubyGems alongside npm and PyPI.
Ruby projects using Bundler can now route installs through Takumi Guard to block known-malicious packages before they reach your CI or development environment.
Vulnerability Verification now supports vulnerabilities beyond Takumi assessment results. You can verify findings from bug bounties, third-party audits, and other sources directly in Takumi.
Takumi Guard now supports organization-level breach notifications. When a package you previously downloaded through Guard is later flagged as malicious, notifications can now be delivered to a webhook endpoint and an email address that your organization chooses.
You can now issue organization user tokens (tg_org_) directly from the Takumi Guard tokens page in the Shisho Cloud console. In addition to the existing Guard API flow, you can now issue new tokens in just a few clicks.
Assessment reports from whitebox and blackbox assessments can now be exported as PDF.
We've added Vulnerability Verification to Takumi blackbox assessments. This feature lets you verify whether a vulnerability detected in a past assessment has actually been fixed.
Takumi Guard now provides deployment scripts for organization-wide setup. Administrators can roll out Guard to all developer machines using their existing management tools — no developer interaction required.
Takumi Guard now provides searchable package installation logs for your organization. Track every npm and PyPI package download that passes through the Guard registry proxy.
Takumi Guard now handles requests from Yarn clients differently to ensure package blocking works reliably regardless of Yarn version. Yarn v1 users will see Takumi Guard's registry URL in their yarn.lock files.
For blackbox assessments in "Scoped Assessment" mode, you can now manually edit the crawl results after crawling completes. This lets you supplement features and endpoints that were not detected, or remove unnecessary ones, for more precise assessments.