In the web version of Takumi, you can now select GitHub repositories through Takumi Workplace.
Additionally, with this change, existing scope definitions have been migrated to the Takumi Workplace default.
We have updated the permissions for the Write GitHub Apps.
Repository permissions for Contents has been changed from Read-only to Read and write.
We've made some improvements to the Takumi Blackbox Assessment engine.
Takumi New Feature Release
Dependabot AI Triage is now available on the web console.
View and manage all your Dependabot triage results directly from your browser - no Slack required.
Takumi Blackbox Assessment now supports per-target ownership verification.
Users can now verify ownership of individual target applications and use features involving dynamic network connections against them, without requiring organization-level authentication.
We've released a feature that automatically assigns organization-level roles when inviting new users via Shisho Cloud projects.
This feature enables administrators to flexibly configure permissions so that project members can access certain organization-level features (such as viewing/modifying integration settings, browsing user lists, etc.).
We've released a feature that periodically sends security status reports for Shisho Cloud projects as notifications.
With this release, you can receive Security Status Reports by Resource Kind within your projects via Slack or email. This makes it easier to continuously monitor security status and share information with stakeholders.
The organization role now includes "Takumi User", allowing takumi managers to assign access to takumi features.
Previously, only the manager role could access all takumi features, which caused inconvenience for large organizations managing takumi users.
We've improved the Takumi by GMO blackbox assessment feature to enable smoother security assessments.
Authentication management is now more flexible, and preference customization is better reflected in the assessment process.
Takumi now supports blackbox assessments.
It can detect a wide range of vulnerabilities, from classic issues like XSS to complex business logic flaws in authentication and authorization. While a full assessment takes several hours to 2 days, you can also run targeted assessments on specific features or vulnerability types as needed.
