Takumi Pentesting

info

The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.

Takumi Pentesting is the core capability of Takumi byGMO. It autonomously performs application security assessments and proposes fixes for the issues it discovers.

Key capabilities:

• Whitebox Assessment — Source-code-aware assessment that understands repository structure, business logic, and specifications.
• Blackbox Assessment — URL-based assessment that crawls the target and tests for vulnerabilities without source-code access.
• Periodic Assessment — Recurring assessments scheduled against a repository's default branch.
• Auto-Triage — Automatic triaging of Dependabot PRs to surface only those that actually need attention.
• Autofix — Generates fix PRs for findings discovered during assessments.

If you are new here, start with Quickstart. Each sub-section covers:

• Features: The full feature list
• Pricing & Billing: How credits are consumed and billed
• Architecture: How whitebox and blackbox assessments are implemented
• References: Severity definitions and source IP addresses