Integrate GitHub
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
When you connect Takumi to your GitHub organization, Takumi can also assess private repositories.
Integration Steps
Please set up GitHub integration by referring to the "Configure External Integrations > GitHub" guide.
Note that Takumi has a "scope setting" for each Slack channel that determines "which repositories can be accessed." Therefore, completing the GitHub integration alone does not allow Takumi to access repositories.
If you use Takumi via Slack, after completing the GitHub integration, please configure the scope settings by referring to "Using Takumi Slack Commands".
A GitHub App can only be linked to one Shisho Cloud organization. This restriction is intentional: allowing multiple organizations to share the same GitHub App installation would make it possible to create shadow organizations that can access your repositories without your knowledge. We recommend operating with one Shisho Cloud organization per company.
Source IP Addresses
Takumi uses the following source IP addresses when it accesses your repositories, such as during whitebox assessments. If your GitHub organization restricts access with an IP allow list, allow access from the following IP addresses.
34.97.228.101
13.113.43.245
18.178.91.176
54.150.4.178
54.168.46.6
54.248.85.10
143.189.213.53
These source IP addresses may change without prior notice. We appreciate your understanding.
Important Notes
Fixing Source IP Addresses (Beta)
Fixing the source IP addresses used for GitHub access is currently offered as a beta feature.
Because it is a beta feature, we do not guarantee that all access Takumi makes to GitHub originates from these fixed source IP addresses. Please take this into account when you configure an IP allow list for your GitHub organization.
In addition, source IP address fixing applies to a limited scope, and we may be unable to provide details on which features are supported. We appreciate your understanding.