Decouple and centrally manage the authorization logic across all applications and services to reduce repetition, gain visibility and push access changes instantly across the fleet.
Test and deploy fine-grained access control policies with confidence using CI/CD/GitOps workflow.
Low-code, human-readable configuration that provides wider organizational visibility and enables collaboration for enforcing security policies and auditing compliance requirements.
Go beyond basic role-based-access-control with context-aware role definitions and attributes.
Cerbos policies are flexible enough to model a wide range of domains including multi-tenant SaaS systems, feature flags, product packaging and more.
Cerbos is stateless and self-hosted. Run on any public/private cloud, serverless platform or even your own datacenter. Everything stays within your perimeter and 100% within your control.
Cerbos exposes a simple, language-agnostic API that can be used from any part of your stack from legacy apps and monoliths to microservices.
Audit access controls with real-time change logs and meet ISO27001 and SOC2 requirements. Integrate with security information and event management providers to help avoid advanced persistent threats to security.
"It's a good feeling being able to say yes to almost any permissioning requirement." "Cerbos is small, contained and easy to implement. It 100% delivers on the promise of abstracting away the complexity of decision making."
"Just discovered your embedded testing framework. This is probably the best balance between hyperfocused functionality and embedded tooling I've ever seen in an open source project. Damn, good work!"
"This is definitely one of the wheels I do not want to reinvent anymore."
Use any identity provider to authenticate your users. Use Cerbos to enforce access controls.
I am tired of the toil and risk of managing access controls. I need off-the-shelf controls that I don't have to build myself. How do I take advantage of modern stacks, serverless architectures and a stateless approach? How do I manage authorization at scale for SaaS multi-tenant environments?
How do I support complex requirements for enterprise clients, each one having different organizational structures and access control needs? It also takes far too long to add, retire and tier new features especially as we keep changing our product packaging.
I want our team to focus on core application development. Who tried to or performed what action? How do I check the access logs? I need to use attribute-based access controls, ABAC, for a zero-trust approach while taking the approval burden off of the IT department.
Cerbos is a self-hosted, open source authorization layer that separates your authorization logic from your core application code.
With Cerbos, authorization logic is changed through configuration, not code, making the process faster and accessible to a wider range of stakeholders.
Cerbos is very opinionated, reducing the risks that an engineer's error will cause a security incident. And there's no downtime risk, because you're not changing anything in the application's core code. Cerbos also allows you to manage your policies according to Gitops principles.
With Cerbos, business leaders can see how permissions are structured and make changes to the authorization logic without talking to a developer. There's no risk they'll crash the application, because the authorization layer is decoupled — and they're configuring, not coding.
We built Cerbos based on our experience at Google, Microsoft, Elastic, Qubit and CGI, because we have experienced first hand the problems with creating, maintaining and scaling permissions management.
Please subscribe below to get notified about
all the new features and updates from Cerbos.