Introducing updates to Cerbos PDP

Permission management across applications is difficult, especially as the code base grows: you have hundreds of users, many services in different languages, and several environments. Hardcoded access control rules tangled with business logic make every new role and permission change a hassle to write, test, and maintain.

The access rules need to stay consistent across the entire code base to avoid security loopholes and vulnerabilities. Cerbos PDP is an open source solution to solve exactly that.

Cerbos PDP, a policy decision point, is an authorization layer that can evolve as your product grows. It enables developers to define powerful, context-aware access control in simple, intuitive, and testable policies. Here’s a video explaining how it works.

Key capabilities & updates

• Infinitely scalable RBAC and ABAC. Users can author role-based or attributed-based access control policies. As well as define an unlimited number of roles, user permissions, and access control policies without affecting performance.
• Decoupled authorization decision point that extracts complex access control logic into centrally managed and versioned policies. Cerbos also provides a framework to comprehensively test and deploy policies. It reduces code complexity, bugs, security vulnerabilities, and multiple if/then/else conditions.
• A plug-and-play & language-agnostic solution that works with any authentication/identity provider (Okta/Auth0, Active Directory, Entra ID, etc.) and seamlessly integrates into your existing infrastructure. Comes with SDKs for all popular languages, and example implementations in modern frameworks.
• Authorize anywhere. Cerbos’ stateless design enables it to be run anywhere in your own infrastructure: in the cloud, across clouds, on-premise, at the edge, or directly on end user devices. Cerbos is optimized for sub-millisecond evaluation without having to synchronize data.
• Centralized audit logs of all authorization requests help compliance with ISO27001, SOC2, and HIPAA requirements through real-time change logs for auditing access controls.

Some of the newly added features

• Support for policy versioning and scoping enabling per-tenant, per application policy design and iteration fitting into existing software development workflows.
• Policy inspection via cerbosctl inspect command and API endpoint provides programmatic access to an outline of policies, to drive UI and policy manipulation as well as supporting debugging.
• Detailed error reporting with concise policy test outputs and clear error descriptions along with contextual information, to help debug access policies issues faster.
• Artifact signing and SBOM generation. All Cerbos release artifacts, binaries and containers, are now signed using Sigstore, making them verifiable for end-to-end software supply chain security.
• Local PDPs connected to Cerbos Hub Playgrounds enable developers to author policies and in real time see their impact in the application they are developing.

Have a look at our release notes for more details.

Getting started with Cerbos PDP

If you’d like to get started with the open source Cerbos PDP, visit the quickstart page of our documentation.

And feel free to contribute to our code and ecosystem of integrations.

PS. We’re also excited to share that this week we surpassed 3333 stars on Github!