A look back at 2024

Dear Cerbos Community,

Happy Holidays! Our 2024 was full of interesting challenges, growth, and exciting milestones. Please join us in recapping some of our highlights from the year.

In January, we started off the year by earning our SOC2 Type II compliance certificate, now proudly displayed in our footer, and appointing Alex Olivier to the role of Chief Product Officer.

In February we released v0.33 of Cerbos PDP, which brought improvements to user-defined output in policy evaluation and the addition of store-specific metadata to audit log entries. Shortly after came v0.34, which added improvements to diagnostic and error messages. Both of these updates came about due to contributions from our open-source community, to whom we are eternally grateful.

In March we were on the road, visiting Amsterdam for DevWorld and Paris for KubeCon EU, where Alex met with Milo Oudenaller to record an episode of the Amazic podcast about WASM in authorization. We met hundreds of developers who were interested in or working on authorization, and we were happy to offer some advice.

Cerbos PDP v0.35.1 was released in April. Along with improvements to the Admin API and observability features, that release also included a guide on how to deploy Cerbos with Fly.io. And Microsoft released the first of a three-part blog series on how to use Entra ID with Cerbos for authentication and authorization.

In May, after weeks of collaboration with the OpenID Foundation AuthZen Working Group, Cerbos celebrated the establishment and conformance with the first official request/response protocol for interoperability in authorization. Cerbos is a committed contributor to the working group and we look forward to developing and improving industry interoperability standards. Cerbos PDP v0.36.0 introduced asynchronous audit logging.

After closing out May at Identiverse in Las Vegas, we went straight to Berlin for the European Cloud Identify Conference. Alex gave a talk at EIC on uncomplicating authorization that was enthusiastically received by the audience. Attending these two conferences and others throughout the year, it’s become clear that the trend of externalized authorization is catching on. Driven in part by Zero Trust principles, experts in software architecture increasingly promote authorization as an essential challenge to tackle and recommend externalized solutions.

In July, Cerbos Hub was released into General Availability, after a successful Beta phase. On the heels of the release came several improvements to the Hub user experience and functionality, including selective policy compilation for embedded PDPs, and built-in Playground templates to help users get a headstart on policy building. Cerbos PDP 0.37.0 was released, and we introduced a Dagger module for authorization orchestration and testing.

Cerbos PDP v0.38.1 added support for SBOM and improvements to error messages, and policy variables in the month of August.

Unified audit logs, with collated data from PDPs distributed throughout an application, were released in beta to Cerbos Hub in September. And we held our annual company offsite in Rome. Our team is all remote, so our week together was a welcome occasion to spend time in person and indulge in some deep strategic brainstorming.

In October, we added features to the Cerbos Hub Playground to make writing and testing authorization policies easier and more streamlined. The RBAC policy wizard lets users generate a new playground pre-populated with RBAC policy logic written in YAML, without having to actually write any YAML. And by connecting a PDP directly to the Playground, users can test policies without having to download and upload files to another location.

November brought the release of Cerbos on AWS Marketplace. And we introduced a use case for permission-aware data filtering in RAG architectures to place guardrails around LLMs. Watch Alex’s demo and hear him explain it on our YouTube channel.

In December we released v0.40 of Cerbos PDP, which introduced support for policy versioning and scoping, artifact signing via Sigstore, and more. And we just published a new ebook, Building a scalable authorization system: A step-by-step blueprint.

Over the course of 2024, our team members attended over 20 conferences, our founders appeared as guests on 15 podcasts, our open-source PDP reached over 3400 stars on GitHub, and our Slack community grew to over 500 members.

Thank you for being part of our community this year. A year of hard work can never be adequately represented by a blog post and some selective highlights. As we celebrate our wins we also remember the time and effort invested in between the milestones that make every success possible. We hope you look back on 2024 with pride, and contentment for what you’ve accomplished, as we do.

Sincerely,

The Cerbos Team

(Emre, Charith, Alex, Aram, Sam, Tristan, Hasan, Oguzhan, Heidi, Anna, Daniel, Haines, Dennis, Lisa)