Home

Getting Started

down

Docs & Resources

down
Easy setup of policy testing and distribution with Cerbos CloudSign up to our beta

Platform

Cerbos helps users separate their authorization process from their core application code, making their authorization system more scalable, more secure and easier to change as the application evolves.

  • Implement access policies for your software
  • Fine-grained access control that grows with your business
  • An order of magnitude faster than Open Policy Agent based alternatives
image

What is Cerbos?

It's an access control decision engine for your software that is:

  • Driven by simple API which makes every decision feel like a database call
  • Policy-driven and attribute based for maximum flexibility and scale
  • Decoupled, stateless and runs inside your stack
image

Why Cerbos?

  • World class, open-source, off-the-shelf authorization layer, up and running in minutes, that can prevent over-provisioning of application and data privileges
  • Collaborate easily with product management and security teams. Evolve authorization policies without having to make changes to the core application code
  • Keep track of every access decision request, result and the reason for the decision for your audit process
image

Where and how does Cerbos run?

  • Self-hosted: Cerbos lives in your environment where-ever it is, cloud or on-premise: VM, Kubernetes, or serverless
  • Infinite scalability via serverless functions or a sidecar deployment model
  • GitOps enabled policy development and deployment via a full testing suite for CI/CD pipelines
image

What does Cerbos integrate with?

Features

APIs, SDKs and latency

icon

Low latency APIs:

icon

SDKs for your native environment:

icon

API first approach:

Full audit logs

Cerbos generates audit logs of every request and action for compliance requirements.

  • Capture and log all incoming requests and responses consistently
  • Full trace of every decision made and why it was allowed or denied
  • Debug access requests with detailed information about the roles and attributes
  • Integrate into your existing audit process
image

Policy flexibility, storage, and version control

Flexible, developer-friendly, YAML based policy authoring to model any business requirement:

Flexible policy storage options:

Policy versioning that allows:

  • Canary deployments
  • Multiple run environments: dev, test, QA, prod, etc.
image

Deployment and configuration

Runs anywhere.

Meets your infrastructure requirements and business compliance policies wherever they are: Public or private cloud, or on premise.

Deploy and host based on your architecture.

Container orchestration:

  • Service: Share Cerbos among many services
  • Sidecar: Run Cerbos right next to your application
  • or anywhere a container can be run

Serverless: let your cloud provider manage it

Anywhere a binary can be run:

image