Cerbos
Authorization for Enterprise Software and AI
GitHub Stars
4.4k+
Decision Latency
< 1ms
Open Source
Yes
About Cerbos
Cerbos provides a comprehensive, end-to-end authorization solution built for scale and performance. It features a stateless, open-source Policy Decision Point (PDP) that evaluates access policies with sub-millisecond latency. Policies are written in human-readable YAML and support models like RBAC, ABAC, ReBAC, and PBAC. The platform includes Cerbos Hub, a central control plane for policy management, testing, and distribution, and Cerbos Synapse for data enrichment. With SDKs for major languages like Go, Java, Python, and .NET, it decouples authorization logic from application code, enabling faster development cycles and robust security. Cerbos is designed for Zero Trust environments and can be deployed in the cloud, on-premise, or in air-gapped systems.
Core Components
Policy Decision Point (Pdp)
Open-source, stateless authorization engine that evaluates policies.
Cerbos Hub
Central control plane for policy authoring, testing, versioning, and distribution.
Cerbos Synapse
Enriches authorization requests by fetching data from external systems.
Policy Enforcement Points (Peps)
Language-native SDKs to connect applications to the PDP.
Features
Authorization Models
RBAC, ABAC, ReBAC, PBAC
Policy Language
Human-readable YAML
Deployment Options
Cloud, On-premise, Air-gapped
Audit Logging
Captures detailed decision logs for compliance and traceability.
Developer SDKs
Languages
Go, Java, .NET, JavaScript, Python, Rust
Integrations
Works with existing Identity Providers (IdPs), API gateways, and data platforms.