Cerbos newsletter September 2024
Since our last update, Cerbos Hub Audit Logs have been released in Beta, and Cerbos PDP v0.38.1 has gone live. We’ve also introduced a guide to help you decide between PBAC and Zanzibar based authorization for your app, and shared a travelogue of our engineer at the WAD conference.
Finally, our Co-Founder and CPO, Alex Olivier, recently appeared on the Amazic Podcast, to discuss advancements at Cerbos, especially following the recent General Availability launch of Cerbos Hub.
Cerbos Hub
Audit logs capture access records and decisions made by each individual policy decision point (PDP), and bundle it along with all the associated context and data.
By configuring your PDPs to send audit logs to Cerbos Hub, you get an immediate log aggregation solution to securely collect, store, and query audit logs from across your fleet.
And, since everything is natively Cerbos, the audit logs interface in Hub takes full advantage of the context of each log entry. You can now deep dive into every decision to understand why it was made, and even which version of the policy was active at the time.
Cerbos PDP
The v0.38.1 version of Cerbos PDP includes updates to policy variables, SBOM support, improved error messages and Helm updates.
The policy version and scope of the resource and principal are now available for use in policy conditions through request.resource.policyVersion, request.resource.scope, request.principal.policyVersion and request.principal.scope.
The cerbos compile command now produces better error messages to help track down issues with missing scope policies.
In addition to signing the Cerbos release binaries and containers using Sigstore infrastructure, the release process now produces SBOMs to help trace the provenance of each Cerbos release.
The response from the InspectPolicies Admin API endpoint now includes principal and resource attributes referenced by the inspected policies. Note that this is currently only an API update, the SDKs and cerbosctl updates to interact with the API will follow soon.
The official Cerbos Helm chart now includes a values.schema.json file to help discover any configuration problems.
The documentation now includes a static version of the Cerbos OpenAPI specification. For the interactive version, launch a Cerbos PDP and navigate to http://localhost:3592.
You can find the full release notes here: v0.38.1
Recommended by LinkedIn
Cerbos PDP is open source, check out our GitHub
Cerbos’ co-founder and CPO, Alex Olivier, sat down with Twain Taylor to discuss the exciting advancements at Cerbos, especially following the recent General Availability launch of Cerbos Hub. Whether you’re a software engineer looking to deepen your understanding of authorization, a CTO exploring scalable security solutions, or a developer interested in the latest tools for managing policies at scale, Alex’s insights will provide you with valuable knowledge.
For those of you who we met at Copenhagen Developers Festival: thank you for stopping by and chatting with us. Your support means a lot!
We’re looking forward to the following conferences in the coming weeks.
Visit our booth at: Authenticate Conference in Carlsbad, October 14-16.
Meet Alex Olivier at:
Meet Aram Andreasyan at:
Meet Dan Maher, who will be attending and speaking at:
Stay connected