Since our last update, Cerbos Hub Audit Logs have been released in Beta, and Cerbos PDP v0.38.1 has gone live. We’ve also introduced a guide to help you decide between PBAC and Zanzibar based authorization for your app, and shared a travelog of our engineer at the WAD conference. 

Finally, our Co-Founder and CPO, Alex Olivier, recently appeared on the Amazic Podcast, to discuss advancements at Cerbos, especially following the recent General Availability launch of Cerbos Hub.

Product Updates

Cerbos Hub

Cerbos Hub Audit Logs are now available in beta!

Audit logs capture access records and decisions made by each individual policy decision point (PDP), and bundle it along with all the associated context and data. 

By configuring your PDPs to send audit logs to Cerbos Hub, you get an immediate log aggregation solution to securely collect, store, and query audit logs from across your fleet. 

• Are you looking for a simple way to manage and analyze your audit logs? Every request, every decision, every bit of metadata—and all of this is fully customized for your needs.
• Are you only interested in who was denied access? You got it.
• Are you in a regulated industry and you need to mask certain fields in your logs? Not a problem.

And, since everything is natively Cerbos, the audit logs interface in Hub takes full advantage of the context of each log entry. You can now deep dive into every decision to understand why it was made, and even which version of the policy was active at the time.

Explore Cerbos Hub

Cerbos PDP

The v0.38.1 version of Cerbos PDP includes updates to policy variables, SBOM support, improved error messages and Helm updates.

The policy version and scope of the resource and principal are now available for use in policy conditions through request.resource.policyVersion, request.resource.scope, request.principal.policyVersion and request.principal.scope.

The cerbos compile command now produces better error messages to help track down issues with missing scope policies.

In addition to signing the Cerbos release binaries and containers using Sigstore infrastructure, the release process now produces SBOMs to help trace the provenance of each Cerbos release.

The response from the InspectPolicies Admin API endpoint now includes principal and resource attributes referenced by the inspected policies. Note that this is currently only an API update, the SDKs and cerbosctl updates to interact with the API will follow soon.

The official Cerbos Helm chart now includes a values.schema.json file to help discover any configuration problems.

The documentation now includes a static version of the Cerbos OpenAPI specification. For the interactive version, launch a Cerbos PDP and navigate to http://localhost:3592.

You can find the full release notes here: v0.38.1

Cerbos PDP is open source, check out our GitHub

Helpful Content

Amazic Podcast: Unveiling the Future of Authorization with Cerbos

Cerbos’ co-founder and CPO, Alex Olivier, sat down with Twain Taylor to discuss the exciting advancements at Cerbos, especially following the recent General Availability launch of Cerbos Hub. Whether you’re a software engineer looking to deepen your understanding of authorization, a CTO exploring scalable security solutions, or a developer interested in the latest tools for managing policies at scale, Alex’s insights will provide you with valuable knowledge.

Upcoming Events

For those of you who we met at Copenhagen Developers Festival: thank you for stopping by and chatting with us. Your support means a lot!

We’re looking forward to the following conferences in the coming weeks.

Visit our booth at: Authenticate Conference in Carlsbad, October 14-16.

Meet Alex Olivier at:

• IDM Europe Identity Management in Utrecht, October 2
• CIVO Disruptive Tech in London, October 9 
• Internet Identity Workshop in California, October 29-31

Meet Aram Andreasyan at:

• GovWare in Singapore, October 15-17
• Identity Week Asia in Singapore, October 22-23.

Meet Dan Maher, who will be attending and speaking at: 

• DevOpsDays Cairo, September 25, online.
• DevOpsDays London, September 26-27.