🚀 Your Cerbos update for December 2024

Since our last update, we have introduced a series of updates to Cerbos PDP, as well as a new use case on implementing authorization in RAG-based AI systems with Cerbos. In other news - Cerbos is now available on AWS Marketplace!

We've also been busy expanding our educational resources - we have published a guide on using Cerbos with Supabase, and a video demo on implementing access control for RAG and LLMs.

Beyond technical guides, we've explored broader perspectives on authorization. We examined the importance of granular permission control, considerations when it comes to user management in SaaS applications, and why external authorization is essential for modern software architecture.

🌟 Milestone alert 🌟 Cerbos PDP has surpassed 3,333 stars on GitHub! We're grateful for the growing community support and trust. Check out our repository here.

Product Updates

Cerbos PDP

The v0.40 version of Cerbos PDP includes introducing a new constants policy type and improved ergonomics for test suites.

Constants policy type, a new way of defining structured, constant values that can be referenced in policy conditions, has been introduced. This is the perfect place to define common data such as quota levels, usage limits and configuration values which can then be interrogated in conditions across other policy types.

This release also includes several enhancements to the policy testing framework to help reduce repetition, increase readability and increase reliability:

Test fixtures now allow creation of groups of principals or resources. These grouped principals or resources can be referenced by their group name in the test cases.
Tests that exercise policies with time-based conditions must define the value of now at the test suite level or at the individual test case level. This ensures that tests are not flaky depending on the time of day the tests are run.

This is the last Cerbos release with support for SQL Server as a policy storage backend. It will be removed in the next release of Cerbos.

You can find the full release notes here: v0.40

Cerbos PDP is open source, check out our GitHub

Helpful Content

PurePerformance podcast: Solving today’s authorization challenges

Alex Olivier shared his insights into the nuances of authorization, the challenges it presents, and its role in scalable, secure application design. ABAC vs. RBAC, the difference between stateful and stateless authorization, and why Broken Access Control is in the OWASP Top 10 Security Vulnerabilities, are some of the other topics that were covered. Check out the episode to learn more.

Upcoming Events

For those of you who we met at WebSummit and Kubecon NA: thank you for stopping by and chatting with us. Your support means a lot!

We’re looking forward to the following conferences in the coming weeks.

Visit our booth at:

CyberSec Asia, Bangkok, Thailand, January 22-23

Meet Alex Olivier at:

Gartner IAM Summit, Grapevine, TX, December 9-11

Stay connected

Join our Slack Community to keep up-to-date with latest developments
Let us help you build or review your first policy. Book a 30 minute free workshop
Cerbos PDP is open source, feel free to browse or contribute
Learn more about Cerbos Hub, a complete authorization management system for authoring, testing and deploying policy
Browse our developer documentation for Cerbos PDP and Cerbos Hub
Experience Cerbos and policy writing via an in-browser Playground

You are receiving this email because either we have met, chatted, or you've visited our website cerbos.dev and asked us to keep you up-to-date. If you have been forwarded this email, you can subscribe and receive future updates directly from us. If you prefer not to receive these updates, you can unsubscribe below, but we hope you stay!