Hello, Cerbos community! We have some exciting news we wanted to share with you all 🙂 Startups 100, the UK’s longest-running index of disruptive new startups, has unveiled its 2025 edition, and Cerbos proudly ranks 30th on the list! 🏅 🚀 If you’re interested in discovering the details - you can check out our blog post on the news.

Hey <!channel>! We wanted to share a new piece written by @Hasan Ayan with you 😊 The Backend for Frontend concept in Remix and its associated hooks such as useLoaderData or useFetcher are great tools for building dynamic pages. In most cases, these hooks provide a simple and reliable way of getting data from loaders. 🤔 However, there are some cases where this concept imposes certain limitations. While working on our Audit Logs feature, we hit one of them. In this article, Hasan Ayan shares more on that limitation and shows how we implemented a solution for ourselves 🔑

Hey <!channel>! 👋 The final chapter (10) of our “Monolith to Microservices Migration ebook” is now live on our blog! https://www.cerbos.dev/blog/team-collaboration-and-code-ownership-microservices This week, we’re diving into effective team collaboration and code ownership for managing microservices systems. Or, you can download the complete 10-part series in one e-book now: "Monolith to microservices migration: 10 critical challenges to consider".

Hey everyone, wanted to share our latest blog with you 🙂 ⬇️ Auth0 is a popular platform when it comes to identity and access management services. However, the growing need for customizable, self-hosted solutions has led organizations to explore open source alternatives. Our latest blog dives into six solid contenders: Keycloak, Gluu, Authentik, Authelia, SuperTokens, and FusionAuth. 🔗 Read the full article here & find the right fit for your next project https://www.cerbos.dev/blog/auth0-alternatives

Hey again, <!channel> We recently released a blog post + video on the 11 trends that will define the future of authorization 💡 If you’re interested - feel free to check it out! The piece is based on our expertise as an enterprise authorization provider, and insights from hundreds of conversations with architects, IAM leads, and CISOs we got a chance to speak with over the past year.

Hey, <!channel>! We have rolled out an update to the Cerbos Hub Playground that’s tailored for those of you who are building more complex policies and want a development experience that mirrors real-world deployments more closely. This update introduces Cerbos Hub Playground engine settings, letting you configure the Cerbos PDP engine used when evaluating policy during development, in a way that reflects your actual environment. 👉Get the details here

Hey, Cerbos community! 👋😊 We just published a blog post discussing the core principles, advantages and disadvantages, and practical concerns of stateless architecture. Feel free to check it out here

Hey <!channel>! Feel free to check out our latest blog post, it’s about implementing authorization and access control in Flask 👉https://www.cerbos.dev/blog/authorization-in-flask👈

Happy Friday, community 👋 😊 We just published a deep dive into externalized authorization management (EAM). In the blog, we cover: • what EAM is; • when you might need it; • the associated technical benefits; • along with how to implement it. 👉 Feel free to check out the blog on EAM here 👈 Have a great weekend!

hey everyone! :) We just published a blog post, where we explore different approaches to enforcing RBAC and ABAC in an enterprise context. As well as what drives the business need to choose between RBAC and ABAC, the various architectural deployments of these access control methods, and the implications of their selection. If you’re interested, you can find the blog with all the details here

Hey community! We have some exciting news! Cerbos PDP - our open-source authorization solution, just hit 3.6k stars on GitHub! 🚀 🎉 https://github.com/cerbos/cerbos Thank you all for your support ☺️💪

Hey, <!channel>! 👋 We have a new blog out, where we discuss our journey from using OPA to building our own engine. If you’re interested in the details (as well as understanding why we decided to make that transition, and what benefits we have seen since then) - feel free to check out the piece here

Hey <!channel>! We’ve gotten many questions from our community and customers about securing non-human identities. So we wanted to get into this topic in more detail 😊⬇️ Securing applications is not just about authorizing users based on their identity. Service-to-service calls, external API clients, AI agents, bots, and background jobs all act as independent workloads with their own identities, all requiring access to data and resources. NHIs need to be authorized just like human users. Otherwise, these workloads can become security risks, leading to over-privileged services, unauthorized data exposure, and compliance violations. Here you can learn how Cerbos can be used to secure NHIs 👉 https://www.cerbos.dev/features-benefits-and-use-cases/authorization-non-human-identities

happy Friday, community! 🙂 We wanted to share our latest blog post with you. We dove into the various certifications for enterprise architects, domain solutions architects, and software engineers, detailing their formats, prerequisites, and associated costs. Although certification doesn’t replace experience - it can be a valuable addition to professional experience for architects. So if you’re interested - feel free to check out the blog post here. Some certifications we cover include: TOGAF 9, ITIL Master, Zachman Framework, AWS Certified Solutions Architect, Google Professional Cloud Architect, and others.

Hey <!channel>! In our latest blog, we dove into the topic of translating business requirements to authorization policy for HR 💡 Check it out if you’d like to understand the process of reviewing business requirements, analyzing them, defining policies, and ultimately deploying them to production systems as efficiently as possible 👉 https://www.cerbos.dev/blog/business-requirements-to-authorization-policy-in-hr-systems

hey <!channel> 👋 We are happy to share that we’ve introduced support for capturing audit decision logs from the Cerbos Hub Embedded Policy Decision Points (ePDP) using the latest version of the Cerbos Javascript SDK 🌟 🎉 This feature enables organizations to track and analyze authorization decisions made locally in embedded environments, ensuring complete visibility and auditability, without relying on a centralized PDP or Cerbos Hub. Discover the details here

Hey community! We’ve just published a blog post about authorization at the edge and it’s benefits • ✅ Faster response times • ✅ More reliable access control • ✅ Reduced load on central servers 👉 Feel free to check it out here 👈

Release - v0.41.0 New release published by github-actions[bot] Cerbos 0.41.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.41.0.html Changelog Features • bfef008 feat(plan): Use scope value in the query plan (#2485) • 9bec734 feat: Replace labels with deployments in bundle API v2 (#2483) Enhancements • 71682d6 enhancement!: Switch to ContextEval to evaluate CEL expressions (#2495) • 538ab24 enhancement: Correctly set GOMAXPROCS on ECS (#2459) • 41787ba enhancement: Fail tests with unreachable output expectations (#2418) • c2f16ff enhancement: Lazy rule table (#2460) • 131bf5f enhancement: Rule table engine (#2442) • ecf08cc enhancement: Support bundlev2 (#2395) Bug fixes • 038719b fix: Add missing policy required for mutable e2e tests (#2502) • bd3222d fix: Correctly handle defaultPolicyVersion engine config (#2449) • 8983b99 fix: Correctly handle partial rule table and event subscription (#2455) • a676fd1 fix: Fall back to default policy version sooner in query planner (#2450) • 0b80bcb fix: Reload rule table when store contents change (#2452) • f611ff2 fix: Return validation errors and effective policies in query planner responses (#2447) • a12fd5c fix: Rule table reload should only purge (#2467) • 3596a31 fix: Use correct filterDebug type in e2e query planner test (#2448) Documentation • 73b40e4 docs: Correct examples for math functions (#2445) • 9096ecb docs: Scope permissions (#2487) • 1fd792d docs: Update 03_calling-cerbos.adoc of tutorial to use the updated

/api/check/resources

endpoint (#2429) • 4eb7b26 docs: Update what-is-cerbos.adoc tenant ->tenet (#2406) Chores • 282fe32 chore!: REQUIRE_PARENTAL_CONSENT refinements for resource and principal policies (#2484) • 31e635e chore!: Role policy deny rows (#2475) • 24551ba chore(deps): Bump filippo.io/age from 1.2.0 to 1.2.1 (#2423) • 7a81126 chore(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in /tools (#2491) • 39242a6 chore(deps): Bump github.com/quic-go/quic-go from 0.48.1 to 0.48.2 in /tools (#2405) • 3792699 chore(deps): Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in /tools (#2414) • c03afd6 chore(deps): Remove SQL Server dependencies (#2394) • 09806c6 chore(deps): Update alecthomas/kong to v1.5.1 (#2404) • e11f815 chore(deps): Update dawidd6/action-download-artifact action to v7 (#2417) • 5571a2c chore(deps): Update dependency node to v22.13.0 (#2444) • 4eda1c7 chore(deps): Update github actions deps (#2427) • 55dc0c8 chore(deps): Update github actions deps (#2464) • d6818fa chore(deps): Update github.com/bufbuild/protovalidate-go to 0.8.0 (#2428) • d0c26dd chore(deps): Update github.com/go-git/go-git/v5 (#2437) • aa9a573 chore(deps): Update go deps (#2397) • 915609b chore(deps): Update go deps (#2407) • 8b6d25e chore(deps): Update go deps (#2415) • 2660e5e chore(deps): Update go deps (#2431) • <https://github.com/cerbos/cerbos/c… cerbos/cerbos

Hey, <!channel>, happy Monday! 🚀 We wanted to share about our latest update - Cerbos Prisma Integration v2.0 With our latest update to the reference Prisma Query Plan Adapter, we’ve significantly expanded its capabilities, making it even easier to enforce fine-grained access control within applications using Prisma ORM. Updates include: • Expanded operator support • Deep nested relations • Automatic field inference and type-safe mapping • Improved collection handling • Performance optimizations 👉Check out the full blog post for more details &amp; info on how to get started 👈

Hey <!channel> ! 👋 🎥 We will be hosting a webinar “Cloud, SaaS, or self-hosted? Which authentication & authorization deployment model is right for you?” Join to learn about: • Security & compliance trade-offs across deployment models • Engineering implications from performance to integration complexity • Hidden costs & operational risks you might not expect • How to future-proof your auth stack for scalability & reliability 📅 April 17, 2025 | 5pm CET / 9am PST (recording will be available to all registrants) 🎙️ Speakers: Dan Moore, Principal Product Engineer at FusionAuth & Alex Olivier, CPO at Cerbos 👉 register here 👈 see you there! ☺️

Hey everyone! 😊 Non-human identities now outnumber human users by 17:1, yet they are one of the most overlooked attack vectors in today’s systems. Which is why we published a new blog post breaking down the OWASP Top 10 threats to non-human identities (NHIs). We explain what each threat is, real-world examples of breaches, and practical steps to mitigate them. Plus, we show how Cerbos helps enforce least privilege and context-aware access control for NHIs. Feel free to check it out here

Hey <!channel>! We’ve published a blog post where we examine the key elements of compliance that should be prioritized, from data quality and change management to audit logs and access control. We also explore how picking the right authorization system can strengthen your compliance efforts. Feel free to check it out here 💡 A study by the Ponemon Institute found that, on average, non-compliance costs companies about 2.7 times more than meeting compliance requirements in the first place.

Release - v0.42.0 New release published by github-actions[bot] ## Cerbos 0.42.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.42.0.html ## Changelog ### Features • e3aef93 feat: SPIFFE functions (#2524) ### Enhancements • 36c7625 enhancement: Stop logging attribute values as JSON-encoded strings in decision logs (#2516) ### Bug fixes • 8cbeca7 fix: Ensure derived role updates purge rule table caches (#2523) • 4449609 fix: Evaluate condition blocks correctly in REPL (#2513) • f1fc31d fix: Purge schema cache on store reload (#2522) • e4da017 fix: Tidy up rule table trace outputs (#2531) ### Documentation • 970f7fd docs: Remove symlink to SQL Server schema (#2505) ### Chores • b7fa780 chore(deps): Bump github.com/containerd/containerd from 1.7.25 to 1.7.27 in /tools (#2520) • 2658904 chore(deps): Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in /tools (#2527) • ed471a3 chore(deps): Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 in /tools (#2526) • 92b5da4 chore(deps): Bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.3 (#2525) • b89d3c4 chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /api/genpb (#2514) • 9bff439 chore(deps): Bump golang.org/x/net from 0.35.0 to 0.36.0 in /tools (#2509) • fc62644 chore(deps): Update go deps (#2507) • 5c2b5bd chore(deps): Update golangci/golangci-lint-action action to v6.5.1 (#2517) • e682aeb chore(deps): Update golangci/golangci-lint-action action to v6.5.2 (#2528) • 0276262 chore(deps): Update node.js deps (#2508) • 25b8f18 chore(deps): Update pnpm to v10.6.3 (#2518) • ed90ba0 chore(deps): Update pnpm to v10.6.5 (#2529) • 5d3167a chore(planner): Switch from CEL protobuf to native types (#2492) • 4e6d19b chore(release): Add 0.42.0 release notes (#2532) • 1a5b7c2 chore(release): Prepare release 0.42.0 • bd70cea chore(version): Bump version to 0.42.0 • fa4ac36 chore: Add gopls's modernizer to linters (#2515) • ba15837 chore: Handle empty policies in the parser (#2530) • 8247248 chore: Handle kind ROLE in trace printer (#2511) cerbos/cerbos

Happy Monday, community! 😊 We’re heading KubeCon 2025 in London! If you will be there - come meet the Cerbos team at 🔺Booth S632🔺 Daniel Maher, Emre Baran, Alex Olivier, and Andrew Haines are looking forward to chatting with you about all things authorization! 📢 Don’t miss Dan’s talk “AuthZ as a Dev Workflow: Architecting Better Cloud Native Apps” Friday April 4, 2025 15:15 - 15:45 BST Level 1 | Hall Entrance S10 | Room C 🎁 And while you’re at it, feel free to participate in our collab raffle with FusionAuth for a chance to win a TIE Interceptor or X-Wing Starfighter. See you there!

hey <!channel>! 🚀 We’re happy to share that Cerbos PDP now supports native parsing of SPIFFE identities in authorization policies! This unlocks precise access control for authorizing calls based on non-human identities using the framework be it services, workloads, or any other compute job. This feature introduces a set of Cerbos-specific extensions to the Common Expression Language (CEL) used in policy conditions which understand the structure of a SPIFFE ID such as trust domains, path components, or target the full identity string.

Release - v0.43.0 New release published by github-actions[bot] ## Cerbos 0.43.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.43.0.html ## Changelog ### Bug fixes • ff7c199 fix: Maintain derived role mappings during policy updates (#2536) • 03982ea fix: Purge rule table on index build failure (#2538) ### Chores • dba785d chore(ci): Make Coveralls upload optional (#2541) • c1238e0 chore(deps): Update go deps (#2534) • b0c542e chore(deps): Update go deps (#2540) • b074c8f chore(deps): update node.js deps (#2535) • 170a7e8 chore(release): Add 0.43.0 release notes (#2542) • 69f4f15 chore(release): Prepare release 0.43.0 • c56621c chore(version): Bump version to 0.43.0 • 4ae6dac chore: Change logger keys based on bundle version (#2533) cerbos/cerbos

Hey community! 😊 As you might have already seen - we’ve introduced several updates that bring new capabilities and improvements to Cerbos 🙌 With v0.42 and v0.43, we’ve added support for SPIFFE identities in policies, improved the structure of audit logs, and tightened the reliability of policy updates in live environments. Details can be found here

Thanks to everyone who joined our webinar on “Choosing the Right Authentication & Authorization Deployment Model” 🥳 📩 If you missed the live session, you can get the full recording by submitting the form here. The recording will be sent directly to your email. During the webinar: 👉 Dan Moore FusionAuth and Alex Olivier Cerbos compared self-hosted, cloud-hosted, and SaaS authentication solutions, examining their impact on security, compliance, and operational control 👉 Explored how to align deployment choices with your regulatory requirements and data governance needs 👉 Examined performance implications, integration challenges, and compatibility with teams’ technical roadmaps 👉 Covered operational risks including reliability, disaster recovery, and vendor lock-in—plus how to mitigate them 👉 Broke down the total cost of ownership, CapEx vs. OpEx considerations, and potential hidden costs More webinars coming very soon!

Hey everyone! Happy Friday! 😊 🎉 We’re excited to share some big news: Cerbos has been named Startup of the Year 2024 in Access Control by HackerNoon. This recognition comes after a competitive vote involving 32 companies in our category and nearly 700 community votes. This isn’t just a win for Cerbos—it’s a signal that the tech community is paying serious attention to the problem of authorization. We wouldn’t be here without your support ☺️_. Whether you voted, contributed to the open-source project, deployed Cerbos in production, or just explored what we’re doing—thank you._ This win is a shared one. Onward 🚀

Hey <!channel>! 👋 We would like to invite you to join our upcoming webinar on “Mastering authorization in Fintech” 💻 Edgar Rivera and Daniel "phrawzty" Maher will walk through how to map business requirements of fintech products to authorization logic, accounting for dynamic trading rules, global market windows, and real-time risk assessment. Then they’ll show how to manage that complexity without cluttering your codebase or making things harder to maintain. ⏰ May 6, 2025 at 5pm CEST / 8am PDT 🔗 👉 Register for the webinar here 📩 Recording available for all registrants