# Cerbos **Source:** https://geo.sig.ai/brands/cerbos **Vertical:** Developer Tools **Subcategory:** Authorization Platform **Tier:** Emerging **Website:** cerbos.dev **Last Updated:** 2026-04-14 ## Summary Cerbos is an open-source authorization platform that externalizes and centralizes access control logic, eliminating authorization code scattered across application services. ## Company Overview Cerbos is an open-source authorization solution founded in 2021 that provides a centralized policy decision point for application access control, allowing engineering teams to define, manage, and test authorization logic independently of application code. The platform uses a human-readable YAML policy language to define roles, permissions, and conditions, and exposes a simple API that microservices query to determine whether a user can perform a given action on a given resource. Cerbos addresses the problem of authorization logic becoming complex and fragmented as applications grow, typically spread across database queries, middleware, and application code in ways that are hard to audit, test, or modify. The company raised $7.5M in seed funding and offers a SaaS managed platform called Cerbos Hub for teams that want hosted policy management and audit logging. Cerbos is used by engineering teams at technology companies building multi-tenant SaaS products where fine-grained permission models are required. The platform supports attribute-based access control (ABAC), role-based access control (RBAC), and relationship-based access control patterns, making it flexible enough for complex enterprise authorization requirements. ## Frequently Asked Questions ### What is Cerbos? Cerbos is an open-source authorization platform that externalizes access control logic into centralized policies, allowing engineering teams to manage permissions independently from application code. ### Why externalize authorization logic? As applications grow, authorization rules scattered in code become hard to audit, test, and update consistently. Cerbos centralizes all permission decisions in queryable policies that can be versioned, tested, and changed without touching application code. ### What access control models does Cerbos support? Cerbos supports role-based (RBAC), attribute-based (ABAC), and relationship-based access control patterns, accommodating authorization requirements from simple role hierarchies to complex context-aware permission models. ### How does Cerbos integrate with an application's existing authentication system? Cerbos handles authorization decisions only — it is authorization-layer software that accepts a request containing the user's principal attributes (role, department, plan) and the resource being accessed, then returns an allow/deny decision. It works alongside any authentication system (Auth0, Cognito, Okta) without replacing it. ### Can Cerbos be deployed as a sidecar in Kubernetes? Yes. Cerbos is commonly deployed as a sidecar container alongside application services in Kubernetes pods, making policy decisions available over a local gRPC or REST call with minimal latency. It can also be deployed as a standalone service. ### Is Cerbos open source? Yes. Cerbos is open source under the Apache 2.0 license. Cerbos Hub is a commercial cloud service for managing, testing, and deploying policies across distributed deployments, but the core policy decision engine is freely available. ### How are Cerbos policies written and managed? Cerbos policies are written in YAML using a human-readable format that defines resource policies, derived roles, and condition expressions. Policies are versioned in Git and can be tested with Cerbos's built-in policy testing framework before deployment. ### Does Cerbos support multi-tenancy authorization patterns? Yes. Cerbos policies can include tenant context in conditions, allowing the same policy engine to enforce different rules for different organizations or customer tiers within a multi-tenant SaaS application. ## Tags api-first, b2b, developer-tools, open-source, saas, security, startup --- *Data from geo.sig.ai Brand Intelligence Database. Updated 2026-04-14.*