{"id":13467715,"url":"https://github.com/cerbos/cerbos","last_synced_at":"2026-02-04T11:44:55.672Z","repository":{"id":36956439,"uuid":"350005438","full_name":"cerbos/cerbos","owner":"cerbos","description":"Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.","archived":false,"fork":false,"pushed_at":"2026-02-02T23:11:29.000Z","size":23730,"stargazers_count":4206,"open_issues_count":50,"forks_count":171,"subscribers_count":34,"default_branch":"main","last_synced_at":"2026-02-03T09:36:57.145Z","etag":null,"topics":["access-control","authorization","go","golang","kubernetes","policy","security"],"latest_commit_sha":null,"homepage":"https://cerbos.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cerbos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.txt","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-03-21T13:23:10.000Z","updated_at":"2026-02-02T18:43:37.000Z","dependencies_parsed_at":"2023-10-02T08:54:44.013Z","dependency_job_id":"dc6ced0a-8170-4666-82fe-13a3ed1e2be6","html_url":"https://github.com/cerbos/cerbos","commit_stats":{"total_commits":1883,"total_committers":33,"mean_commits":57.06060606060606,"dds":0.6224110462028678,"last_synced_commit":"d0c26dd96aa9cc660d4d046b15c77d324048c955"},"previous_names":[],"tags_count":98,"template":false,"template_full_name":null,"purl":"pkg:github/cerbos/cerbos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cerbos","download_url":"https://codeload.github.com/cerbos/cerbos/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cerbos%2Fcerbos/sbom","scorecard":{"id":271146,"data":{"date":"2025-08-11","repo":{"name":"github.com/cerbos/cerbos","commit":"e82e409917ab76937e9269c9e7608dc2e2c463bd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.7,"checks":[{"name":"Code-Review","score":8,"reason":"Found 14/16 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/aws.yaml:12","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:12","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:13","Info: jobLevel 'contents' permission set to 'read': .github/workflows/manual-npm-publish.yaml:9","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yaml:15","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yaml:128","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yaml:175","Info: jobLevel 'contents' permission set to 'read': .github/workflows/snapshot.yaml:82","Warn: no topLevel permission defined: .github/workflows/aws.yaml:1","Warn: no topLevel permission defined: .github/workflows/cache.yaml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yaml:1","Warn: no topLevel permission defined: .github/workflows/manual-npm-publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/pr-test.yaml:1","Warn: no topLevel permission defined: .github/workflows/pr-title.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/snapshot.yaml:1","Warn: no topLevel permission defined: .github/workflows/test-matrix.yaml:1","Warn: no topLevel permission defined: .github/workflows/vulnerability-check.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/aws.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/aws.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/aws.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cache.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/cache.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cache.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/cache.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cache.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/cache.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cache.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/cache.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cache.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/cache.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/codeql.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/docs.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-npm-publish.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/manual-npm-publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:272: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:296: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:349: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:363: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:381: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:389: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:397: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:191: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-test.yaml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/pr-title.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/snapshot.yaml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/snapshot.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-matrix.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/test-matrix.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-matrix.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/test-matrix.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/vulnerability-check.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/vulnerability-check.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vulnerability-check.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/vulnerability-check.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/vulnerability-check.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cerbos/cerbos/vulnerability-check.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.cerbos:1","Warn: containerImage not pinned by hash: Dockerfile.cerbosctl:1","Warn: goCommand not pinned by hash: deploy/charts/validate.sh:12","Warn: goCommand not pinned by hash: deploy/charts/validate.sh:15","Warn: npmCommand not pinned by hash: hack/scripts/install-corepack.sh:11","Warn: goCommand not pinned by hash: hack/scripts/prep-release.sh:76","Warn: goCommand not pinned by hash: .github/workflows/e2e.yaml:60","Warn: goCommand not pinned by hash: .github/workflows/vulnerability-check.yaml:32","Info:   0 out of  41 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  68 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   1 out of   6 goCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: cerbosctl_0.46.0_Darwin_all.tar.gz.sbom.json.sig: https://github.com/cerbos/cerbos/releases/tag/v0.46.0","Info: signed release artifact: cerbosctl_0.45.1_Darwin_all.tar.gz.sbom.json.sig: https://github.com/cerbos/cerbos/releases/tag/v0.45.1","Info: signed release artifact: cerbosctl_0.45.0_Darwin_all.tar.gz.sbom.json.sig: https://github.com/cerbos/cerbos/releases/tag/v0.45.0","Info: signed release artifact: cerbosctl_0.44.0_Darwin_all.tar.gz.sbom.json.sig: https://github.com/cerbos/cerbos/releases/tag/v0.44.0","Info: signed release artifact: cerbosctl_0.43.0_Darwin_all.tar.gz.sbom.json.sig: https://github.com/cerbos/cerbos/releases/tag/v0.43.0","Warn: release artifact v0.46.0 does not have provenance: https://api.github.com/repos/cerbos/cerbos/releases/236782648","Warn: release artifact v0.45.1 does not have provenance: https://api.github.com/repos/cerbos/cerbos/releases/228744067","Warn: release artifact v0.45.0 does not have provenance: https://api.github.com/repos/cerbos/cerbos/releases/225578142","Warn: release artifact v0.44.0 does not have provenance: https://api.github.com/repos/cerbos/cerbos/releases/222622364","Warn: release artifact v0.43.0 does not have provenance: https://api.github.com/repos/cerbos/cerbos/releases/210730959"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/pr-test.yaml:317"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3829","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GO-2025-3770","Warn: Project is vulnerable to: GO-2024-2456 / GHSA-449p-3h89-pw88","Warn: Project is vulnerable to: GO-2024-2466 / GHSA-mw99-9chc-xw7r","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T13:23:05.705Z","repository_id":36956439,"created_at":"2025-08-17T13:23:05.705Z","updated_at":"2025-08-17T13:23:05.705Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29083261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-04T03:31:03.593Z","status":"ssl_error","status_checked_at":"2026-02-04T03:29:50.742Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","authorization","go","golang","kubernetes","policy","security"],"created_at":"2024-07-31T15:00:59.696Z","updated_at":"2026-02-04T11:44:55.665Z","avatar_url":"https://github.com/cerbos.png","language":"Go","readme":"![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/cerbos/cerbos?color=green\u0026logo=github\u0026sort=semver)  [![Snapshots](https://github.com/cerbos/cerbos/actions/workflows/snapshot.yaml/badge.svg)](https://github.com/cerbos/cerbos/actions/workflows/snapshot.yaml)  [![Go Report Card](https://goreportcard.com/badge/github.com/cerbos/cerbos)](https://goreportcard.com/report/github.com/cerbos/cerbos)  [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.0-4baaaa.svg)](CODE_OF_CONDUCT.md)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cerbos/cerbos/blob/main/docs/supplemental-ui/logo.png?raw=true\" alt=\"Cerbos\"/\u003e\n\u003c/p\u003e\n\n## What is Cerbos?\n\nCerbos is an authorization layer that evolves with your product. It enables you to define powerful, context-aware access control rules for your application resources in simple, intuitive YAML policies; managed and deployed via your Git-ops infrastructure. It provides highly available APIs to make simple requests to evaluate policies and make dynamic access decisions for your application.\n\nThis repo has everything you need to set up a self-hosted Cerbos Policy Decision Point (PDP). [Sign up for a free Cerbos Hub account](https://cerbos.dev/product-cerbos-hub?utm_campaign=brand_cerbos\u0026utm_source=github) to streamline your policy authoring and distribution workflow to self-hosted PDPs.\n\nWith Cerbos Hub you can:\n\n- Collaborate with colleagues to author and share policies in fully-interactive private playgrounds\n- Quickly and efficiently distribute policy updates to your whole PDP fleet\n- Build special policy bundles for client-side or in-browser authorization\n- Easily integrate with Cerbos in serverless and edge deployments\n\n## Key concepts, at a glance 👀\n\n**_PRINCIPAL:_** oftentimes just the \"user\", but can also represent: other applications, services, bots or anything you can think of. The \"thing\" that's trying to carry out an... ↙️\n\n**_ACTION:_** a specific task. Whether to create, view, update, delete, acknowledge, approve... anything. The principal might have permission to do all actions or maybe just one or two. The actions are carried out on a... ↙️\n\n**_RESOURCE:_** the thing you're controlling access to. It could be anything, e.g., in an expense management system; reports, receipts, card details, payment records, etc. You define resources in Cerbos by writing... ↙️\n\n**_POLICIES:_** YAML files where you define the access rules for each resource, following a [simple, structured format](#resource-policy). Stored either: [on disk](https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#disk-driver), in [cloud object stores](https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#blob-driver), [git repos](https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#git-driver), or dynamically in [supported databases](https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#sqlite3). These are continually monitored by the... ↙️\n\n**_CERBOS PDP:_** the Policy Decision Point: the stateless service where policies are executed and decisions are made. This runs as a separate process in kube (as a [service](https://docs.cerbos.dev/cerbos/latest/deployment/k8s-service.html) or a [sidecar](https://docs.cerbos.dev/cerbos/latest/deployment/k8s-sidecar.html)), directly as a [systemd service](https://docs.cerbos.dev/cerbos/latest/deployment/systemd.html) or as an [AWS Lambda function](https://docs.cerbos.dev/cerbos/latest/deployment/serverless-faas.html). Once deployed, the PDP provides two primary APIs...\n\n* **_CheckResources:_** \"Can this principal access this resource?\"\n* **_PlanResources:_** \"Which of resource kind=X can this principal access?\"\n\nThese APIs can be called via [cURL](#api-request), or in production via one of our many... ↙️\n\n**_SDKs:_** you can see the list [here](#client-sdks). There are also a growing number of [query plan adapters](#query-plan-adapters) to convert the SDK `PlanResources` responses to a convenient query instance.\n\n**_RBAC -\u003e ABAC:_** If simple RBAC doesn't cut it, you can extend the decision-making by implementing attribute based rules. Implement `conditions` in your resource policies which are evaluated dynamically at runtime using contextual data, for much more granular control. Add conditions in [derived roles](https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html) to extend the RBAC roles dynamically. Or use [principal policies](https://docs.cerbos.dev/cerbos/latest/policies/principal_policies.html) for more particular overrides for a specific user.\n\n**_CERBOS HUB:_** A cloud-hosted control plane to streamline your Cerbos PDP deployment. Includes a comprehensive CI/CD solution for testing and distributing policy updates securely and efficiently, collaborative private playgrounds for quick prototyping and experimentation, and an exclusive Embedded PDP solution for deploying your policies to browsers and serverless/edge applications.\n\n## How Cerbos PDP works with your application:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cerbos/cerbos/blob/main/docs/modules/ROOT/assets/images/how_cerbos_works.png?raw=true\" alt=\"Cerbos\"/\u003e\n\u003c/p\u003e\n\nLearn more about how Cerbos PDP and Cerobs Hub work together to solve your authorization headaches [here](https://cerbos.dev/how-it-works?utm_campaign=brand_cerbos\u0026utm_source=github).\n\n## Learn more\n\n* Get up and running quickly with our [quickstart](https://docs.cerbos.dev/cerbos/latest/quickstart.html), or build an example implementation in our [tutorial](https://docs.cerbos.dev/cerbos/latest/tutorial/00_intro.html)\n* See [example policies and requests](#examples)\n* Read the [full documentation](https://docs.cerbos.dev)\n* Explore some of our [demo repositories](https://github.com/cerbos)\n* Try online with the [Cerbos playground](https://play.cerbos.dev)\n* Learn more about [Cerbos Hub](https://cerbos.dev/product-cerbos-hub?utm_campaign=brand_cerbos\u0026utm_source=github) and make an account\n\n## Used by\n\nCerbos is popular among large and small organizations:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://cerbos.dev/assets/logos/readme_logos.png\" alt=\"Cerbos\"/\u003e\n\u003c/p\u003e\n\n\n_Using Cerbos? Let us know by emailing devrel@cerbos.dev._\n\n\n## Installation\n\n* [Container](https://docs.cerbos.dev/cerbos/latest/installation/container.html)\n* [Binary/OS packages](https://docs.cerbos.dev/cerbos/latest/installation/binary.html)\n* [Helm Chart](https://docs.cerbos.dev/cerbos/latest/installation/helm.html)\n\n\n## Examples\n\n#### Resource policy\n\nWrite access rules for a resource.\n\n```yaml\n---\napiVersion: api.cerbos.dev/v1\nresourcePolicy:\n  importDerivedRoles:\n    - common_roles\n  resource: \"album:object\"\n  version: \"default\"\n  rules:\n    - actions: ['*']\n      effect: EFFECT_ALLOW\n      derivedRoles:\n        - owner\n\n    - actions: ['view', 'flag']\n      effect: EFFECT_ALLOW\n      roles:\n        - user\n      condition:\n        match:\n          expr: request.resource.attr.public == true\n\n    - actions: ['view', 'delete']\n      effect: EFFECT_ALLOW\n      derivedRoles:\n        - abuse_moderator\n```\n\n#### Derived roles\n\nDynamically assign new roles to users based on contextual data.\n\n```yaml\n---\napiVersion: \"api.cerbos.dev/v1\"\nderivedRoles:\n  name: common_roles\n  definitions:\n    - name: owner\n      parentRoles: [\"user\"]\n      condition:\n        match:\n          expr: request.resource.attr.owner == request.principal.id\n\n    - name: abuse_moderator\n      parentRoles: [\"moderator\"]\n      condition:\n        match:\n          expr: request.resource.attr.flagged == true\n```\n\n#### API request\n\n```sh\ncat \u003c\u003cEOF | curl --silent \"http://localhost:3592/api/check/resources?pretty\" -d @-\n{\n  \"requestId\": \"test01\",\n  \"includeMeta\": true,\n  \"principal\": {\n    \"id\": \"alicia\",\n    \"roles\": [\n      \"user\"\n    ]\n  },\n  \"resources\": [\n    {\n      \"actions\": [\n        \"view\"\n      ],\n      \"resource\": {\n        \"id\": \"XX125\",\n        \"kind\": \"album:object\",\n        \"attr\": {\n          \"owner\": \"alicia\",\n          \"public\": false,\n          \"flagged\": false\n        }\n      }\n    }\n  ]\n}\nEOF\n```\n\n#### API response\n\n```json\n{\n  \"requestId\": \"test01\",\n  \"results\": [\n    {\n      \"resource\": {\n        \"id\": \"XX125\",\n        \"kind\": \"album:object\",\n        \"policyVersion\": \"default\"\n      },\n      \"actions\": {\n        \"view\": \"EFFECT_ALLOW\"\n      },\n      \"meta\": {\n        \"actions\": {\n          \"view\": {\n            \"matchedPolicy\": \"resource.album_object.vdefault\"\n          }\n        },\n        \"effectiveDerivedRoles\": [\n          \"owner\"\n        ]\n      }\n    }\n  ]\n}\n```\n\n## Client SDKs\n\n* [Go](https://github.com/cerbos/cerbos-sdk-go)\n* [Java](https://github.com/cerbos/cerbos-sdk-java)\n* [JavaScript](https://github.com/cerbos/cerbos-sdk-javascript)\n* [.NET](https://github.com/cerbos/cerbos-sdk-net)\n* [PHP](https://github.com/cerbos/cerbos-sdk-php)\n* [Python](https://github.com/cerbos/cerbos-sdk-python)\n* [Ruby](https://github.com/cerbos/cerbos-sdk-ruby)\n* [Rust](https://github.com/cerbos/cerbos-sdk-rust)\n\n## Query plan adapters\n\n* [Prisma](https://github.com/cerbos/query-plan-adapters/tree/main/prisma)\n* [SQLAlchemy](https://github.com/cerbos/query-plan-adapters/tree/main/sqlalchemy)\n\n## Telemetry\n\nWe collect anonymous usage data to help us improve the product. You can opt out by setting the `CERBOS_NO_TELEMETRY=1` environment variable. For more information about what data we collect and other ways to opt out, see the [telemetry documentation](https://docs.cerbos.dev/cerbos/latest/configuration/telemetry.html).\n\n## Join the community on Slack 💬\n\n\u003ca href=\"http://go.cerbos.io/slack\"\u003e\u003cimg src=\"https://i.ibb.co/GxJfc1Q/cerbos-slack-btn.png\" width=\"200\"\u003e\u003c/a\u003e\n\n## 🔗 Links\n- [Newsletter](https://cerbos.dev/subscribe)\n- [Home page](https://cerbos.dev)\n- [Contribution Guidelines](CONTRIBUTING.md)\n- [Run cerbos Locally](https://docs.cerbos.dev/cerbos/latest/tutorial/01_running-locally)\n\n## Stargazers ⭐\n\n[![Stargazers repo roster for cerbos/cerbos](https://bytecrank.com/nastyox/reporoster/php/stargazersSVG.php?user=cerbos\u0026repo=cerbos)](https://github.com/cerbos/cerbos)\n\n## 🛡️ License\n\nCerbos is licensed under the Apache License 2.0 - see the [LICENSE](https://github.com/cerbos/cerbos/blob/main/LICENSE) file for details.\n\n## 💪 Thanks To All Contributors\n\nThanks a lot for spending your time helping Cerbos grow. Keep rocking 🥂\n\n\u003ca\u003e\n  \u003cimg src=\"https://contributors-img.web.app/image?repo=cerbos/cerbos\" alt=\"Contributors\"/\u003e\n\u003c/a\u003e\n","funding_links":[],"categories":["Go","Authorization","[↑](#table-of-contents)Tools \u003ca name=\"tools\"\u003e\u003c/a\u003e","Repositories","Security","Authentication and OAuth","\u003ca name=\"Go\"\u003e\u003c/a\u003eGo"],"sub_categories":["RBAC frameworks","Gateways \u0026 Policy Proxies","Authorization"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fcerbos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcerbos%2Fcerbos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcerbos%2Fcerbos/lists"}