Cerbos Synapse
Synapse is a modular, enrichment proxy that complements the open source Cerbos PDP. It can either be dropped in place of the existing PDPs or deployed as a standalone gateway in front of the existing fleet. It exposes the same Cerbos API (both http and gRPC) on a single port and, in its default configuration, behaves exactly the same way as a PDP. Its power lies in the ability to configure request enrichment pipelines, HTTP handlers for integrating with third-party authorization APIs and native Envoy external authorization support. Coupled with CI/CD pipelines and audit log capture provided by Cerbos Hub, Synapse enables building comprehensive security solutions tailored to the needs of your organization.
Synapse has several extension points that support multiple extension types:
-
Native components built, distributed, and supported by Cerbos engineers
-
Custom scripts written using Starlark, a lightweight Python dialect
-
Custom components built using any language that compiles to web assembly (WASM)
-
Declarative mapping using Common Expression Language (CEL), the same language used to author conditions in Cerbos policies (select extension points only)