Skip to content

Add Cedar Policy as CNCF Sandbox project #4648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
caniszczyk merged 2 commits into from
Jan 2, 2026
Merged

Add Cedar Policy as CNCF Sandbox project #4648

caniszczyk merged 2 commits into from
Jan 2, 2026

Conversation

Copy link
Contributor

Copilot AI commented Dec 29, 2025
edited by idvoretskyi
Loading

Cedar Policy was accepted to CNCF Sandbox on October 8, 2025. This PR adds it to the landscape in the Security & Compliance subcategory.

Changes

  • Added Cedar entry to landscape.yml alphabetically between Cartography and Cerbos

    • Project type: sandbox
    • Main repo: https://github.com/cedar-policy/cedar
    • Additional repo: cedar-access-control-for-k8s (K8s integration)
    • Acceptance date: 2025-10-08

  • Added logo (cedar.svg) using CNCF icon from artwork repository as no project-specific logo was available

Entry Details

- item:
    name: Cedar
    homepage_url: https://cedarpolicy.com
    logo: cedar.svg
    description: >-
      Cedar is an open source authorization policy language that enables developers to express 
      fine-grained permissions as easy-to-understand policies enforced in their applications...
    project: sandbox
    repo_url: https://github.com/cedar-policy/cedar
    additional_repos:
      - repo_url: https://github.com/cedar-policy/cedar-access-control-for-k8s
    extra:
      lfx_slug: cedar
      accepted: '2025-10-08'
      clomonitor_name: cedar

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/orgs/cedar-policy/repos
    • Triggering command: /usr/bin/curl curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

On landscape.yml, Can you please create a new entry (or update the one if it does exist) for the Cedar Policy project, that was accepted to the CNCF Sandbox on October 8 2025.

If the project logo does not exist - please use the existing one from https://github.com/cncf/artwork/blob/main/other/cncf/icon/color/cncf-icon-color.svg.

Project summary

Cedar policy language for fine-grained authorization

Project description

Cedar is an open source authorization policy language that enables developers to express fine-grained permissions as easy-to-understand policies enforced in their applications, and decouple access control from application logic. Cedar is designed to be ergonomic, fast, safe, and analyzable using automated reasoning. Cedar's simple and intuitive syntax supports common authorization use-cases with readable policies, naturally expressing concepts from role-based, attribute-based, and relation-based access control models. Cedar's policy structure enables authorization requests to be decided quickly. Its policy validator uses optional typing to help policy writers avoid mistakes, but not get in their way. Cedar's design has been finely balanced to allow for a sound, complete, and decidable logical encoding, which enables precise automated analysis of Cedar policies, e.g., to ensure that policy refactoring preserves existing permissions. Cedar's language specification has been formally verified using a theorem prover to satisfy key security properties like "deny trumps allow," and its implementation in Rust undergoes rigorous differential random testing against its formal specification. By combining mathematical rigor with developer-friendly design, Cedar offers a practical approach to secure, maintainable authorization for modern applications.

Org repo URL (provide if all repos under the org are in scope of the application)

https://github.com/cedar-policy

Project repo URL in scope of application

N/A

Additional repos in scope of the application

The Cedar website and playground are currently in a private repo; to be made public for CNCF submission. https://www.cedarpolicy.com/

In addition, there is a repo for Cedar Access Control to K8. This can be contributed to CNCF and we're seeking community feedback on where it should organizationally reside (i.e. as part of Cedar, or in different K8-specific repo). This has been moved to the cedar-policy org and is now part of the donation: https://github.com/cedar-policy/cedar-access-control-for-k8s

Website URL

cedarpolicy.com

Thanks

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Update or add Cedar Policy project entry in landscape.yml Add Cedar Policy as CNCF Sandbox project Dec 29, 2025
Copilot AI requested a review from idvoretskyi December 29, 2025 11:23
@idvoretskyi idvoretskyi marked this pull request as ready for review December 29, 2025 11:31
@idvoretskyi idvoretskyi mentioned this pull request Dec 29, 2025
Open
36 tasks
@caniszczyk caniszczyk added this pull request to the merge queue Jan 2, 2026
Merged via the queue into master with commit 4157c03 Jan 2, 2026
4 checks passed
@caniszczyk caniszczyk deleted the copilot/update-cedar-policy-entry branch January 2, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@idvoretskyi idvoretskyi Awaiting requested review from idvoretskyi

Assignees

@idvoretskyi idvoretskyi

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@caniszczyk @idvoretskyi