Technology logo

Using GitHub container registry as a policy registry

Speak with an engineer

Securing your policy workflow

GitHub is where the world builds software. The popular platform offers GitHub Packages (GHCR), which allows developers to host and maintain code packages and containers.

Aserto expresses policies as code wrapped in OCI containers. As a result, developers can build, tag, sign, push, and pull authorization policies like Docker containers.

Aserto natively supports the GitHub container registry as the artifact repository for authorization policies built into OCI images. You can use the Policy CLI to build policies and then push them to your GitHub container registry organization. You can also create policy instances in Aserto from policy images stored in the GitHub container registry.

Benefits of using the Policy CLI with GitHub

policy-as-code workflow

Easily pull public policy images for sharing/reuse. Keep policy images secure by signing and versioning with Cosign. Then secure, automate, test, and manage your policy development pipeline with the GitHub container registry.

What is Aserto?

Aserto helps developers build secure applications. We make it easy to add fine-grained, policy-based, real-time access control to cloud applications and APIs. Built around established cloud-native, open-source technologies, like OPA and Zanzibar, Aserto handles all the heavy lifting required to achieve secure, scalable, high-performance access management.

Aserto authorizes locally and manages centrally, offering blazing-fast authorization of a local library, coupled with a centralized control plane for managing policies, user attributes, resource and relationship data, and decision logs. And it comes with everything you need to deliver fine-grained RBAC, ABAC, or ReBAC, as well as comprehensive developer resources for any language or framework - saving you months of engineering time.


Built for developers with

David Kerber

VP of Technology

"Authorization involves really hard problems that I want experts to solve. We like to focus our internal engineering efforts on our customers and their problems. Aserto allows us to do just that, at a small fraction of the cost it would take to build and maintain it ourselves, not to mention the opportunity cost."

Mathias Biilmann Christensen

Co-founder & CEO, Netlify

"As millions of developers and businesses are adopting a Jamstack approach, most modern web applications involve multiple APIs and services. Aserto's promise of separating policies from code could radically simplify the implementation of authorization across the front-end UI and the larger world of back-end functions and endpoints."

Tom Preston-Werner

Co-founder, GitHub

"Building & managing an authorization/RBAC system is a huge pain, especially at enterprise scale. So stop! Aserto has a distributed, millisecond latency, 100% availability API for that. I'm excited to help as an angel investor!"


Authorization as easy as an API call

Speak with an engineer