Capability Map

Cerbi starts where logs are created, then expands into scanning, policy management, AI-assisted guidance, and cross-runtime governance.

Roadmap items are directional and may change based on customer needs, security review, and release readiness.

Governance Signal Map

From source to governed signal

Cerbi intercepts logging behavior at the source, governs it through the control plane, and delivers clean, governed logs to downstream observability, SIEM, cloud, and data platforms.

01 SourceAvailable

Application Logging Source

Where logs are created. .NET, Node.js, Python, Java, Go - across frameworks and services.

.NETNode.js
02 RuntimeAvailable

.NET Runtime Governance

Runtime enforcement and build-time analyzer govern each log call before it leaves the application.

.NET
03 Control PlaneAvailable

CerbiShield

Central policy management, RBAC, scoring, reporting, and audit evidence. Live on Azure Marketplace. AWS and Google Cloud Marketplace distribution planned.

04 DiscoveryAvailable

Cerbi Scanner

Scans repositories for risky log calls, missing fields, and services without governance profiles. Available as a CLI tool and Visual Studio Marketplace extension.

05 AI LayerIn Progress

AI-Assisted Governance

Suggests rules, explains violations, and recommends remediation. Humans approve before policy activates.

06 AdaptersAvailable

Cross-Runtime Adapters

Python, Java, Node.js, and Go adapters are live. Governance now extends across all major runtime ecosystems.

PythonJavaNode.jsGo
07 IntelligenceExploring

CerbiSense

Analyzes governance metadata over time to surface policy gaps, drift, and rule improvement opportunities.

08 DistributionExploring

CerbiShield - AWS Marketplace

CerbiShield control plane distributed via AWS Marketplace for teams running workloads on AWS.

09 DistributionExploring

CerbiShield - Google Cloud Marketplace

CerbiShield control plane distributed via Google Cloud Marketplace for teams running workloads on GCP.

10 DestinationAvailable

Governed Logs Flow Safely

Clean, governed logs reach Datadog, Splunk, Application Insights, OpenSearch, SIEM tools, and cloud platforms.

Available Today

Available today

.NET Governance Stack

Available Today

Govern structured logging before it reaches downstream systems.

What it does

Adds runtime and build-time governance to .NET logging across Microsoft.Extensions.Logging, ASP.NET Core, Serilog, NLog, CerbiStream, analyzers, and shared governance runtime libraries.

Result

Teams can detect, tag, redact, or enforce logging rules before logs leave the application.

Who it helps

.NET developers, platform teams, application architects, and security teams.

.NETMELASP.NET CoreSerilogNLogCerbiStreamRuntime GovernanceAnalyzer
.NET App
Cerbi Runtime
Governance Layer
Downstream Systems

CerbiShield

Live - Azure Marketplace

Centralize policy management, reporting, scoring, and governance evidence.

What it does

Provides the enterprise control plane for governance profiles, RBAC, Governance Store API, Governance Deploy API, Reporting API, Scoring API, deployment history, audit history, and customer-managed deployment. Currently live on Azure Marketplace. AWS Marketplace and Google Cloud Marketplace distribution is planned.

Result

Teams can manage logging governance centrally instead of scattering rules across repos, wikis, and tribal knowledge.

Who it helps

Platform teams, security teams, architects, compliance reviewers, and enterprise application owners.

Azure MarketplaceAWS Marketplace (Planned)Google Cloud Marketplace (Planned)RBACPolicy ManagementReportingScoringAudit Evidence
Policy Authoring
CerbiShield
Governance Deploy API
App Runtime

Cerbi Scanner

Available - CLI + VS Marketplace

Find risky logging behavior before it ships.

What it does

Scans repositories for unsafe log calls, missing correlation fields, unstructured logging, sensitive field usage, inconsistent event names, and services without governance profiles. Available as a CLI tool (dotnet tool install -g Cerbi.Scanner) and as a Visual Studio Marketplace extension.

Result

Teams get a prioritized logging risk report showing which apps, files, and log patterns need attention first - with no account required.

Who it helps

Developers, security reviewers, platform teams, app onboarding teams, and migration teams.

CLIVS MarketplaceRepo ScanningStatic AnalysisLogging RiskSensitive Field Detection
Repo Scan
Risk Analysis
Prioritized Report
Remediation

Signature Packs

Available Today

Start faster with reusable logging governance patterns.

What it does

Provides starter governance patterns for common logging scenarios such as security events, API activity, audit events, PII handling, financial events, and observability patterns.

Result

Teams get a practical starting point instead of building every logging rule and event pattern from scratch.

Who it helps

Teams that want sane defaults before customizing their own governance profiles.

Signature Packs provide starter patterns and regulatory-aligned governance support. They do not imply certified compliance.

SecurityAPIAuditPIIFinancialObservabilityStarter Patterns
Building Now

Building now

AI-Assisted Governance

Building / Planned

Use AI to explain, suggest, and improve logging governance - without giving AI control.

What it does

Helps explain violations, suggest safer structured log shapes, recommend starter rules, summarize governance posture, and identify repeated logging patterns.

Result

Teams get faster policy creation and cleaner remediation guidance, while admins still approve changes before they become active policy.

Who it helps

Developers, governance admins, security teams, and platform teams trying to improve logging behavior without manually reviewing every log pattern.

AI can recommend. Humans approve. Cerbi enforces.

AI AssistanceRule SuggestionsViolation ExplanationPolicy ReviewAdmin Approval
AI Suggestion
Admin Review
Approved Policy
Cerbi Enforcement
Available

Cross-runtime - now available

Node.js Governance Adapters

Available

Cerbi governance is live for Node.js logging.

What it does

Governs logging in Node.js applications using Winston and Pino, enforcing field requirements, filtering sensitive data, and routing to approved destinations.

Result

Node.js teams can enforce the same governance model already running in .NET services - consistent policy across the stack.

Who it helps

Node.js teams, full-stack organizations, and multi-runtime platform teams.

Node.jsWinstonPinonpm
Winston / Pino
Cerbi Adapter
Governance Layer
Downstream

Cross-Runtime Adapters

Available

One governance model. Python, Java, Node.js, and Go - all live.

What it does

Cerbi governance adapters are available for Python, Java, Node.js, and Go - covering common frameworks including Loguru, structlog, Log4j2, Logback, Pino, Winston, Zap, and Zerolog.

Result

Organizations apply consistent logging governance across all languages, teams, and cloud environments without changing the policy model.

Who it helps

Multi-language engineering organizations, platform teams, and enterprise architecture teams.

PythonJavaNode.jsGoLogurustructlogLog4j2LogbackPinoWinstonZapZerolog
Python / Java / Go / Node.js
Cerbi Adapter
Shared Governance Model
Future Intelligence

Future intelligence

CerbiSense

Exploring

Learn from governance metadata over time.

What it does

Analyzes governance metadata to identify repeated violations, policy gaps, governance drift, noisy logging patterns, and rule improvement opportunities.

Result

Teams can improve policies based on real logging behavior instead of guessing which rules matter.

Who it helps

Larger organizations with many apps, teams, governance profiles, and reporting needs.

CerbiSense analyzes governance metadata only - not raw sensitive log payloads. All recommendations require admin review before becoming active policy.

Governance MetadataPolicy GapsViolation PatternsDrift DetectionRule Improvements
Governance Metadata
CerbiSense Analysis
Recommendations
Admin Approval

CerbiShield - AWS Marketplace

Planned

CerbiShield control plane distributed natively via AWS Marketplace.

What it does

Packages CerbiShield for distribution through AWS Marketplace, giving AWS-native organizations a familiar procurement, billing, and deployment experience for the Cerbi control plane.

Result

AWS teams can deploy CerbiShield directly from their existing AWS procurement workflow without custom integration or manual licensing.

Who it helps

AWS-native organizations, cloud platform teams, and enterprise buyers managing software procurement through AWS.

AWS MarketplaceControl PlaneEnterprise DistributionPlanned
AWS Marketplace
CerbiShield Deploy
Governance Store API
App Runtime

CerbiShield - Google Cloud Marketplace

Planned

CerbiShield control plane distributed natively via Google Cloud Marketplace.

What it does

Packages CerbiShield for distribution through Google Cloud Marketplace, enabling GCP-native organizations to procure and deploy the Cerbi control plane within their existing cloud ecosystem.

Result

GCP teams can deploy CerbiShield from their existing Google Cloud procurement workflow without custom integration or manual licensing.

Who it helps

GCP-native organizations, cloud platform teams, and enterprise buyers managing software procurement through Google Cloud.

Google Cloud MarketplaceControl PlaneEnterprise DistributionPlanned
Google Cloud Marketplace
CerbiShield Deploy
Governance Store API
App Runtime

What each capability gives you

A quick reference across the full capability set.

CapabilityStatusMain resultBest for
.NET Governance StackAvailable TodayGovern logs before they leave .NET apps.NET teams and app developers
CerbiShieldLive - Azure MarketplaceCentral policy, RBAC, reporting, scoring, and evidencePlatform, security, architecture
CerbiShield - AWS MarketplacePlannedCerbiShield control plane distributed via AWS MarketplaceAWS-native organizations
CerbiShield - Google Cloud MarketplacePlannedCerbiShield control plane distributed via Google Cloud MarketplaceGCP-native organizations
Signature PacksAvailable TodayFaster starter rules and reusable event patternsTeams starting governance
Cerbi ScannerAvailable - CLI + VS MarketplacePrioritized repo-level logging risk reportDevelopers, security, platform
AI-Assisted GovernanceBuilding / PlannedSuggested rules, explanations, and remediation guidanceGovernance admins and dev teams
Node.js AdaptersEarly AlphaEarly governed logging support for Winston and PinoNode.js teams and early adopters
Cross-Runtime AdaptersAvailableConsistent governance across languagesMulti-language organizations
CerbiSenseExploringMetadata-driven policy improvement insightsLarger teams and enterprises

How this helps different team sizes

Solo / Founder

Start with the .NET governance stack or scanner to avoid bad logging habits early.

Result

Cleaner logs before product debt forms.

Small Team

Use starter profiles, signature packs, and observe mode.

Result

Guardrails without slowing delivery.

Growing Team

Add CerbiShield, reporting, profile versioning, and scanner-based cleanup.

Result

Standardized logging across services.

Enterprise

Use CerbiShield, RBAC, audit evidence, deployment history, scanner, and cross-runtime governance.

Result

Governed logging as an enforceable enterprise control.

Start simple. Mature when ready.

Cerbi is designed to grow with your team. Start with visibility, add guidance, and govern when ready.

01Observe

Find risky logging behavior without blocking developers.

Result

You learn where risk exists before changing team workflows.

02Guide

Turn on warnings, redaction, and suggestions.

Result

Developers get safer defaults and clearer remediation.

03Govern

Enforce trusted rules and report coverage.

Result

Security, architecture, and audit teams get evidence without manually policing every log line.

Trust boundaries

Built for enterprise trust boundaries

Govern at the source
No raw logs required for recommendations
Customer-managed deployment model
Admin-approved policy changes
Designed for existing observability stacks

Get started

Find the logging risk your dashboards cannot fix.

Start with visibility. Add guidance. Govern when ready.

Start with CerbiView implementation guide

[ cerbi ] · Start now

Govern logging before it leaves your application.

One NuGet package. No pipeline changes. Policy-as-code governance that runs in-process before sensitive data ever reaches Splunk, Datadog, or Azure Monitor.

Start free trialView Pricing
14-day free trial/No credit card/Works with Serilog · NLog · MEL
Governed Logging from Source to Signal | Cerbi Capability Map | Cerbi