Must-share information (formatted with Markdown):
Version : * 9.3 (build 51899) Enterprise
Azure DevOps we are using is SaaS and SonarQube is on On Azure Cloud(consider it on Prem for better understanding). I do not want to expose my Sonar Server to the internet. Is there any way to securely connect without exposing sonar to internet.
Local agent builds are working fine while running from Azure DevOps they are getting a connection error (Evident as sonar is not accessible from the internet).
Has anyone tried this type of configuration?
You might be able to try only exposing your SonarQube server to Agent IP Ranges.
Ultimately – SonarQube must be accessible wherever your analyses are run.
Agreed but there comes an overhead as the Azure agent Ip changes on a weekly basis as per Azure documentation.
But seems the most viable option as well.
Reference from the documentation.
" We publish a weekly JSON file listing IP ranges for Azure datacenters, broken out by region. This file is updated weekly with new planned IP ranges. The new IP ranges become effective the following week. We recommend that you check back frequently (at least once every week) to ensure you keep an up-to-date list. If agent jobs begin to fail, a key first troubleshooting step is to make sure your configuration matches the latest list of IP addresses. The IP address ranges for the hosted agents are listed in the weekly file under
AzureCloud.<region> , such as
AzureCloud.westus for the West US region."