Bitbucket Cloud allowlisted IP addresses and SonarCloud

My objective: The organization I’m a part of has a private workspace on Bitbucket Cloud ( and a private organization on SonarCloud ( For security purposes we’d like to enable the “Allowlisting IP addresses” feature (, so that our developers will need to be connected to our VPN in order to access our source code.

My question: I’ve done some Googling and I understand from other topics in this Sonar Community that SonarCloud does not provide fixed public IP addresses. If we enable this feature then will SonarCloud continue to work for us, or is there something we can/need to do in order to enable the aforementioned feature without encountering adverse side effects?

Background info: For each Bitbucket repo that we do sonar scans for, we have the repo bound/linked to a corresponding project in our organization in SonarCloud. When we login to SonarCloud via a web browser we click “BITBUCKET”. We do scans for each repo from our CI/CD tool (which is Bamboo) by utilizing the features described on SonarScanner for Gradle & SonarCloud and

I’m happy to answer questions, and thanks in advance for the help.

More background info:

The URL I shared above for Atlassian Support is a page that states that only IP addresses or network blocks can be added to a Bitbucket Cloud allowlist, so unfortunately I cannot add to an allowlist.
But that page also mentions “users won’t be able to clone, push, or pull a private repository”, so maybe there won’t be any issue for us with SonarCloud by enabling the allowlist feature? Given that I believe there is no git clone/push/pull being done between SonarCloud and Bitbucket Cloud.

SonarCloud needs to be able to communicate with Bitbucket to perform activities like Pull Request Decoration. SonarCloud does not need to clone, push, or pull a private repository.

Hey there.

SonarCloud does now provide fixed public IP addresses.

Read more here: