Does SonarCloud support the GitHub IP Whitelist feature or offer a list of public IP addresses for whitelisting? Other GitHub Marketplace Apps will automatically add themselves to an organizations IP whitelist (Dependabot, for example) but it didn’t seem like SonarCloud offered that same functionality when authorized in the org.
SonarCloud support told me to ask this question here in order to get the devs attention…
Hi @LeaderXFX, and welcome to the community!
Indeed, SonarCloud does not provide fixed public IP addresses. The IP addresses you will get when resolving sonarcloud.io will change with time.
Regards,
@AlxO
Hi,
I am wondering if this is still the case?
There is no fixed IP address for sonarcloud?
Thanks,
J
Hi @void,
Yes this is still the case. As of today, we have no plans to provide fixed IP addresses for sonarcloud.io. Would you want to share your use case and its rationale?
Regards,
@AlxO
Hi @AlxO
My company has Github IP Whitelisting enabled. It is so that developers must be on the VPN to access source code
I have seen comments on other posts that the public IP’s are rotating and that is true AWS ELB’s for requests from Github to SonarCloud, but the Github IP Whitelisting restrict traffic into Github and we would need static IP’s of your NAT Gateway’s which would be static, unless your using elastic IP’s on EC2 instances in public VPC’s.
This is a showstopper for us and our security team will not allow us to drop the Github IP whitelist so we will have to look at other solution’s if this can’t be resolved.
Hi @pexa-afarrugia ,
Thanks for your feedback. I’ve captured it as input for our product future features.
You can track and contribute to features at this location: SonarCloud | Product Roadmap
Regards,
@AlxO
Hi,
I couldn’t find anything regarding Github IP Whitelist support on the roadmap. Is there any chance that this will be supported in the near future?
Github also support to update IP allow list automatically for IP address provided by Github App providers. This would help to address the challenge of changing external IPs.
This topic is very important for us. Without supporting IP allow lists we wouldn’t be able to use SonarCloud.
Thanks and Best
Florian
Hello @florian.gessner ,
Welcome to the community, and thank you for your feedback!
This feature is not on our short-term roadmap, but we’ll keep a record of this and continue to lookout for similar requests. We’ll update this thread if anything changes.
I’m in the same situation. I’ll need to pool for your IPs and add manually to github IP locking (cause there’s no API for it)
Would suggest what Atlassian did with their github app
@ AlexO just to confirm. Are these IPs used by sonarcloud to fetch git?
dig sonarcloud.io
; <<>> DiG 9.10.6 <<>> sonarcloud.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28927
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sonarcloud.io. IN A
;; ANSWER SECTION:
sonarcloud.io. 46 IN A 54.192.137.113
sonarcloud.io. 46 IN A 54.192.137.29
sonarcloud.io. 46 IN A 54.192.137.14
sonarcloud.io. 46 IN A 54.192.137.16
Hello @MarcinDBLK ,
Welcome to the community!
We are working on this topic right now and likely are going to have an update sometime next week. I’ll post an update to this thread once we have more information to share.
This is now available for SonarCloud: Static IPs for outgoing calls to DevOps platforms
Sonarcloud trying to access GitHub from different IPs, we cannot find actual static IPs to be allowed in the GitHub IP allowed list.
Can anyone help us to find SonarCloud IP addresses
Hello @arunkumaradhipathi ,
You can use the IP addresses that are automatically provided through our GitHub App or use the ones we have listed in our documentation: