SonarQube: 8.1 Developer Edition
I have a fairly locked down SonarQube server, which is behind a load balancer and only accepts connection from my IP range.
I am using the GitLab Pull Request Decorator, however because of how locked down the server is, I believe it is unable to load the images which it is trying to get from the SonarQube server, for example:
I’ve tried whitelisting the GitLab IP range from https://docs.gitlab.com/ee/user/gitlab_com/#ip-range, to both the load balancer, as well as the server directly, however the images are still not being rendered.
Am I missing something here perhaps?
Thank you in advance!
I guess you are using gitlab.com (vs on-prem). They use a proxy for assets : https://docs.gitlab.com/ee/security/asset_proxy.html
So you have to allow access from
user-content.gitlab-static.net, not gitlab.com IPs.
Thanks for the response!
Yup, I am using gitlab.com - just to verify, I need to get the IP address range of
user-content.gitlab-static.net so I can add that to my security rules?
Just to add, GitLab support provided the IP
220.127.116.11/32 for the asset proxy, which I whitelisted and has resolved the issue.
Glad you made this working! Thanks for the IP range of the asset proxy, that may be useful fo others.
Hi @pierreguillot same issue here, so thank you to point out the issue.
I’m using aws with sonarqube with docker, where I should add this ip range?
We have the same issue, and our security policy does not allow us to open up the network to allow gitlab to reach our SQ.
It would be nice anyway, if, instead of requiring network trips to pull the image assets in, that they were embedded in the MR decoration as base64 images.
It’s a little thing, and we live without it, but this would be a remediation that would fix it for good for everyone
https://jira.sonarsource.com/browse/SONAR-13106 fixed that, loading images from the web if you use github.com or gitlab.com.
Images will be loaded from here: https://github.com/SonarSource/sonarqube-static-resources
The fix will be available with SonarQube 8.6, planed for the 2nd week of December.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.