New Webhook IP Address

Peter_Daplyn · November 23, 2018, 1:02pm

Hi,

It looks like 18.184.195.184 has been added to sonarcloud webhook processing servers.

Can https://sonarcloud.io/documentation/security/ be updated to reflect this IP address needs to be white-listed pls? Would have saved us some head-scratching!

Any others we should be aware of?

Thanks.

xbourguignon · November 23, 2018, 3:26pm

Hi Peter,

You’re right, we forgot to update https://sonarcloud.io/documentation/security/ with this 6 new IPs you can add to your white-list:

18.194.206.183
3.121.87.141
18.184.195.184
18.185.94.218
3.120.158.225
18.184.94.13

SimonyanG · September 20, 2019, 1:51pm

Hi there , can’t find full list of webhook ip address , can you provide full list here ?

benoit · September 23, 2019, 8:50am

Hi,

The list of ip adresses is no longer available. Instead, you can ensure that webhooks comes from SonarCloud by using a secret.
See the “Securing you webhooks” section from the webhooks documentation page for more info.

SimonyanG · September 24, 2019, 11:22am

And how whitelist via firewall by secret?
Almost impossible, can you provide hook range ?

AlxO · September 25, 2019, 7:05am

Hi @SimonyanG,

By design, the IP addresses SonarCloud is invoking webhooks from will change with time (e.g. with the service auto-scaling). We can’t commit to a specific IP range, so therefore indeed, it is not realistic to use firewalls to protect webhooks targets.

Instead, to protect your endpoint, the correct solution is to use a secret, as explained in the webhooks documentation page.