Restricting Public Access to SonarCloud

Hello,

We have a few BitBucket workspaces that we analyse using SonarCloud. We protect our code within BitBucket so that it cannot be viewed without connecting via VPN (cannot be accessed through a public connection).

I have noticed that our devs could however view the same code in SonarCloud without the VPN. I was wondering if there is a way to block public access to our code (or entire project) so that it can only be accessed and viewed with a VPN connection.

Any help is greatly appreciated!

SonarCloud is a SaaS solution, so by its very nature it has to be on the public internet. Just like GitHub Enterprise Cloud, Jira Cloud, Bitbucket Cloud, Gmail, etc…

If you need it to be behind a private network you will have to use SonarQube instead, the on-premises solution. It does require a lot more administrative overhead to run it yourself though.

Hello,

Yes I understand that. Our Bitbucket workspaces are accessible through public IP’s but we’ve configured it so that one cannot view the code without being connected to the VPN.

This is what BitBucket does when we try to access code without VPN. I was hoping to have a similar configuration for SonarCloud.

Is that possible?

Thanks!

Hello @Sahil_Modak,

Welcome to the community!

We do not have a solution for this today. I’ve added your feedback to the feature request internally.

Best,
Martin