Sonarcloud IP binding

Hi Team,
Can you let me know If we can bound the Sonarcloud with specific IPs so that we can only access from limited locations.

Regards
Sumit

Hey there.

Do you mean to limit access to your SonarCloud organization by only accepting requests from certain IP ranges? I can confirm that’s not a possibility at the moment. Let me know if you meant something else.

Other useful resources might include our security statement.

Hi Colin,

Thanks for your above response.
We want that who has access to the Sonarcloud will only able to use Sonar via some controlled process so can you please suggest some mechanism for that.

Regards
Sumit

Right now, that can only be handled via your authentication provider (controlling who can login and from where).

Hi Colin,

Thanks for the above response.

Can we integrate Sonarcloud with LDAP? If yes can have some documentation regarding it.

Regards
Sumit

You can authenticate via the DevOps Platform (Github, Gitlab, etc.), which might delegate authentication to some SAML setup, but not by connecting directly to an AD server.

Hi Colin,

Thanks for your above response.

We have Gitlab as a SCM tool hosted in private server, how can we connect it with the SonarCloud securely?

Please share some documentation regarding it.

Regards
Sumit

SonarCloud can only be connected to Gitlab.com – not Gitlab self-hosted. You may be interested in SonarQube which integrates with on-prem DevOps Platforms.

Hi Colin,

Thanks for your above response.

Is there anything like Hardware binding option, restricting project code download option in the Sonarcloud?
If yes, please help me with the documentation for it.

Regards
Sumit

While you can restrict who can see source code – any user that has that permission will have full access to your code. I’m not sure what you mean by “Hardware binding” in this context.

Is there any plan to implement an IP Restriction feature in SonarCloud? Many of the authentication provider setups wouldn’t support this (e.g. github.com accounts), and authentication provider based access doesn’t cover the use case of API tokens.

@kthompso It’s on our list, particularly as we plan to cover more Enterprise use-cases with SonarCloud this year.

1 Like