SonarSource github org IP filter blocks renovate updates

copy · May 19, 2025, 2:35pm

Hi,

we use renovate to keep the sonarqube github actions (SonarSource/sonarqube-scan-action) up-to-date in our workflows. I noticed that the renovate bot (hosted by mend for github repos on AWS) started failing to update these dependencies.
A look in the log revealed that there seems to be an IP filter on the SonarSource org that prevents the bot from checking the releases for updates.

DEBUG: Datasource unknown error
{
  "datasource": "github-tags"
  "packageName": "SonarSource/sonarqube-scan-action"
  "err": {
    "message": "Although you appear to have the correct authorization credentials, the `SonarSource` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.",
    "stack": "Error: Although you appear to have the correct authorization credentials, the `SonarSource` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.\n    at GithubGraphqlDatasourceFetcher.doRawQuery (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:136:21)\n    at processTicksAndRejections (node:internal/process/task_queues:105:5)\n    at GithubGraphqlDatasourceFetcher.doShrinkableQuery (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:199:20)\n    at GithubGraphqlDatasourceFetcher.doPaginatedFetch (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:248:27)\n    at GithubGraphqlDatasourceFetcher.doCachedQuery (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:288:7)\n    at GithubGraphqlDatasourceFetcher.getItems (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:326:17)\n    at Function.query (/usr/local/renovate/lib/util/github/graphql/datasource-fetcher.ts:60:19)\n    at queryTags (/usr/local/renovate/lib/util/github/graphql/index.ts:15:15)\n    at GithubTagsDatasource.getReleases (/usr/local/renovate/lib/modules/datasource/github-tags/index.ts:81:24)\n    at getRegistryReleases (/usr/local/renovate/lib/modules/datasource/index.ts:86:15)\n    at huntRegistries (/usr/local/renovate/lib/modules/datasource/index.ts:138:13)\n    at fetchReleases (/usr/local/renovate/lib/modules/datasource/index.ts:363:15)"
  }
}

help would be appreciated.

Colin · May 20, 2025, 8:01am

Hey there.

Thanks for the report. We’ve recently been testing the GitHub IP Allow List feature, and I’ve reported the situation to see if there are any steps we can take to address it before leaving it turned on! I’ll keep you updated as I learn more.

Colin · May 20, 2025, 11:25am

For now, we’ll pause the rollout. It looks like this is a bug on the GitHub side. I can’t promise this will block the implementation indefinitely, but we are investigating further.

Topic		Replies	Views
IP's for update.sonarsource.org SonarQube Server / Community Build	2	191	April 25, 2024
https://github.com/SonarSource/sonar-scanner-cli/releases are not semver compatible leading to Renovatebot failures SonarQube Server / Community Build scanner	1	601	October 1, 2020
GitHub.com PR Decoration requires SonarQube v8.4.2+ starting October 1st Guides sonarqube , github , pull-request	1	1544	September 30, 2020
Sonarqbe Server Enterprise Edition is not decorating PullRequests from Forked repositories SonarQube Server / Community Build sonarqube , scanner , coverage	4	367	February 15, 2023
Why Github PR is not updated with Sonar analysis SonarQube Server / Community Build	0	584	March 6, 2019

SonarSource github org IP filter blocks renovate updates

Related topics