Webhooks sporadically not working

Template for a good new topic, formatted with Markdown:

  • Bitbucket Cloud
  • Jenkins
  • Scanner command used when applicable ./mvnw -B -ff -ntp install sonar:sonar
  • Java
    *
  • Error observed
  • sporadically the webhooks from the sonarcloud to jenkins do not work. I see error “destination server not reachable”. But if I allow 0.0.0.0/0 the webhooks are working
  • Steps to reproduce. Just wait and the webhooks will fail
  • Potential workaround - allow 0.0.0.0/0 or remove waitForQualityGate()

Hey there.

What rules are you applying before you make this change, that are sometimes working and sometimes not?

Hello, I am applying the IPs in this page https://docs.sonarsource.com/sonarcloud/organizations/overview/?_gl=18rb4pp_gcl_auNTg5NjU0NDYyLjE3MDg0NjI4NjM._gaMzQ5MjUwNjA0LjE3MDg0NjI4NjQ._ga_9JZ0GZ5TC6*MTcwODQ2Mjg2My4xLjAuMTcwODQ2Mjg2My42MC4wLjA.#organizations-and-ip-filtering

  • 3.122.211.192
  • 35.158.229.250
  • 18.196.105.168
  • 3.68.134.44
  • 3.74.220.70
  • 3.74.69.101

Thanks!

Webhooks actually aren’t covered by these IP addresses (I asked when we introduced these static IP addresses)

SonarCloud currently allows the following static IP addresses for outgoing calls to supported DevOps platforms (GitHub, GitLab, Azure DevOps Services, and BitBucket Cloud):

IP filtering is not supported for any other use case.

Hi Colin, is there other list of Sonarcloud IPs that I can whitelist to allow only access from the Sonarcloud to the build server. I really don’t want to allow everything to get the webhooks back to the CICD server.But without them I cannot integrate the source check into the pipelines. If there is no explicit list, what other workaround we can use. Thank you.

You could decide to use sonar.qualitygate.wait=true from your build pipeline instead of waitForQualityGate()here are the docs.

Hi, I believe both are the same. The first is an inline parameter, the second is a plugin function. But in both cases, I need to wait for the quality gate to send webhooks, that I have to whitelist. I am looking for the source IPs of all Sonar webhooks so I can whitelist them in the build system.

No – sonar.qualitygate.wait makes calls from Jenkins to SonarCloud to check that Quality Gate status. waitForQualityGate() requires that SonarCloud can send Jenkins a webhook.

That list doesn’t exist today.

I will test this and will write back. Thank you !