Advanced administration

This section provides information necessary to configure IP and domain allow lists related to SonarQube Cloud on your third-party product or on your proxy. To restrict access to SonarQube Cloud to an allowed list of IP addresses, see IP allow lists.

IP addresses used by SonarQube Cloud

SonarQube Cloud currently allows the following static IP addresses for outgoing calls to supported DevOps platforms (GitHub, GitLab, Azure DevOps, and BitBucket Cloud). You must ensure these IP addresses are allowed for your DevOps platform service.

• 3.68.134.44

• 3.74.220.70

• 3.74.69.101

• 18.196.105.168

• 3.122.211.192

• 35.158.229.250

• 3.253.125.212/30

In addition, SonarQube Cloud’s authentication service may connect from one of the IP addresses listed here. You must ensure the appropriate IP addresses are allowed for your identity provider (DevOps platform service or SSO) based on your use case.

If your network is secured with a firewall or proxy server

If you can’t access SonarQube Cloud on your network and your pipeline is hosted within an organization that is secured with a firewall or proxy server, you must add certain IP addresses and domain URLs to the allowed external destinations. To do this, add to your firewall an outbound rule that allows the following domain URLs:

• sonarcloud.io and *.sonarcloud.io, which would cover notifications.sonarcloud.io used for web sockets.

• analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com

• app.getbeamer.com for the latest news on SonarQube Cloud.

• sonarsource.com (if logged out, users are redirected here).

• docs.sonarsource.com to view the product documentation. In addition, *.sonarsource.com would provide access to additional content sometimes referenced in the docs.