IP allow lists
How to restrict the IP allow list for SonarQube Cloud
For SonarQube Cloud enterprises using Single Sign-On (SSO) authentication, access can be restricted to an allowed list of IP addresses. This restriction applies to the SSO user authentication, the Personal Access Tokens (PAT) generated by SSO users, and the Scoped Organization Tokens (SOT).
Note that:
You can configure maximum 500 IP addresses or ranges in your IP allow list.
You can use the Authentication domain API to retrieve an enterprise's IP allow list or to update a list.
You must be an enterprise admin to be able to configure your enterprise's IP allow list.
Configuring an IP allow list will restrict access to SonarQube Cloud from all IP addresses not specified. Changes will take effect within 5 minutes of saving.
To authenticate with SonarQube Cloud, the analysis step of your CI pipeline will be subject to this restriction. This means you need to allow the IP address(es) of your CI-based runner.
Configuring an IP allow list for your enterprise
Retrieve your enterprise. For more details, see Retrieving and viewing your enterprise.
Go to Administration > IP allow list.
Enter the allowed IP addresses separated by a comma. Both IPv4 and IPv6 addresses with or without CIDR notation are supported. IP address examples:
192.0.2.0198.51.100.0/242001:0db8:130f:0000:0000:09c0:876a:130b2001:db8:130f::9c0:876a:130b2001:db8:abcd::/48
Select the Save button.
Deleting your enterprise's IP allow list
Retrieve your enterprise. For more details, see Retrieving and viewing your enterprise.
Go to Administration > IP allow list.
Remove all the IP addresses or ranges from the IP address(es) & CIDR ranges field.
Select the Save button.
Last updated
Was this helpful?