IP allow lists

How to restrict the IP allow list for SonarQube Cloud

This feature requires the Enterprise license and is currently in beta, subject to the terms here.

For SonarQube Cloud enterprises using Single Sign-On (SSO) authentication, access can be restricted to an allowed list of IP addresses. This restriction applies to the SSO user authentication, the Personal Access Tokens (PAT) generated by SSO users, and the Scoped Organization Tokens (SOT).

While the IP allow list feature is in beta, the defined IP range will not block the following:

Smart notifications in SonarQube for IDE when connected to SonarQube Cloud.
Update of the Latest activity view on the project overview page for logged-in users.

The step-by-step procedure below explains how to configure your IP allow list in SonarQube Cloud's UI. You can also use the Authentication domain API.

To authenticate with SonarQube Cloud, the analysis step of your CI pipeline will be subject to this restriction. This means you need to allow the IP address(es) of your CI-based runner.

To configure your IP allow list in SonarQube Cloud:

Retrieve your enterprise. For more details, see Retrieving and viewing your enterprise.
Go to Administration > IP allow list.
Enter the allowed IP addresses separated by a comma. Both IPv4 and IPv6 addresses with or without CIDR notation are supported. IP address examples:
- 192.0.2.0
- 198.51.100.0/24
- 2001:0db8:130f:0000:0000:09c0:876a:130b
- 2001:db8:130f::9c0:876a:130b
- 2001:db8:abcd::/48
Select Save.

Enter the list of allowed IP addresses in the box to restrict access to your SonarQube Cloud enterprise to this list.

Audit logs Single Sign-On

PreviousEnterprise security NextAudit logs

Last updated 1 day ago

Was this helpful?

Good afternoon

Related pages