circle-exclamation
We've updated our static IP addresses. GitHub Enterprise users should update their allowlists.
chevron-right
search
Start FreeLogin

Networking requirements

This page contains relevant information related to SonarQube Server's networking requirements.

hashtag
Network topology

The diagram below shows the SonarQube Cloud’s network topology:

  • The DevOps platform, the SonarScanner, the user (Web browser), the IDE in connected mode, and any other external system, will connect to SonarQube Cloud through the REST API. You must use a reverse proxy if you want to use HTTPS (see HTTPS below).

  • An external Identity Provider (other than GitHub, Bitbucket Cloud, or GitLab) can be used with the SAML authentication method.

  • SonarQube Cloud authenticates to the DevOps platform via OAuth and sends the quality gate status report via HTTP(S).

  • SonarQube Cloud sends quality gate webhooks to the CI/CD platform via HTTP(S).

SonarQube Data Center Edition network topology
circle-info

The CI platform may be integrated into the DevOps platform.

hashtag
IP addresses used by SonarQube Cloud

SonarQube Cloud currently allows the following static IP addresses for outgoing calls to supported DevOps platforms (GitHub, GitLab, Azure DevOps, and BitBucket Cloud). You must ensure these IP addresses are allowed for your DevOps platform service.

  • 3.77.79.176/28

  • 3.253.125.212/30

  • 18.97.201.0/29

circle-info

For GitHub users, we have added those addresses to our GitHub App for SonarQube Cloud, so they will be automatically applied if you have selected the Enable IP allow list configuration for installed GitHub Appsarrow-up-right option for your GitHub organizationarrow-up-right.

In addition, SonarQube Cloud’s authentication service may connect from one of the IP addresses listed herearrow-up-right. You must ensure the appropriate IP addresses are allowed for your identity provider (DevOps platform service or SSO) based on your use case.

hashtag
Domain URLs required by SonarQube Cloud

If your pipeline is hosted within an organization that is secured with a firewall or proxy server, you must add certain domain URLs to the allowed external destinations. To do this, add to your firewall an outbound rule that allows the following domain URLs:

  • sonarcloud.io and *.sonarcloud.io, which would cover notifications.sonarcloud.io used for web sockets.

  • analysis-sensorcache-eu-central-1-prod.s3.amazonaws.com

  • app.getbeamer.com for the latest news on SonarQube Cloud.

  • sonarsource.com (if logged out, users are redirected here).

  • docs.sonarsource.com to view the product documentation. In addition, *.sonarsource.com would provide access to additional content sometimes referenced in the docs.

hashtag
Related pages

PreviousProduct release lifecycleNextDeprecations and removals

Last updated

Was this helpful?