From a7ac80182aab5963429e70060f4303976aad0f4a Mon Sep 17 00:00:00 2001 From: Fabrice Bellingard Date: Mon, 6 Aug 2018 08:55:43 +0200 Subject: [PATCH] Document IPs for Webhook calls [skip ci] --- server/sonar-docs/src/pages/security.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/server/sonar-docs/src/pages/security.md b/server/sonar-docs/src/pages/security.md index 395d1a85644..1ec4590eb9c 100644 --- a/server/sonar-docs/src/pages/security.md +++ b/server/sonar-docs/src/pages/security.md @@ -38,6 +38,18 @@ All communications are done over TLS 1.2: * Using WS APIs * Running analysis (by the scanners) from CI services and pushing analysis reports to SonarCloud +## SonarCloud Webhook IPs + +SonarCloud performs webhook calls from the following list of IPs: +``` +52.59.209.17 +52.59.246.1 +54.93.180.144 +18.194.44.125 +18.194.244.158 +18.195.64.198 +``` + ## Authentication Primary authentication on the system is available only through OAuth authentication with GitHub, Bitbucket Cloud and Microsoft VSTS. As a consequence, users don’t have a password on SonarCloud, and are as protected as what they expect (especially with 2FA activated on those systems). -- 2.39.5