IP Authorization for SAST/SCA
You can now restrict access to the SAST and SCA portals using IP authorization by adding the allowed IP in the following table:
[CxDB].[accesscontrol].[TenantIPSafeList]
Note
If there are no records in the above table, IP authorization is disabled and SAST/SCA is accessible from any server.
If there is at least one record in the above table, IP authorization is enabled.
Go to the CxDB and enter the details for whom you want to enable the IP authorization, such as TenantId, and to where you want to give access, such as the server IpAddress.
If you want to access SAST/SCA from multiple servers, you need to add multiple records as shown in the above image.
You can add a range of IPs.
Example : 192.168.2.0/24
Technically it means, that 24 bits in the IP address must match 192.168.2.0. In this example, the IP address range is from 192.168.2.0 to 192.168.2.255.
Another example: If you added 192.168.2.0/25 to the API authorized IP addresses list, then the allowed IP range would be from 192.168.2.0 to 192.168.2.127
If you try to gain access from a server that is not on the IP allowlist, you will get this message:
IP authorization is tenant independent. If enabled for Tenant1, it does not have any impact on Tenant2.
IP authorization is supported for both the Cloud and On-premises versions of SAST.
For all types of plugins like REST APIs, browser-based plugins, and CLIs, you must add the TenantIPSafeList table to the server IP from where you are running the plugins.
For a distributed installation, typically configured for high availability (HA), add the IP addresses of the CxManager server and the server from where you are accessing it from.