Skip to main content

IP Whitelisting for SAST/SCA

You can now restrict access to the SAST and SCA portals using IP whitelisting by adding the allowed IP in the following table:



  • If there are no records in the above table, IP whitelisting is disabled and SAST/SCA is accessible from any server.

  • If there is at least one record in the above table, IP whitelisting is enabled.

How to Enable IP Whitelisting
  1. Go to the CxDB and enter the details for whom you want to enable the IP whitelisting, such as TenantId, and to where you want to give access, such as the server IpAddress.

  2. If you want to access SAST/SCA from multiple servers, you need to add multiple records as shown in the above image.

  3. You can add a range of IPs.

    Example :

    Technically it means, that 24 bits in the IP address must match In this example, the IP address range is from to

    Another example: If you added to the API Whitelisted IP addresses list, then the allowed IP range would be from to

  4. If you try to gain access from a server that is not on the IP whitelist, you will get this message:

  5. IP whitelisting is tenant independent. If enabled for Tenant1, it does not have any impact on Tenant2.

  6. IP whitelisting is supported for both the Cloud and On-premises versions of SAST.

  7. For all types of plugins like REST APIs, browser-based plugins, and CLIs, you must add the TenantIPSafeList table to the server IP from where you are running the plugins.

  8. For a distributed installation, typically configured for high availability (HA), add the IP addresses of the CxManager server and the server from where you are accessing it from.