Skip to main content

Ip Whitelisting for SAST/SCA

You can now restrict access to the SAST and SCA portals using Ip whitelisting by adding the allowed IP in the following table:

[CxDB].[accesscontrol].[TenantIPSafeList]

Note

  • If there are no records in the above table, IP whitelisting is disable and SAST/SCA is accessible from any server.

  • If there is at least one record in the above table, IP whitelisting is enabled.

How to Enable IP Whitelisting
  1. Go to the CxDB and enter the details for whom you want to enable the IP whitelisting, such as TenantId, and to where you want to give access, such as the server IpAddress.

    6533808269.png
  2. If you want to access SAST/SCA from multiple servers, you need to add multiple records as shown in the above image.

  3. You can add a range of IPs.

    Example : 192.168.2.0/24

    Technically it means, that 24 bits in the IP address must match 192.168.2.0. In this example, the IP address range is from 192.168.2.0 to 192.168.2.255.

    Another example: If you added 192.168.2.0/25 to the API Whitelisted IP addresses list, then the allowed IP range would be only from 192.168.2.0 to 192.168.2.127

  4. If you try to gain access from a server that is not on the IP whitelist, you will get the following message:

    6534955049.png
  5. IP whitelisting is tenant independent. If we Enable IP whitelisting for Tenant1, it does not have any impact on Tenant2.

  6. The IP whitelisting is supported for both the Cloud version and the On-prem SAST.

  7. For all types of plugins, such as REST API, browser based, and CLI, you must add to the TenantIPSafeList table the server IP from where you are running the plugins.

  8. For a distributed installation, typically configured for high-availability (HA), add the IP addresses of the CxManager server and the server from where you are accessing it.