Whitelisting IPs for CICD

Hi Jibreel and welcome to the community!

If you want to connect to your servers that are behind a firewall from Pipelines builds that run on Atlassian's infrastructure, you will need to whitelist the IPs used by Bitbucket Pipelines build environments.

These are listed on the following page, section "Valid IP addresses for Bitbucket Pipelines build environments":

• https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/

Kind regards,
Theodora

If your CI/CD Pipeline (assuming it's Jenkins or Bitbucket Pipelines) needs to push data to your Corporate Network Behind a VPN Firewall, You need to whitelist Bitbucket's IP addresses  on your Firewall. I recommended talking to your IT team about it. There's been an update to these addresses lately as published in Bitbucket Cloud Blog : https://bitbucket.org/blog/ip-address-update-2024

There are several "moving parts" when connecting a cloud service to a self-hosted service. You weren't specific about what you mean exactly by "fails to talk to" so it's difficult to narrow down.

You need an Internet-facing IP address and DNS name. This is usually configured on a firewall that accepts traffic from specific IP addresses (Bitbucket Cloud) and specific ports (SonarQube: 9000/TCP).

The firewall needs to be configured to pass traffic destined to that IP address to the internal address of SonarQube. This is called a NAT (network address translation) or PAT (port address translation).

I think you'll also need to allow the SQ server to send webhook requests back to Bitbucket Cloud.

None of this has anything to do with a Virtual Private Network (VPN).