Skip to main content

IP Authorization for SAST/SCA

You can now restrict access to the SAST and SCA portals using IP authorization by adding the allowed IP in the following table:



  • If there are no records in the above table, IP authorization is disabled and SAST/SCA is accessible from any server.

  • If there is at least one record in the above table, IP authorization is enabled.

How to Enable IP Authorization
  1. Go to the CxDB and enter the details for whom you want to enable the IP authorization, such as TenantId, and to where you want to give access, such as the server IpAddress.

  2. If you want to access SAST/SCA from multiple servers, you need to add multiple records as shown in the above image.

  3. You can add a range of IPs.

    Example :

    Technically it means, that 24 bits in the IP address must match In this example, the IP address range is from to

    Another example: If you added to the API authorized IP addresses list, then the allowed IP range would be from to

  4. If you try to gain access from a server that is not on the IP allowlist, you will get this message:

  5. IP authorization is tenant independent. If enabled for Tenant1, it does not have any impact on Tenant2.

  6. IP authorization is supported for both the Cloud and On-premises versions of SAST.

  7. For all types of plugins like REST APIs, browser-based plugins, and CLIs, you must add the TenantIPSafeList table to the server IP from where you are running the plugins.

  8. For a distributed installation, typically configured for high availability (HA), add the IP addresses of the CxManager server and the server from where you are accessing it from.