Skip to main content

Allow Veracode domains and IP addresses

Organizations that block internet addresses should allow Veracode domains and, in some cases, IP addresses to ensure uninterrupted access to Veracode features and products. If you have questions, contact [email protected].

If your organization requires access to all Veracode domains and subdomains, add the relevant URLs and IP addresses to your allowlist based on the products you use to avoid service disruptions.

note

Veracode APIs and integrations require access to specific region domains, depending on your Veracode account's region. Contact your IT team to confirm that the correct domains for your region are on your organization's allowlist. Also, ensure one-way communication on port 443 to the domain used for the REST APIs.

All Veracode products - Core user interface

RegionURLs
Commercial
  • analysiscenter.veracode.com
  • ui.analysiscenter.veracode.com
  • login.analysiscenter.veracode.com
  • web.analysiscenter.veracode.com
  • analytics2.veracode.com
European
  • analysiscenter.veracode.eu
  • ui.analysiscenter.veracode.eu
  • login.analysiscenter.veracode.eu
  • web.analysiscenter.veracode.eu
  • eu-prod-lookout.analytics.veracode.eu
United States Federal
  • analysiscenter.veracode.us
  • ui.analysiscenter.veracode.us
  • login.analysiscenter.veracode.us
  • web.analysiscenter.veracode.us
  • beta3-lookout.analytics.veracode.us

All Veracode products - Documentation and assistance

RegionURLs
All regions
  • docs.veracode.com
  • community.veracode.com
  • pendo.veracode.com
  • app.pendo.io

Veracode sends anonymized user data to a third-party telemetry service. For details, see About telemetry.

All Veracode products - APIs and integrations

RegionURLs
Commercial
  • analysiscenter.veracode.com
  • api.veracode.com
  • tools.veracode.com
  • downloads.veracode.com
  • sca-downloads.veracode.com
  • download.sourceclear.com
  • hub.docker.com
European
  • analysiscenter.veracode.eu
  • api.veracode.eu
  • tools.veracode.com
  • downloads.veracode.com
  • sca-downloads.veracode.com
  • download.sourceclear.com
  • hub.docker.com
United States Federal
  • analysiscenter.veracode.us
  • api.veracode.us
  • tools.veracode.com
  • downloads.veracode.com
  • sca-downloads.veracode.com
  • download.sourceclear.com
  • hub.docker.com

All Veracode products - Access from outside the United States

RegionURLs
All regions
  • *.okta.com
  • *.mtls.okta.com
  • *.oktacdn.com
  • *.okta-emea.com
  • *.mtls.okta-emea.com

All Veracode products - IP address rules

RegionIP addresses
Commercial
  • 162.159.128.36
  • 162.159.129.36
European
  • 104.18.16.181
  • 104.18.17.181
United States FederalNot supported.

Veracode Dynamic Analysis

RegionIP addresses
Commercial34.195.146.191
European35.156.203.105
United States Federal3.32.105.199

Veracode DAST Essentials

Include /28 when adding these IP addresses.

RegionIP addresses
Commercial44.219.184.144/28
European3.79.58.176/28

Veracode Integration for Jira Cloud

RegionURLs
Commercialjira-cloud-addon.integrations.veracode.com
EuropeanNot supported.
United States FederalNot supported.

Veracode eLearning

RegionURLs
Commercialelearning.veracode.com
Europeanelearning.veracode.eu
United States Federalelearning.veracode.us

Veracode Manual Penetration Testing

RegionURLs and IP addresses
Commercial
  • 18.210.137.174
  • 144.121.23.147
  • 3.93.86.183
  • 34.226.252.43
  • 52.205.76.209
EuropeanNot supported.
United States FederalNot supported.

Veracode Security Labs

RegionURLs
Commercial
  • securitylabs.veracode.com
  • .vsl.dev
  • .veracode.com
  • .community.ht
  • .amazonaws.com
  • .google.com
  • .apache.org
  • .example.com
  • .xml.org
  • .docker.io
  • .npmjs.org
  • .pypi.org
  • .pythonhosted.org
  • .rubygems.org
  • .nuget.org
  • .mvnrepository.com
  • .packagist.org
  • .ergast.com

EuropeanNot supported.
United States FederalNot supported.

Veracode Software Composition Analysis

RegionURLs
Commercial
  • sca.analysiscenter.veracode.com
  • sca-api.veracode.com
  • api.sourceclear.io
  • sca-downloads.veracode.com
  • download.sourceclear.com
European
  • sca.analysiscenter.veracode.eu
  • sca-api.veracode.eu
  • platform-backend.analysiscenter.veracode.eu
  • sca-downloads.veracode.com
  • download.sourceclear.com
United States Federal
  • sca.analysiscenter.veracode.us
  • sca-api.veracode.us
  • platform-backend.analysiscenter.veracode.us
  • sca-downloads.veracode.com
  • download.sourceclear.com

If you run SCA agent-based scans on projects that use Maven or Gradle, add the following URLs to your allow list.

  • repo.maven.apache.org/maven2/com/srcclr
  • repo.maven.apache.org/maven2/com/veracode

Veracode CLI

RegionURLs
All regions
  • grype.anchore.io
  • toolbox-data.anchore.io

Veracode GitHub Workflow Integration

RegionIP addresses
All regions
  • 52.1.86.151
  • 54.156.131.97
  • 34.237.58.115

Veracode Risk Manager

Veracode Risk Manager (VRM) connectors must make network connections to customer’s SaaS services. If your SaaS service is protected by an IP allowlist, add the following addresses to that list so VRM can connect successfully to that service.

RegionIP addresses
Commercial
  • 3.209.26.210
  • 3.226.75.232
  • 3.230.206.159
  • 3.91.141.184
  • 34.194.207.216
  • 34.196.6.182
  • 34.232.10.191
  • 34.234.219.56
  • 34.239.69.146
  • 35.171.111.222
  • 44.195.215.195
  • 44.205.192.66
  • 44.213.224.163
  • 52.44.22.189
  • 52.5.106.239
  • 54.144.208.103
  • 98.85.85.70
  • 98.87.61.197
  • 98.87.62.18
  • 107.20.159.206

About telemetry

Veracode collects anonymized user data to improve products and provide better support. This includes:

  • A synthetic, unique user identifier
  • A synthetic, unique identifier for the user organization
  • Browser name and version
  • The last login date before the current session
  • User roles
note

Veracode does not collect personal data such as names, email addresses, or organization names.

Last updated on