Allowing Veracode domains and IP addresses

If you block internet addresses in your organization, Veracode recommends that you allow Veracode domains and, in some limited cases, IP addresses to ensure there is no disruption in your ability to access Veracode features and products. If you have questions, contact [email protected].

If your organization requires that you allow every domain and subdomain for your users to have access to Veracode, add these URLs and IP addresses to your allowlist to avoid disruption in service, based on the products you use:

All Veracode products - Core user interface

Region	URLs
Commercial	`analysiscenter.veracode.com` `ui.analysiscenter.veracode.com` `login.analysiscenter.veracode.com` `web.analysiscenter.veracode.com` `analytics2.veracode.com`
European	`analysiscenter.veracode.eu` `ui.analysiscenter.veracode.eu` `login.analysiscenter.veracode.eu` `web.analysiscenter.veracode.eu` `eu-prod-lookout.analytics.veracode.eu`
United States Federal	`analysiscenter.veracode.us` `ui.analysiscenter.veracode.us` `login.analysiscenter.veracode.us` `web.analysiscenter.veracode.us` `beta3-lookout.analytics.veracode.us`

All Veracode products - Documentation and assistance

Region	URLs
All regions	`docs.veracode.com` `community.veracode.com` `pendo.veracode.com` `app.pendo.io`

Veracode sends anonymized user data to a third-party telemetry service as described in About Telemetry.

All Veracode products - APIs and integrations

Region	URLs
Commercial	`analysiscenter.veracode.com` `api.veracode.com` `tools.veracode.com` `downloads.veracode.com` `hub.docker.com` `download.sourceclear.com`
European	`analysiscenter.veracode.eu` `api.veracode.eu` `tools.veracode.com` `downloads.veracode.com` `hub.docker.com` `download.sourceclear.com`
United States Federal	`analysiscenter.veracode.us` `api.veracode.us` `tools.veracode.com` `downloads.veracode.com` `hub.docker.com` `download.sourceclear.com`

All Veracode products - Access from outside the United States

Region	URLs
All regions	`.okta.com` `.mtls.okta.com` `.oktacdn.com` `.okta-emea.com` `*.mtls.okta-emea.com`

All Veracode products - IP address rules

Region	IP addresses
Commercial	`162.159.128.36` `162.159.129.36`
European	`104.18.16.181` `104.18.17.181`
United States Federal	Not supported.

Veracode Dynamic Analysis

Region	IP addresses
Commercial	`34.195.146.191`
European	`35.156.203.105`
United States Federal	`3.32.105.199`

Veracode DAST Essentials

Ensure you include /28.

Region	IP addresses
Commercial	`44.219.184.144/28`
European	`3.79.58.176/28`

Veracode Integration for Jira Cloud

Region	URLs
Commercial	`jira-cloud-addon.integrations.veracode.com`
European	Not supported.
United States Federal	Not supported.

Veracode eLearning

Region	URLs
Commercial	`elearning.veracode.com`
European	`elearning.veracode.eu`
United States Federal	`elearning.veracode.us`

Veracode Manual Penetration Testing

Region	URLs and IP addresses
Commercial	`pt.analysiscenter.veracode.com` `18.210.137.174` `144.121.23.147` `3.93.86.183` `34.226.252.43` `52.205.76.209`
European	Not supported.
United States Federal	Not supported.

Veracode Security Labs

Region	URLs
Commercial	`securitylabs.veracode.com` `*.vsl.dev`
European	Not supported.
United States Federal	Not supported.

Veracode Software Composition Analysis

Region	URLs
Commercial	`sca.analysiscenter.veracode.com` `sca-api.veracode.com` `api.sourceclear.io` `sca-downloads.veracode.com`
European	`sca.analysiscenter.veracode.eu` `sca-api.veracode.eu` `platform-backend.analysiscenter.veracode.eu` `sca-downloads.veracode.com`
United States Federal	`sca.analysiscenter.veracode.us` `sca-api.veracode.us` `platform-backend.analysiscenter.veracode.us` `sca-downloads.veracode.com`

If you perform SCA agent-based scans of projects that use Maven or Gradle package managers, you must also allow the following URLs:

repo.maven.apache.org/maven2/com/srcclr
repo.maven.apache.org/maven2/com/veracode

About telemetry

Veracode sends anonymized user data to a third-party telemetry service to help Veracode measure and improve its products and support.

The anonymized user data includes:

A synthetic, unique user identifier
A synthetic, unique identifier for the user organization
The browser name and version
The last login date before the current session
The user roles

The user data does not include name, email, organization name, or any information about applications or findings.

All Veracode products - Core user interface​

All Veracode products - Documentation and assistance​

All Veracode products - APIs and integrations​

All Veracode products - Access from outside the United States​

All Veracode products - IP address rules​

Veracode Dynamic Analysis​

Veracode DAST Essentials​

Veracode Integration for Jira Cloud​

Veracode eLearning​

Veracode Manual Penetration Testing​

Veracode Security Labs​

Veracode Software Composition Analysis​

About telemetry​

Did you find this helpful?