Allowing IP Addresses for Code and Container Scanning

If your Git provider only allows specific static IP addresses to access your code, you will have to allowlist Aikido's static IP addresses for code scanning before you can start scanning.

EU-based IP addresses (default region):

52.214.244.18
18.202.209.180
52.50.198.227
52.51.98.186

US-based IP addresses:

3.211.221.73
54.163.131.24
54.225.143.47

ME-based IP addresses:

3.29.13.194
40.172.18.244
40.172.67.79

The ports required to be opened are at least port 443 for HTTPS. For Docker container registries, additional ports might be required. For example, the Gitlab Container Registry requires port 4567 to be open.

After adding the IPs, rescan your repositories to confirm connectivity.

Third party provider instructions

For instructions on adding IP addresses to allowlists with third-party providers, refer to the following resources:

Cloudflare WAF
- Cloudflare Turnstile does not support allowlisting specific client IP addresses. If you need to bypass Turnstile for Aikido scanning traffic, you must do it in your application code. We recommend bypassing only when both conditions are true:
  1. The request originates from an Aikido IP range
  2. The request includes the aikido User Agent in headers as described above
Azure WAF
AWS WAF.
- For WAFs behind Application Load Balancers or CloudFront, your WAF should check the last IP address in the X-Forwarded-For header.
Vercel WAF
- Use the "bypass" action for trusted IPs

The IP address lists are also available as JSON arrays

Last updated 1 month ago

Was this helpful?