Snyk API & Web uses the following IP addresses to make requests:
Target Scans
Customers hosted in our US infrastructure:
18.235.241.170 (AWS IP)
Customers hosted in our AU/APJ infrastructure:
52.65.214.19 (AWS IP)
13.237.213.25 (AWS IP)
All other customers*:
52.19.40.38 (AWS IP)
Asset Discovery
Customers hosted in our US infrastructure:
44.205.45.120 (AWS IP)
Customers hosted in our AU/APJ infrastructure:
3.104.172.219 (AWS IP)
13.211.189.220 (AWS IP)
All other customers*:
52.16.191.244 (AWS IP)
If you’re unsure where your account is hosted, consider checking all IP addresses or contacting our support team for assistance.
*If you have your own single tenant and/or dedicated infrastructure, please reach out to our support team.
The following IPs are deprecated, and no traffic should originate from them:
35.190.194.212 (GCP IP)
35.187.52.245 (GCP IP)
Another alternative to identify Snyk API & Web requests is through their user-agent header.
If you are using a Web Application Firewall (WAF) in front of your target, it can block scan requests from Snyk API & Web IPs and make the scan fail. To avoid that, see how to configure Snyk API & Web’s IPs in WAFs.