Snyk API & Web uses the following IP addresses to make requests:
Target Scans
Customers hosted in our US infrastructure:
18.235.241.170 (AWS IP)
Customers hosted in our AU/APJ infrastructure:
52.65.214.19 (AWS IP)
13.237.213.25 (AWS IP)
All other customers:
52.19.40.38 (AWS IP)
Asset Discovery
Customers hosted in our US infrastructure:
44.205.45.120 (AWS IP)
Customers hosted in our AU/APJ infrastructure:
3.104.172.219 (AWS IP)
13.211.189.220 (AWS IP)
All other customers:
52.16.191.244 (AWS IP)
If you’re not sure where your account is hosted, consider both IP addresses or reach out to our support team.
The following IPs are deprecated, and no traffic should be originated from them:
35.190.194.212 (GCP IP)
35.187.52.245 (GCP IP)
Another alternative to identify Snyk API & Web requests is through their user-agent header.
If you are using a Web Application Firewall (WAF) in front of your target, it can block scan requests from Snyk API & Web IPs and make the scan fail. To avoid that, see how to configure Snyk API & Web’s IPs in WAFs.