Snyk API & Web uses specific public IP addresses to scan your targets. If you are using a Web Application Firewall (WAF) in front of your target, it can block scan requests and make the scan fail. To avoid that, you must configure the WAF to whitelist Snyk API & Web IPs.
Configure Cloudflare’s WAF
If you are using Cloudflare, it provides documentation explaining how to configure access rules for its WAF. There is an overview of IP Access rules, but the configuration steps are described in Create an IP Access rule. When following these steps, use this information:
IP, IP range, country name, or ASN - Type in the Snyk API & Web IP address for your case.
Action - Select Allow.
Zone - From the available options, select This website if you want to apply the rule only to the current zone. Alternatively, select All websites in account if you want the rule to be created in all zones of your Cloudflare account.
Notes - This is optional, but you can provide a text identifying the rule. For example, “Snyk API & Web IP”.
After creating the rule, your target scans with Snyk API & Web should run smoothly without being blocked by Cloudflare’s WAF.