Saas Ai Webflow Website Datalog Template

GitLab CI/CD

View IntegrationContact Support
Give your GitLab CI/CD pipelines a fixed, allowlistable outbound IP for firewalled deploys and IP-restricted APIs. GitLab.com SaaS runners rotate egress IPs on every job. QuotaGuard gives you two static IPs you allowlist once.

GitLab.com hosted runners run on shared Google Cloud and AWS infrastructure, and GitLab does not provide a static outbound IP for CI/CD runners. When a job deploys to a firewalled server or calls an IP-restricted API, the only native option GitLab offers is allowlisting its entire GCP and AWS ranges, which is thousands of shared addresses your security team will reject. Your pipeline breaks, or your firewall opens too wide.

QuotaGuard gives your pipeline a fixed network identity, so you allowlist two addresses instead of an entire cloud.

  • Two-Minute Setup: Store your QuotaGuard connection URL as the QUOTAGUARDSTATIC_URL CI/CD variable, then set HTTP_PROXY and HTTPS_PROXY on the job that hits your restricted destination. Add your two static IPs to that destination's allowlist. No custom runner images, no VPC changes.
  • Stop Allowlisting All of GCP and AWS: Instead of opening your firewall to GitLab's full cloud ranges, your pipeline traffic exits from two known IPs. Lock the destination down to those two addresses and keep it closed to everything else.
  • Works Across Runners and Languages: Shared GitLab.com SaaS runners are the primary case, since you cannot pin their egress. Most HTTP clients in Node.js, Python, Ruby, and Go, plus curl and git over HTTPS, respect the proxy variables automatically.
  • Production-Grade Reliability: A load-balanced pair of static IPs with automatic failover. API calls and deploys stay consistent through every job and runner rotation. Add both IPs to the allowlist and traffic routes through whichever responds first. Starter, Production, and Business share a static IP pair; Enterprise gives you dedicated IPs when you need guaranteed isolation.
  • Shield for Regulated Data: For PCI-DSS, SOC 2, or HIPAA-bound pipelines, QuotaGuard Shield uses SSL passthrough so QuotaGuard never decrypts the data flowing between your job and the destination.

Runner note: this applies to GitLab.com hosted SaaS runners, which have no static egress IP. On self-hosted or private runners you control the host and can pin egress yourself, so you may not need a proxy.

Comparing platforms? See the complete guide to static IPs on any PaaS platform.

Reliability Engineered for the Modern Cloud

For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.

Get the fixed identity and security your application needs today.

Start Free TrialTalk to an Engineer