Hi Xcode Cloud team,
I'd like to ask you two questions about Xcode Cloud from a security perspective.
- What are the security features/countermeasures available in Xcode Cloud?
- and for security, would it be possible to request an exclusive IP-address range of Apple cloud VMs that are used solely by our company projects(similar to other continuous integration systems like Bitrise)?
From a security perspective, the IP-address range of Xcode Cloud contains 33792 addresses (https://developer.apple.com/documentation/xcode/requirements-for-using-xcode-cloud) which can host custom scripts (https://developer.apple.com/documentation/xcode/writing-custom-build-scripts) from any user with an Apple Developer account. For any network that whitelists the 33792 addresses, Xcode cloud can become a vector for penetration attacks or network sniffing. An IP-address range for the dedicated use of a single Apple developer account could mitigate this risk, and has been adopted by other CI solutions (eg. Bitrise dedicated hosts: https://www.bitrise.io/pricing, etc.)
Thank you in advance.
Kind Regards,
