Why am I unable to run scans and unable to connect to Cloud Object Storage?
Effective 15 Dec 2025, IBM Cloud® Security and Compliance Center is deprecated. Any existing service instances are non-functional. Start your transition now to Security and Compliance Center Workload Protection, which is readily available and offers advanced cloud security posture management (CSPM). For more information, see Transitioning to Security and Compliance Center Workload Protection.
If you encounter connectivity issues, or if your bucket's allowed_network_type is already set to private, you need to update the configuration to allow the direct network type. If the allowed_network_type is not set to private, no action is required.
To address connectivity issues and enable Cloud Object Storage access from VPC, update the bucket configuration to allow direct network type from private. You need Manager role on bucket to update
the allowed_network_type. Use updatebucketconfig API to modify the allowed_network_type to direct. For
more information, see Legacy bucket firewalls.
Add the following Security and Compliance Center VPC IP ranges to the Cloud Object Storage bucket allowlist only if it already contains entries, to ensure continued access from Security and Compliance Center.
10.0.0.0/867.18.0.0/16150.239.0.0/1652.116.0.0/16
The UI supports only IP address-based firewall rules, so network_type configuration must be done through API.
After the VPC migration, Cloud Object Storage buckets are marked non-compliant due to a rule that only allows the private network type in the firewall.allowed_network_type setting. However, VPC access
now requires a direct endpoint. To resolve the issue, the compliance rule is updated to include direct as a valid network type, recognizing its functional equivalence to private in classic infrastructure.
The change ensures accurate compliance status for Cloud Object Storage buckets in VPC environments.