diff --git a/.gitattributes b/.gitattributes
index bc7545e6..f96de6af 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -20,4 +20,5 @@
 /phpunit.xml.dist export-ignore
 /rector.php export-ignore
 /rollup.config.js export-ignore
+/sonar-project.properties export-ignore
 /tsconfig.json export-ignore
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..6e055de2
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,20 @@
+on:
+  push:
+    branches:
+      - "*.*.x"
+  pull_request:
+    types: [opened, synchronize, reopened]
+name: SonarCloud Main Workflow
+jobs:
+  sonarcloud:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 48c03a2c..077b22d0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -16,7 +16,7 @@ on:
     branches: [ "*.*.x" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "4.6.x" ]
+    branches: [ "4.6.x", "4.7.x" ]
   schedule:
     - cron: '37 10 * * 4'
 
diff --git a/.github/workflows/integrate.yml b/.github/workflows/integrate.yml
index 212bf1ec..43bde46d 100644
--- a/.github/workflows/integrate.yml
+++ b/.github/workflows/integrate.yml
@@ -5,7 +5,7 @@ name: "Integrate"
 on:
   push:
     branches:
-      - "*.x"
+      - "*.*.x"
   pull_request: null
 
 jobs:
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 00000000..4242fb67
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,3 @@
+sonar.organization=web-auth
+sonar.projectKey=web-auth_webauthn-framework
+sonar.sources=.