diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 0000000..fa1480e
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,26 @@
+name: SonarCloud Analysis
+
+permissions: {}
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+    env:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          fetch-depth: 0
+      - name: SonarCloud Scan
+        if: ${{ env.SONAR_TOKEN != '' }}
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..a0699d4
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,6 @@
+sonar.projectKey=oneirosoft_dagger
+sonar.organization=oneirosoft
+sonar.projectName=dagger
+sonar.sources=src
+sonar.sourceEncoding=UTF-8
+sonar.exclusions=**/test_support.rs,.claude/**