diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 545cdea93..3a8efa5ee 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,8 +1,9 @@
 name: 🚨 CodeQL Analysis
 
 on:
-  workflow_dispatch:
+  push:
   pull_request:
+  workflow_dispatch:
     branches:
       - dev
 
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 000000000..00c252d05
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,40 @@
+name: 👮🏼‍♂️ Sonarcloud
+on:
+  push:
+    branches:
+      - master
+      - dev
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+     
+      - name: "Set up Go"
+        uses: actions/setup-go@v2
+        with: 
+          go-version: 1.17
+      
+      - name: Run unit Tests
+        working-directory: v2/
+        run: |
+          go test -coverprofile=cov.out ./...
+
+      - name: Run Gosec Security Scanner
+        working-directory: v2/
+        run: |
+          go install github.com/securego/gosec/cmd/gosec@latest
+          gosec -no-fail -fmt=sonarqube -out report.json ./...
+     
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..5605f4d49
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,17 @@
+sonar.projectKey=projectdiscovery_nuclei
+sonar.organization=projectdiscovery
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=dnsx
+#sonar.projectVersion=1.0
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+sonar.sources=v2/
+sonar.tests=v2/
+sonar.test.inclusions=**/*_test.go
+sonar.exclusions=v2/pkg/protocols/common/helpers/deserialization/testdata/*.java
+sonar.go.coverage.reportPaths=v2/cov.out
+sonar.externalIssuesReportPaths=v2/report.json
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8
\ No newline at end of file