diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f5f6599c786ba0f43eaa1a16c4c7a0f5d9247708..c4b928ade84e71722a470dab5a59002d46486acd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,14 @@
+image: 
+    name: sonarsource/sonar-scanner-cli:11
+    entrypoint: [""]
+
+variables:
+  SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
+  GIT_DEPTH: "0"
+
 stages:
   - scheduled
+  - analysis
 
 run-sonarqube-management-script:
   stage: scheduled
@@ -15,3 +24,33 @@ run-sonarqube-management-script:
     - python management/user_management.py
   tags:
     - sonarqube
+  allow_failure: true
+
+sonarqube-check:
+  stage: analysis
+  script: 
+    - sonar-scanner -Dsonar.host.url="${SONAR_HOST_URL}"
+  allow_failure: false
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'main'
+  tags:
+    - sonarqube
+
+sonarqube-vulnerability-report:
+  stage: analysis
+  needs:
+    - job: sonarqube-check
+      artifacts: false
+  script:
+    - 'curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=jwieczorek_sqtoolshed_41f9ff14-ddac-437c-8d1e-f1ebd1f8da0b&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json'
+  allow_failure: true
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_COMMIT_BRANCH == 'main'
+  artifacts:
+    expire_in: 1 day
+    reports:
+      sast: gl-sast-sonar-report.json
+  tags:
+  - sonarqube
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000000000000000000000000000000000000..149b34d594e1fb24fc8a356524144178705d9e94
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,2 @@
+sonar.projectKey=jwieczorek_sqtoolshed_41f9ff14-ddac-437c-8d1e-f1ebd1f8da0b
+sonar.qualitygate.wait=true