diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
new file mode 100644
index 0000000..0fde850
--- /dev/null
+++ b/.github/workflows/sonar.yaml
@@ -0,0 +1,55 @@
+on:
+  # Trigger analysis for pushes and pull requests
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+name: SonarQube
+jobs:
+  ie_deploy_quality_gate:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login != 'dependabot[bot]'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # Fetch full history for better SCM information
+          fetch-depth: 0
+
+      # - name: Set up Go
+      #   uses: actions/setup-go@v5
+      #   with:
+      #     go-version: "1.23.0"
+
+      # If necessary, include additional steps, such as installing dependencies.
+
+      # - name: Run Tests
+      #   env:
+      # Add test environment variables if needed
+      #   TEST_ENV_VAR1: value1
+      #   TEST_ENV_VAR2: value2
+      # run: |
+      # # Replace with your command which run tests and generates coverage report, e.g., `make test`
+      #   <test_command>
+
+      # - name: Upload Coverage Report
+      #   uses: actions/upload-artifact@v4
+      # with:
+      #   name: coverage-report
+      #   path: coverage.out
+      # Adjust to the path of your coverage report (name has to be the same as in sonar-project.properties file)
+
+      - name: Run SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # add these secrets to GitHub
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      - name: Quality Gate Check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
\ No newline at end of file
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..f78f14e
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,36 @@
+# Server and project configuration
+sonar.host.url=https://sonar.wpengine.io/
+sonar.projectVersion=1.0-beta
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
+
+# Project identifiers
+sonar.projectName=base-images-public
+sonar.projectKey=wpengine_base-images-public_28b2728e-ae21-4512-ae17-20ed7584dd99
+
+# Individual configurations
+# e.g., go, java, js, php
+
+sonar.language=ruby
+
+# Paths to source code directories (use relative paths)
+
+# sonar.sources=cmd, pkg
+
+# Additional parameters for advanced configurations
+# Common exclusion patterns
+
+# sonar.exclusions=**/*_test.*, **/mocks/**, **/node_modules/**
+
+# Paths to test code directories (use relative paths)
+
+# sonar.tests=.
+
+# Adjust for your language
+
+# sonar.test.inclusions=**/*_test.go
+
+# Coverage report configuration
+# sonar.coverage.exclusions=
+# sonar.go.coverage.reportPaths=coverage.out
+# example path for javascript and lcov coverage report: sonar.javascript.lcov.reportPaths=coverage/lcov.info
\ No newline at end of file