diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 90a3c38a601eab35a342792212673b5f2a16fc85..69d821c22088ec0b08fe197879564713c9aaf080 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -73,6 +73,7 @@ include:
   - local: "/devops/gc/pipeline/override-stages.yml"
   - local: "/loadtest/pipeline-loadtest.yml"
   - local: "/publish.yml"
+  - local: "/sonar.yml"
 
 # --------------------------------------------------------------------------------
 compile-and-unit-test:
diff --git a/sonar.yml b/sonar.yml
new file mode 100644
index 0000000000000000000000000000000000000000..181dec62f83b13f113457115eea62d5f4f660378
--- /dev/null
+++ b/sonar.yml
@@ -0,0 +1,35 @@
+sonarqube-scan-python:
+  stage: scan
+  needs: ["compile-and-unit-test"]
+  rules:
+  - if: $SONAR_CLOUD_TOKEN
+#  - if: $CI_COMMIT_REF_NAME == 'master' || $CI_PIPELINE_SOURCE == 'merge_request_event'
+  variables:
+    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
+    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
+  image:
+    name: sonarsource/sonar-scanner-cli:latest
+    entrypoint: [""]
+  cache:
+    key: "${CI_JOB_NAME}"
+    paths:
+      - .sonar/cache
+  script:
+    - |
+      SONAR_SCANNER_OPTS="
+        -Dsonar.host.url=${SONAR_CLOUD_URL}
+        -Dsonar.token=${SONAR_CLOUD_TOKEN}
+        -Dsonar.projectKey=org.opengroup.osdu:$CI_PROJECT_NAME
+        -Dsonar.organization=osdu"
+
+      if [ -n "$CI_MERGE_REQUEST_IID" ]; then
+        SONAR_SCANNER_OPTS="$SONAR_SCANNER_OPTS
+          -Dsonar.pullrequest.gitlab.api_url=https://community.opengroup.org/api/v4
+          -Dsonar.pullrequest.gitlab.project_id=$CI_PROJECT_ID
+          -Dsonar.pullrequest.key=$CI_MERGE_REQUEST_IID
+          -Dsonar.pullrequest.branch=$CI_COMMIT_REF_NAME
+          -Dsonar.pullrequest.base=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"
+      fi
+    - sonar-scanner
+
+  allow_failure: true