diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..633ca46
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,14 @@
+---
+include:
+  - project: enterprise-pipelines/gitlab-ci/includes
+    file: SAST/sonarqube.yml
+
+stages:
+  - static-analysis
+
+sonarqube:
+  variables:
+    SONAR_PROJECT_KEY: "com.redhat.rhpds.parsec"
+  needs: []
+  tags:
+    - itup-alm-x86
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..e090c77
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,23 @@
+sonar.projectKey=com.redhat.rhpds.parsec
+sonar.qualitygate.wait=true
+sonar.python.version=3.11
+
+# Source exclusions
+# sonar.exclusions=\
+#   manager-reporting/common/kube_utils.py,\
+#   manager-reporting/common/db_utils.py,\
+#   manager-reporting/templates/example.html
+
+# Test file patterns (analyzed with test-specific rules, separated from production metrics)
+# sonar.test.inclusions=\
+#   **/tests/**/*.py,\
+#   **/test_*.py,\
+#   **/conftest.py,\
+#   **/*_test.go
+
+# Suppress false positives
+sonar.issue.ignore.multicriteria=e1
+
+# Dockerfile COPY --chown=1001:0 is required by OpenShift to run as non-root
+sonar.issue.ignore.multicriteria.e1.ruleKey=docker:S6504
+sonar.issue.ignore.multicriteria.e1.resourceKey=**/Dockerfile*