diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
index f71bb82a..bc46b406 100644
--- a/.github/workflows/code-quality.yml
+++ b/.github/workflows/code-quality.yml
@@ -1,9 +1,13 @@
-name: "Check code format and quality"
-on:
+name: Check code format and quality
+'on':
   push:
-    branches: [master]
+    branches:
+      - master
   pull_request:
-    types: [opened, synchronize, reopened]
+    types:
+      - opened
+      - synchronize
+      - reopened
 jobs:
   check-code-quality:
     runs-on: ubuntu-latest
@@ -20,20 +24,28 @@ jobs:
       - name: Check Terraform files format
         run: |
           build/automation/etc/githooks/scripts/terraform-format-pre-commit.sh
-      - name: Create coverage report
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Cache Maven packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Build and Analyze with SonarQube
         run: |
-          make compile coverage-report
-      # - uses: sonarsource/sonarcloud-github-action@master
-        # SEE: https://github.com/SonarSource/sonarcloud-github-action
-          #env:
-            #GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-            #SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          #with:
-            #projectBaseDir: ./application
-            #args: >
-              #-Dsonar.organization=nhsd-exeter
-              #-Dsonar.projectKey=uec-dos-api-pca
-              #-Dsonar.java.binaries=target/classes
-              #-Dsonar.coverage.exclusions=src/main/java/**/config/*.*,src/main/java/**/domain/*.*,src/main/java/**/exception/*.*,src/test/**/*.*,src/main/java/**/filter/*.*,src/main/java/**/PostcodeMappingApplication.*
-              #-Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco
-              #-Dsonar.verbose=true
+          ls -la ${{ github.workspace }}
+          cd application
+          mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+            -Dsonar.host.url=https://sonarcloud.io \
+            -Dsonar.organization=nhsd-exeter \
+            -Dsonar.projectKey=uec-dos-api-pca \
+            -Dsonar.java.binaries=target/classes \
+            -Dsonar.coverage.exclusions=src/main/java/**/config/*.*,src/main/java/**/domain/*.*,src/main/java/**/exception/*.*,src/test/**/*.*,src/main/java/**/filter/*.*,src/main/java/**/PostcodeMappingApplication.* \
+            -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco \
+            -Dsonar.verbose=true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/application/pom.xml b/application/pom.xml
index cc371f9d..783d932b 100644
--- a/application/pom.xml
+++ b/application/pom.xml
@@ -232,8 +232,15 @@
         <groupId>org.sonarsource.scanner.maven</groupId>
         <artifactId>sonar-maven-plugin</artifactId>
         <version>3.7.0.1746</version>
+        <executions>
+          <execution>
+            <phase>verify</phase>
+            <goals>
+              <goal>sonar</goal>
+            </goals>
+          </execution>
+        </executions>
       </plugin>
-
       <plugin>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-maven-plugin</artifactId>
@@ -284,6 +291,7 @@
             </goals>
             <configuration>
               <rules>
+
                 <rule>
                   <element>PACKAGE</element>
                   <excludes>