diff --git a/.github/workflows/cxx-ci.yml b/.github/workflows/cxx-ci.yml
index c1c0d33ff..c4f8c4471 100644
--- a/.github/workflows/cxx-ci.yml
+++ b/.github/workflows/cxx-ci.yml
@@ -6,9 +6,10 @@ name: cxx plugin CI
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
   pull_request:
-    branches: [ master ]
+    types: [opened, synchronize, reopened]
 
 defaults:
   run:
@@ -215,89 +216,6 @@ jobs:
       run: mvn -B -e -V verify --file pom.xml
 
 
-  # -----------------------------------------------------------------------------------------------------------
-  # Update SonarCloud results
-  # - Java 11 is no longer supported as scanner runtime environment
-  # -----------------------------------------------------------------------------------------------------------
-  sonar-cloud:
-
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        java: [ '17' ]
-        distribution: [ 'temurin' ]
-
-    if: github.event_name == 'push'
-    runs-on: ${{ matrix.os }}
-
-    steps:
-
-    # context information
-    #
-    - name: Dump GitHub Context
-      env:
-        GITHUB_CONTEXT: ${{ toJSON(github) }}
-      run: echo "$GITHUB_CONTEXT"
-    - name: Dump Matrix Context
-      env:
-        MATRIX_CONTEXT: ${{ toJSON(matrix) }}
-      run: echo "$MATRIX_CONTEXT"
-
-    # checkout code
-    # - to provide complete SCM information to the sonar scanner,
-    #   all historical data for all branches and tags must be retrieved (fetch-depth: 0)
-    #
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    # setup Java
-    #
-    - name: Set up JDK Java ${{ matrix.java }} | ${{ matrix.distribution }} | ${{ matrix.os }}
-      uses: actions/setup-java@v4
-      with:
-        java-version: ${{ matrix.java }}
-        distribution: ${{ matrix.distribution }}
-        cache: maven
-
-    # read version number from POM
-    #
-    - name: get-pom-version
-      id: pom-version
-      uses: andreacomo/maven-gav-extractor@v2
-
-    # remove -SNAPSHOT from POM version (major.minor.patch-SNAPSHOT)
-    #
-    - run: echo "CXX_POM_VERSION=${{ steps.pom-version.outputs.version }}" >> $GITHUB_ENV
-    - run: echo "CXX_VERSION=${CXX_POM_VERSION%-*}" >> $GITHUB_ENV
-
-    # set version number of plugin JAR
-    # - 'major.minor.patch' and 'build' number from actions run number
-    #
-    - name: Sets the current project's version
-      run: mvn versions:set -DartifactId='cxx' -DnewVersion='${{ env.CXX_VERSION }}.${{ github.run_number }}'
-
-    - name: Dump environment variables
-      run: env
-
-    # Build and test with with Maven
-    # - use phase 'verify' to aggregate coverage results (part of integration-tests)
-    # - use phase 'install' to resolve dependencies (necessary for sonar-scanner)
-    #
-    - name: Build and test with Maven
-      run: mvn -B -e -V install --file pom.xml
-
-    # Update SonarCloud results
-    # - Secrets are not passed to the runner when a workflow is triggered from a forked repository!
-    #
-    - name: Update SonarCloud results
-      run: mvn sonar:sonar -B -e -V -Dsonar.organization=sonaropencommunity -Dsonar.host.url=https://sonarcloud.io -Dsonar.token=$SONAR_TOKEN -Dsonar.python.version=3.8
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-
   # -----------------------------------------------------------------------------------------------------------
   # test cxx plugin with SonarQube (Linux)
   # -----------------------------------------------------------------------------------------------------------
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 000000000..e378f2d66
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,56 @@
+#
+# Update SonarCloud results
+#
+name: SonarCloud
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  build:
+
+    name: Build and analyze
+    runs-on: ubuntu-latest
+
+    steps:
+
+      # checkout code
+      # - to provide complete SCM information to the sonar scanner,
+      #   all historical data for all branches and tags must be retrieved (fetch-depth: 0)
+      #
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # shallow clones should be disabled for a better relevancy of analysis
+
+      # setup Java
+      #
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'zulu' # alternative distribution options are available
+
+      - name: Cache SonarQube packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      # Update SonarCloud results
+      # - Secrets are not passed to the runner when a workflow is triggered from a forked repository!
+      #
+      - name: Build and analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=org.sonarsource.sonarqube-plugins.cxx:cxx
diff --git a/pom.xml b/pom.xml
index ab81a5931..0ef53baff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -257,6 +257,10 @@
     <license.years>2010-2024</license.years>
     <license.name>GNU LGPL v3</license.name>
 
+    <!-- properties for SonarQube Cloud analysis -->
+    <sonar.organization>sonaropencommunity</sonar.organization>
+    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
+
     <maven.test.redirectTestOutputToFile>true</maven.test.redirectTestOutputToFile>
     <sonar.artifact.path>target/${project.artifactId}-${project.version}.jar</sonar.artifact.path>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>