diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index b4c15a11..e6c69f36 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -32,7 +32,8 @@ jobs:
           key: ${{ github.job }}
           max-size: 2G
 
-      - uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
+      - name: Build for coverage
+        uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8
         with:
           configurePreset: "Coverage"
           buildPreset: "Coverage"
@@ -41,25 +42,23 @@ jobs:
         env:
           GTEST_OUTPUT: "xml:${{ github.workspace }}/testresults/"
 
-      - name: Convert Results
+      - name: Collect coverage
         run: |
-          { echo '<testExecutions version="1">'; xsltproc .github/formatters/gtest-to-generic-execution.xslt ${{ github.workspace }}/testresults/*.xml; echo '</testExecutions>'; } | tee execution.xml > /dev/null
-          gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)"
-          cp .build/Coverage/compile_commands.json compile_commands.json
+          gcovr --sonarqube=coverage.xml --exclude-lines-by-pattern '.*assert\(.*\);|.*really_assert\(.*\);|.*std::abort();' --exclude-unreachable-branches --exclude-throw-branches -j "$(nproc)" --exclude=.*/example/.* --exclude=.*/external/.* --exclude=.*/test/.*
 
-      - name: Prepare dependencies for sonar-scanner
-        run: apt-get update && apt-get install -y --no-install-recommends curl
+      - uses: philips-software/sonarqube-issue-conversion@574a39dedf13464c712b9d36be4bac33241884d8 # v1.0.1
+        with:
+          input: ${{ github.workspace }}/testresults/*.xml
+          output: execution.xml
+          transformation: gtest-to-generic-execution
 
-      - name: Install sonar-scanner and build-wrapper
-        uses: sonarsource/sonarqube-github-c-cpp@e51317d858d1117fe6c451aa441841cb3e3ff358 # v2.1.0
-        env:
-          SONAR_HOST_URL: ${{ env.SONAR_SERVER_URL }}
+      - name: Convert results
+        run: |
+          cp .build/Coverage/compile_commands.json compile_commands.json
 
-      - name: Run sonar-scanner
+      - uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: sonar-scanner -D sonar.host.url="${{ env.SONAR_SERVER_URL }}"
 
   codeql:
     name: CodeQL