diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e382cda..b36d264 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,8 +17,24 @@ jobs:
           cache: 'maven'
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
       - name: Build and Test
-        run: mvn -B install
+        run: >
+          mvn -B verify
+          jacoco:report
+          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
+          -Pcoverage,dependency-check
+          -Dsonar.projectKey=coffeelibs_tiny-oauth2-client
+          -Dsonar.organization=coffeelibs
+          -Dsonar.host.url=https://sonarcloud.io
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Deploy to GitHub Packages
         if: startsWith(github.ref, 'refs/tags/')
         run: mvn -B deploy -Psign,deploy-github -DskipTests --no-transfer-progress
diff --git a/pom.xml b/pom.xml
index 4e091b8..3002b3d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,6 +104,33 @@
 	</build>
 
 	<profiles>
+		<profile>
+			<id>coverage</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.jacoco</groupId>
+						<artifactId>jacoco-maven-plugin</artifactId>
+						<version>0.8.8</version>
+						<executions>
+							<execution>
+								<id>prepare-agent</id>
+								<goals>
+									<goal>prepare-agent</goal>
+								</goals>
+							</execution>
+							<execution>
+								<id>report</id>
+								<goals>
+									<goal>report</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
 		<profile>
 			<id>sign</id>
 			<build>