diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..1e5fd81
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,47 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+    - main
+  pull_request:
+    branches:
+    - main
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Set environment
+      run: |
+        echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
+
+    - name: Install conan
+      run: |
+        pip install conan
+        conan profile new default --detect
+        conan profile update settings.compiler.libcxx=libstdc++11 default
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: cpp
+        queries: security-and-quality
+
+    - name: Compile
+      run: |
+        mkdir build
+        cd build
+        conan install ..
+        cmake .. -DMIN_LOGGER_LEVEL=TRACE
+        make -j$(nproc)
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
deleted file mode 100644
index 02ae68d..0000000
--- a/.github/workflows/sonarcloud.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
-name: Code quality
-
-on:
-  push:
-    branches:
-    - main
-
-jobs:
-  has_sonar_token:
-    name: Check for SonarCloud token
-    runs-on: ubuntu-latest
-
-    outputs:
-      ok: ${{ steps.check.outputs.ok }}
-
-    steps:
-    - name: Check for SonarCloud token
-      id: check
-      run: |
-        if [ -n "${{ secrets.SONAR_TOKEN }}" ];
-        then
-          echo "ok=true" >> $GITHUB_OUTPUT;
-          echo "SONAR_TOKEN secret detected, running Code Quality."
-        else
-          echo "ok=false" >> $GITHUB_OUTPUT;
-          echo "No SONAR_TOKEN secret detected, skipping Code Quality."
-        fi
-
-  code_quality:
-    name: Code quality (SonarCloud)
-    runs-on: ubuntu-latest
-
-    # This prevents running SonarCloud on forks that don't have a SONAR_TOKEN set.
-    needs: has_sonar_token
-    if: needs.has_sonar_token.outputs.ok == 'true'
-
-    env:
-      SONAR_SCANNER_VERSION: 4.7.0.2747
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-
-    - name: Set up JDK 11
-      uses: actions/setup-java@v3
-      with:
-        distribution: temurin
-        java-version: 11
-
-    - name: Cache SonarCloud
-      id: cache-sonarcloud
-      uses: actions/cache@v3
-      with:
-        path: .sonar
-        key: sonar-${{ runner.os }}-${{ env.SONAR_SCANNER_VERSION }}
-
-    - name: Cache SonarCloud-Cache
-      uses: actions/cache@v3
-      with:
-        path: .sonar-cache
-        key: sonar-cache-${{ runner.os }}-${{ env.SONAR_SCANNER_VERSION }}-${{ hashFiles('src/**') }}
-        restore-keys: |
-          sonar-cache-${{ runner.os }}-${{ env.SONAR_SCANNER_VERSION }}-
-          sonar-cache-${{ runner.os }}-
-          sonar-cache-
-
-    - name: Download SonarCloud
-      if: steps.cache-sonarcloud.outputs.cache-hit != 'true'
-      run: |
-        mkdir .sonar
-
-        curl -sSLo .sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
-        unzip -o .sonar/sonar-scanner.zip -d .sonar/
-
-        curl -sSLo .sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }}
-        unzip -o .sonar/build-wrapper-linux-x86.zip -d .sonar/
-      env:
-        SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
-        BUILD_WRAPPER_DOWNLOAD_URL: https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
-
-    - name: Setup SonarCloud
-      run: |
-        echo "$(pwd)/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
-        echo "$(pwd)/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
-
-    - name: Install conan
-      run: |
-        pip install conan
-        conan profile new default --detect
-        conan profile update settings.compiler.libcxx=libstdc++11 default
-
-    - name: Compile
-      run: |
-        mkdir build
-        cd build
-        conan install ..
-        build-wrapper-linux-x86-64 --out-dir ../.build-wrapper-out cmake .. -DMIN_LOGGER_LEVEL=TRACE
-        build-wrapper-linux-x86-64 --out-dir ../.build-wrapper-out make -j$(nproc)
-
-    - name: Run SonarCloud
-      run: |
-        sonar-scanner \
-          --define sonar.host.url="https://sonarcloud.io/" \
-          --define sonar.cfamily.build-wrapper-output=".build-wrapper-out" \
-          --define sonar.projectKey=TrueBrain_TrueMQTT-cpp \
-          --define sonar.organization=truebrain \
-          --define sonar.projectName=TrueMQTT-cpp \
-          --define sonar.sources=src \
-          --define sonar.sourceEncoding=UTF-8 \
-          --define sonar.cfamily.cache.enabled=true \
-          --define sonar.cfamily.cache.path=.sonar-cache
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/example/stress/main.cpp b/example/stress/main.cpp
index c1d117f..b6a805e 100644
--- a/example/stress/main.cpp
+++ b/example/stress/main.cpp
@@ -57,7 +57,6 @@ int main()
     // backs up, after which it starts to fail intermittently. To push the broker
     // to its breaking point, it helps to add additional subscriptions by other
     // means.
-    bool is_failing = true;
     auto start = std::chrono::steady_clock::now();
     int channel = 0;
     while (true)