diff --git a/.cm/sonar.cm b/.cm/sonar.cm
new file mode 100644
index 000000000..f826fef05
--- /dev/null
+++ b/.cm/sonar.cm
@@ -0,0 +1,44 @@
+manifest:
+  version: 1.0
+
+  # Add labels
+    if:
+      - {{ sonar.vulnerabilities.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.vulnerabilities.count }} vulnerabilities found"
+          color: {{ fecdca if (sonar.vulnerabilities.rating == 'E') else (f0f593 if (sonar.vulnerabilities.rating >= 'C' ) else d1fadf) }}
+    if:
+      - {{ sonar.security_hotspots.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.security_hotspots.count }} Security Hotspots found"
+          color: {{ fecdca if (sonar.security_hotspots.rating == 'E') else (f0f593 if (sonar.security_hotspots.rating >= 'C' ) else d1fadf) }}  # Add labels
+    if:
+      - {{ sonar.code_smells.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.code_smells.count }} code smells found"
+          color: {{ fecdca if (sonar.code_smells.rating == 'E') else (f0f593 if (sonar.code_smells.rating >= 'C' ) else d1fadf) }}
+    if:
+      - {{ sonar.bugs.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.bugs.count }} bugs found"
+          color: {{ fecdca if (sonar.bugs.rating == 'E') else (f0f593 if (sonar.bugs.rating >= 'C' ) else d1fadf) }}
+
+    # Auto assign Security member
+    if:
+      - {{ sonar.code_smells.rating > 'B' }}
+      - {{ sonar.vulnerabilities.rating > 'B'}}
+      - {{ sonar.security_hotspots.rating > 'B'}}
+    run:
+      - action: add-reviewers@v1
+        args:
+          team_reviewers: [app-sec]
+
+sonar: {{ pr | sonarParser }}
\ No newline at end of file