diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6830a1f..a5a1048 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -99,7 +99,7 @@ jobs:
   sonar-analysis-backend:
     name: SonarQube (${{ matrix.service }})
     needs: [build-and-test-backend]
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, sonarqube]
     timeout-minutes: 20
 
     strategy:
@@ -157,7 +157,7 @@ jobs:
   sonar-analysis-frontend:
     name: SonarQube (frontend)
     needs: [build-and-test-frontend]
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, sonarqube]
     timeout-minutes: 10
 
     steps:
@@ -171,12 +171,16 @@ jobs:
           path: frontend/coverage/
 
       - name: Analyze with SonarQube
-        uses: sonarsource/sonarqube-scan-action@v4
-        with:
-          projectBaseDir: frontend
+        # Uses sonar-scanner CLI installed on the self-hosted runner (not Docker-based).
+        # Docker-based actions cannot reach localhost:9000 on the host.
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        run: |
+          sonar-scanner \
+            -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
+            -Dsonar.token=${{ secrets.SONAR_TOKEN }}
+        working-directory: frontend
 
   # ---------------------------------------------------------------------------
   # Job 4a — SAST: CodeQL for Java