diff --git a/.github/workflows/codeql.yaml b/.github/workflows/_codeql.yaml
similarity index 93%
rename from .github/workflows/codeql.yaml
rename to .github/workflows/_codeql.yaml
index 32ca7e19d3..82f187e864 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/_codeql.yaml
@@ -12,12 +12,17 @@
 name: "CodeQL"
 
 on:
-  push:
-    branches: ["main"]
-  pull_request:
-    branches: ["main"]
-  schedule:
-    - cron: "23 10 * * 2"
+  workflow_call:
+    inputs:
+      codeql:
+        description: "Specify the trigger type"
+        required: true
+        type: string
+        default: "push"
+    secrets:
+      codeql_token:
+        description: "Token for CodeQL"
+        required: true
 
 jobs:
   analyze:
@@ -27,8 +32,8 @@ jobs:
     #   - https://gh.io/supported-runners-and-hardware-resources
     #   - https://gh.io/using-larger-runners (GitHub.com only)
     # Consider using larger runners or machines with greater resources for possible analysis time improvements.
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 120
     permissions:
       # required for all workflows
       security-events: write
diff --git a/.github/workflows/periodic.yml b/.github/workflows/periodic.yml
index e2a0fd1b9e..7a21dba314 100644
--- a/.github/workflows/periodic.yml
+++ b/.github/workflows/periodic.yml
@@ -11,3 +11,7 @@ jobs:
     uses: ./.github/workflows/_tox.yml
     with:
       tox: docs build -- -b linkcheck
+  codeql:
+    uses: ./.github/workflows/_codeql.yml
+    with:
+      codeql: "Check codeql setup"
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
deleted file mode 100644
index b1790840a3..0000000000
--- a/.github/workflows/sonarcloud.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-on:
-  # Trigger analysis when pushing in main or pull requests, and when creating
-  # a pull request.
-  push:
-    branches:
-      - main
-  pull_request:
-    types: [opened, synchronize, reopened]
-name: SonarCloud check
-jobs:
-  sonarcloud:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          # Disabling shallow clone is recommended for improving relevancy of reporting
-          fetch-depth: 0
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@v3.0.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_ORG_KEY: ${{ secrets.SONAR_ORG_KEY }}