diff --git a/Jenkinsfile b/Jenkinsfile
index f17f1b2..d429e74 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -123,65 +123,6 @@ spec:
       }
     }
 
-    stage('Collect SonarQube evidence') {
-      steps {
-        container('quality-tools') {
-          sh '''#!/usr/bin/env bash
-            set -euo pipefail
-            mkdir -p build
-            args=(
-              "-Dsonar.host.url=${SONARQUBE_HOST_URL}"
-              "-Dsonar.login=${SONARQUBE_TOKEN}"
-              "-Dsonar.projectKey=${SONARQUBE_PROJECT_KEY}"
-              "-Dsonar.projectName=${SONARQUBE_PROJECT_KEY}"
-              "-Dsonar.sources=."
-              "-Dsonar.exclusions=**/.git/**,**/build/**,**/dist/**,**/node_modules/**,**/.venv/**,**/__pycache__/**,**/coverage/**,**/test-results/**,**/playwright-report/**"
-              "-Dsonar.test.inclusions=**/tests/**,**/testing/**,**/*_test.go,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx"
-            )
-            [ -f build/coverage.out ] && args+=("-Dsonar.go.coverage.reportPaths=build/coverage.out")
-            set +e
-            sonar-scanner "${args[@]}" | tee build/sonar-scanner.log
-            rc=${PIPESTATUS[0]}
-            set -e
-            printf '%s\n' "${rc}" > build/sonarqube-analysis.rc
-          '''
-        }
-        container('publisher') {
-          sh '''
-            set -eu
-            mkdir -p build
-            python3 - <<'PY'
-import base64
-import json
-import os
-import urllib.parse
-import urllib.request
-
-host = os.getenv('SONARQUBE_HOST_URL', '').strip().rstrip('/')
-project_key = os.getenv('SONARQUBE_PROJECT_KEY', '').strip()
-token = os.getenv('SONARQUBE_TOKEN', '').strip()
-report_path = os.getenv('QUALITY_GATE_SONARQUBE_REPORT', 'build/sonarqube-quality-gate.json')
-payload = {"status": "ERROR", "note": "missing SONARQUBE_HOST_URL and/or SONARQUBE_PROJECT_KEY"}
-if host and project_key:
-    query = urllib.parse.urlencode({"projectKey": project_key})
-    request = urllib.request.Request(f"{host}/api/qualitygates/project_status?{query}", method="GET")
-    if token:
-        encoded = base64.b64encode(f"{token}:".encode("utf-8")).decode("utf-8")
-        request.add_header("Authorization", f"Basic {encoded}")
-    try:
-        with urllib.request.urlopen(request, timeout=12) as response:
-            payload = json.loads(response.read().decode("utf-8"))
-    except Exception as exc:  # noqa: BLE001
-        payload = {"status": "ERROR", "error": str(exc)}
-with open(report_path, "w", encoding="utf-8") as handle:
-    json.dump(payload, handle, indent=2, sort_keys=True)
-    handle.write("\\n")
-PY
-          '''
-        }
-      }
-    }
-
     stage('Collect Supply Chain evidence') {
       steps {
         container('quality-tools') {
@@ -317,6 +258,65 @@ EOF
       }
     }
 
+    stage('Collect SonarQube evidence') {
+      steps {
+        container('quality-tools') {
+          sh '''#!/usr/bin/env bash
+            set -euo pipefail
+            mkdir -p build
+            args=(
+              "-Dsonar.host.url=${SONARQUBE_HOST_URL}"
+              "-Dsonar.login=${SONARQUBE_TOKEN}"
+              "-Dsonar.projectKey=${SONARQUBE_PROJECT_KEY}"
+              "-Dsonar.projectName=${SONARQUBE_PROJECT_KEY}"
+              "-Dsonar.sources=."
+              "-Dsonar.exclusions=**/.git/**,**/build/**,**/dist/**,**/node_modules/**,**/.venv/**,**/__pycache__/**,**/coverage/**,**/test-results/**,**/playwright-report/**"
+              "-Dsonar.test.inclusions=**/tests/**,**/testing/**,**/*_test.go,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx"
+            )
+            [ -f build/coverage.out ] && args+=("-Dsonar.go.coverage.reportPaths=build/coverage.out")
+            set +e
+            sonar-scanner "${args[@]}" | tee build/sonar-scanner.log
+            rc=${PIPESTATUS[0]}
+            set -e
+            printf '%s\n' "${rc}" > build/sonarqube-analysis.rc
+          '''
+        }
+        container('publisher') {
+          sh '''
+            set -eu
+            mkdir -p build
+            python3 - <<'PY'
+import base64
+import json
+import os
+import urllib.parse
+import urllib.request
+
+host = os.getenv('SONARQUBE_HOST_URL', '').strip().rstrip('/')
+project_key = os.getenv('SONARQUBE_PROJECT_KEY', '').strip()
+token = os.getenv('SONARQUBE_TOKEN', '').strip()
+report_path = os.getenv('QUALITY_GATE_SONARQUBE_REPORT', 'build/sonarqube-quality-gate.json')
+payload = {"status": "ERROR", "note": "missing SONARQUBE_HOST_URL and/or SONARQUBE_PROJECT_KEY"}
+if host and project_key:
+    query = urllib.parse.urlencode({"projectKey": project_key})
+    request = urllib.request.Request(f"{host}/api/qualitygates/project_status?{query}", method="GET")
+    if token:
+        encoded = base64.b64encode(f"{token}:".encode("utf-8")).decode("utf-8")
+        request.add_header("Authorization", f"Basic {encoded}")
+    try:
+        with urllib.request.urlopen(request, timeout=12) as response:
+            payload = json.loads(response.read().decode("utf-8"))
+    except Exception as exc:  # noqa: BLE001
+        payload = {"status": "ERROR", "error": str(exc)}
+with open(report_path, "w", encoding="utf-8") as handle:
+    json.dump(payload, handle, indent=2, sort_keys=True)
+    handle.write("\\n")
+PY
+          '''
+        }
+      }
+    }
+
     stage('Publish test metrics') {
       steps {
         container('publisher') {