diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
deleted file mode 100644
index e3652d3..0000000
--- a/.github/workflows/sonarcloud.yml
+++ /dev/null
@@ -1,108 +0,0 @@
-name: coverage
-on:
-  workflow_dispatch:
-  push:
-    branches: [ "main" ]
-
-# Actions
-# shivammathur/setup-php@v2 https://github.com/marketplace/actions/setup-php-action
-# SonarSource/sonarqube-scan-action@v5 https://github.com/marketplace/actions/official-sonarqube-scan
-
-jobs:
-
-  tests-coverage:
-    name: Tests on PHP (code coverage)
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.4'
-          coverage: xdebug
-          tools: composer:v2
-        env:
-          fail-fast: true
-      - name: Get composer cache directory
-        id: composer-cache
-        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-          restore-keys: ${{ runner.os }}-composer-
-      - name: Install project dependencies
-        run: composer upgrade --no-interaction --no-progress --prefer-dist
-      - name: Create code coverage
-        run: vendor/bin/phpunit --testdox --coverage-xml=build/coverage --coverage-clover=build/coverage/clover.xml --log-junit=build/coverage/junit.xml
-      - name: Store code coverage
-        uses: actions/upload-artifact@v4
-        with:
-          name: code-coverage
-          path: build/coverage
-
-  sonarcloud-secrets:
-    name: SonarCloud check secrets are present
-    runs-on: ubuntu-latest
-    outputs:
-      github: ${{ steps.check-secrets.outputs.github }}
-      sonar: ${{ steps.check-secrets.outputs.sonar }}
-    steps:
-      - name: Check secrets are present
-        id: check-secrets
-        run: |
-          if [ -n "${{ secrets.GITHUB_TOKEN }}" ]; then
-            echo "github=yes" >> $GITHUB_OUTPUT
-          else
-            echo "github=no" >> $GITHUB_OUTPUT
-            echo "::warning ::GITHUB_TOKEN non set"
-          fi
-          if [ -n "${{ secrets.SONAR_TOKEN }}" ]; then
-            echo "sonar=yes" >> $GITHUB_OUTPUT
-          else
-            echo "sonar=no" >> $GITHUB_OUTPUT
-            echo "::warning ::SONAR_TOKEN non set"
-          fi
-
-  sonarcloud:
-    name: SonarCloud Scan and Report
-    needs: [ "tests-coverage", "sonarcloud-secrets" ]
-    if: ${{ needs.sonarcloud-secrets.outputs.github == 'yes' && needs.sonarcloud-secrets.outputs.sonar == 'yes' }}
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Unshallow clone to provide blame information
-        run: git fetch --unshallow
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.4'
-          coverage: none
-          tools: composer:v2
-      - name: Get composer cache directory
-        id: composer-cache
-        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-      - name: Cache dependencies
-        uses: actions/cache@v4
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
-          restore-keys: ${{ runner.os }}-composer-
-      - name: Install project dependencies
-        run: composer upgrade --no-interaction --no-progress --prefer-dist
-      - name: Obtain code coverage
-        uses: actions/download-artifact@v4
-        with:
-          name: code-coverage
-          path: build/coverage
-      - name: Prepare SonarCloud Code Coverage Files
-        run: |
-          sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/junit.xml > build/sonar-junit.xml
-          sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/clover.xml > build/sonar-coverage.xml
-      - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/sonarqube-cloud.yml b/.github/workflows/sonarqube-cloud.yml
new file mode 100644
index 0000000..5f098d8
--- /dev/null
+++ b/.github/workflows/sonarqube-cloud.yml
@@ -0,0 +1,53 @@
+name: "SonarQube Cloud"
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+
+# Actions
+# shivammathur/setup-php@v2 https://github.com/marketplace/actions/setup-php-action
+# SonarSource/sonarqube-scan-action@v5 https://github.com/marketplace/actions/official-sonarqube-scan
+
+jobs:
+
+  sonarqube-cloud:
+    name: SonarCloud Scan and Report
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Check SONAR_TOKEN secret
+        run: |
+          if [ -z "${{ secrets.SONAR_TOKEN }}" ]; then
+            echo "::warning ::SONAR_TOKEN non set"
+            exit 1
+          fi
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Unshallow clone to provide blame information
+        run: git fetch --unshallow
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.4'
+          coverage: xdebug
+          tools: composer:v2
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: ${{ runner.os }}-composer-
+      - name: Install project dependencies
+        run: composer upgrade --no-interaction --no-progress --prefer-dist
+      - name: Create code coverage
+        run: vendor/bin/phpunit --testdox --coverage-xml=build/coverage --coverage-clover=build/coverage/clover.xml --log-junit=build/coverage/junit.xml
+      - name: Prepare SonarCloud Code Coverage Files
+        run: |
+          sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/junit.xml > build/sonar-junit.xml
+          sed 's#'$GITHUB_WORKSPACE'#/github/workspace#g' build/coverage/clover.xml > build/sonar-coverage.xml
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarqube-scan-action@v5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.phive/phars.xml b/.phive/phars.xml
index 221907c..ff3bfe0 100644
--- a/.phive/phars.xml
+++ b/.phive/phars.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
   <phar name="php-cs-fixer" version="^3.75.0" installed="3.75.0" location="./tools/php-cs-fixer" copy="false"/>
-  <phar name="phpcs" version="^3.12.1" installed="3.12.1" location="./tools/phpcs" copy="false"/>
-  <phar name="phpcbf" version="^3.12.1" installed="3.12.1" location="./tools/phpcbf" copy="false"/>
+  <phar name="phpcs" version="^4.0.0" installed="4.0.0" location="./tools/phpcs" copy="false"/>
+  <phar name="phpcbf" version="^4.0.0" installed="4.0.0" location="./tools/phpcbf" copy="false"/>
   <phar name="phpstan" version="^2.1.11" installed="2.1.11" location="./tools/phpstan" copy="false"/>
   <phar name="composer-normalize" version="^2.46.0" installed="2.46.0" location="./tools/composer-normalize" copy="false"/>
 </phive>
diff --git a/.php-cs-fixer.dist.php b/.php-cs-fixer.dist.php
index fcaa247..856ebb3 100644
--- a/.php-cs-fixer.dist.php
+++ b/.php-cs-fixer.dist.php
@@ -18,12 +18,13 @@
         '@PHP81Migration' => true,
         '@PHP80Migration:risky' => true,
         // symfony
+        'array_indentation' => true,
         'class_attributes_separation' => true,
         'whitespace_after_comma_in_array' => true,
         'no_empty_statement' => true,
         'no_extra_blank_lines' => true,
         'type_declaration_spaces' => true,
-        'trailing_comma_in_multiline' => ['after_heredoc' => true, 'elements' => ['arrays']],
+        'trailing_comma_in_multiline' => ['after_heredoc' => true, 'elements' => ['array_destructuring', 'arrays', 'match', 'parameters']],
         'no_blank_lines_after_phpdoc' => true,
         'object_operator_without_whitespace' => true,
         'binary_operator_spaces' => true,
@@ -37,6 +38,7 @@
         'concat_space' => ['spacing' => 'one'],
         'linebreak_after_opening_tag' => true,
         'fully_qualified_strict_types' => true,
+        'global_namespace_import' => ['import_classes' => true],
         // symfony:risky
         'no_alias_functions' => true,
         'self_accessor' => true,
@@ -48,6 +50,6 @@
         PhpCsFixer\Finder::create()
             ->in(__DIR__)
             ->append([__FILE__])
-            ->exclude(['vendor', 'tools', 'build']),
+            ->exclude(['tools', 'vendor', 'build'])
     )
 ;
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 1e9c9c5..48061d3 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -9,6 +9,13 @@ Usamos [Versionado Semántico 2.0.0](SEMVER.md) por lo que puedes usar esta libr
 Pueden aparecer cambios no liberados que se integran a la rama principal, pero no ameritan una nueva liberación de
 versión, aunque sí su incorporación en la rama principal de trabajo. Generalmente, se tratan de cambios en el desarrollo.
 
+### Mantenimiento 2025-09-25
+
+- Se actualizan las herramientas `phpcs` y `phpcbf` a la versión 4.0.0.
+- Se elimina la regla `Generic.Functions.CallTimePassByReference`.
+- Se moderniza la integración con SonarQube-Cloud.
+- Se actualiza `sonarqube-scan-action` a la versión 6.
+
 ## Listado de cambios
 
 ### Versión 1.3.0 2025-04-12
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index e7a9c2a..3a5a85a 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <ruleset name="EngineWorks">
-    <description>The EngineWorks (PSR-2 based) coding standard.</description>
+    <description>The EngineWorks (PSR-12 based) coding standard.</description>
 
     <file>src</file>
     <file>tests</file>
@@ -18,7 +18,6 @@
     <rule ref="Generic.CodeAnalysis.UnnecessaryFinalModifier"/>
     <rule ref="Generic.CodeAnalysis.UselessOverridingMethod"/>
     <rule ref="Generic.Formatting.SpaceAfterNot"/>
-    <rule ref="Generic.Functions.CallTimePassByReference"/>
     <rule ref="Generic.NamingConventions.ConstructorName"/>
     <rule ref="Generic.PHP.DeprecatedFunctions"/>
     <rule ref="Squiz.PHP.DisallowSizeFunctionsInLoops"/>
diff --git a/src/Internal/BaseConverterSequence.php b/src/Internal/BaseConverterSequence.php
index ccb7238..67863ba 100644
--- a/src/Internal/BaseConverterSequence.php
+++ b/src/Internal/BaseConverterSequence.php
@@ -4,10 +4,11 @@
 
 namespace PhpCfdi\Credentials\Internal;
 
+use Stringable;
 use UnexpectedValueException;
 
 /** @internal  */
-class BaseConverterSequence implements \Stringable
+class BaseConverterSequence implements Stringable
 {
     private readonly string $sequence;
 
diff --git a/tests/Unit/SerialNumberTest.php b/tests/Unit/SerialNumberTest.php
index 1274831..3abb156 100644
--- a/tests/Unit/SerialNumberTest.php
+++ b/tests/Unit/SerialNumberTest.php
@@ -83,7 +83,7 @@ public function testSerialNumbersNotIssuedFromSat(
         string $hexadecimalInput,
         string $expectedDecimal,
         string $expectedBytes,
-        bool $expectedBytesArePrintable
+        bool $expectedBytesArePrintable,
     ): void {
         $serial = SerialNumber::createFromHexadecimal($hexadecimalInput);
         $this->assertSame($expectedDecimal, $serial->decimal());