We are using sonarqube and we love the way it works. we are trying to extend sonarqube to enhance in security aspects also. I tried to find some security plugins for sonarqube 6.x to detect vulnerabilities for Java language. But I couldn't find any plugins. I wonder, if there is any plugins for finding vulnerabilities in sonarqube. So
The SonarQube 7.2 Developer Edition($) (E.T.A. early June 2018) will include a security rules to detect SQL injection vulnerabilities.