Hi
CERT secure coding guidelines prioritize rules based on Severity, Likelihood and Remediation Cost
L1 rules are the ones with High severity, likely and inexpensive to repair.
For more details = https://wiki.sei.cmu.edu/confluence/display/perl/Risk+Assessment
CERT also provides priority information for Java,C, C++ rules:
https://wiki.sei.cmu.edu/confluence/display/java/Rule+or+Rec.+EE.+Risk+Assessments
https://wiki.sei.cmu.edu/confluence/display/c/GG.+Risk+Assessments
https://wiki.sei.cmu.edu/confluence/display/cplusplus/EE.+Risk+Assessments
SonarQube already has some coverage, if SonarQube can provide complete L1 rules coverage and mapping data for Java, C/ C++, it would be really great.
Thank you,
Vinod