CERT secure coding guidelines prioritize rules based on Severity, Likelihood and Remediation Cost
L1 rules are the ones with High severity, likely and inexpensive to repair.
For more details = https://wiki.sei.cmu.edu/confluence/display/perl/Risk+Assessment
CERT also provides priority information for Java,C, C++ rules:
SonarQube already has some coverage, if SonarQube can provide complete L1 rules coverage and mapping data for Java, C/ C++, it would be really great.