hello,
regarding documentation sonar-java/CUSTOM_RULES_101.md at master · SonarSource/sonar-java · GitHub
and explained in topic Unable to use JUtils in Java custom urles - #7 by HAYOUNGCHOI
we can’t add external maven dependency.
Another solution is to reimplement or copy-paste the external library code in the custom plugin 
But, for example, I want to use the class “com.google.re2j.Pattern” instead of “java.util.regex.Pattern” because of a security error raised in our SonarCloud instance ( error “Make sure the regex used here, which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service.” when “java.util.regex.Pattern.compile(…)”).
I can’t copy-paste the “com.google.re2j.Pattern.compile(…)” code because it’s too big and usgin a lot of internal classes.
I want to add “com.google.re2j:re2j” maven dependency to use it at runtime but if done it, I have a ClassNotFoundError when SonarQube started. Thus, SonarQube start crashes and it stops.
How can I resolve this point ?
SonarQube version : 9.9
thank you a lot.