Brakeman is “a static analysis security vulnerability scanner for Ruby on Rails applications.” It has the ability to produce a JSON-formatted report not unlike Rubocop and would be a welcome addition to SonarQube’s Ruby capabilities.
See https://brakemanscanner.org/ and https://github.com/presidentbeef/brakeman for brakeman details.