How are bugs and vulnerabilities detected?

Hello,
I am doing a work at the university on your tool and I would like to know how SonarQube detects bugs. I know the definition, but how are the rules designed to detect both bugs and vulnerabilities?

How is the evidence tracked?

I hope you can answer me, thank you.

Hey there.

Heaps of our analyzers are open-source (like SonarSource/sonar-java). That might be a good start.