Hello,
I am doing a work at the university on your tool and I would like to know how SonarQube detects bugs. I know the definition, but how are the rules designed to detect both bugs and vulnerabilities?
How is the evidence tracked?
I hope you can answer me, thank you.