We would like to get rid of the Findbugs plugin and replace the FB rules we currently have activated by SonarJava rules.
Is there something like a list which contains information about which SonarJava rule is identical ro/does replace which Findbug rule? Or maybe if there is no such list: are there other possibilities to do this replacement in an easy way?
Same applies to PMD and Checkstyle, but there we have less rules activated so it will anyhow be less work to find the possible replacement rules.
We used to maintain lists like this, but that got dropped quite a while ago.
I think the easiest thing to do here is to run both, side-by-side, and then see which issues FindBugs (and PMD…) raises that aren’t also raised by SonarQube. Then we can investigate whether it’s a rule that’s not on by default in SonarQube, or one we may want to work on adding.
I don’t know why archive.org is rate-limiting me at the moment (maybe it’s the network I’m on), but maybe you can find some useful (but very outdated) info here: Wayback Machine