In my opinion sonarqube itself is missing an important rule which currently is only covered by findbugs contrib rules: (which would prevent a migration to sonarcloud in our case)
In Spring methods that are annotated with a @Transactional annotation but fail to describe whether to rollback the transaction or not based on this thrown exception. Use ‘rollbackFor’ or ‘noRollbackFor’ attributes of the Transactional annotation to document this.
Most people do not know that by default there is no transaction rollback for checked exceptions! I guess this could even be classified as security related.
Additional you can do consistency checks that the classes mentioned in rollbackFor and noRollbackFor are still part of the method signature.
Kind regards,
Michael