Hello,
I confirm https://rules.sonarsource.com/java/tag/cwe is the list of the Java rules covering a CWE item.
You may think it’s not a lot whereas we believe we cover the most critical CWEs that can be detected by a SAST engine and that could really hurt.
If you are interested about checking your code to find security problems, I suggest you to look at the list of Security Hotspot and Vulnerability rules provided by the Java analyzer.
With these rules and SonarQube 8.4+, you will get a coverage of the OWASP Top 10 and 2019 CWE Top 25 standards.
Can you share what you mentioned as your “list of CWE-Issues”?
Thanks
Alex