Hello @mcoder,
I moved your question out the main Log4J thread so it’s simpler to answer you.
I’ve just posted an answer here with details of what SonarQube can do to help.
Alex