Based on this post from a year ago SonarQube supports Salesforce LWC Salesforce language support (Visual Force, Aura, and LWC)
I do not see a ruleset for LWC specifically on this list JavaScript static code analysis | Vulnerability
Is it safe to assume that the Javascript rules set is the complete set of rules and that there are no LWc specific optinoinated rules?
Hey there.
Yes – SonarQube supports scanning Javascript within these components but has no rules specifically targeted at them (and there are a handful of rules where we’ve adjusted the implementation to not raise false-positives)