SQL Injection vulnerabilities cannot be detected with SonarQube’s Community Build – those capabilities are available in SonarQube Server Developer Edition+, or all tiers of SonarQube Cloud.
I wanted to test this out in SonarQube Cloud, but it looks like the sample project you attached doesn’t contain the code you shared a screenshot of.