SonarQube in pictures

SonarQube even in Community Editon flavor is a Swiss army knify tool to help you with security and maintainability of your code regardless if it’s Spring Boot or Angular or something other.

Analyzing Angular project you should be prepared not only for TypeScript validation, but also for CSS.

TypeScript is a first class citizen in SonarQube.

Bugs and vulnerabilities should be squashed.

Unused imports althought minor but are still the case.

FindBugs hint is that your own exception classes are easier to analyse than generic ones.

Traditionall Java EE code might get hit by mvn sonar:sonar.

When you care about code security you should look first into OWASP results.

Some hardcoded patterns might not be still secure over the years (vide: SSL, TLS, TLSv1.3).