Sonar Qube Tutorial
There are some chance that the FindBugs plugin have already includes FindSecurityBugs rules. Make sure you are using the latest version.
By default, the profile is defined to Sonar way. Select one of the two security profiles FindBugs Security Audit or FindBugs Security Minimal.
The issues found by FindSecurityBugs will presented in the same as Sonar rules.
mvn sonar:sonar
If you are building a custom profiles, you can find all the security rules by selecting the repository Find Security Bugs.
Misc configurations