The Salesforce Code Analyzer plug-in is a unified tool for static analysis of source code, in multiple languages (including Apex), with a consistent command-line interface and report output. We currently support the PMD rule engine and ESLint. We may add support for more rule engines in the future.
The Salesforce Code Analyzer Plug-in creates "Rule Violations" when the it identifies issues. Developers use this information as feedback to fix their code.
You can integrate this plug-in into your CI/CD solution to enforce the rules and expect high-quality code.
All the official documentation on the Salesforce Code Analyzer plug-in is hosted on GitHub Pages. These documents include instructions on how to install the plug-in, the command reference, writing and managing custom rules and an overview of the architecture of the plug-in.
https://forcedotcom.github.io/sfdx-scanner/
Instructions here.
=======
Here is the information on How to Install the plugin
Please check out the Salesforce Code Analyzer Plug-In Command Reference for usage and demo of the plugin.