In the quality profile, activate some rules from FindBugs and run a Sonar analysis on your project.
FindBugs requires the compiled classes to run.
Make sure that you compile your source code with debug information on (to get the line numbers in the Java bytecode). It is usually turned on by default (except for compilation with Ant). Otherwise the violations raised by FindBugs will be displayed at the beginning of the file as the line numbers will be missing.