This plugin is deprecated since SonarQube 4.2, and is incompatible with SonarQube versions greater than 4.5.
This plugin allows you to define and monitor a set of rules. The issues against these rules are reported in a dedicated widget. The plugin is called the Security Rules Plugin because it embeds a list of security-related Java rules as the default set of rules, but this plugin will work with rules from any language. You can even use it with multiple languages at once, by configuring it with a mixed list of rules.
The set of rules can be redefined by going to Settings > General Settings > Security rules. The format is
Run a new quality analysis and the metrics will be fed.
The plugin allows you to quickly identify files that are impacted by a security break, but when in the file, there is no mechanism to highlight the security issues.