FindBugs is an open source program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License, and was developed (and its brand is trademarked by) the University of Maryland.
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token …
Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well.
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service