Hello @nolimal!! Apologies for the delayed in response here and thanks for asking this question!
I am not familiar with Checkmarx / SonarQube - are these static code scanners? A quick search suggests as much.
In any case, I believe the nature of the R language makes it very challenging to static analyze. Moreover, I am not aware of any tools that purport to do so. One way you could get started is probably with the lintr package or something like it that makes suggestions on readability. You can also statically analyze the other languages that R calls out to: C++ and whatnot.
I'm definitely curious to hear what other users come up with, as I have seen this type of request before. However, I believe it is someone infrequent in the R community due to the nature of the language's use within data science.