Only some performance bottlenecks can be detected by bad coding practives, but only real profiling tools can quite easily detect new memory or CPU perfs problems between releases and dev commits.
Most profiling tools (jprofiler for example) can export results of profiling session. Very interesting metrics could be extracted from such reports and reported into the sonar interface.
Profiling session on a reference test project for the project to analyse could be launched from command line via a maven plugin, and results then collected by sonar as a first integration. This would be a first step for a POC, as well as choosing a good profiling tool, that exports data in an easily usable format