Besides the usual issues, sonar also reports a number of SQL statements that use string concatenation.  These should be changed to parameterized statements.

Regarding the use of Random, if the random numbers are not used for security purposes, then these report items can be commented out via "// NOSONAR".  However, if any of them are used for security purposes, then a secure generator should be used instead, rather than commenting out the sonar report.