Fortify essentially classifies the code quality issues in terms of its security impact on the solution. While SonarQube is more of a Static code analysis tool which also gives you like “code smells,” though SonarQube also lists out the vulnerabilities as part of its analysis.
