Hi @jvasallo - welcome to the community.
I don’t know what the source of the difficulty is. The Security Code Scan analyzers are Roslyn-based analyzers, so if you have configured your projects to reference its NuGet package then the analyzers will be executed during the build and the results automatically imported to SonarQube/Cloud as external issues.
See this post for more info and the docs for more information.