what are you trying to achieve - scan the image cleanly with twistlock (or any other CVE ‘finder’)
The latest version of Sonar Scanner is affected by CVE-2021-43616 which is a critical vulnerability in npm that is fixed in versions 8.10.0-r0 and higher
I couldn’t find a specific reference to an npm version, but I did see node 10 referenced in the Dockerfile.