For the performance point, I suggest that you open a new thread so we can exchange only on that. If you can provide an open source reproducer that would help.
For you topic about Detekt integration, I believe the best option you have today is to rely only on GitHub Actions and forget about AutoScan. You put everything into a single GitHub Action that:
- run Detekt and output a file compatible with
sonar.kotlin.detekt.reportPaths - you run SonarCloud (there is a tutorial about how to setup the SonarCloud part of your GitHub action once you click on “Analyze new project” in SonarCloud)