Hi,
I guess you’re using this plugin: https://github.com/stevespringett/dependency-check-sonar-plugin …? If so, you should probably direct your questions to that project.
That said, it sounds like you’re dealing with a Maven project(?) and running a Maven analysis(?). If so, your analysis will never look at sonar-project.properties. That’s not how Maven analysis works. Instead you should feed your extra properties in either on the command line or as properties in your pom (docs here).
Beyond that, it sounds rather fishy to me that you’re generating module reports and then moving them to a central location. I would expect them to be picked up in their default Maven locations in each module. But that really is a question to direct to the community for that plugin.
Ann