Sonarcloud dependency cve and license report

Hello, my repository is hosted on Bitbucket git repository and sonarscan is run by a bitbucket pipeline.
My sources are mainly javascript / typescript with dependecies installed with npm.

I’m using SonarCloud service.

What is not really clear to me is if SonarCloud supports dependencies vulnerability check and dependencies license check.

Is there any docs on that?

Hey there.

SonarCloud does not perform Software Component Analysis (SCA)