SonarQube commercial edition Queries

I’ve below regarding SonarQube commercial edition.

  • How does the scanner detect vulnerabilities in ERP modules or business-critical logic?
  • How often is the vulnerability ruleset updated?
  • Can it analyse third-party/open-source libraries for known vulnerabilities (SBOM, CVEs)?
  • How does it handle mobile code analysis for Android/iOS apps?
  • Does it scan for insecure data storage, network communication?
  • Can we export reports that map to compliance standards (e.g., ISO 27001, PCI-DSS)?
  • How are false positives handled or suppressed?
  • Is there role-based access to restrict who can view or resolve issues?
  • What support options are available (SLA, response times)?
  • Does it offer multi-tenancy if we have dev/test/prod environments?
    Please help me to understand capabilities in SonarQube Server. Thanks in Advance