Hi,
Posted a few years back about https://community.sonarsource.com/t/interesting-suite-of-plugins-for-componet-analysis-java/13291 .
One problem with moving to Sonarcloud is that use cases related to SCA is not covered. but is supported in standalone by plugins.
Many people do need to track vulnerabilities, outdated dependencies and open source license compliance.
Best regards