Sonar Qube supports the OWASP Dependency Check plugin, but Sonar Cloud does not.
SonarCloud does not support third-party plugins (and for support matters, neither does SonarSource, just to be clear). However, if reporting on dependencies with known vulnerabilities is a feature you would like to see baked into SonarQube/SonarCloud, I suggest raising the matter with that angle. 
2 Likes
As @Colin suggested, I created feature request for this: Support Dependency Checks for Known Vulnerabilities