Scope of Code Scanning tool

Hi Team,

Kindly help me understand the scope of this product and the extend at which it meets our requirement.

We are looking for a solution for scanning our cloud hosted application - Creatio and it is not integrated with any devops for code collaboration. All the changes are directly updated to the cloud. In this case, can we copy specific schema files in a folder and can the SonarQube on it to capture the vulnerabilities, code quality and Security threat?

Can we be able to capture security vulnerabilities like virus or any malicious content?

Appreciate your reply at the earliest for a better understanding and decision making.