Both tools are important and meant for different purpose. Sonarcube for code quality and veracode for static, dynamic and third party code analysis which is specific to understand security flaws