- SonarQube 9.2.2
- sonar-maven-plugin 3.9.1
I recently changed our build process so that maven runs under JDK 19. This has caused some false positive issues to appear on SonarQube. The false positives relate to API changes that were made in JDK 19, even though the projects that I am analysing are using older Java versions.
For example, I have a project which is using Java 8. The compiler plugin in the pom is set to use 8 for source and target, and there’s a maven toolchains declaration that specifies a Java 8 JDK to use when compiling and running. However, when running sonar-maven-plugin under JDK 19, I get an issue ‘Remove this use of “getId”; it is deprecated.’ on some code which calls java.lang.Thread.getId().
Thread.getId() is indeed deprecated in JDK 19, but this obviously shouldn’t be getting reported for a Java 8 project.
It appears that SonarQube is correctly treating the code as Java 8 source, but it’s ignoring the toolchains declaration and looking at the JDK that Maven is running on instead.
Is there any way to fix this? Perhaps there’s a property I can set which points to the JDK I want it to use? Note that running maven under an older JDK is not a convenient solution.