Analysis using wrong JDK API version

• SonarQube 9.2.2
• sonar-maven-plugin 3.9.1

Hi,

I recently changed our build process so that maven runs under JDK 19. This has caused some false positive issues to appear on SonarQube. The false positives relate to API changes that were made in JDK 19, even though the projects that I am analysing are using older Java versions.

For example, I have a project which is using Java 8. The compiler plugin in the pom is set to use 8 for source and target, and there’s a maven toolchains declaration that specifies a Java 8 JDK to use when compiling and running. However, when running sonar-maven-plugin under JDK 19, I get an issue ‘Remove this use of “getId”; it is deprecated.’ on some code which calls java.lang.Thread.getId().

Thread.getId() is indeed deprecated in JDK 19, but this obviously shouldn’t be getting reported for a Java 8 project.

It appears that SonarQube is correctly treating the code as Java 8 source, but it’s ignoring the toolchains declaration and looking at the JDK that Maven is running on instead.

Is there any way to fix this? Perhaps there’s a property I can set which points to the JDK I want it to use? Note that running maven under an older JDK is not a convenient solution.

Thanks

Hi,

Welcome to the community!

Can you upgrade your server to the latest: 9.8, and downgrade Java to 17 and see if this is replicable?

 
Thx,
Ann

Hi Ann,

Thanks for responding.

I will need to find some time to upgrade the server - I won’t be able to do that very soon but I will certainly check this again once I do.

I was using Java 18 previously (and 17 before that) and the issue did not occur then. It started when I moved to 19. However, I suspect that is because there were no API changes in those versions that would have triggered an issue.

When I get time I will test running on JDK 17 and analyse some JDK 8 code that calls an API that’s deprecated in 17 to see if I see the same issue.

Thanks

Stu