Annotate this member with "@Autowired", "@Resource", "@Inject", or "@Value", or remove it


There was an upgrade to springboot 3.x from 2.7.x. There wasn’t any issue before but after upgrade we received more than 250 critical vulnerability about the same issue. “Annotate this member with “Autowired”, “Resource”, “Inject”, or “Value”, or remove it.” Resource import is changed to jakarta.* package in springboot 3.x. However Sonar says to import javax.annotation.Resource. I guess it should be false positive, right ? Please let me know if it is false positive because of that reason and how can we solve or suppress it ?

Sonar version is: 10.1
Best regards,

Hey there.

Describing code instead of pasting a code sample makes it difficult for us to reproduce or see where the issue is. Can you post some sample code that reproduces what you’re talking about?