I got Blocker and Code Smell alert on jaxb2 generated class,
To get a object copy of jaxb2 class i used “-Xcopyable” parameter while generating the class instead of marshalling and unmarshalling the xml copy.
As it is a jaxb2 generated class what is the effective way of doing it to overcome this blocker alert?
I think you shouldn’t scan generated code. I understand that sometimes it is good to know if generated classes does not contain any security threats, but in your case you have POJO classes, so I would recommend to just remove them from the analysis scope.