Hello
Welcome to the community and thanks for the clear description of your problem.
By looking at this file, it seems that we are supporting StringUtils since already a few years.
I tried with a simple maven project (with SonarScanner for Maven), and StringUtils.isNotBlank is correctly handled.
Then I tried to analyze the same project directly with SonarScanner, without correctly setting up any properties. In this case, the FP appears.
I expect you will find the message:
WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.
in the logs, I believe “less precise results” describes well the problem you face here.
All in all, you should consider using SonarScanner for Maven. If not possible (for any reason), you should make sure the project is correctly configured.
Feel free to come back with more details (how you run the analysis, logs, properties), if you still face the issue.
Hope this helps,
Quentin