Version:

• SonarQube: 8.9.1 Developer

Description:
We are using hibernate-orm jar with version, 5.4.32 and hitting the @Deprecated rule. Upon checking our code, the 5.4.32 JAR isn’t mark its method, getEntity() as deprecated but sonar flag up the issue on our main branch scanning. Meanwhile, refer to public javadoc, PermissionCheckEntityInformation (Hibernate JavaDocs) (jboss.org), it stated the method is deprecated.

Question:
How Sonarqube decide which source to refer for checking on @deprecated rule?

PermissionCheckEntityInformation-5.4.321120×484 84.6 KB

Hey @SlackOng95,
We typically gather all this information from the analysis environment at parsing time (before the rule runs on the code) and we do not maintain a list of deprecated classes/methods.

So somehow, this information must be in your classpath. It could be that analysis parameters sonar.java.libraries or sonar.java.binaries are pointing to a location where the deprecated annotation is present.