@Deprecated Rule for 3rd Part JAR

Version:

  • SonarQube: 8.9.1 Developer

Description:
We are using hibernate-orm jar with version, 5.4.32 and hitting the @Deprecated rule. Upon checking our code, the 5.4.32 JAR isn’t mark its method, getEntity() as deprecated but sonar flag up the issue on our main branch scanning. Meanwhile, refer to public javadoc, PermissionCheckEntityInformation (Hibernate JavaDocs) (jboss.org), it stated the method is deprecated.

Question:
How Sonarqube decide which source to refer for checking on @deprecated rule?

Hey @SlackOng95,
We typically gather all this information from the analysis environment at parsing time (before the rule runs on the code) and we do not maintain a list of deprecated classes/methods.

So somehow, this information must be in your classpath. It could be that analysis parameters sonar.java.libraries or sonar.java.binaries are pointing to a location where the deprecated annotation is present.