False positive for Spring java:S4605 for multi-module projects. "component is not visible by @ComponentScan"

I have a multi-module maven project:


“app-shared” module has the following service:

package com.bdshadow.app.service;

public class MyService {}

“app-main” module has the following main class:

package com.bdshadow.app;

public class MyMain {
    public static void main(String[] args) {
        SpringApplication.run(MyMain.class, args);

SonarQube doesn’t like MyService and says that

SonarLint: ‘MyService’ is not reachable by @ComponentsScan or @SpringBootApplication. Either move it to a package configured in @ComponentsScan or update your @ComponentsScan configuration.

But it’s not correct. Moreover, the application runs fine

Hello @bdshadow

Indeed, the rule is not supporting correctly this multi-module situation.
I’m afraid this is a limitation of the analyzer: if it runs once per module, it doesn’t have access to the files of the other modules and will therefore miss the fact that this code is fine.

In fact, this is one of the reasons why this rule is not in the default quality profile, it is not well suited for all situations.

You should therefore consider disabling this rule.

Hope this clarifies the siutation.