Hi,
I noticed that there is no option to configure the JDK version for the Kotlin plugin (like sonar.java.jdkHome) and this causes false positives in kotlin:S1874.
I’ve created a simple example to demonstrate this: GitHub - felipebz/sonar-kotlin-bug-2
This project has a Java and a Kotlin class, both invoking System.getSecurityManager() which was deprecated in Java 17.
You can see in the GitHub Actions workflow that this project is built with JDK 11 but analyzed with JDK 17 (because of the new requirement from SonarCloud/SonarQube 10.4).
Since this code is meant for JDK 11 and the method is not deprecated in that version, it shouldn’t raise any issues. In the SonarCloud dashboard, the Java file shows no issues as expected, but the Kotlin file reports a “Deprecated code should not be used” issue.
(note: I saw that a related issue was discussed here, but I decided to create a new topic with a simpler example)