Make sure to read this post before raising a thread here:
Dear all,
I found a false positive regarding the languaje java, the rules about Spring scanning java: s4605. XXXX is not reachable by @ComponentScan or @SpringBootApplication. Either move it to a package configured in @ComponentScan or update your @ComponentScan configuration.
I have searched in the forum for post about this rule and despite being similar, I believe none of them match with my problem. The components that are not detected are in a subfolder. The project is not multimodule and the issue is detected in SonarQube (so, it is not IDE related)
I am using SonarQube Community Build 26.1 and maven 5.5.0.
The code of the main class is the following:
package a.b.c.d;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.amqp.RabbitAutoConfiguration;
import org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration;
import org.springframework.boot.autoconfigure.integration.IntegrationAutoConfiguration;
import org.springframework.boot.autoconfigure.liquibase.LiquibaseAutoConfiguration;
import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
import org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.FilterType;
import org.springframework.retry.annotation.EnableRetry;
@SpringBootApplication(
exclude = {
SpringDataWebAutoConfiguration.class,
LiquibaseAutoConfiguration.class,
HibernateJpaAutoConfiguration.class,
RabbitAutoConfiguration.class,
IntegrationAutoConfiguration.class,
QuartzAutoConfiguration.class })
@ComponentScan(
excludeFilters = {
@ComponentScan.Filter(type = FilterType.REGEX, pattern = "a.b.c.d.integration.f.*”),
//OTHER FILTERS })
@EnableRetry
public class MyApplication { public static void main(String[] args) { SpringApplication.run(MyApplication.class, args);
} }
The code structure is:
MyApplication Project > src > main/java/a/b/c/d/folder1 and inside this folder the class XXX.java and a folder impl>XXImpl.java. The SonarQube issue is arisen in the implementation of the class.
package a.b.c.d.folder1.impl;
import org.springframework.stereotype.Component;
@Deprecated
@Component
@RequiredArgsConstructor
public class XXXImpl implements XXX {
'XXXImpl' is not reachable by @ComponentScan or @SpringBootApplication. Either move it to a package configured in @ComponentScan or update your @ComponentScan configuration.
Is this then a false positive? We have like 400 evidences in the project. I must remark that those clases that rise evidences are not in the exclusion filters.
I can share the specific files in private if it is necessary.
Best regards and thank you.