- versions used
** SonarQube Developer Edition 7.4
** latest maven Scanner
** SonarJava 5.8)
Screenshot as sample:
Hi,
Given that the field password is in an annotation, then the value passed to it is necessarily a constant and so in your case this is not a false positive : you do have an hardcoded password in your application that can easily be figured out by looking at your compiled classes.