SonarQube Server: v2025.2 (105476)
SonarQube for IDE: 10.22.0.81244
When using the @NullMarked annotation from JSpecify, no issue is reported by SonarQube Server when I pass null as an argument using code similar to this:
import org.jspecify.annotations.NullMarked;
@NullMarked
class MyClass {
public void myMethod() {
myOtherMethod(null);
}
public void myOtherMethod(String s) {
// ...
}
}
But the above code does trigger an issue on rule S4449 in SonarQube for IDE, both when running standalone and when bound to the SonarQube Server project. This matches my expectation.
I have double-checked that S4449 is enabled in the Server config.
What could be the reason I’m seeing this difference in behaviour between SonarQube Server and SonarQube for IDE?
At a guess, this is about the information available in the IDE versus in full analysis. As a starting point, could you share your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
Hi, here’s the (cleaned) output from mvn sonar:sonar running a full analysis on SonarQube Server (where I don’t see any issues for S4449). Please let me know if it was something else you were looking for.
I tried the example that you provided and the issues was found both in the IDE and the SQ Server. Do you still experience the problem? If yes, could you please share your pom.xml? I assume you use IntellijJ IDEA, is this correct?
Knowing now that SonarQube Server can find the issue for @NullMarked, I spent some time trying to come up with a better reproducer. It’s cumbersome for me to run against the server because of how my environment is set up, but after a lot of trial and error I came up with the one below. For this one, my SQ Server doesn’t find any issues. But, oddly, if I change log.info to System.out.println that triggers S4449. The logging isn’t the whole story, though, because the code that originally prompted my post (which I can’t share) looks different. But this was the smallest example of a FN I could find.
Let me know if you still need the POM. And, yes, I use IntelliJ IDEA.
import lombok.extern.slf4j.Slf4j;
import org.jspecify.annotations.NullMarked;
@Slf4j
@NullMarked
class MyClass {
public void myMethod() {
var result = myOtherMethod(null);
log.info(result);
}
String myOtherMethod(String s) {
return s;
}
}
Thank you for the new example! I was able to reproduce the FN and created a ticket for it (SONARJAVA-5565). I did not notice any difference between SonarQube for IDE and SonarQube Server.