Getting a lot of false positives for Java S3749

Versions: SonarQube 7.9.1 build 27448 (Community Edition - we also have paid editions in house), Code Analyzer for Java 6.3.2 build 22818
I have verified the release notes of newer versions of Code Analyzer for Java and they don’t address this issue as far as I can tell.

I have classes that use Spring Framework annotations and get a lot of false positives around rule S3749:

@org.springframework.stereotype.Service("ClassName")
public class ClassName {
	
	@Autowired
	private SomeOtherClass memberName;
        
        // ^ Annotate this member with "@Autowired", "@Resource", "@Inject", or "@Value", or remove it.See Rule
	
	@Autowired
	private SomeOtherOtherClass anotherMember;
        // ^ Annotate this member with "@Autowired", "@Resource", "@Inject", or "@Value", or remove it.See Rule

// and the list goes on and on

I can provide additional details to support team.

Hello @AndreiRinea,

Sorry for the delay in answering you.

I can not reproduce the issue on my side on the LTS, and neither on the latest SQ 8.X release.
To me, it seems that the @Autowired annotation is not recognized. Can you share a bit more about your problem?

  • What’s the fully qualified name of the @Autowired annotation?
  • How are you scanning your project?
  • Are you sure the library containing the Autowired annotation is provided to the analysis?

Regards,
Michael