I’m getting https://sonar-emea.1dc.com/coding_rules#rule_key=squid%3AS4423 in my project. The value for protocol I’m using is TLS, so I guess the problem is that SonarQube thinks I’m using old version of Java (“The recommended value is “TLS” or “DTLS” as it will always use the latest version of the protocol. However an issue will be raised if the bytecode was compiled with JDK7 or an even older.”). In the pom.xml, I have a property <java.version>11</java.version>. The version of SonarQube I’m using is 6.7 (build 33306).
How SonarQube determines on what version of JDK was source compiled?
Your compile version is determined by reading the value of sonar.java.source provided in the analysis parameters (docs). Since you’re (presumably) using the SonarScanner for Maven then that’s presumably being picked up from your pom.
Could you provide the code snippet that you’re seeing this on?