Hi, I am currently working on updating my SonarQube server. I was using SonarQube 7.8, and the maven 3.9 plugin. The vulnerability found was S2755 which corresponds to an XXE vulnerability. [image] (SONARQUBE 7.8) I scanned my code with my new serv SonarQube 9.4 and the vulnerability is no mo…

Sorry for that, I changed my version of SonarQube7.4 to 8.9 LTS. The quality profile used was Java [image] I created another profile to activate rules that were deactivated in SonarWay; [image] [image] [image] I re-ran an analysis and now it’s working well, the flag is raised. Thank you …

[JAVA] False Negative S2755

Clean Code Report False-positive / False-negative...

Colin (Colin) April 25, 2022, 2:16pm 2

Hey there.

Please make sure to read this post:

Specifically, we are missing a reproducible code/project sample (that is not a screenshot).

1 Like