We are using currently
SonarQube Server 184.108.40.206237
Java Sonar Plugin 6.3 (build 21585)
Some of our developer complain, that there are false-positives with the rule java:S107 in some cases:
Using JAX-RS API interface classes. As there are some API endpoints which need more than 7 url params, these methods annotated with “javax.ws.rs.GET” raise a Sonar issue although they cannot be changed
Using Spring Bean constructor injection with @Autowired, which in some cases causes constructors with many parameters, which should not raise an issue.
Using CDI constructor injection with @Inject. Same as above
I’d suggest to add the following annotations to the white list of the rule:
And I think it would be great to change the rule so that a sonar admin can add Annotation FQN’s to the white listet annotations.