• versions used (SonarQube, Scanner, language analyzer)
  SonarQube Version: 8.9.2.46101

The detection of “Synchronization should not be done on instances of value-based classes” in wrong. Following code, pool.intern(applyOid.toString()) is an object of a new thread-safe interner, it’s not value-based classes.

import com.google.common.collect.Interners;
// ...ignore codes
private Interner<String> pool = Interners.newStrongInterner();
// ...ignore codes
public CustomResult<DataSetDTO> saveDatasetToDraft(@PathVariable("applyOid") GUID applyOid, @RequestBody DataSetDTO data) {
	// report java:S1860, Synchronize on a new "Object" instead.
    synchronized (pool.intern(applyOid.toString())) {
        DataSetDTO result = dataSetApplyService.save(data, getOperator());
        return CustomResult.result(true, result);
    }
}