lately we ran into a strange issue with rule java:S1874 (“@Deprecated” code should not be used).
The method in use (in our case: java.net.URL(String)) is deprecated in Java 21, but not in Java 17. The variable sonar.java.version is (correctly) set to “17”, since it is a Java 17 project.
If I run the maven scanner by maven (mvn sonar:sonar) on a Java 17 machine, everything is fine in SonarQube. But if I run it on a Java 21 machine, the same SonarQube instance tells me to remove the deprecated rule, even when it is not deprecated in the projects specified java Version.
It seems, the list of deprecated methods in use is based on the java version the sonar scanner is running on, but not on the specified project version.
Is there a way to change this behavior? Am I missing some configuration details?
Rules like S1874 rely on knowing the project’s specific JDK, rather than a list of deprecated methods.
You can adjust what flavor of Java is “fed” to the scanner by adjusting sonar.java.jdkHome, meanwhile using whatever supported flavor of Java you want to run the scan.