I am facing issue with sonar. sonar doesn’t recogize lombok annotations like @Data/@RequiredArgsConstructor.
It is complaining
- Malicious code - may expose internal representation by incorporating reference to
- Malicious code - may expose internal representation by returning reference to mutable object.
Can anyone suggest me what I need to do for resolution?
I tried by adding dependency like sonar.java.libraries &
config.stopBubbling = true
lombok.addLombokGeneratedAnnotation = true
These sound like issues being raised by GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube rather than our built-in Java analyzer. You’ll need to hit up the maintainers of that plugin (or findbugs itself) for help.