Sonar Lombok issue

SonarQube
,
1

Hi,
I am facing issue with sonar. sonar doesn’t recogize lombok annotations like @Data/@RequiredArgsConstructor.
It is complaining

  1. Malicious code - may expose internal representation by incorporating reference to
    mutable object.
  2. Malicious code - may expose internal representation by returning reference to mutable object.

Can anyone suggest me what I need to do for resolution?

I tried by adding dependency like sonar.java.libraries &
in lombok.config:-
config.stopBubbling = true
lombok.addLombokGeneratedAnnotation = true

2

Hey there.

These sound like issues being raised by GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube rather than our built-in Java analyzer. You’ll need to hit up the maintainers of that plugin (or findbugs itself) for help.