We are using in our project the Lombok library and we are building our projects using maven.
SonarQube displays an issue on every private field that is annotated with Lombok annotations. The issue comes from the rule “Unused “private” fields should be removed”.
We would like to get rid of this issues but still keep the rule for the private fields that are not annotated with Lombok.
In the end, are the fields reported really unused? Or are they used one way or another thanks to Lombok?
We already have a mechanism to not report unused private fields when the class is annotated with a given list of Lombok annotations (AllArgsConstructor, RequiredArgsConstructor, …), did we miss a use-case?
Could you provide us a code sample raising the issue that you consider as false positive?
The projects are based on maven - we call the Sonarqube step from our Jenkins pipeline
You will need the logs from the SonarQube Scanner?
I i have attached the steps from Jenkins. jenkins_sonarqube_step.zip (3.2 KB)
This line from the logs is the clue you are looking for:
17:17:58 WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.
To solve this problem (and avoid others), you should definitely consider using the scanner for maven that I linked in my previous post.
If not possible, you should make sure the project is correctly configured, by setting sonar.java.libraries property.
sonar.java.libraries: Comma-separated paths to files with third-party libraries (JAR or Zip files) used by your project.
