After changes if SonarQube still detect a vulnerability it’s because SonarJava faces an issue related to classpath conflict and this problem will be addressed in the upcoming releases of SonarJava, in the meantime you can mark issues as false positives (“resolve as false positive”).
Thank you for you response.
But I don’t know how to mark issues as false positive. I don’t see “resolve as false positive”.
How do you do that?
do you know which permissions you have in SonarQube ?
As mentioned in our documentation, marking an issue as False Positive “requires Administer Issues permission on the project”.