Add spotbugs-annotations dependency https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
</dependency>
Add maven-dependency-plugin before jacoco-maven-plugin, it will copy the lombok artifact over your target/dependency folder.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<includeArtifactIds>lombok</includeArtifactIds>
</configuration>
</execution>
</executions>
</plugin>
Add lombok jar file to your Sonar libraries, add the following XML tag to the properties section of your pom.xml
<sonar.java.libraries>target/dependency/*.jar</sonar.java.libraries>
Create a new lombok.config file at the root of your backend project if you didn't have one already. Otherwise use the existing lombok.config and add the following properties.
# Suppress sonar findings
lombok.extern.findbugs.addSuppressFBWarnings = true
lombok.anyConstructor.addConstructorProperties = true
Next time you scan your application, the SonarQube report should not show lombok issues or code smells.