Guillaume Toison

Please comment here or open a new issue if the problem persists but this is supposed to work

Thanks a lot for the contribution! I had a very quick look and it looks to me that you have found a bigger issue than expected. In the end better...

Or if we can flag the new bugs with priority low/experimental priority we can limit the potential for false positives to users who are happy with sorting out a long...

Good question! I think one way is to set the priority to low and then add a filter to exclude all low priority bugs, except for that one

Have you tried setting the [`sonar.findbugs.timeout`](https://github.com/spotbugs/sonar-findbugs?tab=readme-ov-file#configuration) to something higher than the default value? New bug detectors are frequently added and updated so it's possible that the analysis is taking longer

Can you please try to find out what code is running (or waiting) at the end? One way is to capture a thread dump of the java process. The stacktrace...

Thank you for the thread dump, so it looks like it was doing an injection taint analysis when the dump was captured. This is from the findsecbugs plugin, could you...

Sonar Way is the built-in SonarQube quality profile, it uses rules implemented by SonarSource, the makers of SonarQube. FindBugs is the old name of SpotBugs, it is a separate tools...

This should be fixed after upgrading to version 4.4.0 of the plugin

Hello @Moritz5432 I'm transferring this to the [SpotBugs](https://github.com/spotbugs/spotbugs) project because the underlying issue is flagged by SpotBugs. It looks to me like Kotlin's `List` means "an immutable list", but at...