Guillaume Toison

@JuditKnoll I think that this PR got stuck in limbo when Kengo retired from the project, would you have time to review it? It should reduce the false positives

It seems to me that this was fixed by https://github.com/find-sec-bugs/find-sec-bugs/pull/680

This should be fixed in version 4.2.3 (just released) Note that the fix needs the SonarQube version to be >= 9.8

Hello, I never got an answer from OP so I'm not sure what might be the problem Not many people seem to be using the filters when using SpotBugs inside...

One way to suppress issues is to mark them as false positive in the web UI, or to completely disable the rules if it's creating too much noise. Can you...

Thanks for the details, I'm wondering if the issue might be that `SPRING_CSRF_PROTECTION_DISABLED` is from the findsec-bugs plugin, do you also have exclusion for bugs from the built-in SpotBugs rules?

Hum I don't think the issue is with Findsecbugs itself, I didn't know you also had an include file and now I wonder how it interacts with the exclude. I'll...

I made a minimal example to check that the exclude filter works as intended. The include file is not used from what I can see. Enabling the filter does work...

I'm closing that one since it seems to work as expected Please do not hesitate to open a new issue if the problem persists

Is the "Security Hotspot" you're referring to looking like this?  The "Security Hotspot" category is populated by Sonar's native analysis, this particular one is [RSPEC-4502](https://rules.sonarsource.com/java/RSPEC-4502) So even if SpotBugs...