Hello Andreas,
It's indeed a False Positives... Which is a bit tricky, as it indeed disappear when adding a dependency over JSR-305.
The reason of this issues disappearance comes from the fact that if you look at the definition of
org.springframework.lang.Nullable, the annotation itself uses the
@Nonnull annotation from the JSR as meta-annotation to describe its behavior.
SonarJava should be able to (and actually, is able to) handle meta-annotations, as long as the bytecode is fully provided. In this case, it means that you would need to provide bytecode of the JSR-305 in order to allow our semantic engine to fully resolve the meta-annotations, and consequently understand that the @Nullable annotation from eclipse is equivalent to the @Nonnull(when = When.MAYBE) from JSR-305.
Now, I agree with you, you should not need to explicitly add JSR-305 to make these issues disappear, even if they are using the adequate annotation as meta-annotations. I consequently created the following ticket to handle it:
SONARJAVA-2785
Cheers,
Michael