Reason why findsecbugs report the vulnerabilities in the code segment of the imported library

Question

As shown in the picture below, line 18 shows that a hard-coded vulnerability was scanned.

But it does not report the issue when I import this flagged module i