Description of the false positive

This flags every single use of MD5 as a cryptography problem.
MD5 exists for a reason an it's entirely inappropriate to flag any and every usage of it as a cryptographic usage
It is intended to be a lighter weight, simpler algorithm. Using it at all should not be a flag. there are plenty of legitimate use cases that have nothing to do with security

Code samples or links to source code

for example:

Here, we are just using checksum to see if the doc has been modified, not using it for encryption

//computeChecksum will use MD5
String docCheckSum = computeChecksum(text);
if (docCheckSum != previousCheckSum){
docchanged=1;
}

public static String computeChecksum(String s)
{
	if (md == null)
	{
		try
		{
			//This line gets flagged
                       md = MessageDigest.getInstance("MD5");
		}
		catch (NoSuchAlgorithmException e)
		{
			if(log.isDebugEnabled()) e.printStackTrace();
			throw new IllegalStateException(e + " String for MD5: " + s);
		}
	}
	byte[] bytes = s.getBytes();
	return hashData(bytes);
}