Code scanning on GitHub

Hi!

I'm sorry, if this topic was already discussed.

GitHub offers multiple static analysis tools on
https://github.com/llvm/llvm-project/security/code-scanning, but looks
like none of them is enabled for LLVM builds. I think it'll be a good
idea to try relevant ones (C/C++, Python).

I was surprised to not find Clang Static Analyzer and Clang-tidy anong
other tools. Obviously, our own tools should be used on our code base
as regular tests for tools and improvement of LLVM code base as well
as offered for other projects to increase tools visibility and
relevance.

Eugene.

We run Clang Static Analyzer on LLVM and publish the results: llvm-toolchain-snapshot-15~++20220213111129+446e7c64c7aa - scan-build results

More details: Recent improvements on apt.llvm.org

We also have coverity scanning here: Coverity Scan - Static Analysis - I think you need to ask @sylvestre to grant read permission to see the reports

It’s also been suggested we add PVS-Studio reports, but its not been clear who would qualify for an open source registration for it. Bugs detected by PVS-Studio (LLVM 13.0.0) · Issue #51462 · llvm/llvm-project · GitHub