SonarQube offers powerful static analysis for open source projects on sonarcloud.io that is is straight forward to set up with a GitHub workflow to run analysis on each PR.
I've used it in multiple open source projects with success. It's good at finding buffer overflow, null pointer dereference, race condition and other serious potential bugs without a deluge of false positives.
Something worth considering as an alternative to Coverity. I can set up a bstring organization on sonarcloud.io to get started if you like.
SonarQube offers powerful static analysis for open source projects on sonarcloud.io that is is straight forward to set up with a GitHub workflow to run analysis on each PR.
I've used it in multiple open source projects with success. It's good at finding buffer overflow, null pointer dereference, race condition and other serious potential bugs without a deluge of false positives.
Something worth considering as an alternative to Coverity. I can set up a bstring organization on sonarcloud.io to get started if you like.