C++ static analysis tools for CII badge

Daniel Heckenberg
 

Hello!

Are there any existing resources that demonstrate an automated static analysis of C++ code for CII badge requirements?  I'm hoping for something like a specific set of clang-tidy checks that covers the CVSS v2 medium and high severity vulnerabilities.  

Background:
I'm the current chair of the TAC for the recently formed Academy Software Foundation 
https://www.aswf.io/  
We're hoping to assist our projects to achieve CII badges by providing examples of static analysis for C++ projects that can be incorporated in normal build processes, as well as our CI systems.  

Thanks!
Daniel

Join CII-badges@lists.coreinfrastructure.org to automatically receive all group messages.