C++ static analysis tools for CII badge
Are there any existing resources that demonstrate an automated static analysis of C++ code for CII badge requirements? I'm hoping for something like a specific set of clang-tidy checks that covers the CVSS v2 medium and high severity vulnerabilities.
I'm the current chair of the TAC for the recently formed Academy Software Foundation
We're hoping to assist our projects to achieve CII badges by providing examples of static analysis for C++ projects that can be incorporated in normal build processes, as well as our CI systems.