C++ static analysis tools for CII badge

Daniel Heckenberg


Are there any existing resources that demonstrate an automated static analysis of C++ code for CII badge requirements?  I'm hoping for something like a specific set of clang-tidy checks that covers the CVSS v2 medium and high severity vulnerabilities.  

I'm the current chair of the TAC for the recently formed Academy Software Foundation 
We're hoping to assist our projects to achieve CII badges by providing examples of static analysis for C++ projects that can be incorporated in normal build processes, as well as our CI systems.  


Join CII-badges@lists.coreinfrastructure.org to automatically receive all group messages.