Thanks for the informative replies, Daniel and Kevin.
I'd also seen the current outage with coverity -- hopefully that is resolved soon.
lgtm looks appealing and may be suitable for our projects.
A very specific CII badge aspect is that detection and timely remedy of CVSS v2 medium and high severity issues is required. coverity seems to have a report generator which performs this, but I haven't seen any direct or automatic way to map other C/C++ analysis tool outputs to CVSS scores. How is this usually done?