Setup static analysis in CI

[evelikov]

While the project has been around for decades, it would be great to run some static analsys tools on both existing code and new changes.

Focus here is CI for incoming changes. If a specific tool does not support git diff range, or filtering of files, a general sweep might be needed prior to adding to the CI.

Some tools off the top of my head:

• github codeql - action
• pvs-studio - github action article with free license for open source projects.
• coverity - official github action... there is a dated kmod setup pulling from kernel.org
• cppcheck - dozens of github actions
• cpplint - cannot find any github actions
• clang-tidy - dozens of github actions
• clang-analyse
• gcc analyze

[evelikov]

CodeQL PR https://github.com/kmod-project/kmod/pull/132

[evelikov]

PVS prep https://github.com/kmod-project/kmod/pull/133 - we need to add link in README before they grant us free license. Fair deal IMHO.

[evelikov]

@lucasdemarchi just sent out *a request to add me as (co)maintainer on https://scan.coverity.com/projects/kmod in order to set things up. Alternatively feel free to give it a go as you have time.

[evelikov]

Based on https://github.com/kmod-project/kmod/pull/233#issuecomment-2466764443 the clang-tidy/clang-analyze unix.Malloc should probably be disabled.