Looks good to me. One question: is there a tool for viewing the resulting sarif output?
Yes, the Security tab in GitHub. The whole point of me dealing with SARIF is that then GitHub can visualize that. Otherwise I'd go for either text output or some html like clang-analyzer (if gcc supports html; it used to not be implemented in the past).
Yes, the Security tab in GitHub. The whole point of me dealing with SARIF is that then GitHub can visualize that. Otherwise I'd go for either text output or some html like clang-analyzer (if gcc supports html; it used to not be implemented in the past).