scan-build

Analyze build

$ scan-build make

$ scan-build -o [reports/] make

$ scan-build -enable-checker [alpha.security] make

$ scan-build --view make

$ scan-build cmake --build [build/]

$ scan-build --list-checkers

$ scan-build -v make

scan-build [-o dir] [--view] [options] build-command

scan-build wraps build commands to run Clang's static analyzer on each compiled source file. It intercepts compilation, analyzing C, C++, and Objective-C code for bugs including null pointer dereferences, memory leaks, use-after-free errors, and API misuse without executing the code.
Analysis results are presented as HTML reports with interactive path visualizations showing the exact sequence of events leading to each bug. Additional checker categories can be enabled with -enable-checker for deeper analysis including security vulnerabilities and experimental checks. The --status-bugs flag returns a non-zero exit code when bugs are found, useful for CI integration.

-o DIR

Output directory.

Open results in browser.

Verbose output.

Enable checker.

Disable checker.

Show available checkers.

Exit non-zero if bugs found.

Generate plist files.

Increases build time significantly. False positives require tuning. C/C++ and Objective-C only.

scan-build is part of the Clang project. It provides an accessible interface to Clang's static analysis capabilities.

clang(1), cppcheck(1), make(1)