Running static code analysis is a good idea, as are other forms of more testing. However, two things must be kept in mind:
1. Those things slow down builds, so I am against adding them to the default cmake run.
2. If they are not added to the default build, then in the long run they will almost never be done.
As a consequence, the proper way to implement this is as an automated build process on a server somewhere, that sends sufficiently annoying failure messages when somebody introduces a regression. It should probably also automatically send a summary report every two or four weeks, to remind everybody of long-standing problems.
Running static code analysis is a good idea, as are other forms of more testing. However, two things must be kept in mind:
1. Those things slow down builds, so I am against adding them to the default cmake run.
2. If they are not added to the default build, then in the long run they will almost never be done.
As a consequence, the proper way to implement this is as an automated build process on a server somewhere, that sends sufficiently annoying failure messages when somebody introduces a regression. It should probably also automatically send a summary report every two or four weeks, to remind everybody of long-standing problems.