diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml index d7bb1f6c26..a56b1634a1 100644 --- a/.github/workflows/scan-build.yml +++ b/.github/workflows/scan-build.yml @@ -66,6 +66,27 @@ jobs: env: CC: clang-16 # exclude libhtp from the analysis - - run: scan-build-16 --status-bugs --exclude libhtp/ make + - run: | + scan-build-16 --status-bugs --exclude libhtp/ \ + -enable-checker valist.Uninitialized \ + -enable-checker valist.CopyToSelf \ + -enable-checker valist.Unterminated \ + -enable-checker security.insecureAPI.bcmp \ + -enable-checker security.insecureAPI.bcopy \ + -enable-checker security.insecureAPI.bzero \ + -enable-checker security.insecureAPI.rand \ + -enable-checker security.insecureAPI.strcpy \ + -enable-checker security.insecureAPI.decodeValueOfObjCType \ + -enable-checker security.FloatLoopCounter \ + -enable-checker optin.portability.UnixAPI \ + -enable-checker optin.performance.GCDAntipattern \ + -enable-checker nullability.NullableReturnedFromNonnull \ + -enable-checker nullability.NullablePassedToNonnull \ + -enable-checker nullability.NullableDereferenced \ + \ + -disable-checker security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ + -disable-checker optin.performance.Padding \ + \ + make env: CC: clang-16