Pick approach to static analysis of ACTS
We want to support static analysis in the components developed, maintained or integrated by OSTC. As the outcome is only useful when it produces actionable items and they are actually picked up by individual developers, we should not enable this blindly for all projects. Static analysis approach differs but in many cases the only natural location is right at the build system level. Scanning all the sources in a given repository is only partially useful, as most tools need to observe the compilation arguments or be told about all the include paths and macro definitions, at minimum, and require additional per-project configuration in general.
I'd like to propose that we explore how to do this while working with this single repository: https://git.ostc-eu.org/OSTC/OHOS/components/staging/xts_acts
We have a way to run most of the static analysis tools already, we need to see how to integrate them with Bitbake and start looking at the output.
The build system used there, ZMK, has support for a number of static analysis tools https://github.com/zyga/zmk/tree/main/zmk:
We should start using them and integrate that with the CI system.