cppcheck

I have a dependency as source in my project that I have no control over. I'm using cmake's clang-tidy integration to analyze my code, and this dependency is firing A LOT of warnings. Is there a way to tell cmake not to run clang-tidy on specific files ? I tried to add the files to the -line-filter option of clang-tidy, but this doesn't work: set_target_properties(target PROPERTIES CXX_CLANG_TIDY "${clang_tidy_loc};\ ${TIDY_CONFIG} \ -line-filter=\"[\ {\"name\":\"path/to/file.cpp\"},\ {\"name\":\"path/to/file.h\"}\ ]\"") If the solution could work with other static analyzers like cppcheck it

I have a very simple C program with a potential buffer overflow using strcpy : #include <string.h> #include <stdio.h> void buffer_overflow(char* dst, const char* src) { strcpy(dst, src); } int main(int argc, char** argv) { if(argc == 2) { char buffer[16] = {0}; buffer_overflow(buffer, argv[1]); printf("[%d]: %s", (int)strlen(buffer), buffer); } return 0; } Neither clang static analyzer (using scan-build gcc -O0 -g3 -gdwarf-2 ) nor cppcheck (using cppcheck --enable=warning,style ) find this as an issue. Am I just asking too much from my static analysis tools? I can't speak for the quality of

Cppcheck has detected a potential problem in a code like this: float a, b, c; int count = sscanf(data, "%f,%f,%f", &a, &b, &c); It says that: "scanf without field width limits can crash with huge data". How is that possible? Is that a known bug in some sscanf implementations? I understand that the numbers may overflow (numerically), but how could the program crash? Is that a false positive in cppcheck? I have found a similar question: scanf Cppcheck warning , but the answer is not completely satisfying. The answer mentions type safety, but that should not be an issue here. I am a Cppcheck