I find that the biggest practical issue with using GCC's analyser is that it's just so darn difficult to set it up and have readable output. Have you considered focusing on this a bit more? Writing documentation (or even producing tools) for integrating analysis into one's usual workflow, integrating with common build systems (e.g. CMake), making the output properly readable in the context of the source code? I feel that at this point this would be much more helpful than ASCII art or more kinds of warnings ...
I did attempt to use the SARIF output just after your previous blog post a year ago, with a CMake based project, but after an hour I still wasn't able get the warnings to show within the context of the source code.
The -fdiagnostics-format option isn't even in the GCC documentation, your blog post is the only place where I saw it mentioned.
In short: I'd love to use GCC's analyser, and tried it several times, but my bottleneck is usability, ease of setup, and a proper interface to help sort out the many false positives from the true issues.
I did attempt to use the SARIF output just after your previous blog post a year ago, with a CMake based project, but after an hour I still wasn't able get the warnings to show within the context of the source code.
The -fdiagnostics-format option isn't even in the GCC documentation, your blog post is the only place where I saw it mentioned.
In short: I'd love to use GCC's analyser, and tried it several times, but my bottleneck is usability, ease of setup, and a proper interface to help sort out the many false positives from the true issues.