There are static analysis tools in Fedora (such as Clang or Cppcheck) that allow you to automatically detect bugs in your packages before they are noticed by users or even Security Response Team. We are announcing a push-the-button tool (csmock) that runs static analysis tools on RPM packages. Using this tool, you do not need to care how the static analysis tools actually work and how they are supposed to be used. You just give it an SRPM and a list of analyzers and it returns you a list of defects in a unified format. We will also briefly introduce a tool (csdiff) for processing such lists of defects, like e.g. filtering out defects that are newly introduced in a new version of your package.
