From 3ba7a0dec93f29c7e4b7c43279bdeff6738d446d Mon Sep 17 00:00:00 2001
From: iphydf <iphydf@users.noreply.github.com>
Date: Thu, 8 Feb 2024 23:53:50 +0000
Subject: [PATCH] docs: Add static analysis tool list to README.

Helping the tools gain visibility and showing others that we're doing
our best to use many static analysis tools.
---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/README.md b/README.md
index 853a371516..e7a2b6ba60 100644
--- a/README.md
+++ b/README.md
@@ -182,3 +182,24 @@ the API documentation in [toxcore/tox.h](toxcore/tox.h) for more information.
 
 - [Another echo bot](https://wiki.tox.chat/developers/client_examples/echo_bot)
 - [minitox](https://github.com/hqwrong/minitox) (A minimal tox client)
+
+## SAST Tools
+
+This project uses various tools supporting Static Application Security Testing:
+
+- [clang-tidy](https://clang.llvm.org/extra/clang-tidy/): A clang-based C++
+  "linter" tool.
+- [Coverity](https://scan.coverity.com/): A cloud-based static analyzer service
+  for Java, C/C++, C#, JavaScript, Ruby, or Python that is free for open source
+  projects.
+- [cppcheck](https://cppcheck.sourceforge.io/): A static analyzer for C/C++
+  code.
+- [cpplint](https://github.com/cpplint/cpplint): Static code checker for C++
+- [goblint](https://goblint.in.tum.de/): A static analyzer for multi-threaded C
+  programs, specializing in finding concurrency bugs.
+- [infer](https://github.com/facebook/infer): A static analyzer for Java, C,
+  C++, and Objective-C.
+- [PVS-Studio](https://pvs-studio.com/en/pvs-studio/?utm_source=website&utm_medium=github&utm_campaign=open_source):
+  A static analyzer for C, C++, C#, and Java code.
+- [tokstyle](https://github.com/TokTok/hs-tokstyle): A style checker for TokTok
+  C projects.