Integrate CodeQL (LGTM replacement) security checker into our process
There's a tool called LGTM: https://lgtm.com/
It is advertised as a security checker and is free for open source projects.
@manu, @fdupont, @godfryd - have you ever used it? Any opinions?
UPDATE: LGTM was replaced with CodeQL.