Has anyone tried LGTM / Semmle QL for automated code review? They claim 100K OSS projects are using the service. It's a bit hard to find technical information on the product, but they have found CVEs in mainstream products, including iOS.
Systemd and tesseract-ocr both use it for example:
https://github.com/tesseract-ocr/tesseract https://github.com/systemd/systemd
systemd have also written their own QL query: https://github.com/systemd/systemd/blob/master/.lgtm/cpp-que... https://lgtm.com/projects/g/systemd/systemd/alerts/?mode=tre...
(full disclosure, I also work at Semmle)