There can be a few days between merging and a coverity build. So we could also use clang's scan-build in CI, to get immediate feedback. Code that passes scan-build should have less coverity defects.