How-to use Clang Static Analyzer on Windows?

问题

I'm currently trying to integrate the Clang Static Analyzer v9.0.1 into my CMake v3.16.5 build system using the Microsoft Visual C++ Compiler (MSVC) v19.25.28610.4 on a Windows v10.0.18363.720 operating system.

Everything is build for the architecture x86_64. LLVM and Clang have been build from source.

After some reading on the World Wide Web (WWW), there seems to be multiple ways to use the Clang Static Analyzer. Sadly the documentation is horrible and there seems to be some special quirks on a Windows operating system (mostly related to clang-cl), therefore it is not straight-forward to integrate. IMO, it shouldn't take a professional programmer longer than one hour to integrate this into the C++ defacto standard build system.

There seems to be at least five possibilities to invoke the Clang Static Analyzer:

scan-build script.
- Requires a Perl runtime environment.
- Is able to analyze multiple files with one invocation.
- Is able to generate HTML (more advance than the other possibilities), plist or sarif output file(s).
- My issue: Does not detect any bugs, always printing scan-build: No bugs found. to STDOUT.
clang-check executable.
- Requires a JSON compilation database file compile_commands.json.
- Is able to analyze multiple files with one invocation.
- Should be able to generate HTML report file(s). by the means of the --extra-arg argument.
- My issue: Unable to make it work (refer to the second script below).
clang/ clang++ executables.
- Is able to analyze one file with one invocation.
- My issue: Basically works, but looks like the worst possibility to me (due to missing build information).
c++-analyzer.bat / ccc-analyzer.bat batch scripts.
- Does seem to support Clang and GCC only.
- My issue: I'm unable to find any documentation for these scripts.
clang-tidy executable with clang-analyzer-* checks only.
- Can use a JSON compilation database file compile_commands.json.
- Is able to analyze multiple files with one invocation.
- My issue: Is not able to generate HTML report file(s), but YAML only.

Here are three batch scripts, one for each of the first three approaches:

scan-build-example.cmd

@echo off
setlocal
cls

rem Configure
call scan-build.bat^
 -v^
 -v^
 -v^
 -analyze-headers^
 --force-analyze-debug-code^
 -o _scan_build_out^
 --keep-cc^
 --html-title="Scan Build Example"^
 --show-description^
 --use-cc="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 --use-c++="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 -stats^
 -maxloop 4^
 -internal-stats^
 --use-analyzer="E:\dev\native\llvm\llvm-9.0.1\Release\static\x64-windows-msvc1924-v142\bin\clang.exe"^
 -analyzer-config stable-report-filename=true^
 -enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
 cmake^
 -S "D:\cmake\cmake-example-clang-static-analyzer"^
 -B "D:\cmake\cmake-example-clang-static-analyzer\_scan-build"^
 -G "Ninja"^
 -DCMAKE_C_COMPILER:PATH="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 -DCMAKE_CXX_COMPILER:PATH="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 -DCMAKE_BUILD_TYPE:STRING=Debug

rem Build
call scan-build.bat^
 -v^
 -v^
 -v^
 -analyze-headers^
 --force-analyze-debug-code^
 -o _scan_build_out^
 --keep-cc^
 --html-title="Scan Build Example"^
 --show-description^
 --use-cc="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 --use-c++="C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.25.28610\bin\Hostx64\x64\cl.exe"^
 -stats^
 -maxloop 4^
 -internal-stats^
 --use-analyzer="E:\dev\native\llvm\llvm-9.0.1\Release\static\x64-windows-msvc1924-v142\bin\clang.exe"^
 -analyzer-config stable-report-filename=true^
 -enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
 cmake^
 --build "D:\cmake\cmake-example-clang-static-analyzer\_scan-build"^
 --config Debug

clang-check-example.cmd

@echo off
setlocal
cls

set out_dir=%~dp0.\_clang_check_out

mkdir "%out_dir%" > nul 2>&1

rem Issue: "warning: could not create file in 'main.plist': no such file or directory"
clang-check^
 -analyze^
 -extra-arg=-Xclang^
 -extra-arg=-analyzer-config^
 -extra-arg=-Xclang^
 -extra-arg=add-pop-up-notes=true,mode=deep^
 -extra-arg=-Xclang^
 -extra-arg=-analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
 -extra-arg=-Xclang^
 -extra-arg=-analyzer-output=html^
 -extra-arg=-o=%out_dir%^
 -p "D:\cmake\cmake-example-clang-static-analyzer\_build"^
 "D:\cmake\cmake-example-clang-static-analyzer\app\main.cpp"

clang_analyze-example.cmd

@echo off
setlocal
cls

set out_dir=%~dp0.\_clang_analyzer_out

mkdir "%out_dir%"
clang++^
 --analyze^
 -Xanalyzer^
 -analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
 -Xanalyzer^
 -analyzer-output=html^
 -o "%out_dir%"^
 -I"D:\cmake\cmake-example-clang-static-analyzer\src"^
 "D:\cmake\cmake-example-clang-static-analyzer\app\main.cpp

My questions are:

How-to make scan-build.bat work on Windows (I tried both using MSVC and Clang)?
How-to pass the options to clang-check.exe to make it create HTML output files and get rid of the warning: could not create file in 'main.plist': no such file or directory warning?
Can be using clang.exe/ clang++.exe a suitable alternative (imo, its missing the build information that should be available with the other two non-working alternatives)?

In general: What's the easiest way to generate a HTML report with the Clang Static Analyzer using MSVC on Windows?