Using scan-build is very simple indeed, install clang and then in your source tree just build your project with scan-build, e.g. for a project built by make, use:
scan-build make..and at the end of a build one will see a summary message:
scan-build make scan-build: 366 bugs found. scan-build: Run 'scan-view /tmp/scan-build-2015-09-08-094505-16657-1' to examine bug reports. scan-build: The analyzer encountered problems on some source files. scan-build: Preprocessed versions of these sources were deposited in '/tmp/scan-build-2015-09-08-094505-16657-1/failures'. scan-build: Please consider submitting a bug report using these files: scan-build: http://clang-analyzer.llvm.org/filing_bugs.html
..and running scan-view will show the issues found. For an example of the kind of results scan-build can find, I ran it against a systemd build (head commit 4df0514d299e349ce1d0649209155b9e83a23539).
As one can see, scan-build is a powerful and easy to use open-source static analyser. I heartily recommend using it on every C and C++ project.