diff --git a/.github/workflows/clang-tidy.yml b/.github/workflows/clang-tidy.yml
index f6f4c3651df..02f00b5c204 100644
--- a/.github/workflows/clang-tidy.yml
+++ b/.github/workflows/clang-tidy.yml
@@ -11,6 +11,8 @@ on:
     tags:
       - '2.*'
   pull_request:
+  schedule:
+    - cron: '0 0 * * 0'
 
 permissions:
   contents: read
@@ -73,5 +75,11 @@ jobs:
           make -C cmake.output/test cmake_pch.hxx.pch
 
       - name: Clang-Tidy
+        if: github.event.schedule == ''
         run: |
           cmake --build cmake.output --target run-clang-tidy 2> /dev/null
+
+      - name: Clang Static Analyzer
+        if: github.event.schedule != ''
+        run: |
+          cmake --build cmake.output --target run-clang-tidy-csa 2> /dev/null
diff --git a/cmake/clang_tidy.cmake b/cmake/clang_tidy.cmake
index 60640e1de0e..bdbb5feca4c 100644
--- a/cmake/clang_tidy.cmake
+++ b/cmake/clang_tidy.cmake
@@ -8,7 +8,7 @@ if(NOT CMAKE_DISABLE_PRECOMPILE_HEADERS)
         set(RUN_CLANG_TIDY_NAMES "run-clang-tidy-${_clang_major}")
         message(STATUS "Clang and clang-tidy version need to match when precompiled headers are enabled - limiting search to '${RUN_CLANG_TIDY_NAMES}'")
     else()
-        message(STATUS "Cannot use non-Clang compiler with clang-tidy when precompiled headers are enabled - skipping 'run-clang-tidy' target generation")
+        message(STATUS "Cannot use non-Clang compiler with clang-tidy when precompiled headers are enabled - skipping 'run-clang-tidy'/'run-clang-tidy-csa' target generation")
     endif()
 else()
     set(RUN_CLANG_TIDY_NAMES run-clang-tidy run-clang-tidy-20 run-clang-tidy-19 run-clang-tidy-18 run-clang-tidy-17 run-clang-tidy-16 run-clang-tidy-15 run-clang-tidy-14 run-clang-tidy-13 run-clang-tidy-12 run-clang-tidy-11 run-clang-tidy-10 run-clang-tidy-9 run-clang-tidy-8)
@@ -25,16 +25,38 @@ if(RUN_CLANG_TIDY_NAMES)
         endif()
         message(STATUS "NPROC=${NPROC}")
 
+        # most of these are disabled because they are too noisy in our code
+        # clang-analyzer-core.CallAndMessage
+        # clang-analyzer-core.NonNullParamChecker
+        # clang-analyzer-cplusplus.NewDeleteLeaks
+        # clang-analyzer-cplusplus.NewDelete
+        # clang-analyzer-core.NullDereference
+        # clang-analyzer-unix.Stream
+        # clang-analyzer-optin.cplusplus.UninitializedObject - false positives with unnamed fields - see https://github.com/llvm/llvm-project/issues/132001
+        # clang-analyzer-alpha.clone.CloneChecker
+        # clang-analyzer-alpha.webkit.* - we are not interested in these
+        set(CLANG_TIDY_CSA_CONFIG "-config={InheritParentConfig: true, Checks: '-*,clang-analyzer-*,-clang-analyzer-core.CallAndMessage,-clang-analyzer-core.NonNullParamChecker,-clang-analyzer-cplusplus.NewDeleteLeaks,-clang-analyzer-cplusplus.NewDelete,-clang-analyzer-core.NullDereference,-clang-analyzer-unix.Stream,-clang-analyzer-optin.cplusplus.UninitializedObject,-clang-analyzer-alpha.clone.CloneChecker,-clang-analyzer-alpha.webkit.*'}")
+        if (ENABLE_CSA_ALPHA)
+            set(CLANG_TIDY_CSA_ALPHA_OPTS "-allow-enabling-alpha-checkers" "-extra-arg=-Xclang" "-extra-arg=-analyzer-config" "-extra-arg=-Xclang" "-extra-arg=aggressive-binary-operation-simplification=true")
+        endif()
+
         # TODO: exclude moc_*.cpp
         # TODO: exclude mocs_compilation.cpp
         # disable all compiler warnings since we are just interested in the tidy ones
         add_custom_target(run-clang-tidy
                 ${Python_EXECUTABLE} ${RUN_CLANG_TIDY} -p=${CMAKE_BINARY_DIR} -j ${NPROC} -quiet
-                USES_TERMINAL)
+                USES_TERMINAL
+                VERBATIM)
+        add_custom_target(run-clang-tidy-csa
+                ${Python_EXECUTABLE} ${RUN_CLANG_TIDY} -p=${CMAKE_BINARY_DIR} -j ${NPROC} -quiet ${CLANG_TIDY_CSA_ALPHA_OPTS} ${CLANG_TIDY_CSA_CONFIG}
+                USES_TERMINAL
+                VERBATIM)
         if(BUILD_GUI)
             add_dependencies(run-clang-tidy gui-build-deps)
+            add_dependencies(run-clang-tidy-csa gui-build-deps)
             if(BUILD_TRIAGE)
                 add_dependencies(run-clang-tidy triage-build-ui-deps)
+                add_dependencies(run-clang-tidy-csa triage-build-ui-deps)
             endif()
         endif()
     endif()
diff --git a/cmake/options.cmake b/cmake/options.cmake
index 5794594dda1..32c7ebcd087 100644
--- a/cmake/options.cmake
+++ b/cmake/options.cmake
@@ -101,6 +101,8 @@ option(NO_UNIX_SIGNAL_HANDLING "Disable usage of Unix Signal Handling"
 option(NO_UNIX_BACKTRACE_SUPPORT "Disable usage of Unix Backtrace support"                  OFF)
 option(NO_WINDOWS_SEH       "Disable usage of Windows SEH"                                  OFF)
 
+option(ENABLE_CSA_ALPHA     "Enable Clang Static Analyzer alpha checkers for run-clang-tidy-csa target"  OFF)
+
 # TODO: disable by default like make build?
 option(FILESDIR "Hard-coded directory for files to load from"                               OFF)
 
diff --git a/cmake/printInfo.cmake b/cmake/printInfo.cmake
index 3869629f7a3..1d4320ed068 100644
--- a/cmake/printInfo.cmake
+++ b/cmake/printInfo.cmake
@@ -43,6 +43,8 @@ message(STATUS "NO_UNIX_SIGNAL_HANDLING = ${NO_UNIX_SIGNAL_HANDLING}")
 message(STATUS "NO_UNIX_BACKTRACE_SUPPORT = ${NO_UNIX_BACKTRACE_SUPPORT}")
 message(STATUS "NO_WINDOWS_SEH =        ${NO_WINDOWS_SEH}")
 message(STATUS)
+message(STATUS "ENABLE_CSA_ALPHA =      ${ENABLE_CSA_ALPHA}")
+message(STATUS)
 if(NOT DEFINED BUILD_SHARED_LIBS)
     message(STATUS "BUILD_SHARED_LIBS =     OFF")
 else()
diff --git a/lib/ctu.cpp b/lib/ctu.cpp
index dd7d3c84f91..3d11e5fa4f6 100644
--- a/lib/ctu.cpp
+++ b/lib/ctu.cpp
@@ -205,6 +205,7 @@ bool CTU::FileInfo::FunctionCall::loadFromXml(const tinyxml2::XMLElement *xmlEle
     callValueType = (ValueFlow::Value::ValueType)readAttrInt(xmlElement, ATTR_CALL_ARGVALUETYPE, &error);
     callArgValue.value = readAttrInt(xmlElement, ATTR_CALL_ARGVALUE, &error);
     const auto ufr = readAttrInt(xmlElement, ATTR_CALL_UNKNOWN_FUNCTION_RETURN, &error);
+    // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) - TODO: fix this - #13726
     callArgValue.unknownFunctionReturn = (ValueFlow::Value::UnknownFunctionReturn)(ufr>=0 && ufr <=0xff ? ufr : 0xff);
     const char *w = xmlElement->Attribute(ATTR_WARNING);
     warning = w && std::strcmp(w, "true") == 0;
diff --git a/lib/settings.h b/lib/settings.h
index 930b8776d18..289abec8950 100644
--- a/lib/settings.h
+++ b/lib/settings.h
@@ -97,6 +97,7 @@ class SimpleEnableGroup {
  * to pass individual values to functions or constructors now or in the
  * future when we might have even more detailed settings.
  */
+// NOLINTNEXTLINE(clang-analyzer-optin.performance.Padding)
 class CPPCHECKLIB WARN_UNUSED Settings {
 private:
 
diff --git a/releasenotes.txt b/releasenotes.txt
index 425cd20df90..7b387ee8d73 100644
--- a/releasenotes.txt
+++ b/releasenotes.txt
@@ -18,4 +18,6 @@ Deprecations:
 
 Other:
 - Updated Qt to 6.8.2 (official Windows release only).
+- added CMake target `run-clang-tidy-csa` to run Clang Static Analyzer
+- added CMake option `ENABLE_CSA_ALPHA` to enable the Clang Static Analyzer alpha checkers
 -
diff --git a/test/signal/test-signalhandler.cpp b/test/signal/test-signalhandler.cpp
index a3e77b08e3c..929d53c6663 100644
--- a/test/signal/test-signalhandler.cpp
+++ b/test/signal/test-signalhandler.cpp
@@ -49,7 +49,7 @@
 /*static*/ void my_segv() // NOLINT(misc-use-internal-linkage)
 {
     // cppcheck-suppress nullPointer
-    ++*(int*)nullptr;
+    ++*(int*)nullptr; // NOLINT(clang-analyzer-core.NullDereference)
 }
 
 #if !defined(__APPLE__)