diff --git a/.travis.yml b/.travis.yml
index 61e95121..d1723b65 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -51,12 +51,13 @@ addons:
     - check
 
 before_install:
+  # brew install gengetopt help2man cmocka ccache llvm;
+  # export PATH="/usr/local/opt/ccache/libexec:/usr/local/opt/llvm/bin:$PATH";
   - if [ "$TRAVIS_OS_NAME" == "osx" ]; then
         brew update;
         brew uninstall libtool;
         brew install libtool;
         brew install gengetopt help2man cmocka ccache;
-        export PATH="/usr/local/opt/ccache/libexec:$PATH";
     fi
 
 before_script:
diff --git a/configure.ac b/configure.ac
index c4d461e9..0c112845 100644
--- a/configure.ac
+++ b/configure.ac
@@ -926,6 +926,9 @@ fi
 AC_ARG_VAR([GENGETOPT],
            [absolute path to gengetopt used for command line parsing of npa-tool])
 AC_PATH_PROG(GENGETOPT, gengetopt, not found)
+AC_ARG_VAR([CLANGTIDY],
+           [absolute path to clang-tidy used for static code analysis])
+AC_PATH_PROG(CLANGTIDY, clang-tidy, not found)
 
 AX_FUNC_GETOPT_LONG
 #AH_BOTTOM([#include "common/compat_getopt.h"])
diff --git a/src/libopensc/Makefile.am b/src/libopensc/Makefile.am
index 7d33fcfa..6e2db7b1 100644
--- a/src/libopensc/Makefile.am
+++ b/src/libopensc/Makefile.am
@@ -104,3 +104,7 @@ if ENABLE_MINIDRIVER
 noinst_LTLIBRARIES = libopensc_static.la
 endif
 endif
+
+TIDY_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+check-local:
+	if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' -header-filter=.* $(SOURCES) -- $(TIDY_FLAGS); fi
diff --git a/src/libopensc/aux-data.c b/src/libopensc/aux-data.c
index 84d539b2..7e96e372 100644
--- a/src/libopensc/aux-data.c
+++ b/src/libopensc/aux-data.c
@@ -151,7 +151,7 @@ sc_aux_data_get_md_guid(struct sc_context *ctx, struct sc_auxiliary_data *aux_da
 
 	*guid = '\0';
 	if (!flags)
-		strcpy(guid, "{");
+		strncpy(guid, "{", sizeof guid);
 	strlcat(guid, (char *)cmap_record->guid, sizeof(guid)-1);
 	if (!flags)
 		strlcat(guid, "}", sizeof(guid));
diff --git a/src/libopensc/cardctl.h b/src/libopensc/cardctl.h
index 3dbbd40f..ac196925 100644
--- a/src/libopensc/cardctl.h
+++ b/src/libopensc/cardctl.h
@@ -569,19 +569,19 @@ typedef struct sc_cardctl_muscle_key_info {
 	u8* 	modValue;
 	size_t 	expLength;
 	u8* 	expValue;
-	int 	pLength;
+	size_t 	pLength;
 	u8* 	pValue;
-	int 	qLength;
+	size_t 	qLength;
 	u8* 	qValue;
-	int 	pqLength;
+	size_t 	pqLength;
 	u8* 	pqValue;
-	int 	dp1Length;
+	size_t 	dp1Length;
 	u8* 	dp1Value;
-	int 	dq1Length;
+	size_t 	dq1Length;
 	u8* 	dq1Value;
-	int 	gLength;
+	size_t 	gLength;
 	u8* 	gValue;
-	int 	yLength;
+	size_t 	yLength;
 	u8* 	yValue;
 } sc_cardctl_muscle_key_info_t;
 
@@ -898,25 +898,25 @@ typedef struct sc_rtecp_genkey_data {
 	struct sc_cardctl_myeid_gen_store_key_info {
 		int             op_type;
 		unsigned int	key_type;			/* value of SC_CARDCTL_MYEID_KEY_TYPE */ 
-		unsigned int    key_len_bits;   
+		size_t    key_len_bits;   
 		unsigned char  *mod;
-		unsigned int    pubexp_len;  
+		size_t    pubexp_len;  
 		unsigned char  *pubexp;
-		unsigned int    primep_len;  
+		size_t    primep_len;  
 		unsigned char  *primep;
-		unsigned int    primeq_len;  
+		size_t    primeq_len;  
 		unsigned char  *primeq;
-		unsigned int    dp1_len;  
+		size_t    dp1_len;  
 		unsigned char  *dp1;
-		unsigned int    dq1_len;  
+		size_t    dq1_len;  
 		unsigned char  *dq1;
-		unsigned int    invq_len;  
+		size_t    invq_len;  
 		unsigned char  *invq;
 		/* new for MyEID > 3.6.0 */
 		unsigned char  *d;                  /* EC private key / Symmetric key */
-		unsigned int    d_len;              /* EC / Symmetric */
+		size_t    d_len;              /* EC / Symmetric */
 		unsigned char  *ecpublic_point;     /* EC public key */
-		unsigned int    ecpublic_point_len; /* EC */
+		size_t    ecpublic_point_len; /* EC */
     };
 
 /*
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
index be29f503..5f615cc7 100644
--- a/src/libopensc/pkcs15-piv.c
+++ b/src/libopensc/pkcs15-piv.c
@@ -52,8 +52,8 @@ typedef struct objdata_st {
 typedef struct cdata_st {
 	const char *id;
 	const char *label;
-	int	    authority;
 	const char *path;
+	int	    authority;
 	int         obj_flags;
 } cdata;
 
@@ -330,30 +330,30 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
 #define PIV_NUM_CERTS_AND_KEYS 24
 
 	static const cdata certs[PIV_NUM_CERTS_AND_KEYS] = {
-		{"01", "Certificate for PIV Authentication", 0, "0101cece", 0},
-		{"02", "Certificate for Digital Signature", 0, "0100cece", 0},
-		{"03", "Certificate for Key Management", 0, "0102cece", 0},
-		{"04", "Certificate for Card Authentication", 0, "0500cece", 0},
-		{"05", "Retired Certificate for Key Management 1", 0, "1001cece", 0},
-		{"06", "Retired Certificate for Key Management 2", 0, "1002cece", 0},
-		{"07", "Retired Certificate for Key Management 3", 0, "1003cece", 0},
-		{"08", "Retired Certificate for Key Management 4", 0, "1004cece", 0},
-		{"09", "Retired Certificate for Key Management 5", 0, "1005cece", 0},
-		{"10", "Retired Certificate for Key Management 6", 0, "1006cece", 0},
-		{"11", "Retired Certificate for Key Management 7", 0, "1007cece", 0},
-		{"12", "Retired Certificate for Key Management 8", 0, "1008cece", 0},
-		{"13", "Retired Certificate for Key Management 9", 0, "1009cece", 0},
-		{"14", "Retired Certificate for Key Management 10", 0, "100Acece", 0},
-		{"15", "Retired Certificate for Key Management 11", 0, "100Bcece", 0},
-		{"16", "Retired Certificate for Key Management 12", 0, "100Ccece", 0},
-		{"17", "Retired Certificate for Key Management 13", 0, "100Dcece", 0},
-		{"18", "Retired Certificate for Key Management 14", 0, "100Ecece", 0},
-		{"19", "Retired Certificate for Key Management 15", 0, "100Fcece", 0},
-		{"20", "Retired Certificate for Key Management 16", 0, "1010cece", 0},
-		{"21", "Retired Certificate for Key Management 17", 0, "1011cece", 0},
-		{"22", "Retired Certificate for Key Management 18", 0, "1012cece", 0},
-		{"23", "Retired Certificate for Key Management 19", 0, "1013cece", 0},
-		{"24", "Retired Certificate for Key Management 20", 0, "1014cece", 0}
+		{"01", "Certificate for PIV Authentication", "0101cece", 0, 0},
+		{"02", "Certificate for Digital Signature", "0100cece", 0, 0},
+		{"03", "Certificate for Key Management", "0102cece", 0, 0},
+		{"04", "Certificate for Card Authentication", "0500cece", 0, 0},
+		{"05", "Retired Certificate for Key Management 1", "1001cece", 0, 0},
+		{"06", "Retired Certificate for Key Management 2", "1002cece", 0, 0},
+		{"07", "Retired Certificate for Key Management 3", "1003cece", 0, 0},
+		{"08", "Retired Certificate for Key Management 4", "1004cece", 0, 0},
+		{"09", "Retired Certificate for Key Management 5", "1005cece", 0, 0},
+		{"10", "Retired Certificate for Key Management 6", "1006cece", 0, 0},
+		{"11", "Retired Certificate for Key Management 7", "1007cece", 0, 0},
+		{"12", "Retired Certificate for Key Management 8", "1008cece", 0, 0},
+		{"13", "Retired Certificate for Key Management 9", "1009cece", 0, 0},
+		{"14", "Retired Certificate for Key Management 10", "100Acece", 0, 0},
+		{"15", "Retired Certificate for Key Management 11", "100Bcece", 0, 0},
+		{"16", "Retired Certificate for Key Management 12", "100Ccece", 0, 0},
+		{"17", "Retired Certificate for Key Management 13", "100Dcece", 0, 0},
+		{"18", "Retired Certificate for Key Management 14", "100Ecece", 0, 0},
+		{"19", "Retired Certificate for Key Management 15", "100Fcece", 0, 0},
+		{"20", "Retired Certificate for Key Management 16", "1010cece", 0, 0},
+		{"21", "Retired Certificate for Key Management 17", "1011cece", 0, 0},
+		{"22", "Retired Certificate for Key Management 18", "1012cece", 0, 0},
+		{"23", "Retired Certificate for Key Management 19", "1013cece", 0, 0},
+		{"24", "Retired Certificate for Key Management 20", "1014cece", 0, 0}
 	};
 
 	static const pindata pins[] = {