diff --git a/tools/clang-tidy/config.yaml b/tools/clang-tidy/config.yaml
index 04aab3d60e02..119cb37279c5 100644
--- a/tools/clang-tidy/config.yaml
+++ b/tools/clang-tidy/config.yaml
@@ -34,6 +34,8 @@ clang_checkers:
     publish: !!bool yes
   - name: clang-analyzer-security.insecureAPI.vfork
     publish: !!bool yes
+  - name: clang-analyzer-unix.cstring.BadSizeArg
+    publish: !!bool yes
   - name: misc-argument-comment
     publish: !!bool yes
   - name: misc-assert-side-effect
diff --git a/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp
new file mode 100644
index 000000000000..124737c3f47d
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.cpp
@@ -0,0 +1,9 @@
+// https://clang-analyzer.llvm.org/available_checks.html
+
+#include "structures.h"
+
+void test()
+{
+  char dest[3];
+  strncat(dest, "***", sizeof(dest)); // warning : potential buffer overflow
+}
diff --git a/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json
new file mode 100644
index 000000000000..f5ee6d82f24b
--- /dev/null
+++ b/tools/clang-tidy/test/clang-analyzer-unix.cstring.BadSizeArg.json
@@ -0,0 +1 @@
+"[[\"warning\", \"Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API\", \"clang-analyzer-unix.cstring.BadSizeArg\"]]"
\ No newline at end of file
diff --git a/tools/clang-tidy/test/structures.h b/tools/clang-tidy/test/structures.h
index 50957b67a3dd..8fd6685dc081 100644
--- a/tools/clang-tidy/test/structures.h
+++ b/tools/clang-tidy/test/structures.h
@@ -87,3 +87,5 @@ int abort() { return 0; }
 #define assert(x)                                                              \
   if (!(x))                                                                    \
   (void)abort()
+
+char *strncat(char *s1, const char *s2, std::size_t n);