AddressSanitizer and MemorySanitizer are very useful tools, but they require that the whole program be appropriately instrumented. (At least, for the Clang version of AddressSanitizer; see here in the MemorySanitizer docs and the "using private aliases for globals" section of AddressSanitizerClangVsGCC.)
If taken at its word, this means that all library dependencies need to be built with the appropriate compiler flags to enable ASan or MSan. For a typical Linux application that requires various third-party dependencies, what's a practical way of doing this? The Sanitizers are apparently a Google project, and I get the impression that Google code mostly just uses their own monorepo and their own build tools, but this may be outside of the reach of the average developer. Is there a simple way of getting libraries built with the Sanitizers without investing in a lot of extra infrastructure or build scripts?
AddressSanitizer supports separate instrumentation i.e. you can instrument just parts of your program with it (separate DSOs or even separate object files). Note however that if you use static Asan runtime (which is default on Clang, unless you build with -shared-libasan) you must instrument main executable. Shared runtime (default in GCC) does not have this problem but you'll need to LD_PRELOAD it if executable isn't instrumented. See discussion in wiki for details.
As for MemorySanitizer, it indeed requires all of it's dependencies to be rebuilt (see this for starters). This is the major reason why the tool isn't widely used outside Google.