Static Code Analysis, also known as Static Analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards. Static Code Analysis is used in software engineering by software development and quality assurance teams. Automated tools can assist programmers and developers in carrying out Static Code Analysis. The software will scan all code in a project to check for vulnerabilities while validating the code.
Static Code Analysis is generally good at finding coding issues such as:
The Static Code Analysis process is also useful for addressing weaknesses in source code that could lead to buffer overflows – a common software vulnerability.
Source: https://whatis.techtarget.com/definition/static-analysis-static-code-analysis