Static analysis is a method of analyzing code for defects, bugs, or security issues prior to pushing to production. Often referred to as “linters,” static analysis tools remove the unnecessary fluff from your code and perform some automated checks to improve code quality. Static analysis tools can check for:
Inconsistencies in code style conventions and standards. It can be as simple as enforcing consistent indentation and variable names or as complex as enforcing compliance with the MISRA or CERT Secure Coding Standards
Resource leaks such as a failure to release allocated memory, which can eventually lead to program crashes or failure to close files
Incorrect usage of Application Programming Interfaces (APIs)
Common security vulnerabilities such as those identified by the Open Web Application Security Project (OWASP) or Common Weakness Enumeration (CWE)