Static analysis is the process of examining the source and binary code without execution. It’s usually run for the purposes of finding bugs or evaluating quality. Unlike dynamic analysis, which requires a running program to work, static analysis can be run on source code without the need for an executable.
This means static analysis can be used on partially complete code, libraries, and third-party source code. Static analysis is accessible to developers to use as code is written or modified. It can also be applied to any arbitrary code base.
In the application security domain, static analysis goes by the term, static application security testing (SAST). Many commercial tools support both security vulnerability detection alongside bug detection, quality metrics, and coding standard conformance.
But there’s more to choosing a modern static analysis tool than comparing and contrasting the standard technical features. This paper recommends the steps for selecting a static analysis tool that a software team will actually use. It examines how to find a solution that suits the team’s current situation, can be deployed and maintained across the enterprise, will assist in and survive an audit, and will grow as needs evolve.
To learn more, fill out the form below to access a complimentary copy of the white paper, “How to Choose a Modern Static Analysis Tool.”
