Static code analysis is the process of examining source code (without actually executing it) to identify potential defects, security vulnerabilities, and other quality issues.


There are several alternatives to static code analysis including dynamic analysis and manual code review. Dynamic analysis involves running the code and observing its behavior to identify issues. Dynamic analysis can be effective in detecting issues related to performance and security, but requires a running application and can be time-consuming.1