Static Code Analysis is the analysis of software code when the program is not running. The analysis of the running or compiled, executing code is called Dynamic Code Analysis. The static method of code analysis examines source code, or byte code, or application binaries for security vulnerabilities. Static analysis looks inside each program, at its internal structure, rather than outcome of the program.
Source: Veracode
Additional Reading: Trending in 2020: Static Code Analysis Software Market Growing Immensely at a Global Level 2020 to 2025
Related Terms: Dynamic Code Analysis, Vulnerability
Should a SMB Run Static Code Analysis?
It is always a good idea to catch coding errors before they go into production. Static Code Analysis is a thorough approach that could prove more cost-efficient (than dynamic code analysis) with the ability to detect bugs at an early phase of the software development life cycle. Static Code Analysis can also unearth errors that would not emerge in a dynamic test. Dynamic Code Analysis, on the other hand, is capable of exposing subtle flaws and vulnerabilities too complicated for static analysis alone to reveal.
Devlopment companies should budget for static code analysis on a consistent and regular basis tied to each major coding project or release schedule.