Static analysis tools are generally used by developers as part of the development and component testing process. The key aspect is that the code (or other artifact) is not executed or run but the tool itself is executed, and the source code we are interested in is the input data to the tool.
- These tools are mostly used by developers.
- Static analysis tools are an extension of compiler technology – in fact some compilers do offer static analysis features. It is worth checking what is available from existing compilers or development environments before looking at purchasing a more sophisticated static analysis tool.
- Other than software code, static analysis can also be carried out on things like, static analysis of requirements or static analysis of websites (for example, to assess for proper use of accessibility tags or the following of HTML standards).
- Static analysis tools for code can help the developers to understand the structure of the code, and can also be used to enforce coding standards.
Features or characteristics of static analysis tools are:
- To calculate metrics such as cyclomatic complexity or nesting levels (which can help to identify where more testing may be needed due to increased risk).
- To enforce coding standards.
- To analyze structures and dependencies.
- Help in code understanding.
- To identify anomalies or defects in the code.