Static analysis means:
Using automated tools to examine source code without running the program.
These tools scan the code and detect possible problems such as:
| Static analysis checks | Meaning | Example |
|---|---|---|
| Bugs | Logic or coding mistakes that may cause failure | Null pointer issue, unreachable code |
| Vulnerabilities | Security weaknesses | SQL injection risk, hardcoded password |
| Code smells | Code that works but is poorly designed or hard to maintain | Duplicate code, very long method, confusing naming |
| Standards violations | Code that does not follow team rules | Formatting, naming, architecture rules |
Your Agile metrics slide describes static code analysis as automated analysis of source code to identify potential bugs and security vulnerabilities.
Simple teaching line
Static analysis is like an automated code reviewer that checks the code before it runs.
Example tools:
SonarQube, ESLint, Checkstyle, PMD, SpotBugs, CodeQL.
Ref: ChatGPT/AI Tools
