Static Code Analysis

---

Static code analysis involves scrutinizing source code to identify potential vulnerabilities, errors, and noncompliant coding practices before the program is finalized.

• can catch and rectify issues early in the development lifecycle
  • proactive approach
• Application security practices mandate:
  • static application security testing (SAST)
  • and dynamic application security testing (DAST)
• supports secure coding and is performed using specialized tools
  • These tools automate code checks against pre-determined rules and flag potential issues
  • e.g.,
    • SonarQube
    • Coverity
    • Fortify