Static Code Analysis

What is Static Code Analysis?

Its a technique covered under white-box testing, which is used to evaluate the programming code of the software application without the actual execution of the application or code against the specified and established standards. The word 'static' itself is defining the meaning of this approach, i.e. the code is used in its static position without making it dynamic by putting it into actual execution for the testing purpose.

It's a type of code review, which is done just going through the code and analysing it in order to reveal the errors or defects present in it. However, just reading and analysing the programming code by a human being without any usage of specific and automated tools may be termed as programming understanding and not completely defines the terminology "Static code analysis".

Static code analysis is usually done with the help of automated tools, not only to study and review the code, but also to analyse them. These tools provides precision and accuracy in finding flaws in the code and increases the level of confidence in the code.

What's the need of static code analysis?

In the field of software engineering, it's a very well known fact that an early detection of defects and issues in the software product may result into a saving of time and money, both.

Static analysis may be seen as a useful attempt to explore defects and issues at an early stage of development life cycle at a very low level, and thus, may prevent a tester from the hectic of detecting the bugs in the complex software product at a later stage.

Further, the research and analysis carried out on the programming code of the application enables a tester/ testing team to have the better understanding and knowledge of the software application and its various aspects. This will indeed, help the testing team to execute the later dynamic testing activities in an efficient and effective manner.


To carry out the task of static code analysis, a tester may opt for the following techniques.

Data Flow Analysis

It may be seem as a method to gather runtime data of the static code. Generally, it involves the beginning and exit of a program, driven by the sequence of instruction to observe the data flow.

Control Flow Graph

It is the representation of a software process or a program, in the form of a graph consisting of nodes and directed edges, i.e. path between the nodes along with the direction of the program flow. An entry and exit node will always have an outward and an inward directed edge, respectively.

Taint Analysis

An effective technique to discover the variables that are likely to be affected by the inputs provided by the user. In this approach, the identified variables are subjected to the functionalities, likely to be in a vulnerable state also known as sink. If a variable passes through the sink, it is categorized under vulnerability issue.

Lexical Analysis

Its basic working simply, consists of converting the syntax present in the code into chunks of information in order to manipulate the code to have its easy understanding.


As stated in the introductory paragraph, static code analysis is carried out with the help of specific & automated tools. There are numerous tools available in the market for each domain or programming language. Few of them are:

  • YASCA(Yet Another Source Code Analyser)→ C++ & Java
  • Visual Code Grepper→ PHP, C++, Java & Visual basic
  • OWASP Lapse+ →Java
  • FlawFinder→ C
  • Brakeman → Ruby on Rails
  • DevBug → PHP