static code analysis
Static code analysis is the inspection of a computer program without executing it, used to detect bugs, security vulnerabilities, style violations, and other properties visible from the source.
Static analysis works on a program’s source code, an intermediate representation, or its compiled binaries. That sets it apart from dynamic analysis, which watches the program while it runs. Most tools first build a model of the program, often a control flow graph that also tracks how data moves through it, and then draw conclusions from that model.
Static analysis tools are usually grouped by what they look for:
- Linters flag stylistic issues and obvious defects.
- Static type checkers verify type hints against a type system.
- Static application security testing (SAST) tools search for vulnerability patterns such as injection flaws.
- Formal verification tools attempt to prove that code meets an explicit specification.
Many static checks are now built into compilers and editors, while dedicated analyzers run inside build systems, version control hooks, and continuous integration pipelines.
Related Resources
Tutorial
Python Code Quality: Best Practices and Tools
In this tutorial, you'll learn about code quality and the key factors that make Python code high-quality. You'll explore effective strategies, powerful tools, and best practices to elevate your code to the next level.
For additional information on related topics, take a look at the following resources:
- Python Type Checking (Guide) (Tutorial)
- Ruff: A Modern Python Linter for Error-Free and Maintainable Code (Tutorial)
- Astral's ty: A New Blazing-Fast Type Checker for Python (Tutorial)
- How to Use Type Hints for Multiple Return Types in Python (Tutorial)
- Continuous Integration and Deployment for Python With GitHub Actions (Tutorial)
- Refactoring Python Applications for Simplicity (Tutorial)
- Python Code Quality: Best Practices and Tools (Quiz)
- Python Type Checking (Course)
- Python Type Checking (Quiz)
- Modern Python Linting With Ruff (Course)
- Ruff: A Modern Python Linter (Quiz)
- Astral's ty Type Checker for Python (Quiz)
- Using Type Hints for Multiple Return Types in Python (Course)
- Python Continuous Integration and Deployment Using GitHub Actions (Course)
- GitHub Actions for Python (Quiz)