Skip to content

static code analysis

Static code analysis is the inspection of a computer program without executing it, used to detect bugs, security vulnerabilities, style violations, and other properties visible from the source.

Static analysis works on a program’s source code, an intermediate representation, or its compiled binaries. That sets it apart from dynamic analysis, which watches the program while it runs. Most tools first build a model of the program, often a control flow graph that also tracks how data moves through it, and then draw conclusions from that model.

Static analysis tools are usually grouped by what they look for:

  • Linters flag stylistic issues and obvious defects.
  • Static type checkers verify type hints against a type system.
  • Static application security testing (SAST) tools search for vulnerability patterns such as injection flaws.
  • Formal verification tools attempt to prove that code meets an explicit specification.

Many static checks are now built into compilers and editors, while dedicated analyzers run inside build systems, version control hooks, and continuous integration pipelines.

Python Code Quality Illustration

Tutorial

Python Code Quality: Best Practices and Tools

In this tutorial, you'll learn about code quality and the key factors that make Python code high-quality. You'll explore effective strategies, powerful tools, and best practices to elevate your code to the next level.

intermediate best-practices python tools

For additional information on related topics, take a look at the following resources:

By Martin Breuss • Updated June 10, 2026 • Reviewed by Leodanis Pozo Ramos
Computer Science Glossary Share Feedback