TRANSCRIPT
Static analysis is just the automatic examination of source code without actually executing the program.

So there’s a lot of good reasons why you might choose to use static analysis. One is that it can just generally improve your code quality. It’s able to find a lot of subtle issues in code that may not have consequences except for in very specific situations. And those kinds of things are typically difficult for humans to find.

Another great thing about static analysis is that it can identify security issues before they become a problem. Static analysis is useful throughout the lifecycle of a project, but it’s a very good idea to start it at the beginning of a project. A couple reasons are one, it can help you train your development team to write code that won’t cause violations so you’ll have less violations towards the end of the project than you would at the beginning.

Another reason is that it’s much easier to handle small numbers of violations than it is to throw static analysis on at the end of the project and have thousands and thousands of violations that you have to deal with.

While I did say that static analysis is a great tool for improving your code quality, it is not a replacement for multiple levels of testing. That’s unit testing all the way up through system level testing, because static analysis will not catch your logic errors that would cause features defects.

Overall, we recommend using a static analysis tool for your next project.