Static Code Analysis

Static code analysis is a tooling set that allows for the examination of source code in it’s raw form to look for security issues that may be present in the code base. Additionally it can help to find application functions that have been deprecated or that are utilized in appropriately.

• NIST List of Static Code Analysis Tools
• OWASP SAST Benchmark
• OWASP Benchmark Results