Static Analysis is the analysis of source code without execution. Static analysis can be done manually, like inspections, or static analysis can be automated by using software tools. Because static analysis does not require execution of the code, analysis for errors and vulnerabilities can be done throughout the software development process, and analysis can be conducted across all code paths. With dynamic analysis practices like testing, the line coverage is determined by the lines of code executed by the suite of test cases.

Static analysis is usually conducted by looking for error signatures or patterns that have cause problems in earlier programs. However, these signatures may be ambiguous and static analysis suffers from a high number of false positives. Also, static analysis is limited by the current or known knowledge of error signatures and patterns. New vulnerabilities may not be detected by static analysis tools. There is ongoing research to investigate these problems and make static analysis a viable component of software development.