Static Code Analysis

Automated examination of source code without executing it, used to identify bugs, security vulnerabilities, code quality issues, and style violations. Static analysis tools (SonarQube, Semgrep, CodeQL) scan the codebase for known anti-patterns and potential flaws. Useful in diligence to assess code quality at scale, but not a substitute for expert review -- tools flag symptoms, humans diagnose root causes.