Skip to content
Programming Glossary
Testing & Quality Glossary
Static Analysis — Explained with Examples

Static Analysis — Explained with Examples

DodaTech Updated Jun 15, 2026 2 min read

Static analysis examines source code without executing it to detect bugs, style violations, security vulnerabilities, and code quality issues.

Static analysis (also called linting or static code analysis) scans your codebase for patterns that indicate bugs, security flaws, or style problems — all before you run a single test.

What Static Analysis Catches

  • Potential bugs — unused variables, null pointer risks, infinite loops
  • Security vulnerabilities — SQL injection patterns, hardcoded secrets, unsafe deserialization
  • Style violations — inconsistent formatting, naming convention breaks
  • Complexity issues — functions that are too long, too many parameters

Example: ESLint Configuration 

// .eslintrc.js
module.exports = {
  extends: ['eslint:recommended'],
  rules: {
    'no-unused-vars': 'error',
    'no-console': 'warn',
    'complexity': ['warn', { max: 5 }],
    'max-depth': ['error', { max: 3 }],
    'no-shadow': 'error',
    'prefer-const': 'error'
  }
};
// Code that triggers static analysis warnings
function processItems(items) {
  let x = 10;                    // ❌ 'x' is assigned but never used (no-unused-vars)

  for (let i = 0; i < items.length; i++) {
    for (let j = 0; j < items[i].length; j++) {
      for (let k = 0; k < items[i][j].length; k++) {
        console.log(items[i][j][k]); // ❌ Max depth exceeded (max-depth)
      }
    }
  }
}

Popular Static Analysis Tools

LanguageTools
JavaScript/TypeScriptESLint, Prettier, SonarQube
PythonPylint, Flake8, mypy, Bandit
JavaCheckstyle, PMD, SpotBugs
Gogo vet, staticcheck
RustClippy
All languagesSonarQube, Codacy, CodeClimate

Real-World Analogy

Static analysis is like a spell checker and grammar checker for code. You don’t need to read the whole document (run the program) to catch “teh” instead of “the” (typo) or a sentence with no verb (logic error). The checker scans the text and flags issues before anyone reads it.

Integrating Static Analysis 

// Pre-commit hook (husky + lint-staged)
{
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
    }
  },
  "lint-staged": {
    "*.js": ["eslint --fix", "prettier --write"],
    "*.py": ["flake8"]
  }
}

Related Terms

Code Coverage, Unit Testing, Code Review, TDD, OWASP

Previous Regression Testing — Explained with Examples Next Performance Testing — Explained with Examples

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Testing & Quality Glossary