Static code analysis is one of various methods for analyzing computer software. This method performs code analysis on source code of software under development without directly executing the software
Static analysis tools are programs developed to automatically perform static program analysis using software rather than by humans. In general, the size of source code is very large, and it is almost impossible to manually perform static program. Therefore, it is the role of the static analysis tool to automate and perform these analyses. Static analysis tools may detect various kinds of defects or vulnerabilities in the source code according to the type, and inform a user of the detected defects by analyzing the source code.
Conventionally, source code analysis apparatuses using static analysis tools described above have been variously provided.
However, source code analysis apparatuses that are conventionally provided and used provide only a defect detection function and generate a detection message thereof. There is a limit that a correction of the detected defect depends on personal knowledge and experience of a user (programmer).