Static Code Analysis: A Tree of Science Review

Abstract

Static Code Analysis (SA) is the process of finding vulnerabilities in software. This process has become popular and one of the most evaluated phases in the process of continuous integration of software. However, the literature is spread over different proposals and there is a lack of research that shows the main contributions and applications to this topic. The purpose of this paper is to identify the main conceptual contributions of SA using the Tree of Science algorithm. The results show three main branches of this area: machine learning for smell detection, actionable ranking techniques, and Technical alert tools. Artificial Intelligence has been transforming SA and programmers will have access to more sophisticated tools.