31ST DAAAM INTERNATIONAL SYMPOSIUM ON INTELLIGENT MANUFACTURING AND AUTOMATION DOI: 10.2507/31st.daaam.proceedings.078 STATIC CODE ANALYSIS TOOLS: A SYSTEMATIC LITERATURE REVIEW Darko Stefanović, Danilo Nikolić, Dušanka Dakić, Ivana Spasojević & Sonja Ristić This Publication has to be referred as: Stefanovic, D[arko]; Nikolic, D[anilo]; Dakic, D[usanka]; Spasojevic, I[vana] & Ristic, S[onja] (2020). Static Code Analysis Tools: A Systematic Literature Review, Proceedings of the 31st DAAAM International Symposium, pp.0565-0573, B. Katalinic (Ed.), Published by DAAAM International, ISBN 978-3-902734- 29-7, ISSN 1726-9679, Vienna, Austria DOI: 10.2507/31st.daaam.proceedings.078 Abstract Static code analysis tools are being increasingly used to improve code quality. Such tools can statically analyze the code to find bugs, security vulnerabilities, security spots, duplications, and code smell. The quality of the source code is a key factor in any software product and requires constant inspection and supervision. Static code analysis is a valid way to infer the behavior of a program without executing it. Many tools allow static analysis in different frameworks, for different programming languages, and for detecting different defects in the source code. Still, a small number of tools provide support for domain-specific languages. This paper aims to present a systematic literature review focusing on the most frequently used static code analysis tools and on classifying the presented tools according to the supported both general- purpose and domain-specific programming languages and the types of defects a specific tool can detect. Keywords: static code analysis; tools; defects; reengineering; literature review; 1. Introduction At the Faculty of Technical Sciences, various forms of application of information technologies are studied, such as [1] [2] [3] [4] [5], in addition, information technologies find application in areas such as [6] [7], in this paper, the application of information technologies and tools to static code analysis will be described. Since the beginning of software development as a scientific discipline, software developers have lacked a method for source code quality assessment. Most software developers rely on the compiler and the fact that the software product works successfully until an error is caused by poor code quality or a bug that disrupts the operation of the software solution occurs. The quality of the source code is a key factor in any software product and requires constant verification and monitoring. Static analysis is used to maintain and improve the quality of the source code. Static analysis of program code has been used since the early 1960s to optimize the operation of compilers [8]. Later, it proved useful for debugging tools, as well as for software development frameworks. There is a growing number of tools that allow static code analysis, many of which are open-source tools and allow an analysis of several different programming languages [9]. Static analysis tools are used to generate reports and to point out certain deviations from the prescribed code quality standards. However, these tools do not allow automatic modifications to the source code. The decision to change the way the previously written code is structured remains in the hands of software developers. - 0565 -