A security analyzer is an automated tool for helping analysts find security-related problems in software. Modern security analyzers focused on building security in analyze software source code, trying to automate some of the tasks that a human analyst might perform. The impetus for security analyzers originally came with the realization that many software vulnerabilities are in reusable library functions, so that programs could be scanned to check whether they contain any calls to those functions. This process is more or less equivalent to opening the source code in an editor and searching for the name of vulnerable functions like strcpy()and stat(). Modern security analyzers are more sophisticated; they use data- and control-flow analysis to find subtler bugs and to reduce false alarms. Unfortunately, these tools are still not capable of replacing a human analyst. The purpose of this document is to outline what automated security analyzers can do and provide some criteria for evaluating individual tools.

https://buildsecurityin.us-cert.gov/portal/article/tools/code_analysis/overview.xml

Urs