Description
Analyzes C programs for likely security issues, annotation mismatches, and coding mistakes before runtime. Developers use it to review memory use, contracts, and dangerous patterns in C projects.
Static analysis helps find problems but does not prove a program is secure. Treat findings as review input and still run tests, fuzzing, and manual audits for sensitive code.