In simple terms, static analysis is the process of examining the source and binary code without execution. It's usually run for the purposes of finding bugs or evaluating quality. Unlike dynamic analysis, which requires a running program to work, static analysis can be run on source code without the need for an executable.
This means static analysis can be used on partially complete code, libraries, and third-party source code. Static analysis is accessible to developers to use as code is written or modified. It can also be applied to any arbitrary code base.
In the application security domain, static analysis goes by the term, static application security testing (SAST). Many commercial tools support both security vulnerability detection alongside bug detection, quality metrics, and coding standard conformance.