The "static" in static analysis refers to the fact that the code is static. SAST tools don't scan code as it executes. That's the role of Dynamic Application Security Testing products, which are known, unsurprisingly, as DAST tools. They are also called "black box scanners" because they ...
Get the full list of over 6K CWE security standards supported by Black Duck Static Analysis. Find information on CWE 200, CWE 79, CWE 20 and more.