Kiuwan, Veracode, Flawfinder, Splint, BOVSTT are examples of which category of tools?

Static analysis examines code without executing it, using rules and patterns to find vulnerabilities and quality issues in source code or binaries. Kiuwan and Veracode are well-known static analysis platforms that scan software artifacts to surface security defects early. Flawfinder and Splint are classic static analyzers for C/C++, inspecting code for risky constructs and potential memory-safety problems, including buffer overflows. BOVSTT also fits in this static-analysis category as another tool that analyzes code without running it. Because these tools operate on code without executing it and target a range of security issues, they belong to static analysis tools rather than being limited to buffer overflow detection, fuzzing, or bug tracking. Fuzzers perform dynamic testing by feeding inputs at runtime to provoke crashes; bug trackers manage defect records; and a focus solely on buffer overflows would be much narrower than these broad static analyzers.