What is static analysis and linting in the context of testing?

Static analysis analyzes code without executing it, using automated tools to find potential bugs, security vulnerabilities, code smells, and style violations. It complements dynamic testing by catching issues that tests miss. Types: Linters: enforce code style and catch common mistakes (ESLint for JS, Pylint/Flake8 for Python, RuboCop for Ruby, PHPStan/Psalm for PHP, StyleCop for C#). SAST (Static Application Security Testing): find security vulnerabilities (Semgrep, CodeQL, Checkmarx, SonarQube). Type checkers: TypeScript, mypy (Python), Flow — catch type errors at compile time. Complexity analyzers: identify overly complex methods (cyclomatic complexity > 10 = hard to test). Dependency analysis: SCA tools find vulnerable dependencies (Snyk, OWASP Dependency-Check, npm audit). Integrate in CI pipeline as a pre-test gate — fail the build on linting errors and high-severity security findings. Running static analysis gives instant feedback without slow test execution. "Static analysis is a test that never needs to be written."