Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses or application domains, no overview of the entire security landscape exists. We present a systematic literature review of 246 static security analyzers concerning their targeted vulnerabilities, application domains, analysis techniques, evaluation methods, and limitations. We observe that most analyzers focus on a limited set of weaknesses, that the vulnerabilities they detect are rarely exploitable, and that evaluations use custom benchmarks that are too small to enable robust assessment.

翻译：静态安全分析是一种广泛应用的技术，用于检测跨多种缺陷类型、应用领域和编程语言的软件漏洞。尽管先前的研究已针对特定缺陷或应用领域对静态分析工具进行了调研，但目前尚缺乏对整个安全领域分析工具的全景概览。本文对246款静态安全分析工具进行了系统的文献综述，涵盖其目标漏洞、应用领域、分析技术、评估方法及局限性。我们发现，大多数分析工具仅关注有限的缺陷类型，其检测出的漏洞很少具备实际可被利用性，且评估过程通常使用自定义的、规模过小的基准测试集，难以实现稳健的评估。