What is the name of tools that analyze source code for various errors but do not execute the code?

The correct choice refers to Static Application Security Testing (SAST) tools, which are specifically designed to analyze source code for various vulnerabilities and weaknesses without executing the code. SAST tools parse the code to identify patterns, common coding errors, potential security vulnerabilities, and other issues that may not be detectable during runtime. This type of analysis is crucial in the early phases of the software development lifecycle, allowing developers to remediate issues before the application is running or released.

SAST operates by examining the actual source code, which includes checking for bad coding practices, ensuring compliance with security policies, and identifying potential security flaws. By using SAST, organizations can improve their secure coding practices and bolster the overall security posture of their applications from the outset.

The other tool options serve different functions: Dynamic Application Security Testing (DAST) evaluates running applications and identifies vulnerabilities that emerge during execution, Interactive Application Security Testing (IAST) combines elements of both SAST and DAST by analyzing applications during runtime but provides deeper insights by examining the code itself while the application is being executed, and manual code review relies on human reviewers to inspect code, which is often more time-consuming and may introduce inconsistencies in the analysis.