Static Analysis / Static Verification

Does anyone know of any offical guidance on static analysis / statis verification? I have come across this in a review and need to know more.
This is in relation to a software validation project.


Regulations only require verification (meets requirements) and validation (meets user needs / intended use). Static analysis will give you excellent information about your software, including identifying potential bugs. Typically gives you code standards non-compliances and cyclomatic complexity measures.

While not required, FDA seems to be at least moving towards expecting static analysis. We often use static analysis to supplement formal V&V results and it’s always been very well accepted. Shows you’re looking deeper than just requirements, addressing software quality.