The rule that most applies to static analysis is "Rule 10" which is noted below:
"Compile with all warnings enabled, in pedantic mode, and use one or more modern static source code analyzers. All code must be compiled, from the first day of development, with all compiler warnings enabled at the compiler's most pedantic setting. All code must compile with these setting without warnings. All code must be checked on each build with at least one, but preferably more than one, state-of-the-art static source code analyzer and should pass the analyses with zero warnings." (Rule 10 of Power of 10 Rules)
Gerard notes that "there is no excuse for any serious software development effort not to make use of this technology." Some may view the "rule of zero warnings" as draconian but Gerard notes that if the analysis gets confused enough to report a problem, then the code should be rewritten to be "trivially valid." Good code doesn't need to be complex. If the code is clean, it's not only much less error-prone but also much easier to manage and maintain ongoing. Think also about the next developer who may be inheriting the code. Static analysis will find bugs but will also help code be more readable and maintainable.