`SA-11 (1) The organization requires the developer of the information system, system component, or information system service to employ static code analysis tools to identify common flaws and document the results of the analysis.
SA-11 (1) Additional Requirements and Guidance: A code analysis report MUST be submitted as part of the authorization package and any reauthorization actions. Code analysis shall be completed before every code release as a matter of process.ated as administrators within the management portal.``
Data.gov requires all of its development staff to perform static code analysis that identifies common flaws and document the results of the analysis for its applications it develops