Static code scanning is the process of analyzing source code to look for security vulnerabilities. It can be done manually or using automated tools. Static code scanning is a form of code review.

Steps in Code Review:

1. Gather information about the code - See the code and try to understand what it does.

2. Check for errors and inconsistencies - Check for errors and inconsistencies in the code.

3. Check for proper use of language and structure - Check for proper use of language and structure.

4. Check for logical consistency and correctness - Check for logical consistency and correctness.

Some of the most popular code review scanners include:

1. Checkmarx

2. Veracode

3. Whitehat Security

4. Appscan

5. Fortify

6. Arachni

7. Brakeman

8. Ratproxy

9. W3af

10. N-Stalker