What about code audits and static code analysis?

I have searched the documentation for some information about how testing and related things are done.
But some questions doesn’t seems to be answered (or I didn’t found the answers):

  • How are code audits handled? Are they done regularly?
  • Are static code analysis tools used? If, which and how often?