Some people do it manually by some process and some people use some kind of techniques and
tools for static code review. Because tools can also help you to find all kind of vulnerabilities and everything and make your application fully secured and of high quality.