Joern

Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis.

Features

Joern allows importing code even if a working build environment cannot be supplied or parts of the code are missing
Joern creates semantic code property graphs from the fuzzy parser output and stores them in an in-memory graph database
SCPGs are a language-agnostic intermediate representation of code designed for query-based code analysis
Joern provides a taint-analysis engine that allows the propagation of attacker-controlled data in the code to be analyzed statically
Joern offers a strongly-typed Scala-based extensible query language for code analysis based on Gremlin-Scala
Code property graphs are multi-layered, offering information about code on different levels of abstraction

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow Joern

Joern Web Site

Other Useful Business Software

Try Google Cloud Risk-Free With $300 in Credit

No hidden charges. No surprise bills. Cancel anytime.

Use your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.

Start Free

Rate This Project

User Reviews

Be the first to post a review of Joern!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Java

Related Categories

Java Source Code Analysis Tool

Registered

2023-08-22

Similar Business Software

DbVisualizer

DbVisualizer is a universal database client for developers, DBAs, analysts, and data engineers working with relational and NoSQL databases. It provides a graphical interface for database development, SQL querying, data exploration, and database admin. The tool includes a powerful SQL editor...

See Software
Windsurf Editor

The Windsurf Editor is a free AI-powered IDE and AI coding assistant that accelerates development by providing intelligent code generation and agents in over 70 programming languages and more than 40 IDEs, including VSCode, JetBrains, and Jupyter Notebooks. With Windsurf, developers can write...

See Software
Parasoft

"Parasoft delivers an AI‑powered software testing platform that helps organizations continuously release high‑quality software. Our solutions support embedded and enterprise teams by integrating code analysis, testing, virtualization, and coverage into the delivery pipeline to improve security,...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
GW Apps

GW Apps – Build Powerful Business Apps Without Code. GW Apps is a secure, cloud-based no-code platform that enables businesses to create custom applications and automate workflows without programming. Designed for both business and IT teams, GW Apps combines an intuitive drag-and-drop builder...

See Software
Visual Expert

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking...

See Software