Joern

Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis.

Features

Joern allows importing code even if a working build environment cannot be supplied or parts of the code are missing
Joern creates semantic code property graphs from the fuzzy parser output and stores them in an in-memory graph database
SCPGs are a language-agnostic intermediate representation of code designed for query-based code analysis
Joern provides a taint-analysis engine that allows the propagation of attacker-controlled data in the code to be analyzed statically
Joern offers a strongly-typed Scala-based extensible query language for code analysis based on Gremlin-Scala
Code property graphs are multi-layered, offering information about code on different levels of abstraction

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow Joern

Joern Web Site

Other Useful Business Software

Earn up to 15% annual interest with Nexo.

Access competitive interest rates on your digital assets.

Generate interest, borrow against your crypto, and trade a range of cryptocurrencies — all in one platform. Geographic restrictions, eligibility, and terms apply.

Get started with Nexo.

Rate This Project

User Reviews

Be the first to post a review of Joern!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Java

Related Categories

Java Source Code Analysis Tool

Registered

2023-08-22

Similar Business Software

DbVisualizer

DbVisualizer is a universal database client for developers, DBAs, analysts, and data engineers working with relational and NoSQL databases. It provides a graphical interface for database development, SQL querying, data exploration, and database admin. The tool includes a powerful SQL editor...

See Software
Windsurf Editor

The Windsurf Editor is a free AI-powered IDE and AI coding assistant that accelerates development by providing intelligent code generation and agents in over 70 programming languages and more than 40 IDEs, including VSCode, JetBrains, and Jupyter Notebooks. With Windsurf, developers can write...

See Software
Twilio

Design and deploy your ideal customer engagement experience. Twilio is a single fully-programmable platform with flexible APIs for any channel and over 400+ integrations, backed by a community of over 9 million developers. Build accurate and personalized experiences for your customers, easily...

See Software
Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Twilio Messaging

Twilio's Messaging API is a powerful tool that enables businesses to integrate messaging capabilities into their applications seamlessly. It offers a stable RESTful API that allows developers to send and receive SMS, MMS, and WhatsApp messages globally. With Twilio's Messaging API, businesses...

See Software