An Interactive Shell for Code Analysis

Joern is an award-winning open-source platform for robust query-based analysis of C/C++. It enables mining large code bases for vulnerabilities using a Scala-based domain-specific query language and provides the reference implementation for code property graphs. With its fuzzy parsing approach, it is specifically suited for machine learning applications. Joern serves as the fundament for the commercial SAST and code exploration products at ShiftLeft.

Code Property Graphs

The Code Property Graph (CPG) is an intermediate code representation designed for code querying. The core idea it promotes is to merge multiple different program representations into a joint graph data structure and allowing queries to be formulated as graph traversals. In its initial form as presented in 2014, the CPG makes available syntactical information, control flow information and data flow for C/C++ programs. It was later further generalized to host multiple different programming languages, and higher-level code representations.

Getting Started

Joern is written in Scala. Please make sure a Java Virtual Machine (version 8 or higher) is installed. Linux, MacOSX and FreeBSD are supported. Joern has not been tested on Windows.

wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-cli.zip
unzip joern-cli.zip
cd joern-cli
./joern
██╗ ██████╗ ███████╗██████╗ ███╗ ██╗
██║██╔═══██╗██╔════╝██╔══██╗████╗ ██║
██║██║ ██║█████╗ ██████╔╝██╔██╗ ██║
██ ██║██║ ██║██╔══╝ ██╔══██╗██║╚██╗██║
╚█████╔╝╚██████╔╝███████╗██║ ██║██║ ╚████║
╚════╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═══╝
Type `help` or `browse(help)` to begin
joern> importCode("/path/to/code")
joern> cpg.method.name.l

Community

Primary Maintainer

Past Maintainers