Joern

A Robust Code Analysis Platform for C/C++

Joern – Home

An Intelligent Code Analysis Platform for C/C++

Joern is a platform for robust analysis of C/C++ code. It generates code property graphs, a novel graph representation of code that exposes the code’s syntax, control-flow, data-flow and type information. Code property graphs are stored in a graph database. This allows code to be mined using search queries formulated in the graph traversal language Gremlin. In summary, Joern offers the following core features:

  • Fuzzy Parsing. Joern employs a fuzzy parser for C/C++ based on the concept of Island grammar. The parser enables importing arbitrary code even if a working build environment cannot be supplied or parts of the code are missing.
  • Code Property Graphs. Joern creates code property graphs from the fuzzy parser output and stores them in a graph database. For background information on code property graphs, we strongly encourage you to read our paper on the topic.
  • Intelligent Search Queries. Joern offers an extensible query language based on Gremlin. This language can be used to manually formulate search queries for vulnerabilities as well as automatically infer them using machine learning techniques.

Authors of Joern

authors Joern is developed by Fabian Yamaguchi and the Joern team at Technische Universität Braunschweig.

You can contact Fabian at fabs at sec.cs.tu-bs.de.