The installation and usage of joern are covered in the documentation provided at readthedocs.org.
Articles & Presentations
The following is a list of articles and presentations dealing with joern to help you get started.
Starting out with Joern
Mining for bugs with graph database queries
Why you should add Joern to your source code audit toolkit
Kelbi Ludwig (Praetorian)
Hunting vulnerabilities with graph databases
Fabian Yamaguchi, Nico Golde
For background information, you can read our papers on vulnerability discovery that make use of Joern.
Pattern-Based Vulnerability Discovery
Automatic Inference of Search Patterns for Taint-Style Vulnerabilities
Fabian Yamaguchi, Alwin Maier, Hugo Gascon, and Konrad Rieck
IEEE Symposium on Security and Privacy (Oakland), 2015
Modeling and Discovering Vulnerabilities with Code Property Graphs
Fabian Yamaguchi, Nico Golde, Daniel Arp, and Konrad Rieck
IEEE Symposium on Security and Privacy (Oakland), 2014
Chucky: Exposing Missing Checks in Source Code for Vulnerability Discovery.
Fabian Yamaguchi, Christian Wressnegger, Hugo Gascon, and K. Rieck
ACM Conference on Computer and Communications Security (CCS)
Generalized Vulnerability Extrapolation using Abstract Syntax Trees.
Fabian Yamaguchi, Markus Lottmann, and Konrad Rieck
Annual Computer Security Applications Conference (ACSAC)