Welcome to joern’s documentation!

Joern is a platform for robust analysis of C/C++ code developed by Fabian Yamaguchi and Alwin Maier at the Institute of Systems Security of the Technische Universitaet Braunschweig. It is part of the octopus project for graph-based program analysis tools. Joern generates code property graphs, a novel graph representation that exposes the code’s syntax, control-flow, data-flow and type information in a joint data structure. Code property graphs are stored in an OrientDB graph database. This allows code to be mined using search queries formulated in the graph traversal language Gremlin. In addition, long-running analysis tasks can be implemented as plugins for the platform.

  • Fuzzy Parsing. Joern employs a fuzzy parser. This allows code to be imported even if a working build environment cannot be supplied.
  • Code Property Graphs. Joern creates code property graphs from the fuzzy parser output and makes and stores them in a Neo4J graph database. For background information on code property graphs, we strongly encourage you to read our paper on the topic.
  • Extensible Query Language. Based on the graph traversal language Gremlin, Joern offers an extensible query language based on user-defined Gremlin steps that encode common traversals in the code property graph. These can be combined to create search queries easily.

This is joern’s official documentation. It covers its installation and configuration, discusses how code can be imported and retrieved from the database and gives an overview of the database contents.