{"id":13492814,"url":"https://github.com/joernio/joern","last_synced_at":"2026-04-08T10:01:24.673Z","repository":{"id":36953986,"uuid":"175681313","full_name":"joernio/joern","owner":"joernio","description":"Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc","archived":false,"fork":false,"pushed_at":"2026-04-02T17:28:00.000Z","size":168426,"stargazers_count":3056,"open_issues_count":342,"forks_count":406,"subscribers_count":38,"default_branch":"master","last_synced_at":"2026-04-03T00:41:58.308Z","etag":null,"topics":["binary","c","code-analysis","code-browser","code-property-graph","controlflow","cpg","cpp","dataflow","fuzzy-parsing","ghidra","graph","java","javabytecode","javascript","llvm","query-language","scala","syntax-tree"],"latest_commit_sha":null,"homepage":"https://joern.io/","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joernio.png","metadata":{"files":{"readme":"README.md","changelog":"changelog/2.0.0-scala3.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-03-14T18:51:07.000Z","updated_at":"2026-04-02T19:04:26.000Z","dependencies_parsed_at":"2023-09-22T10:52:31.058Z","dependency_job_id":"46c0e241-49a3-461b-8b59-3c272288c600","html_url":"https://github.com/joernio/joern","commit_stats":{"total_commits":3431,"total_committers":82,"mean_commits":41.84146341463415,"dds":0.8554357330224425,"last_synced_commit":"2101f5ac99e916275bc7caa6d98d84c2c1b1dfb2"},"previous_names":["shiftleftsecurity/joern"],"tags_count":2944,"template":false,"template_full_name":null,"purl":"pkg:github/joernio/joern","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joernio%2Fjoern","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joernio%2Fjoern/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joernio%2Fjoern/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joernio%2Fjoern/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joernio","download_url":"https://codeload.github.com/joernio/joern/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joernio%2Fjoern/sbom","scorecard":{"id":129003,"data":{"date":"2025-08-11","repo":{"name":"github.com/joernio/joern","commit":"5c53497a0c9dcd3e1def50187d65b50ab9d575d3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/containers.yml:17","Warn: no topLevel permission defined: .github/workflows/containers.yml:1","Warn: no topLevel permission defined: .github/workflows/master.yml:1","Warn: no topLevel permission defined: .github/workflows/pr.yml:1","Warn: no topLevel permission defined: .github/workflows/release-github.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/upgrade-deps.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":5,"reason":"binaries present in source code","details":["Warn: binary detected: joern-cli/frontends/kotlin2cpg/src/main/resources/jars/kotlin-stdlib-1.9.0.jar:1","Warn: binary detected: joern-cli/frontends/kotlin2cpg/src/main/resources/jars/kotlin-stdlib-common-1.9.0.jar:1","Warn: binary detected: joern-cli/frontends/kotlin2cpg/src/main/resources/jars/kotlin-stdlib-jdk8-1.9.0.jar:1","Warn: binary detected: tests/code/ghidra:1","Warn: binary detected: tests/code/java/MethodTest.class:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v4.0.407 not signed: https://api.github.com/repos/joernio/joern/releases/239648550","Warn: release artifact v4.0.406 not signed: https://api.github.com/repos/joernio/joern/releases/239582197","Warn: release artifact v4.0.405 not signed: https://api.github.com/repos/joernio/joern/releases/239272673","Warn: release artifact v4.0.404 not signed: https://api.github.com/repos/joernio/joern/releases/238758379","Warn: release artifact v4.0.403 not signed: https://api.github.com/repos/joernio/joern/releases/238556980","Warn: release artifact v4.0.407 does not have provenance: https://api.github.com/repos/joernio/joern/releases/239648550","Warn: release artifact v4.0.406 does not have provenance: https://api.github.com/repos/joernio/joern/releases/239582197","Warn: release artifact v4.0.405 does not have provenance: https://api.github.com/repos/joernio/joern/releases/239272673","Warn: release artifact v4.0.404 does not have provenance: https://api.github.com/repos/joernio/joern/releases/238758379","Warn: release artifact v4.0.403 does not have provenance: https://api.github.com/repos/joernio/joern/releases/238556980"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/containers.yml:12"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/containers.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/containers.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/containers.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/master.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/master.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-github.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-github.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-github.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release-github.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-deps.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/upgrade-deps.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-deps.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/upgrade-deps.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-deps.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/joernio/joern/upgrade-deps.yml/master?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating almalinux:latest to almalinux:latest@sha256:192e2ba3e2867b39b4bb2f689643e35353772968d9bfeb3b3c652f1a84cca3cf","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: ci/Dockerfile.alma:1: pin your Docker image by updating almalinux/9-minimal:latest to almalinux/9-minimal:latest@sha256:96ed8e6616b40799170db6fe8ac758461a3007ddf51679712b4151d412f871bb","Warn: containerImage not pinned by hash: ci/Dockerfile.alma8:1: pin your Docker image by updating almalinux/8-minimal:latest to almalinux/8-minimal:latest@sha256:a84ef8fb7c63a2f64e367ee89f19dedda150a37e2153e6693fe694cac663c7e4","Warn: containerImage not pinned by hash: ci/Dockerfile.slim:1: pin your Docker image by updating almalinux/9-minimal:latest to almalinux/9-minimal:latest@sha256:96ed8e6616b40799170db6fe8ac758461a3007ddf51679712b4151d412f871bb","Warn: pipCommand not pinned by hash: .github/workflows/master.yml:37","Warn: pipCommand not pinned by hash: .github/workflows/pr.yml:109","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/upgrade-deps.yml:29","Info:   0 out of  24 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  22 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-16T04:44:13.455Z","repository_id":36953986,"created_at":"2025-08-16T04:44:13.455Z","updated_at":"2025-08-16T04:44:13.455Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31549900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"online","status_checked_at":"2026-04-08T02:00:06.127Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","c","code-analysis","code-browser","code-property-graph","controlflow","cpg","cpp","dataflow","fuzzy-parsing","ghidra","graph","java","javabytecode","javascript","llvm","query-language","scala","syntax-tree"],"created_at":"2024-07-31T19:01:09.467Z","updated_at":"2026-04-08T10:01:24.647Z","avatar_url":"https://github.com/joernio.png","language":"Scala","funding_links":[],"categories":["Automation","Scala","Exploitation Tools","Source Code Security Audit (源代码安全审计)","Eclipse CDT","Инструменты","静态分析"],"sub_categories":["Automated Searching","Unikernel-like","Platform","Used by","Статические анализаторы приложений (SAST)"],"readme":"Joern - The Bug Hunter's Workbench\n===\n\n[![release](https://github.com/joernio/joern/actions/workflows/release.yml/badge.svg)](https://github.com/joernio/joern/actions/workflows/release.yml)\n[![Joern SBT](https://index.scala-lang.org/joernio/joern/latest.svg)](https://index.scala-lang.org/joernio/joern)\n[![Github All Releases](https://img.shields.io/github/downloads/joernio/joern/total.svg)](https://github.com/joernio/joern/releases/)\n[![Gitter](https://img.shields.io/badge/-Discord-lime?style=for-the-badge\u0026logo=discord\u0026logoColor=white\u0026color=black)](https://discord.com/invite/vv4MH284Hc)\n\nJoern is a platform for analyzing source code, bytecode, and binary\nexecutables. It generates code property graphs (CPGs), a graph\nrepresentation of code for cross-language code analysis. Code property\ngraphs are stored in a custom graph database. This allows code to be\nmined using search queries formulated in a Scala-based domain-specific\nquery language. Joern is developed with the goal of providing a useful\ntool for vulnerability discovery and research in static program\nanalysis.\n\nWebsite: https://joern.io\n\nDocumentation: https://docs.joern.io/\n\nSpecification: https://cpg.joern.io\n\n## News / Changelog\n\n- Joern v4.0.0 [migrates from overflowdb to flatgraph](changelog/4.0.0-flatgraph.md)\n- Joern v2.0.0 [upgrades from Scala2 to Scala3](changelog/2.0.0-scala3.md)\n- Joern v1.2.0 removes the `overflowdb.traversal.Traversal` class. This change is not completely backwards compatible. See [here](changelog/traversal_removal.md) for a detailed writeup.\n\n## Requirements\n\n- JDK 21 (other versions _might_ work, but have not been properly tested)\n- _optional_: gcc and g++ (for auto-discovery of C/C++ system header files if included/used in your C/C++ code)\n\n## Quick Installation\n\n```\nwget https://github.com/joernio/joern/releases/latest/download/joern-install.sh\nchmod +x ./joern-install.sh\nsudo ./joern-install.sh\njoern\n\n     ██╗ ██████╗ ███████╗██████╗ ███╗   ██╗\n     ██║██╔═══██╗██╔════╝██╔══██╗████╗  ██║\n     ██║██║   ██║█████╗  ██████╔╝██╔██╗ ██║\n██   ██║██║   ██║██╔══╝  ██╔══██╗██║╚██╗██║\n╚█████╔╝╚██████╔╝███████╗██║  ██║██║ ╚████║\n ╚════╝  ╚═════╝ ╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝\nVersion: 2.0.1\nType `help` to begin\n\njoern\u003e\n```\n\nIf the installation script fails for any reason, try\n```\n./joern-install --interactive\n```\n\n## Development Requirements\n- [java](https://jdk.java.net/)\n- [sbt](https://www.scala-sbt.org)\n\n## Run unit and integration tests locally\nUnit tests:\n```bash\nsbt test\n```\n\nIntegration tests:\n```bash\nsbt joerncli/stage querydb/createDistribution\npython -m pip install requests pexpect # wexpect on Windows\npython -u ./testDistro.py\n```\n\n## Docker based execution\n\n```\ndocker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/joernio/joern joern\n```\n\nTo run joern in server mode:\n\n```\ndocker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/joernio/joern joern --server\n```\n\nAlmalinux 9 requires the CPU to support SSE4.2. For kvm64 VM use the Almalinux 8 version instead.\n```\ndocker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -w /app -t ghcr.io/joernio/joern-alma8 joern\n```\n\n## Releases\nA new release is [created automatically](.github/workflows/release.yml) once per day. Contributers can also manually run the [release workflow](https://github.com/joernio/joern/actions/workflows/release.yml) if they need the release sooner.\n\n## Developers\n\n### Contribution Guidelines\n\nThank you for taking time to contribute to Joern! Here are a few guidelines to ensure your pull request will get merged as soon as possible:\n\n* Try to make use of the templates as far as possible, however they may not suit all needs. The minimum we would like to see is:\n    - A title that briefly describes the change and purpose of the PR, preferably with the affected module in square brackets, e.g. `[javasrc2cpg] Addition Operator Fix`.\n    - A short description of the changes in the body of the PR. This could be in bullet points or paragraphs.\n    - A link or reference to the related issue, if any exists.\n* Do not:\n    - Immediately CC/@/email spam other contributors, the team will review the PR and assign the most appropriate contributor to review the PR. Joern is maintained by industry partners and researchers alike, for the most part with their own goals and priorities, and additional help is largely volunteer work. If your PR is going stale, then reach out to us in follow-up comments with @'s asking for an explanation of priority or planning of when it may be addressed (if ever, depending on quality).\n    - Leave the description body empty, this makes reviewing the purpose of the PR difficult.\n* Remember to:\n    - Remember to format your code, i.e. run `sbt scalafmt Test/scalafmt`\n    - Add a unit test to verify your change.\n\n### IDE setup\n\n#### Intellij IDEA\n* [Download Intellij Community](https://www.jetbrains.com/idea/download)\n* Install and run it\n* Install the [Scala Plugin](https://plugins.jetbrains.com/plugin/1347-scala) - just search and install from within Intellij.\n* Important: open `sbt` in your local joern repository, run `compile` and keep it open - this will allow us to use the BSP build in the next step\n* Back to Intellij: open project: select your local joern clone: select to open as `BSP project` (i.e. _not_ `sbt project`!)\n* Await the import and indexing to complete, then you can start, e.g. `Build -\u003e build project` or run a test\n\n#### VSCode\n- Install VSCode and Docker\n- Install the plugin `ms-vscode-remote.remote-containers`\n- Open Joern project folder in VSCode\n  - [Option 1](https://docs.microsoft.com/en-us/azure-sphere/app-development/container-build-vscode#build-and-debug-the-project): Visual Studio Code detects the new files and opens a message box saying: `Folder contains a Dev Container configuration file. Reopen to folder to develop in a container.`. Select the `Reopen in Container` button to reopen the folder in the container created by the `.devcontainer/Dockerfile` file.\n  - Option 2: press `Ctrl + Shift + P` then select `Dev Containers: Reopen in Container`\n- Press `Ctrl + Shift + P` then select `Metals: Import build`\n- After `Metals: Import build` succeeds, you are ready to start writing code for Joern\n\n## QueryDB (queries plugin)\nQuick way to develop and test QueryDB:\n```\nsbt stage\n./querydb-install.sh\n./joern-scan --list-query-names\n```\nThe last command prints all available queries - add your own in querydb, run the above commands again to see that your query got deployed.\nMore details in the [separate querydb readme](querydb/README.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoernio%2Fjoern","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoernio%2Fjoern","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoernio%2Fjoern/lists"}