Joern Reborn

Fabian Yamaguchi
Oct 17, 2019 · 2 min read

In a blog post back in May 2018, we outlined our plans for saving the open-source C/C++ code analyzer “Joern”. Today, we are happy to announce that with the generous support and help of Hans Loehr, Rakshith Amarnath, Christopher Huth, and Simon Greiner of Robert Bosch GmbH (Corporate Sector Research), Joern has come back to life at joern.io! Moreover, as the community edition of the code analysis platform Ocular, Joern is now maintained by a professional development team at @ShiftLeftInc!

The open source code analyzer Joern was maintained at the University of Goettingen, and later TU Braunschweig until late 2016, primarily by myself. Development then abruptly ended as I joined ShiftLeft in late 2016. At ShiftLeft, we developed Ocular, Joern’s commercial brother, along with a formal specification for the code property graph — the primary data structure used by Joern. We finally open-sourced this specification in the summer of 2018. Unfortunately, the old Joern was incompatible with this Spec, and therefore, Joern remained dead.

Today, we are proud to announce that, with the help of Robert Bosch GmbH (Corporate Sector Research), Joern is back! Here are some of the key features for you to enjoy:

  • Dramatically improved fuzzy parser for C/C++. In particular, a preprocessor has finally been added, as requested by many users.
  • Interactive shell and scripts. Joern now features the same interactive code analysis shell as ShiftLeft’s commercial offering Ocular. It offers completion, pipe operators and search. Queries that have been crafted in interactive sessions can be run as non-interactive scripts as well.
  • Scala-based query language. The query language is now designed on top of Scala. You can therefore conveniently create complete programs on top of Joern using IDEs such as IntelliJ.
  • Extendability via CPG passes and language extensions. On top of the base code property graph layer, you can create new layers via so called CPG passes, e.g., to introduce high level, domain-specific program abstractions. The query language can even be extended accordingly, via query language extensions.
  • REST server. Joern offers a REST server. This makes it possible to run Joern headless on many nodes in parallel, allowing you to turn a cloud instance into a Joern code analysis node.

Have fun with this release, join our gitter, and stay tuned! More features, scripts, and tutorials are coming your way.

Fabian

Chief Scientist and a founding team member at ShiftLeft — https://fabs.codeminers.org

Write the first response

Discover Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Make Medium yours

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Become a member

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade
AboutHelpLegal