From the webpage:

Source code analysis is full of graphs: abstract syntax trees, control flow graphs, call graphs, program dependency graphs and directory structures, to name a few. Joern analyzes a code base using a robust parser for C/C++ and represents the entire code base by one large property graph stored in a Neo4J graph database. This allows code to be mined using complex queries formulated in the graph traversal languages Gremlin and Cypher.

The documentation can be found here

This looks quite useful.

Makes me curious about mapping graphs of different codebases but shared libraries together.

I found this following a tweet by Nicolas Karassas which pointed to: Hunting Vulnerabilities with Graph Databases by Fabian Yamaguchi.

One Response to “joern”

  1. […] you are interested in experimenting with joern to find bugs in source code, checking unpatched source code of OpenSSL should be good […]