🦡 codebadger is a containerized Model Context Protocol (MCP) server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow through Joern Code Property Graphs (CPGs).

Python library for code analysis with CPG and Joern

AI-powered whitebox penetration testing plugin for Claude Code. 9 languages, 22 skills, 7 autonomous agents. STRIDE threat modeling, OWASP 2025 coverage, polyglot monorepo support.

Example queries for joern

Generate CPG for multiple languages for code and threat analysis

Stackoverflow code extraction and analyze using Joern

Export ShiftLeft Code Property Graph (cpg) from OverflowDB to json and csv

AI-powered multi-language security scanner: 154 Semgrep rules, 13 Joern CPG scripts, AI code detection, and attack-chain correlation

Variant analysis, open-sourced. Feed a CVE patch, find every structural twin across your codebase. 6-stage pipeline: patch ingestion, LLM signature extraction, embedding search, Joern CPG slicing, LLM feasibility reasoning, SARIF reporting.

VISION is a framework for robust and interpretable code vulnerability detection using counterfactual data augmentation. It leverages GNNs, LLM-generated counterfactuals, and graph-based explainability to mitigate spurious correlations and improve generalization on real-world vulnerabilities (CWE-20).

MCP server wrapping Joern for AI-driven code security analysis

Reimplement partial implementation of Devign, a graph neural network-based model for identifying vulnerabilities in C code. Includes tools for data preparation, Joern integration, and model training for vulnerability detection.

Master's Thesis - Evaluating Reliability of Static Analysis Results Using Machine Learning

Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.

Simple DSL for CPG analysis, wrapper around Joern

Rust-first Joern fork exploring faster code-property-graph frontends and security-analysis components.

Go client for Joern

Security review inside Claude Code that proves it or drops it: hunts source→sink bugs, proves them with a sandboxed PoC, validates the patch — and benchmarks its own recall so it can't cry wolf. Local-first, network-denied by default. AIxCC techniques: obligation discharge, sanitizer execution proof, scoped-CPG dataflow.