CodeBadger

v1.0.0Securitystable

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support for Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.

joernmcp-serverprogram-analysisstatic-analysistaint-analysis
Share:
104
Stars
0
Downloads
0
Weekly
0/5

What is CodeBadger?

CodeBadger is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to containerized model context protocol (mcp) server providing static code analysis using joern's code property graph (cpg) with support for java, c/c++, javascript, python, go, kotlin, c#, ghidra, jimpl...

A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support for Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A containerized Model Context Protocol (MCP) server providin

Use Cases

Perform containerized static code analysis using Joern's Code Property Graph. Analyze Java, C/C++, Python, JavaScript, Go, and other languages for vulnerabilities.
Lekssays

Maintainer

LicenseGPL-3.0
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx codebadger

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use CodeBadger

CodeBadger is a containerized MCP server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow using Joern Code Property Graphs (CPGs). It supports static analysis across twelve languages — Java, C/C++, JavaScript, Python, Go, Kotlin, C#, PHP, Ruby, Swift, Ghidra, and Jimple — and exposes capabilities such as CPGQL query execution, taint tracking, vulnerability detection, and call graph analysis. Developers use it to let AI assistants reason about large codebases, trace data flows, and surface security vulnerabilities without manually writing analysis scripts.

Prerequisites

  • Docker Engine and Docker Compose v2 installed
  • Python 3.10 or later (for local development mode)
  • At least 8 GB RAM recommended (Joern is memory-intensive)
  • Git, for cloning the repository
  • An MCP-compatible client such as Claude Desktop or Claude Code
1

Clone the repository and copy the environment template

Start by cloning the codebadger repository and creating your local environment configuration from the provided example file.

git clone https://github.com/Lekssays/codebadger && cd codebadger
cp .env.example .env
2

Configure environment variables

Edit .env to set at minimum PLAYGROUND_HOST_PATH (absolute path to the ./playground directory) and MCP_HOST. Run the memory recommendation script to determine appropriate Joern memory settings for your machine.

python scripts/recommend_config.py
3

Deploy the full stack with Docker

Run the deploy script to start all containers including the MCP server, Joern workers, Postgres, and Redis. Check status to confirm all services are healthy.

./scripts/deploy.sh
./scripts/deploy.sh status
curl -s http://localhost:4242/health | python3 -m json.tool
4

Configure your MCP client

Point your MCP client at the running CodeBadger server. The server listens on http://localhost:4242/mcp by default using HTTP transport.

5

Analyze a repository or code snippet

Provide a Git repository URL, local path, or code snippet to CodeBadger through your AI client. The server builds a Code Property Graph and makes it queryable via the exposed MCP tools.

CodeBadger Examples

Client configuration

CodeBadger runs as an HTTP MCP server. Add it to Claude Desktop using the HTTP transport type pointing at the local server.

{
  "mcpServers": {
    "codebadger": {
      "type": "http",
      "url": "http://localhost:4242/mcp"
    }
  }
}

Prompts to try

After pointing CodeBadger at a codebase, ask your AI assistant to analyze it using the exposed tools.

- "Analyze the repository at https://github.com/example/myapp and list all potential SQL injection vulnerabilities"
- "Trace the data flow from the HTTP request handler to the database layer in this Java project"
- "Show me the call graph for the authentication module"
- "Find all functions that handle user input without sanitization in this Python codebase"
- "Run a taint analysis to find paths from user-controlled data to file system operations"

Troubleshooting CodeBadger

Joern runs out of memory during CPG construction

Increase JOERN_MEM_LIMIT and JOERN_MEMORY_BUDGET_MB in your .env file. Run 'python scripts/recommend_config.py' to get values tuned for your host's RAM.

Health endpoint returns unhealthy for Postgres or Redis

Check that the backing services are running with './scripts/deploy.sh status'. If they failed to start, check Docker logs with 'docker compose logs postgres' or 'docker compose logs redis'.

Private GitHub repository fails to clone

Set the GITHUB_TOKEN environment variable in your .env file with a personal access token that has repo read permissions.

Frequently Asked Questions about CodeBadger

What is CodeBadger?

CodeBadger is a Model Context Protocol (MCP) server that containerized model context protocol (mcp) server providing static code analysis using joern's code property graph (cpg) with support for java, c/c++, javascript, python, go, kotlin, c#, ghidra, jimple, php, ruby, and swift. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install CodeBadger?

Follow the installation instructions on the CodeBadger GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with CodeBadger?

CodeBadger works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is CodeBadger free to use?

Yes, CodeBadger is open source and available under the GPL-3.0 license. You can use it freely in both personal and commercial projects.

CodeBadger Alternatives — Similar Security Servers

Looking for alternatives to CodeBadger? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "codebadger": { "command": "npx", "args": ["-y", "codebadger"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use CodeBadger?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides