CodeBadger
A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support for Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.
What is CodeBadger?
CodeBadger is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to containerized model context protocol (mcp) server providing static code analysis using joern's code property graph (cpg) with support for java, c/c++, javascript, python, go, kotlin, c#, ghidra, jimpl...
A containerized Model Context Protocol (MCP) server providing static code analysis using Joern's Code Property Graph (CPG) with support for Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A containerized Model Context Protocol (MCP) server providin
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx codebadgerConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use CodeBadger
CodeBadger is a containerized MCP server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow using Joern Code Property Graphs (CPGs). It supports static analysis across twelve languages — Java, C/C++, JavaScript, Python, Go, Kotlin, C#, PHP, Ruby, Swift, Ghidra, and Jimple — and exposes capabilities such as CPGQL query execution, taint tracking, vulnerability detection, and call graph analysis. Developers use it to let AI assistants reason about large codebases, trace data flows, and surface security vulnerabilities without manually writing analysis scripts.
Prerequisites
- Docker Engine and Docker Compose v2 installed
- Python 3.10 or later (for local development mode)
- At least 8 GB RAM recommended (Joern is memory-intensive)
- Git, for cloning the repository
- An MCP-compatible client such as Claude Desktop or Claude Code
Clone the repository and copy the environment template
Start by cloning the codebadger repository and creating your local environment configuration from the provided example file.
git clone https://github.com/Lekssays/codebadger && cd codebadger
cp .env.example .envConfigure environment variables
Edit .env to set at minimum PLAYGROUND_HOST_PATH (absolute path to the ./playground directory) and MCP_HOST. Run the memory recommendation script to determine appropriate Joern memory settings for your machine.
python scripts/recommend_config.pyDeploy the full stack with Docker
Run the deploy script to start all containers including the MCP server, Joern workers, Postgres, and Redis. Check status to confirm all services are healthy.
./scripts/deploy.sh
./scripts/deploy.sh status
curl -s http://localhost:4242/health | python3 -m json.toolConfigure your MCP client
Point your MCP client at the running CodeBadger server. The server listens on http://localhost:4242/mcp by default using HTTP transport.
Analyze a repository or code snippet
Provide a Git repository URL, local path, or code snippet to CodeBadger through your AI client. The server builds a Code Property Graph and makes it queryable via the exposed MCP tools.
CodeBadger Examples
Client configuration
CodeBadger runs as an HTTP MCP server. Add it to Claude Desktop using the HTTP transport type pointing at the local server.
{
"mcpServers": {
"codebadger": {
"type": "http",
"url": "http://localhost:4242/mcp"
}
}
}Prompts to try
After pointing CodeBadger at a codebase, ask your AI assistant to analyze it using the exposed tools.
- "Analyze the repository at https://github.com/example/myapp and list all potential SQL injection vulnerabilities"
- "Trace the data flow from the HTTP request handler to the database layer in this Java project"
- "Show me the call graph for the authentication module"
- "Find all functions that handle user input without sanitization in this Python codebase"
- "Run a taint analysis to find paths from user-controlled data to file system operations"Troubleshooting CodeBadger
Joern runs out of memory during CPG construction
Increase JOERN_MEM_LIMIT and JOERN_MEMORY_BUDGET_MB in your .env file. Run 'python scripts/recommend_config.py' to get values tuned for your host's RAM.
Health endpoint returns unhealthy for Postgres or Redis
Check that the backing services are running with './scripts/deploy.sh status'. If they failed to start, check Docker logs with 'docker compose logs postgres' or 'docker compose logs redis'.
Private GitHub repository fails to clone
Set the GITHUB_TOKEN environment variable in your .env file with a personal access token that has repo read permissions.
Frequently Asked Questions about CodeBadger
What is CodeBadger?
CodeBadger is a Model Context Protocol (MCP) server that containerized model context protocol (mcp) server providing static code analysis using joern's code property graph (cpg) with support for java, c/c++, javascript, python, go, kotlin, c#, ghidra, jimple, php, ruby, and swift. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install CodeBadger?
Follow the installation instructions on the CodeBadger GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with CodeBadger?
CodeBadger works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is CodeBadger free to use?
Yes, CodeBadger is open source and available under the GPL-3.0 license. You can use it freely in both personal and commercial projects.
CodeBadger Alternatives — Similar Security Servers
Looking for alternatives to CodeBadger? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up CodeBadger in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use CodeBadger?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.