Joern
Enables AI assistants to perform sophisticated static code analysis using Joern's Code Property Graph technology. Supports multi-language analysis, security vulnerability detection, and code quality assessment through isolated Docker environments.
What is Joern?
Joern is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to enables ai assistants to perform sophisticated static code analysis using joern's code property graph technology. supports multi-language analysis, security vulnerability detection, and code quality a...
Enables AI assistants to perform sophisticated static code analysis using Joern's Code Property Graph technology. Supports multi-language analysis, security vulnerability detection, and code quality assessment through isolated Docker environments.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Enables AI assistants to perform sophisticated static code a
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx joern-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Joern
The Joern MCP server (codebadger) integrates the Joern static analysis engine into AI assistant workflows via the Model Context Protocol, enabling Claude and other agents to run Code Property Graph (CPG) queries, trace data flow and taint paths, perform program slicing, and hunt for security vulnerabilities across source code in 12+ languages. The server runs in Docker-isolated environments to safely analyse untrusted code, and exposes MCP tools for CPGQL query execution, call graph generation, and code structure analysis. Security researchers, AppSec teams, and developers use it to automate vulnerability detection and code quality assessment without manually operating Joern.
Prerequisites
- Docker Engine and Docker Compose v2 installed
- Python 3.10 or later (3.13 recommended) for local development mode
- At least 8 GB RAM recommended (Joern is memory-intensive; run python scripts/recommend_config.py for sizing guidance)
- An MCP-compatible client such as Claude Desktop or Claude Code
- Access to the source code repository or directory you want to analyse
Clone the codebadger repository
The server is not available as a single npm package; you must clone the repository and use the provided Docker Compose setup.
git clone https://github.com/Lekssays/codebadger
cd codebadgerConfigure environment variables
Copy the example env file and edit it. Key variables include PLAYGROUND_HOST_PATH (absolute path to the playground directory), MCP_HOST, and Joern memory settings.
cp .env.example .env
# Edit .env with your configuration
python scripts/recommend_config.py # Get memory sizing recommendationsDeploy the full stack with Docker Compose
Run the deploy script to start Joern, Postgres, Redis, and the MCP server. The server will be available at http://localhost:4242/mcp after startup.
cp config.example.yaml config.yaml
./scripts/deploy.shVerify the server is running
Check the health endpoint to confirm all backend services (Joern, Postgres, Redis) are up and ready.
curl -s http://localhost:4242/health | python3 -m json.toolConfigure your MCP client to connect to the server
Point your MCP client at the running server's HTTP endpoint. The server uses HTTP transport on port 4242.
{
"mcpServers": {
"codebadger": {
"url": "http://localhost:4242/mcp",
"type": "http"
}
}
}Joern Examples
Client configuration
MCP client configuration pointing to a locally running codebadger server.
{
"mcpServers": {
"codebadger": {
"url": "http://localhost:4242/mcp",
"type": "http"
}
}
}Prompts to try
These prompts work after the server is running and you have pointed it at a codebase.
- "Analyse this Java project for SQL injection vulnerabilities using taint analysis"
- "Generate the call graph for the authenticate() function and show all callers"
- "Find all data flows from user input to database write operations in this Python codebase"
- "Slice the program around the login() function and identify any missing input validation"
- "Run a CPGQL query to find all methods that call System.exec in this Java project"Troubleshooting Joern
Joern container runs out of memory and crashes
Run python scripts/recommend_config.py to get memory recommendations based on your codebase size. Increase JOERN_MEM_LIMIT and JOERN_MEMORY_BUDGET_MB in your .env file, and ensure your Docker host has sufficient RAM allocated.
Health check shows Joern as unhealthy
Joern can take several minutes to start on large codebases. Wait for the container logs to show 'Joern ready' before sending analysis requests. Run docker compose logs codebadger-joern to monitor startup progress.
MCP client cannot connect to http://localhost:4242/mcp
Verify the deploy script completed successfully with docker compose ps. If MCP_HOST is set to 127.0.0.1, the endpoint is only reachable from localhost. Set MCP_HOST=0.0.0.0 in .env if you need remote access.
Frequently Asked Questions about Joern
What is Joern?
Joern is a Model Context Protocol (MCP) server that enables ai assistants to perform sophisticated static code analysis using joern's code property graph technology. supports multi-language analysis, security vulnerability detection, and code quality assessment through isolated docker environments. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Joern?
Follow the installation instructions on the Joern GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Joern?
Joern works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Joern free to use?
Yes, Joern is open source and available under the GPL 3.0 license. You can use it freely in both personal and commercial projects.
Joern Alternatives — Similar Security Servers
Looking for alternatives to Joern? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Joern in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Joern?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.