Testability Pattern Catalogs for SAST

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

Java source code frontend

Code Property Graph (CPG) frontend for binary applications and libraries.

Default query sets for Joern

Examples of how to use Plume

Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various graph databases.

MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.

A sample plugin

JS library for querying Joern CPGQL Server

Jess is short for Joern extended by Semantic Slicing. This tool allows you to import C code into a Code Property Graph, and then compute a Semantic Slice (a subset of your program implementing a se…

A sample of a standalone extension for Joern/Ocular

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No serv…

Explore LLVM Bitcode interactively using a graph database

ShiftLeft OverflowDB

Sbt plugin for fully automated releases, without SNAPSHOT and git sha's in the version. A remix of the best ideas from sbt-ci-release and sbt-release-early. For local CI and/or sonatype/maven centr…

A fuzzy parser for C/C++ that creates semantic code property graphs

Code Property Graph: specification, query language, and utilities

GitHub client for Android based on the abandoned official app

Joern program analysis library

Generic server for collaborative code analysis

Scripting Assembly Language

Binary analysis platform based on Octopus and Radare2