The Joern MCP Server acts as a bridge to Joern for comprehensive code review and security analysis through Code Property Graphs (CPGs).
Core Capabilities:
- Server Management: Start, manage, and configure the Joern server with customizable settings, check connection status and version information
- CPG Operations: Load CPG files from specified paths for detailed code analysis
- Method Analysis: Retrieve method details by ID or name, including source code, parameters, and relationships; identify callers and callees; analyze calls within methods
- Class Analysis: Get class information by ID or name, list class methods, explore parent and derived class hierarchies
- Call Graph Analysis: Navigate method call relationships and retrieve associated source code for comprehensive flow analysis
- LLM Integration: Leverage large language models to analyze and query codebases intelligently
- Utility Functions: Test server connections, ping status, and access help documentation
Used for environment variable management, storing configuration information for connecting to the Joern server
Supports version control integration, used for cloning source code repositories for analysis
Provides the runtime environment for the MCP server, with utility functions and tools for code analysis
Supports implementation of complex server utility functions through Scala scripts that interact with Joern's core capabilities
Joern MCP Server
A simple MCP Server for Joern.
Project Introduction
This project is an MCP Server based on Joern, providing a series of features to help developers with code review and security analysis.
Environment Requirements
- Python >= 3.10 (default 3.12) & uv
- Joern
Installation Steps
- Clone the project locally:
- Install Python dependencies:
Project Structure
Usage
- Start the Joern server:If you are using it under Windows, you may need to set the JVM system variables through the command line or in the system environment variables.
- Copy env_example.txt to .env Modify the configuration information to match the joern server startup configuration
- Run the test connection:
Modify the information in
test_mcp_client.py
to confirm the joern server is working properly - Configure MCP server
Configure the mcp server in cline, refer to
sample_cline_mcp_settings.json
. - Use MCP server
Ask questions to the large language model, refer to
prompts_en.md
Development Notes
.env
file is used to store environment variables.gitignore
file defines files to be ignored by Git version controlpyproject.toml
defines the Python configuration for the project- MCP tool development
- Implement in
server_tools.sc
, add definitions inserver_tools.py
, and add tests intest_mcp_client.py
- Implement in
Contribution Guidelines
Welcome to submit Issues and Pull Requests to help improve the project.
Welcome to add more tools.
References
local-only server
The server can only run on the client's local machine because it depends on local resources.
Tools
A simple MCP (Multimodal Conversational Plugin) server based on Joern that provides code review and security analysis capabilities through natural language interfaces.
Related MCP Servers
- AsecurityFlicenseAqualityAn MCP server that supercharges AI assistants with powerful tools for software development, enabling research, planning, code generation, and project scaffolding through natural language interaction.Last updated -1150268TypeScript
- -securityFlicense-qualityAn MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.Last updated -4Python
- -securityFlicense-qualityAn MCP server that provides user dialogue capabilities for AI code editors, allowing AI to interact with users through dialog boxes when needing input during the coding process.Last updated -Python
- -securityFlicense-qualityAn AI-powered MCP server that provides development tools for code analysis, documentation, and project management including code pattern extraction, humorous code reviews, TODO scanning, and PRD generation.Last updated -2JavaScript