The Joern MCP Server acts as a bridge to Joern for comprehensive code review and security analysis through Code Property Graphs (CPGs).
Core Capabilities:
Server Management: Start, manage, and configure the Joern server with customizable settings, check connection status and version information
CPG Operations: Load CPG files from specified paths for detailed code analysis
Method Analysis: Retrieve method details by ID or name, including source code, parameters, and relationships; identify callers and callees; analyze calls within methods
Class Analysis: Get class information by ID or name, list class methods, explore parent and derived class hierarchies
Call Graph Analysis: Navigate method call relationships and retrieve associated source code for comprehensive flow analysis
LLM Integration: Leverage large language models to analyze and query codebases intelligently
Utility Functions: Test server connections, ping status, and access help documentation
Used for environment variable management, storing configuration information for connecting to the Joern server
Supports version control integration, used for cloning source code repositories for analysis
Provides the runtime environment for the MCP server, with utility functions and tools for code analysis
Supports implementation of complex server utility functions through Scala scripts that interact with Joern's core capabilities
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Joern MCP Serveranalyze this Python code for SQL injection vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Joern MCP Server
A simple MCP Server for Joern.
Project Introduction
This project is an MCP Server based on Joern, providing a series of features to help developers with code review and security analysis.
Related MCP server: Vibe Coder MCP
Environment Requirements
Python >= 3.10 (default 3.12) & uv
Joern
Installation Steps
Clone the project locally:
git clone https://github.com/sfncat/mcp-joern.git cd mcp-joernInstall Python dependencies:
uv venv .venv source .venv/bin/activate uv sync
Project Structure
├── server.py # MCP Server main program
├── test_mcp_client.py # Test program for joern server and mcp tool
├── test_sc_tools.py # Direct test program for sc tools
├── common_tools.py # Common utility functions
├── server_tools.py # Server utility functions
├── server_tools.sc # Scala implementation of server utility functions
├── server_tools_source.sc # Scala implementation of server utility functions,use sourceCode to get the source code of method
├── requirements.txt # Python dependency file
├── sample_cline_mcp_settings.json # Sample cline mcp configuration file
└── env_example.txt # Environment variables example fileUsage
Start the Joern server:
joern -J-Xmx40G --server --server-host 127.0.0.1 --server-port 16162 --server-auth-username user --server-auth-password password --import server_tools.sc Or joern -J-Xmx40G --server --server-host 127.0.0.1 --server-port 16162 --server-auth-username user --server-auth-password password --import server_tools_source.scIf you are using it under Windows, you may need to set the JVM system variables through the command line or in the system environment variables.
set _JAVA_OPTIONS=-Dfile.encoding=UTF-8set joern logging level to ERROR
set SL_LOGGING_LEVEL=ERROR //windows export SL_LOGGING_LEVEL=ERROR //linuxif you have the following warning
Unable to create a system terminal, creating a dumb terminal (enable debug logging for more information)you can disable it by setting the environment variable
set TERM=dumb export TERM=dumbto restore the default behavior
set TERM=xterm-256color export TERM=xterm-256colorCopy env_example.txt to .env Modify the configuration information to match the joern server startup configuration
Run the test connection: Modify the information in
test_mcp_client.pyto confirm the joern server is working properlyuv run test_mcp_client.py Starting MCP server test... ================================================== Testing server connection... [04/16/25 20:38:54] INFO Processing request of type CallToolRequest server.py:534 Connection test result: Successfully connected to Joern MCP, joern server version is XXXConfigure MCP server Configure the mcp server in cline, refer to
sample_cline_mcp_settings.json.Use MCP server Ask questions to the large language model, refer to
prompts_en.md
Development Notes
.envfile is used to store environment variables.gitignorefile defines files to be ignored by Git version controlpyproject.tomldefines the Python configuration for the projectMCP tool development
Implement in
server_tools.sc, add definitions inserver_tools.py, and add tests intest_mcp_client.py
Contribution Guidelines
Welcome to submit Issues and Pull Requests to help improve the project.
Welcome to add more tools.
References
https://github.com/flankerhqd/jebmcp
https://docs.joern.io/server/
https://docs.joern.io/interpreter/
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.