Codebadger

You can run a containerized MCP server that analyzes code across multiple languages using Joern’s Code Property Graph technology. This server exposes an API you can query from an MCP client to generate code property graphs, run analyses, and retrieve findings, all while leveraging a scalable containerized setup and a Python-based runtime.

How to use

You will run the MCP server in your environment and connect to it with an MCP client or editor integration. Start the Joern analysis engine, then launch the MCP server in the background. Point your client at the MCP endpoint to generate code graphs, run queries, and fetch findings. The server serves on a local URL and exposes endpoints for CPG generation, query execution, and result export.

How to install

# Prerequisites
# 1) Install Docker and Docker Compose
# 2) Install Python 3.10+ (Python 3.13 recommended)
# 3) Ensure pip is available

# Verify installations
docker --version
docker-compose --version
python --version

Follow these steps to set up and run the MCP server locally.

# 1. Install Python dependencies (optional in a virtual environment)
python -m venv venv
source venv/bin/activate  # On Windows use venv\Scripts\activate
pip install -r requirements.txt

# 2. Start Joern server in the background (Docker is assumed to be running via docker-compose)
docker compose up -d

# 3. Start the MCP server in the background
python main.py &

# MCP server will be available at http://localhost:4242/mcp

# 4. Stop all services when done
# Stop MCP server (Ctrl+C in the terminal where it runs)
docker-compose down
# Optional: Clean up everything
bash cleanup.sh

Additional sections

Configuration, security considerations, and troubleshooting are included below to help you tailor the MCP server to your environment and address common issues.

Configuration

Environment variables and settings control how the MCP server runs, connects to Joern, and performs analysis. The following environment variables are shown as recommended defaults and can be customized to fit your setup.

Security and best practices

• Run the MCP server behind a trusted network boundary or with proper authentication if exposing it externally. - Keep Joern and the underlying dependencies up to date. - Monitor resource usage for memory and CPU, especially when generating large Code Property Graphs.

Troubleshooting

If the server does not respond at http://localhost:4242/mcp, verify Docker is running, ensure the MCP server process is alive, and check logs for errors related to Joern, CPG generation, or Python runtime. If CPG generation stalls, increase the CPG generation timeout and ensure sufficient memory is allocated to the Joern container.

Notes

This MCP server relies on a containerized Joern instance for Code Property Graph generation and uses a Python runtime to host the MCP server logic. Ensure you have the required versions of Python, Docker, and Docker Compose installed before starting.

Complete examples and common workflows

Typical workflow: start Joern, launch the MCP server, then connect a client to http://localhost:4242/mcp. From the client, request a CPG for a codebase, run CPGQL queries, and retrieve findings or export SARIF reports as needed.

Available tools

generate_cpg

Generates a Code Property Graph for a codebase from a local path or a GitHub URL.

get_cpg_status

Checks if a CPG exists and retrieves its status metadata.

run_cpgql_query

Executes a raw CPGQL query against a CPG and returns structured results.

get_cpgql_syntax_help

Provides CPGQL syntax helpers, tips, and common error fixes.

list_methods

Lists methods/functions with optional filters such as regex or file path.

list_files

Displays source files as a paginated tree view.

get_method_source

Retrieves the source code for a named method.

list_calls

Lists call sites between functions, showing caller to callee relationships.

get_call_graph

Builds a human-readable call graph for a given direction (incoming or outgoing).

list_parameters

Gets parameter names, types, and order for a method.

get_codebase_summary

Provides high-level metrics about files, methods, calls, and language.

get_code_snippet

Returns a code snippet by specifying start and end line numbers.

get_cfg

Produces a control-flow graph for a specific method.

get_type_definition

Inspects type definitions like structs/classes and their members.

get_macro_expansion

Heuristically detects macro-expanded calls.

find_taint_sources

Identifies likely external input points in the code (sources).

find_taint_sinks

Locates dangerous sinks where tainted data can flow.

find_taint_flows

Detects dataflows from sources to sinks (taint analysis).

get_program_slice

Builds backward/forward program slices for a call.

get_variable_flow

Traces data dependencies for a variable at a location.

find_bounds_checks

Searches for bounds-checks near a buffer access.

find_use_after_free

Heuristic detection of use-after-free patterns.

find_double_free

Detects potential double-free issues.

find_null_pointer_deref

Finds likely null pointer dereferences.

find_integer_overflow

Detects integer overflow patterns.

store_findings

Parses and stores analysis findings into the database.

export_sarif

Exports high-confidence findings in SARIF format.