# Install joern with Homebrew

Open-source code analysis platform based on code property graphs. Version 4.0.570 via Homebrew; verified 2026-07-03.

## Install

```sh
sudo av install brew:joern
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install joern
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:joern
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/joern>
- **Version:** 4.0.570
- **Source summary:** Open-source code analysis platform based on code property graphs
- **Homepage:** <https://joern.io/>
- **Repository:** <https://github.com/joernio/joern>
- **Upstream docs:** <https://docs.joern.io/>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/joernio/joern/archive/refs/tags/v4.0.570.tar.gz>
- **Last updated:** 2026-07-03T07:31:21Z
- **Generated:** 2026-07-09T07:20:21+00:00

## Executables

- abap2cpg (cli)
- c2cpg.sh (cli)
- csharpsrc2cpg (cli)
- ghidra2cpg (cli)
- gosrc2cpg (cli)
- javasrc2cpg (cli)
- jimple2cpg (cli)
- joern (cli)
- joern-cpg2scpg (cli)
- joern-export (cli)
- joern-flow (cli)
- joern-parse (cli)
- joern-scan (cli)
- joern-slice (cli)
- joern-vectors (cli)
- jssrc2cpg.sh (cli)
- kotlin2cpg (cli)
- php2cpg (cli)
- pysrc2cpg (cli)
- rubysrc2cpg (cli)
- rust2cpg (cli)
- schema-extender.sh (cli)
- swiftsrc2cpg.sh (cli)
- abap2cpg (alias)
- c2cpg.sh (alias)
- csharpsrc2cpg (alias)
- ghidra2cpg (alias)
- gosrc2cpg (alias)
- javasrc2cpg (alias)
- jimple2cpg (alias)
- joern (alias)
- joern-cpg2scpg (alias)
- joern-export (alias)
- joern-flow (alias)
- joern-parse (alias)
- joern-scan (alias)
- joern-slice (alias)
- joern-vectors (alias)
- jssrc2cpg.sh (alias)
- kotlin2cpg (alias)
- php2cpg (alias)
- pysrc2cpg (alias)
- rubysrc2cpg (alias)
- rust2cpg (alias)
- schema-extender.sh (alias)
- swiftsrc2cpg.sh (alias)

## Dependencies

- astgen
- coreutils
- openjdk@25
- php

## Build dependencies

- sbt

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-09
- Package-manager version: 4.0.570
- Package-manager updated: 2026-07-03
- Local data: ok
- Upstream repository: https://github.com/joernio/joern
- Upstream latest detected: v4.0.570 (current)
## Project history and usage

Joern is an open-source code analysis platform built around code property graphs, a graph representation that lets security researchers query syntax, control flow, and data flow through a Scala-based domain-specific language. Its Homebrew formula packages a large CLI surface, including language frontends and helper commands for parsing, scanning, slicing, exporting, and vectorizing code.

### Project history

The code property graph idea was introduced in vulnerability-research work on C system code and the Linux kernel. Joern grew from that research lineage into a practical tool for creating and querying CPGs, with later research from 2014 to 2016 extending the representation and 2017 onward work at ShiftLeft turning the format into a broader static-analysis foundation.

The public joernio/joern repository was created in 2019 and the project documentation records several architectural shifts: older Joern versions used general-purpose graph databases and Gremlin, later versions moved to OverflowDB, Joern v2 changed the implementation line from Scala 2 to Scala 3, and Joern v4 moved from OverflowDB to flatgraph.

### Adoption history

Joern's adoption is strongest in security research and static-analysis workflows where importing incomplete or build-hostile code is valuable. The documentation lists mature or partially mature frontends for C/C++, Java, JavaScript, Python, binary analysis through Ghidra, JVM bytecode, Kotlin, PHP, Go, Ruby, Swift, and C#.

Homebrew distribution makes Joern convenient on macOS and Linux while preserving its JVM/Scala toolchain shape through OpenJDK and sbt-related packaging.

### How it is used

A typical Joern workflow parses source, bytecode, or binaries into a CPG, stores the graph in Joern's graph database, and then uses CPGQL or bundled commands such as joern-scan, joern-slice, and joern-export to inspect code patterns and vulnerability-relevant flows.

### Why package nerds care

Joern matters to package nerds because it turns a research-heavy static-analysis stack into a single installable CLI formula with many frontends. It also shows the unusual packaging profile of modern security tooling: JVM runtime, Scala build tooling, external parsers, and a fast-moving release stream tied to graph storage changes.

### Timeline

- 2014: Code property graphs were introduced for vulnerability discovery in C system code.
- 2014-2016: Research extended the CPG concept for interprocedural analysis, data-flow learning, dominator-tree integration, and dynamic-language analysis.
- 2017: The CPG became a foundation for static-analysis products at ShiftLeft.
- 2019: The joernio/joern GitHub repository was created.
- 2023: Joern v2 marked the Scala 2 to Scala 3 transition.
- 2026: Joern v4 documented the move from OverflowDB to flatgraph.

### Related projects

- Related projects and concepts include the Code Property Graph specification, Ocular and Qwiet AI, OverflowDB, flatgraph, Ghidra frontends, and the older Gremlin/property-graph ecosystem that influenced early Joern storage and querying.

### Sources

- <https://api.github.com/repos/joernio/joern>
- <https://cpg.joern.io/>
- <https://docs.joern.io/>
- <https://docs.joern.io/code-property-graph/>
- <https://formulae.brew.sh/formula/joern>
- <https://github.com/joernio/joern>


## Security Notes

No matching local secret-handling manifest was found for joern. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** joern
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Developer build packages](https://www.automicvault.com/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [astgen](https://www.automicvault.com/pkg/brew/astgen/) - Runtime dependency declared by Homebrew.
- [coreutils](https://www.automicvault.com/pkg/brew/coreutils/) - Runtime dependency declared by Homebrew.
- [openjdk@25](https://www.automicvault.com/pkg/brew/openjdk-25/) - Runtime dependency declared by Homebrew.
- [php](https://www.automicvault.com/pkg/brew/php/) - Runtime dependency declared by Homebrew.
- [sbt](https://www.automicvault.com/pkg/brew/sbt/) - Build dependency declared by Homebrew.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [caracal](https://www.automicvault.com/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [cargo-geiger](https://www.automicvault.com/pkg/brew/cargo-geiger/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [flawfinder](https://www.automicvault.com/pkg/brew/flawfinder/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [gosec](https://www.automicvault.com/pkg/brew/gosec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [tfsec](https://www.automicvault.com/pkg/brew/tfsec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [ghalint](https://www.automicvault.com/pkg/brew/ghalint/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [noir](https://www.automicvault.com/pkg/brew/noir/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [snyk-delta](https://www.automicvault.com/pkg/npm/snyk-delta/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, graph, security, source.
- [snyk-nodejs-lockfile-parser](https://www.automicvault.com/pkg/npm/snyk-nodejs-lockfile-parser/) - Security-sensitive metadata or terminology overlaps. Shared terms: analysis, cli, graph, parse, security.

## Combined YAML source

View the package source record on GitHub. [combined/joern.yml](https://github.com/automic-vault/db/blob/main/combined/joern.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
