codebadger

Name: codebadger
Rating: 2.4 (102 reviews)
Author: Lekssays

by Lekssays·★ 102·Score 47

Containerized MCP server for static code analysis using Joern's CPG with multi-language support.

developer-toolssecurityknowledge-graph

Forks

Open issues

1 mo ago

Last commit

2d ago

Indexed

Overview

CodeBadger is a professional-grade MCP server that implements static code analysis using Joern's Code Property Graph technology. It supports analysis across 12+ programming languages including Java, C/C++, JavaScript, Python, Go, and others. The server provides both core CPG operations and specialized vulnerability detection tools, making it valuable for security researchers and developers. Its containerized architecture ensures consistent deployment across environments.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Security vulnerability detection in codebases

you:Code analysis and understanding of large projects

you:Integration with LLM assistants for program analysis

you:What languages are supported by CodeBadger?

you:How do I customize vulnerability detection?

When to choose this

Choose CodeBadger when you need deep program analysis capabilities for security auditing, vulnerability hunting, or understanding complex codebases across multiple programming languages.

When NOT to choose this

Avoid CodeBadger if you need real-time analysis, don't want to manage Docker containers, or require support for languages not in its 12-language list.

Tools this server exposes

12 tools extracted from the README

generate_cpg
Generate a Code Property Graph (CPG) for a codebase.
get_cpg_status
Check whether a CPG exists and retrieve status metadata.
run_cpgql_query
Execute a raw CPGQL query against a CPG and return structured results.
list_methods
List methods/functions with optional regex/file filters.
get_method_source
Retrieve the source code for a named method.
find_taint_sources
Find likely external input points (taint sources).
find_taint_sinks
Locate dangerous sinks where tainted data can flow.
find_taint_flows
Detect dataflows from sources to sinks (taint analysis).
find_null_pointer_deref
Find likely null pointer dereferences.
find_integer_overflow
Detect integer overflow patterns.
find_format_string_vulns
Detect format string vulnerabilities.
get_codebase_summary
Get high-level metrics about the codebase (files, methods, calls, language).

Comparable tools

semgrep-mcpbandit-mcpveracode-mcpcodeql-mcp

Installation

Install prerequisites:

```bash # Docker and Docker Compose docker --version docker-compose --version

# Python 3.10+ python --version ```

Install Python dependencies:

``bash python -m venv venv pip install -r requirements.txt ``

Start Joern Docker services:

``bash docker compose up -d ``

Start the MCP server:

``bash python main.py ``

Claude Desktop Integration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "codebadger": {
      "url": "http://localhost:4242/mcp",
      "type": "http"
    }
  }
}

FAQ

What languages are supported by CodeBadger?: CodeBadger supports Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.
How do I customize vulnerability detection?: You can add custom detectors by creating Scala query templates in `src/tools/queries/your_query.scala` and registering Python tool functions in `src/tools/custom_tools.py`.

On Hacker News

Recent discussion from the developer community.

Codebadger – MCP server for static code analysis with Joern▲ 1
Story by codebadger · 2026-05-10

Compare codebadger with

codebadger vs mcp-server-chart codebadger vs everything codebadger vs filesystem codebadger vs time codebadger vs memory

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.