Installation
Prerequisites#
- JDK 11 (get here for example: https://openjdk.java.net/install/); newer JDK versions might work, but have not been properly tested
Installing Pre-Built Binaries#
Pre-built binaries of the joern-cli are available at:
https://github.com/ShiftLeftSecurity/joern/releases/
To install the latest release, simply execute the following
and follow the installer instructions.
By default, joern will be installed at ~/bin/joern.
You can test your installation as follows:
Building from Source Code#
To build joern-cli from source code, you need to install the Scala build tool (sbt), which you can install by following the instructions at https://www.scala-sbt.org/download.html. Any 1.x version of sbt works as sbt downloads the correct version for building joern as part of the build process.
If you are building Joern using macOS you will need to install the greadlink package:
Once the dependencies are installed, run
This builds joern-cli in the current directory. To
build the distribution zip file (joern-cli.zip), run sbt createDistribution.
Configuring the JVM for Optimal Performance#
Code analysis can require lots of memory, and unfortunately, the JVM does not pick up the available amount of memory by itself. While tuning Java memory usage is a discipline in its own right, it is usually sufficient to specify the maximum available amount of heap memory using the JVM's -Xmx flag. The easiest way to achieve this globally is by setting the environment variable _JAVA_OPTS as follows:
where $N is the amount of memory in gigabytes. For example, to allow the JVM to use 20 gigabytes of RAM, you would issue the following:
You can add this line to your shell startup script, e.g., ~/.bashrc or ~/.zshrc.