Code property graph: Difference between revisions

'''Joern CPG.''' The original code property graph was implemented for C/C++ in 2013 as part of the open-source code analysis tool Joern (http://www.mlsec.org/joern/index.shtml). This original version has been discontinued and superseded by the open-source Joern.io project (https://joern.io/), which provides a formal code property graph specification (http://cpg.joern.io/) applicable to multiple programming languages. The project provides code property graph generators for C/C++, Java, JVM Bytecode, Kotlin, Python, Javascript, Typescript, LLVM bitcode, and x86 binaries (via the Ghidra disassembler).

'''Plume CPG.''' Developed at Stellenbosch University in 2020 and sponsored by Amazon Science, the open-source Plume project (https://plume-oss.github.io/plume-docs/) provides a code property graph for JVM Bytecode compatible with the code property graph specification provided by the Joern project. The two projects merged in 2021.

'''Fraunhofer AISEC CPG.''' The Fraunhofer Institute for Applied and Integrated Security provides open-source code property graph generators for C/C++, Java, Golang, and Python (https://github.com/Fraunhofer-AISEC/cpg), albeit without a formal schema specification. It also provides the Cloud Property Graph^[6], an extension of the code property graph concept that models details of cloud deployments.

'''Galois’ CPG for LLVM.''' (https://galoisinc.github.io/MATE/cpg.html) Galois Inc. provides a code property graph based on the LLVM compiler. The graph represents code at different stages of the compilation and a mapping between these representations. It follows a custom schema that is defined in its documentation.