/plume

Plume is a code property graph analysis library with options to extract the CPG from Java bytecode and store the result in various graph databases.

Primary LanguageKotlinApache License 2.0Apache-2.0

Plume Banner

Plume is a language front-end to construct an intermediate representation called a code-property graphs from JVM bytecode. Plume is graph database agnosic and can store code-property graphs to multiple graph databases.

License GitHub Actions codecov

Learn More

For more documentation and basic guides, check out the project homepage.

Community

  • If you have any questions or want to be involved then check out our discussions page.
  • Joern's Discord. Note, this will give you temporary membership to the server. Once joined you can obtain permanent membership by being assigned role if necessary.
  • Plume is primarily maintained by David Baker Effendi

Adding Plume as a Dependency

Replace X.X.X with the desired version on JitPack.

Maven:

<dependency>
  <groupId>io.github.plume-oss</groupId>
  <artifactId>plume</artifactId>
  <version>X.X.X</version>
  <type>pom</type>
</dependency>

Gradle:

implementation 'io.github.plume-oss:plume:X.X.X'

Don't forget to include the JCenter and JitPack repository in your pom.xml or build.gradle.

Maven:

<project>
  [...]
  <repositories>
    <repository>
      <id>jcenter</id>
      <name>jcenter</name>
      <url>https://jcenter.bintray.com</url>
    </repository>
    <repository>
      <id>jitpack</id>
      <name>jitpack</name>
      <url>https://jitpack.io</url>
    </repository>
  </repositories>
  [...]
</project>

Gradle:

repositories {
    jcenter()
    maven { url "https://jitpack.io" }
}

Building from Source

Plume releases are available on JitPack. If downloading from JitPack is not an option, or you would like to depend on a modified version of Plume, you can build Plume locally and use it as an unmanaged dependency. JDK version 11 or higher is required.

git clone https://github.com/plume-oss/plume.git
cd plume
./gradlew jar

This will build build/libs/plume-X.X.X.jar which can be imported into your local project.

Logging

Plume uses SLF4J as the fascade with Log4j2 as the implementation.

Note that due to the size of method related operations, there is a CLI loading bar used to indicate progress. This bar is only shown on TRACE, DEBUG, and INFO levels.

Sponsored by

Amazon Science