Plume is a language front-end to construct an intermediate representation called a code-property graphs from JVM bytecode. Plume is graph database agnosic and can store code-property graphs to multiple graph databases.
Plume is going into maintenance mode. jimple2cpg is the new JVM bytecode to CPG project that is optimized around OverflowDB and is much more lightweight. Future development will take place on jimple2cpg.
For more documentation and basic guides, check out the project homepage.
- If you have any questions or want to be involved then check out our discussions page.
- Joern's Discord. Note, this will give you temporary membership to the server. Once joined you can obtain permanent membership by being assigned role if necessary.
- Plume is primarily maintained by David Baker Effendi
- DM on Twitter
- Email at [email protected]
Replace X.X.X
with the desired version on JitPack.
Maven:
<dependency>
<groupId>io.github.plume-oss</groupId>
<artifactId>plume</artifactId>
<version>X.X.X</version>
<type>pom</type>
</dependency>
Gradle:
implementation 'io.github.plume-oss:plume:X.X.X'
Don't forget to include the JCenter and JitPack repository in your pom.xml
or build.gradle
.
Maven:
<project>
[...]
<repositories>
<repository>
<id>jcenter</id>
<name>jcenter</name>
<url>https://jcenter.bintray.com</url>
</repository>
<repository>
<id>jitpack</id>
<name>jitpack</name>
<url>https://jitpack.io</url>
</repository>
</repositories>
[...]
</project>
Gradle:
repositories {
jcenter()
maven { url "https://jitpack.io" }
}
Plume releases are available on JitPack. If downloading from JitPack is not an option, or you would like to depend on a modified version of Plume, you can build Plume locally and use it as an unmanaged dependency. JDK version 11 or higher is required.
git clone https://github.com/plume-oss/plume.git
cd plume
./gradlew jar
This will build build/libs/plume-X.X.X.jar
which can be imported into your local project.
Plume uses SLF4J as the fascade with Log4j2 as the implementation.
Note that due to the size of method related operations, there is a CLI loading bar used to indicate progress. This bar is only shown on TRACE, DEBUG, and INFO levels.