the site says it does, but finding good joern resources and examples is kinda hard

kzbin.infoqtGRNb_2Khs?feature=share&t=2699 This seems kind of similar to taint analysis.

There is a learning curve in both cases to learn the tools. As we see in the videos brute force approach in both cases takes time to find how to formulate the query (and would take even longer without helpful comments from live observers). While the tools overlap, the specific case may not be the best for comparison - Joern failed to analyze one of the TypeScript classes. The fact that in Joern case you need to think in terms of the JavaScript, that the TypeScript is transpiled to, is not convenient. But the experience when comparing a different programming language may be different. I *personally* find the CodeQL query more readable than the one liner mix with lambdas approach of Joern. From the performance point of view Joern looks more interactive and fast, when CodeQL always takes time to compile and execute.