Mangle by Google: A Datalog-Based Language to Tame Fragmented Data

Mangle is a new open-source programming language from Google that extends the logic-based Datalog for modern deductive database programming. Implemented as a Go library, Mangle is aimed at simplifying queries and reasoning over data that lives across many different sources and formats.

Tackling data fragmentation

Modern engineering and security workflows suffer from data fragmentation. Information about dependencies, vulnerabilities, configurations, and infrastructure is scattered across files, APIs, registries, and other stores. Mangle addresses this by letting developers treat these disparate sources as a single logical dataset. Instead of stitching data together imperatively, teams can declare facts and rules and use deductive queries to reason across the whole picture.

Extensions to Datalog for real-world use

Mangle builds on classic Datalog while adding practical features needed in real projects:

• Recursive rules: Mangle preserves and embraces recursion, enabling compact and elegant expressions of transitive relationships such as full dependency graphs or hierarchical access rights.
• Uniform data access: The language can ingest facts from files, APIs, or other data stores, so queries can join information regardless of its physical location.
• Aggregation and external functions: Mangle supports aggregation functions like count and sum and permits calls to external functions. This goes beyond pure logic to enable richer computations and integration with existing codebases.

These extensions keep the declarative clarity of Datalog while making it applicable to complex, practical analysis tasks.

Practical applications

Mangle is particularly well suited for security, supply chain, and knowledge-graph problems:

• Vulnerability detection: Security teams can encode policies and codebase structures as facts and rules. For example, a rule could mark a project as vulnerable if it depends on a library with a known CVE; Mangle can recursively evaluate dependency graphs to identify affected projects.
• Software dependency analysis: Mangle helps navigate modern software supply chains. It can analyze SBOMs, enforce organization-wide version policies, or identify projects impacted by deprecated libraries.
• Knowledge graph modeling: By representing entities and relationships as logical facts, organizations can uncover hidden connections and run complex reasoning over interconnected datasets.

Implementation and developer accessibility

Implementing Mangle as a Go library lets it be embedded into existing applications and analysis tools without the overhead of a separate database system. This design puts deductive querying capabilities directly in developers hands and aligns with common engineering stacks. The project documentation focuses on practicality, helping developers who are more familiar with imperative or object-oriented paradigms adopt logic-based reasoning.

Where to start

The project repository contains documentation, tutorials, and examples to help teams get started. Mangle offers a pragmatic path to consolidate fragmented data and perform sophisticated reasoning for security analysis, infrastructure management, and more.