IBM/audit-ci IBM/audit-ci

  • Stars
    star
    253
  • Rank 155,012 (Top 4 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
IBM/audit-ci
github

IBM

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Audit NPM, Yarn, and PNPM dependencies in continuous integration environments, preventing integration if vulnerabilities are found at or above a configurable threshold while ignoring allowlisted advisories

audit-ci

npm version Build Status CircleCI GitHub CI CodeQL

This module is intended to be consumed by your favourite continuous integration tool to halt execution if npm audit, yarn audit or pnpm audit finds vulnerabilities at or above the specified threshold while ignoring allowlisted advisories.

Note: Use our codemod to update to audit-ci v6.0.0

Requirements

  • Node >=12.9.0 (Yarn Berry requires Node >=12.13.0)
  • (Optional) Yarn ^1.12.3 || Yarn >=2.4.0
  • (Optional) PNPM >=4.3.0

Limitations

  • Yarn Classic workspaces does not audit devDependencies. See this issue for more information.

Set up

(Recommended) Install audit-ci during your CI environment using npx, yarn dlx, or pnpm dlx immediately after checking out the project's repository.

# Use the option for your project's package manager, pinning to a major version to avoid breaking changes
npx audit-ci@^6 --config ./audit-ci.jsonc
yarn dlx audit-ci@^6 --config ./audit-ci.jsonc
pnpm dlx audit-ci@^6 --config ./audit-ci.jsonc

Alternatively, audit-ci can be installed as a devDependency. The downside of this approach is that the CI may run a postinstall script of a compromised package before running audit-ci.

# Use the option for your project's package manager
npm install -D audit-ci
yarn add -D audit-ci
pnpm install -D audit-ci

The next section gives examples using audit-ci in various CI environments. It assumes that moderate, high, and critical severity vulnerabilities prevent build continuation. Also, it suppresses an advisory of axios and a transitive advisory of react-scripts.

// audit-ci.jsonc
{
  // $schema provides code completion hints to IDEs.
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "moderate": true,
  "allowlist": [
    // Axios denial of service https://github.com/advisories/GHSA-42xw-2xvc-qx8m
    "GHSA-42xw-2xvc-qx8m",
    // The following are for the latest create-react-app
    // https://github.com/advisories/GHSA-rp65-9cf3-cjxr
    // Alternatively, allowlist "GHSA-rp65-9cf3-cjxr" to suppress this nth-check advisory across all paths
    // or "*|react-scripts>*" to suppress advisories for all transitive dependencies of "react-scripts".
    "GHSA-rp65-9cf3-cjxr|react-scripts>@svgr/webpack>@svgr/plugin-svgo>svgo>css-select>nth-check"
  ]
}

Allowlisting

Allowlists are a mechanism to suppress an advisory warning from the audit. A team may want to suppress an advisory when:

  • A fix has already been started
  • There is no bandwidth to fix the advisory
  • The risk is tolerable for the project
  • The advisory is inaccurate or incorrect
  • The vulnerable code is not actually used

An allowlist may contain multiple allowlist records. There are three categories of allowlist record formats:

  • module allowlist record (example: axios, suppresses all advisories directly caused by axios, not transitive advisories)
  • advisory allowlist record (example: GHSA-42xw-2xvc-qx8m, suppresses all instances of advisory based on the GitHub advisory identifier)
  • path allowlist record (example: GHSA-rp65-9cf3-cjxr|react-scripts>@svgr/webpack>@svgr/plugin-svgo>svgo>css-select>nth-check, the specific and full advisory path with wildcard support)

When audit-ci identifies new advisories at or above the configured level, the CI pipeline will fail.

Found vulnerable advisory paths:
GHSA-pw2r-vq6v-hr8c|axios>follow-redirects
GHSA-74fj-2j2h-c42q|axios>follow-redirects
GHSA-4w2v-q235-vp99|axios
GHSA-42xw-2xvc-qx8m|axios
GHSA-cph5-m8f7-6c5x|axios
Failed security audit due to high, moderate vulnerabilities.
Vulnerable advisories are:
https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
https://github.com/advisories/GHSA-74fj-2j2h-c42q
https://github.com/advisories/GHSA-4w2v-q235-vp99
https://github.com/advisories/GHSA-42xw-2xvc-qx8m
https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Exiting...

Advisories can be suppressed using several approaches. Each approach is useful in unique scenarios.

First, the most granular and secure approach, using paths. If in the future the same advisory arises with a different path, the pipeline will fail.

"allowlist": [
  "GHSA-pw2r-vq6v-hr8c|axios>follow-redirects",
  "GHSA-74fj-2j2h-c42q|axios>follow-redirects",
  "GHSA-4w2v-q235-vp99|axios",
  "GHSA-42xw-2xvc-qx8m|axios",
  "GHSA-cph5-m8f7-6c5x|axios"
]

The next best approach is suppressing the advisories using advisory IDs. This approach may be useful if your team knows that the application is not (and will not be) affected by the advisory regardless of the path. Often, the same advisory can be present in many paths. Allowlisting by advisory ID is terser than the alternative of listing all paths.

"allowlist": [
  "GHSA-pw2r-vq6v-hr8c",
  "GHSA-74fj-2j2h-c42q",
  "GHSA-4w2v-q235-vp99",
  "GHSA-42xw-2xvc-qx8m",
  "GHSA-cph5-m8f7-6c5x"
]

The next approach is to allowlist the modules themselves. All current and future advisories are automatically suppressed when using module allowlist records. Compared to other suppression approaches, there's an increased risk of a new advisory impacting your application due to the broad suppression. Suppressing via a module allowlist record is often less useful than using path allowlist records + wildcards, as noted in the final approach.

"allowlist": [
  "axios",
  "follow-redirects"
]

Finally, wildcards can be used within path allowlist records. Wildcards are useful for trusted development-only dependencies such as react-scripts. Unlike the module allowlist record of react-scripts, the path allowlist of *|react-scripts>* suppresses transitive dependency advisories (dependencies of dependencies).

Wildcard matching works by:

  1. splitting the allowlist record at every wildcard
  2. constructing a regex matching anything at each wildcard location

An allowlist record may include any number of wildcards such as *|react-scripts>*>*>example>*.

Allowlist Formats

The simplest way to add an advisory to the allowlist is using a string:

"allowlist": [
  "axios"
]

You can also use an object notation (NSPRecord) in which you can add notes and control the expiration of this exception:

"allowlist": [
  {
    "axios": {
      "active": true,
      "notes": "Ignore this until November 20th",
      "expiry": "20 November 2022 11:00"
    }
  }
]

allowlist supports both formats at the same time, so feel free to mix and match:

"allowlist": [
  {
    "axios": {
      "active": true,
      "notes": "Ignore this until November 20th",
      "expiry": "20 November 2022 11:00"
    }
  },
  "base64url"
]

NSPRecord Fields

Attribute Type Description Example
active boolean Whether the exception is active or not true
expiry string | number Human-readable date, or milliseconds since the UNIX Epoch - '2020-01-31'
- '2020/01/31'
- '01/31/2021, 11:03:58'
- '1 March 2016 15:00'
- '1 March 2016 3:00 pm'
- '2012-01-26T13:51:50.417-07:00'
- 'Sun, 11 Jul 2021 03:03:13 GMT'
- 'Thu Jan 26 2017 11:00:00 GMT+1100 (Australian Eastern Daylight Time)'
- 327611110417
notes string Notes related to the vulnerability.

GitHub Actions

steps:
  - uses: actions/checkout@v2
  - name: Audit for vulnerabilities
    run: npx audit-ci@^6 --config ./audit-ci.jsonc

(Recommended) Run audit-ci immediately after checking out the git repository to reduce the risk of executing a postinstall script from a compromised NPM package.

CircleCI

# ... excludes set up for job
steps:
  - checkout
  - run:
      name: update-npm
      command: "sudo npm install -g npm"
  - restore_cache:
      key: dependency-cache-{{ checksum "package.json" }}
  # This should run immediately after cloning
  # the risk of executing a script from a compromised NPM package.
  # If you use a pull-request-only workflow,
  # it's better to not run audit-ci on `main` and only run it on pull requests.
  # For more info: https://github.com/IBM/audit-ci/issues/69
  # For a PR-only workflow, use the below command instead of the above command:
  #
  # command: if [[ ! -z $CIRCLE_PULL_REQUEST ]] ; then npx audit-ci --config ./audit-ci.jsonc ; fi
  - run:
      name: run-audit-ci
      command: npx audit-ci@^6 --config ./audit-ci.jsonc
  - run:
      name: install-npm
      command: "npm install --no-audit"

Travis-CI

Auditing only on PR builds is recommended

scripts:
  # This script should be the first that runs to reduce the risk of
  # executing a script from a compromised NPM package.
  - if [ "${TRAVIS_PULL_REQUEST}" != "false" ]; then npx audit-ci@^6 --config ./audit-ci.jsonc; fi

For Travis-CI not using PR builds:

scripts:
  - npx audit-ci@^6 --config ./audit-ci.jsonc

Options

(Recommended) Prefer to use a JSONC or JSON5 config file for audit-ci over managing your config with CLI arguments. Using a config file supports workflows such as documenting your allowlist, centralized and easier config management, and code completion when using the $schema field.

Args Alias Description
-l --low Prevents integration with low or higher vulnerabilities (default false)
-m --moderate Prevents integration with moderate or higher vulnerabilities (default false)
-h --high Prevents integration with high or critical vulnerabilities (default false)
-c --critical Prevents integration only with critical vulnerabilities (default false)
-p --package-manager Choose a package manager [choices: auto, npm, yarn, pnpm] (default auto)
-a --allowlist Vulnerable modules, advisories, and paths to allowlist from preventing integration (default none)
-o --output-format The format of the output of audit-ci [choices: text, json] (default text)
-d --directory The directory containing the package.json to audit (default ./)
--pass-enoaudit Pass if no audit is performed due to the registry returning ENOAUDIT (default false)
--show-found Show allowlisted advisories that are found (default true)
--show-not-found Show allowlisted advisories that are not found (default true)
--registry The registry to resolve packages by name and version for auditing (default to unspecified)
--report-type Format for the audit report results [choices: important, summary, full] (default important)
--retry-count The number of attempts audit-ci calls an unavailable registry before failing (default 5)
--config Path to the audit-ci configuration file
--skip-dev Skip auditing devDependencies (default false)
--extra-args Extra arguments to pass to the underlying audit command (default: [])

Config file specification

A config file can manage auditing preferences for audit-ci. The config file's keys match the CLI arguments.

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  // Only use one of ["low": true, "moderate": true, "high": true, "critical": true]
  "low": <boolean>, // [Optional] defaults `false`
  "moderate": <boolean>, // [Optional] defaults `false`
  "high": <boolean>, // [Optional] defaults `false`
  "critical": <boolean>, // [Optional] defaults `false`
  "allowlist": <(string | [NSPRecord](#nsprecord-fields))[]>, // [Optional] default `[]`
  "report-type": <string>, // [Optional] defaults `important`
  "package-manager": <string>, // [Optional] defaults `"auto"`
  "output-format": <string>, // [Optional] defaults `"text"`
  "pass-enoaudit": <boolean>, // [Optional] defaults `false`
  "show-found": <boolean>, // [Optional] defaults `true`
  "show-not-found": <boolean>, // [Optional] defaults `true`
  "registry": <string>, // [Optional] defaults `undefined`
  "retry-count": <number>, // [Optional] defaults 5
  "skip-dev": <boolean>, // [Optional] defaults `false`
  "extra-args": <string>[] // [Optional] defaults `[]`
}

Refrain from using "directory" within the config file because directory is relative to where the command is run, rather than the directory where the config file exists.

Examples

Prevents build on moderate, high, or critical vulnerabilities with allowlist; ignores low

With a JSONC config file, execute with npx audit-ci --config ./audit-ci.jsonc.

// audit-ci.jsonc
{
  // $schema provides code completion hints to IDEs.
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "moderate": true,
  "allowlist": [
    // Axios denial of service https://github.com/advisories/GHSA-42xw-2xvc-qx8m
    "GHSA-42xw-2xvc-qx8m",
    // The following are for the latest create-react-app
    // https://github.com/advisories/GHSA-rp65-9cf3-cjxr
    // Alternatively, allowlist "GHSA-rp65-9cf3-cjxr" to suppress this nth-check advisory across all paths
    // or "*|react-scripts>*" to suppress advisories for all transitive dependencies of "react-scripts".
    "GHSA-rp65-9cf3-cjxr|react-scripts>@svgr/webpack>@svgr/plugin-svgo>svgo>css-select>nth-check"
  ]
}

Or, with the CLI:

npx audit-ci -m -a "GHSA-42xw-2xvc-qx8m" "GHSA-rp65-9cf3-cjxr|react-scripts>@svgr/webpack>@svgr/plugin-svgo>svgo>css-select>nth-check"

Prevents build on any vulnerability except advisory "GHSA-38f5-ghc2-fcmv" and all of lodash and base64url, don't show allowlisted

With a JSON5 config file:

// JSON5 files support trailing commas and more succinct syntax than JSONC files.
{
  $schema: "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  low: true,
  allowlist: ["GHSA-38f5-ghc2-fcmv", "lodash", "base64url"],
  "show-found": false,
}

Or, with the CLI with yarn dlx:

yarn dlx audit-ci@^6 -l -a "GHSA-38f5-ghc2-fcmv" lodash base64url --show-found false

Prevents build with critical vulnerabilities showing the full report

With a JSONC config file:

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "critical": true,
  "report-type": "full"
}

Or, with the CLI with pnpm dlx:

pnpm dlx audit-ci@^6 --critical --report-type full

Continues build regardless of vulnerabilities, but show the summary report

With a JSONC config file:

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "report-type": "summary"
}

Or, with the CLI:

npx audit-ci@^6 --report-type summary

Pass additional args to Yarn Berry to exclude a certain package from audit

With a JSONC config file, in a project on Yarn Berry v3.3.0 or later:

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "extra-args": ["--exclude", "example"]
}

Or, with the CLI:

npx audit-ci@^6 --extra-args '\--exclude' example

Example config file and different directory usage

test/npm-config-file/audit-ci.jsonc

{
  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  "low": true,
  "package-manager": "auto",
  "allowlist": [
    "GHSA-333w-rxj3-f55r",
    "GHSA-vfvf-mqq8-rwqc",
    "example1",
    "example2",
    "GHSA-6354-6mhv-mvv5|example3",
    "GHSA-42xw-2xvc-qx8m|example4",
    "GHSA-42xw-2xvc-qx8m|example5>example4",
    "*|example6>*"
  ],
  "registry": "https://registry.npmjs.org"
}
npx audit-ci@^6 --directory test/npm-config-file --config test/npm-config-file/audit-ci.jsonc

test/pnpm-config-file/audit-ci.json5

{
  $schema: "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
  moderate: true,
  "package-manager": "pnpm",
  allowlist: [
    "GHSA-vfvf-mqq8-rwqc",
    "example2",
    "GHSA-6354-6mhv-mvv5|example3",
    "GHSA-42xw-2xvc-qx8m|example5>example4",
    "*|example6>*",
  ],
}
npx audit-ci@^6 --directory test/pnpm-config-file --config test/pnpm-config-file/audit-ci.json5

Codemod

npx @quinnturner/audit-ci-codemod

https://github.com/quinnturner/audit-ci-codemod

audit-ci v6.0.0 changed the identifiers used for auditing from the NPM identifiers to GitHub identifiers. NPM identifiers are considered unstable to rely on, as they frequently change. Meanwhile, GitHub identifiers are stable. To accommodate for a potentially tedious migration, a codemod is available to update your configuration in-place.

$ npx @quinnturner/audit-ci-codemod
Need to install the following packages:
  @quinnturner/audit-ci-codemod
Ok to proceed? (y) y
? What's the path for the audit-ci config? audit-ci.jsonc
Performed migration from advisories, whitelist, and path-whitelist to allowlist
Performed migration from NPM advisories to GitHub advisories

Q&A

Why run audit-ci on PR builds for Travis-CI and not the push builds?

If audit-ci is run on the PR build and not on the push build, you can continue to push new code and create PRs parallel to the actual vulnerability fix. However, they can't be merged until the fix is implemented. Since audit-ci performs the audit on the PR build, it will always have the most up-to-date dependencies vs. the push build, which would require a manual merge with main before passing the audit.

What do I do when NPM/Yarn is breaking my build while returning ENOAUDIT?

The config option --pass-enoaudit allows passing if no audit is performed due to the registry returning ENOAUDIT. It is false by default to reduce the risk of merging in a vulnerable package. However, if the convenience of passing is more important for your project then you can add --pass-enoaudit into the CLI or add it to the config.

More Repositories

1

sarama

Sarama is a Go library for Apache Kafka.
Go
10,858
star
2

plex

The package of IBM’s typeface, IBM Plex.
CSS
9,297
star
3

css-gridish

Automatically build your grid design’s CSS Grid code, CSS Flexbox fallback code, Sketch artboards, and Chrome extension.
CSS
2,253
star
4

openapi-to-graphql

Translate APIs described by OpenAPI Specifications (OAS) into GraphQL
TypeScript
1,594
star
5

Project_CodeNet

This repository is to support contributions for tools for the Project CodeNet dataset hosted in DAX
Python
1,485
star
6

fp-go

functional programming library for golang
Go
1,480
star
7

pytorch-seq2seq

An open source framework for seq2seq models in PyTorch.
Python
1,431
star
8

fhe-toolkit-linux

IBM Fully Homomorphic Encryption Toolkit For Linux. This toolkit is a Linux based Docker container that demonstrates computing on encrypted data without decrypting it! The toolkit ships with two demos including a fully encrypted Machine Learning inference with a Neural Network and a Privacy-Preserving key-value search.
C++
1,427
star
9

ibm.github.io

IBM Open Source at GitHub
JavaScript
1,106
star
10

MicroscoPy

An open-source, motorized, and modular microscope built using LEGO bricks, Arduino, Raspberry Pi and 3D printing.
Python
1,102
star
11

Dromedary

Dromedary: towards helpful, ethical and reliable LLMs.
Python
1,059
star
12

MAX-Image-Resolution-Enhancer

Upscale an image by a factor of 4, while generating photo-realistic details.
Python
863
star
13

elasticsearch-spark-recommender

Use Jupyter Notebooks to demonstrate how to build a Recommender with Apache Spark & Elasticsearch
Jupyter Notebook
806
star
14

differential-privacy-library

Diffprivlib: The IBM Differential Privacy Library
Python
774
star
15

build-blockchain-insurance-app

Sample insurance application using Hyperledger Fabric
JavaScript
719
star
16

FfDL

Fabric for Deep Learning (FfDL, pronounced fiddle) is a Deep Learning Platform offering TensorFlow, Caffe, PyTorch etc. as a Service on Kubernetes
Go
676
star
17

spring-boot-microservices-on-kubernetes

In this code we demonstrate how a simple Spring Boot application can be deployed on top of Kubernetes. This application, Office Space, mimicks the fictitious app idea from Michael Bolton in the movie "Office Space".
JavaScript
548
star
18

cloud-native-starter

Cloud Native Starter for Java/Jakarta EE based Microservices on Kubernetes and Istio
Shell
517
star
19

federated-learning-lib

A library for federated learning (a distributed machine learning process) in an enterprise environment.
Python
480
star
20

nicedoc.io

pretty README as service.
JavaScript
473
star
21

clai

Command Line Artificial Intelligence or CLAI is an open-sourced project from IBM Research aimed to bring the power of AI to the command line interface.
Python
466
star
22

import-tracker

Python utility for tracking third party dependencies within a library
Python
458
star
23

mac-ibm-enrollment-app

The Mac@IBM enrollment app makes setting up macOS with Jamf Pro more intuitive for users and easier for IT. The application offers IT admins the ability to gather additional information about their users during setup, allows users to customize their enrollment by selecting apps or bundles of apps to install during setup, and provides users with next steps when enrollment is complete.
Swift
454
star
24

mobx-react-router

Keep your MobX state in sync with react-router
JavaScript
437
star
25

openapi-validator

Configurable and extensible validator/linter for OpenAPI documents
JavaScript
429
star
26

EvolveGCN

Code for EvolveGCN: Evolving Graph Convolutional Networks for Dynamic Graphs
Python
384
star
27

fhe-toolkit-macos

IBM Homomorphic Encryption Toolkit For MacOS
C++
356
star
28

AutoMLPipeline.jl

A package that makes it trivial to create and evaluate machine learning pipeline architectures.
HTML
345
star
29

graphql-query-generator

Randomly generates GraphQL queries from a GraphQL schema
TypeScript
334
star
30

portieris

A Kubernetes Admission Controller for verifying image trust.
Go
329
star
31

BluePic

WARNING: This repository is no longer maintained ⚠️ This repository will not be updated. The repository will be kept available in read-only mode.
Swift
325
star
32

FedMA

Code for Federated Learning with Matched Averaging, ICLR 2020.
Python
320
star
33

lale

Library for Semi-Automated Data Science
Python
320
star
34

powerai-counting-cars

Run a Jupyter Notebook to detect, track, and count cars in a video using Maximo Visual Insights (formerly PowerAI Vision) and OpenCV
Jupyter Notebook
317
star
35

evote

A voting application that leverages Hyperledger Fabric and the IBM Blockchain Platform to record and tally ballots.
JavaScript
316
star
36

aihwkit

IBM Analog Hardware Acceleration Kit
Jupyter Notebook
314
star
37

zshot

Zero and Few shot named entity & relationships recognition
Python
308
star
38

blockchain-network-on-kubernetes

Demonstrates the steps involved in setting up your business network on Hyperledger Fabric using Kubernetes APIs on IBM Cloud Kubernetes Service.
Shell
305
star
39

IBM-Z-zOS

The helpful and handy location for finding and sharing z/OS files, which are not included in the product.
REXX
296
star
40

charts

The IBM/charts repository provides helm charts for IBM and Third Party middleware.
Smarty
295
star
41

TabFormer

Code & Data for "Tabular Transformers for Modeling Multivariate Time Series" (ICASSP, 2021)
Python
295
star
42

blockchain-application-using-fabric-java-sdk

Create and Deploy a Blockchain Network using Hyperledger Fabric SDK Java
Java
292
star
43

mac-ibm-notifications

macOS agent used to display custom notifications and alerts to the end user.
Swift
289
star
44

MAX-Object-Detector

Localize and identify multiple objects in a single image.
Python
286
star
45

design-kit

The IBM Design kit is a collection of tools aimed to help you design and prototype experiences faster, with confidence and thoughtfulness. This kit is based on the IBM Design System. Also, you may use this documentation to create add-on libraries to the IBM Design System or submit bugs to the current system.
272
star
46

AccDNN

A compiler from AI model to RTL (Verilog) accelerator in FPGA hardware with auto design space exploration.
Verilog
270
star
47

deploy-ibm-cloud-private

Instructions and Code required to install IBM Cloud Private
HCL
263
star
48

vue-a11y-calendar

Accessible, internationalized Vue calendar
JavaScript
253
star
49

watson-banking-chatbot

A chatbot for banking that uses the Watson Assistant, Discovery, Natural Language Understanding and Tone Analyzer services.
JavaScript
250
star
50

UQ360

Uncertainty Quantification 360 (UQ360) is an extensible open-source toolkit that can help you estimate, communicate and use uncertainty in machine learning model predictions.
Python
249
star
51

Kubernetes-container-service-GitLab-sample

This code shows how a common multi-component GitLab can be deployed on Kubernetes cluster. Each component (NGINX, Ruby on Rails, Redis, PostgreSQL, and more) runs in a separate container or group of containers.
Shell
243
star
52

tensorflow-hangul-recognition

Handwritten Korean Character Recognition with TensorFlow and Android
Python
232
star
53

transition-amr-parser

SoTA Abstract Meaning Representation (AMR) parsing with word-node alignments in Pytorch. Includes checkpoints and other tools such as statistical significance Smatch.
Python
229
star
54

BlockchainNetwork-CompositeJourney

Part 1 in a series of patterns showing the building blocks of a Blockchain application
Shell
227
star
55

pytorchpipe

PyTorchPipe (PTP) is a component-oriented framework for rapid prototyping and training of computational pipelines combining vision and language
Python
223
star
56

Graph2Seq

Graph2Seq is a simple code for building a graph-encoder and sequence-decoder for NLP and other AI/ML/DL tasks.
Python
219
star
57

LNN

A `Neural = Symbolic` framework for sound and complete weighted real-value logic
Python
214
star
58

Scalable-WordPress-deployment-on-Kubernetes

This code showcases the full power of Kubernetes clusters and shows how can we deploy the world's most popular website framework on top of world's most popular container orchestration platform.
Shell
214
star
59

janusgraph-utils

Develop a graph database app using JanusGraph
Java
204
star
60

ModuleFormer

ModuleFormer is a MoE-based architecture that includes two different types of experts: stick-breaking attention heads and feedforward experts. We released a collection of ModuleFormer-based Language Models (MoLM) ranging in scale from 4 billion to 8 billion parameters.
Python
203
star
61

ibm-generative-ai

IBM-Generative-AI is a Python library built on IBM's large language model REST interface to seamlessly integrate and extend this service in Python programs.
Python
202
star
62

tensorflow-large-model-support

Large Model Support in Tensorflow
199
star
63

Scalable-Cassandra-deployment-on-Kubernetes

In this code we provide a full roadmap the deployment of a multi-node scalable Cassandra cluster on Kubernetes. Cassandra understands that it is running within a cluster manager, and uses this cluster management infrastructure to help implement the application. Kubernetes concepts like Replication Controller, StatefulSets etc. are leveraged to deploy either non-persistent or persistent Cassandra clusters on Kubernetes cluster.
Shell
195
star
64

adaptive-federated-learning

Code for paper "Adaptive Federated Learning in Resource Constrained Edge Computing Systems"
Python
193
star
65

action-recognition-pytorch

This is the pytorch implementation of some representative action recognition approaches including I3D, S3D, TSN and TAM.
Python
193
star
66

gantt-chart

IBM Gantt Chart Component, integrable in Vanilla, jQuery, or React Framework.
JavaScript
193
star
67

api-samples

Samples code that uses QRadar API's
Python
192
star
68

cdfsl-benchmark

(ECCV 2020) Cross-Domain Few-Shot Learning Benchmarking System
Python
190
star
69

kube101

Kubernetes 101 workshop (https://ibm.github.io/kube101/)
Shell
184
star
70

CrossViT

Official implementation of CrossViT. https://arxiv.org/abs/2103.14899
Python
180
star
71

browser-functions

A lightweight serverless platform that uses Web Browsers as execution engines
JavaScript
180
star
72

pwa-lit-template

A template for building Progressive Web Applications using Lit and Vaadin Router.
TypeScript
176
star
73

rl-testbed-for-energyplus

Reinforcement Learning Testbed for Power Consumption Optimization using EnergyPlus
Python
170
star
74

AMLSim

The AMLSim project is intended to provide a multi-agent based simulator that generates synthetic banking transaction data together with a set of known money laundering patterns - mainly for the purpose of testing machine learning models and graph algorithms. We welcome you to enhance this effort since the data set related to money laundering is critical to advance detection capabilities of money laundering activities.
Python
170
star
75

socket-io

A Socket.IO client for C#
C#
169
star
76

tfjs-web-app

A TensorFlow.js Progressive Web App for Offline Visual Recognition
JavaScript
164
star
77

molformer

Repository for MolFormer
Jupyter Notebook
163
star
78

spark-tpc-ds-performance-test

Use the TPC-DS benchmark to test Spark SQL performance
TSQL
160
star
79

watson-online-store

Learn how to use Watson Assistant and Watson Discovery. This application demonstrates a simple abstraction of a chatbot interacting with a Cloudant NoSQL database, using a Slack UI.
HTML
156
star
80

istio101

Istio 101 workshop (https://ibm.github.io/istio101/)
Shell
154
star
81

Medical-Blockchain

A healthcare data management platform built on blockchain that stores medical data off-chain
Vue
150
star
82

watson-assistant-slots-intro

A Chatbot for ordering a pizza that demonstrates how using the IBM Watson Assistant Slots feature, one can fill out an order, form, or profile.
JavaScript
143
star
83

tsfm

Foundation Models for Time Series
Jupyter Notebook
143
star
84

simulai

A toolkit with data-driven pipelines for physics-informed machine learning.
Python
142
star
85

etcd-java

Alternative etcd3 java client
Java
141
star
86

deploy-react-kubernetes

Built for developers who are interested in learning how to deploy a React application on Kubernetes, this pattern uses the React and Redux framework and calls the OMDb API to look up movie information based on user input. This pattern can be built and run on both Docker and Kubernetes.
JavaScript
139
star
87

innovate-digital-bank

This repository contains instructions to build a digital bank composed of a set of microservices that communicate with each other. Using Nodejs, Express, MongoDB and deployed to a Kubernetes cluster on IBM Cloud.
JavaScript
137
star
88

ipfs-social-proof

IPFS Social Proof: A decentralized identity and social proof system
JavaScript
135
star
89

KubeflowDojo

Repository to hold code, instructions, demos and pointers to presentation assets for Kubeflow Dojo
Jupyter Notebook
132
star
90

probabilistic-federated-neural-matching

Bayesian Nonparametric Federated Learning of Neural Networks
Python
132
star
91

fhe-toolkit-ios

IBM Fully Homomorphic Encryption Toolkit For iOS
C++
131
star
92

pytorch-large-model-support

Large Model Support in PyTorch
130
star
93

taxinomitis

Source code for Machine Learning for Kids site
JavaScript
127
star
94

Decentralized-Energy-Composer

WARNING: This repository is no longer maintained ⚠️ We are no longer showing the Hyperledger Composer Service.
TypeScript
127
star
95

quantum-careers

Learn about career opportunities with IBM Quantum.
126
star
96

cloud-pak

IBM Cloud Paks are enterprise-grade containerized software by combining container images with enterprise capabilities for deployment in production use cases with integrations for management and lifecycle operations. Features such as pre-configured deployments based on product expertise, rolling upgrades, and management of production workloads.
Shell
126
star
97

build-knowledge-base-with-domain-specific-documents

Create a knowledge base using domain specific documents and the mammoth python library
Jupyter Notebook
125
star
98

japan-technology

IBM Related Japanese technical documents - Code Patterns, Learning Path, Tutorials, etc.
Jupyter Notebook
125
star
99

DiffuseKronA

DiffuseKronA: A Parameter Efficient Fine-tuning Method for Personalized Diffusion Models
125
star
100

compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
Python
124
star