DevX Dashboard overview

The DevX Dashboard collects information about GitHub repositories in the microsoftgraph organization and reports on the health of repositories containing code for customer-facing samples, SDKs, and other Graph tools such as Graph Explorer.

The top part of the page provides percentages based on the total number of samples. Note: repositories with an Unknown status are removed from the total before calculating these percentages. See Repository status for more detail on the status values.

Column	Source	Description
Name	GitHub	The name of the repository
Owners	GitHub Management Portal for Open Source	The names of the configured maintainers for the repository
Status	GitHub	The status of the repository (see Repository status for details)
Last Updated	GitHub	The date GitHub reports that the repository was last updated
Identity Libs	GitHub	The status of any known Microsoft Identity libraries (MSAL, etc.) found in the repositories dependencies
Graph SDKs	GitHub	The status of any known Microsoft Graph SDKs found in the repositories dependencies
Security Alerts	GitHub	The count of vulnerability alerts reported by GitHub
Open PRs	GitHub	The number of open pull requests in the repository
Open issues	GitHub	The number of open issues in the repository
Forks	GitHub	The number of forks for the repository
Stars	GitHub	The number of stars for the repository
Views	GitHub	The number of views in the last 14 days for the repository
Language	YAML header / devx.yml	The programming language for the repository
Feature area	YAML header / devx.yml	The feature area(s) for the repository

Repository status

Status is calculated by looking at the status of each dependency in a repository, then choosing the most severe status as the repositories status. Each dependency can have one of the following statuses.

Status	Description
Urgent update	The dependency has one or more security alerts.
Major update	The dependency has a major version update (semantic versioning). For example a 1.x to 2.x update
Minor update	The dependency has a minor version update (semantic versioning). For example a 1.1 to 1.2 update
Patch update	The dependency has a patch update (semantic versioning). For example a 1.2.1 to 1.2.2 update
Up to date	The dependency is using the latest version
Unknown	The status of the dependency could not be determined

Repositories with Unknown status

If a repository's status is listed as Unknown, this usually means that either the repository does not use any sort of dependency manager (for example, a repo with only PowerShell scripts), or the repository uses a dependency manager that GitHub doesn't support.

GitHub only supports a limited set of package managers for building their dependency graphs. For example, they support Maven for Java (pom.xml) but do not support Gradle (build.gradle). This is also the same tech that drives things like Dependabot.

To mitigate this, the dashboard implements a basic parser for Gradle files and Podfiles. To enable this, you must specify a dependencyFile value in your devx.yml file.

Using a devx.yml file

The devx.yml file is an optional file in the root of your repository that enables additional features in the DevX Dashboard.

---
languages:
- java
extensions:
    services:
    - Outlook
    - OneDrive
    - Teams
dependencyFile: demo/GraphTutorial/app/build.gradle
noDependencies: true
---

Property	Description
languages	The programming languages used in the repository. Note: this value can also be read from a YAML header in the README of the repository.
extensions/services	The workloads involved (typically only used by samples). Note: this value can also be read from a YAML header in the README of the repository.
dependencyFile	The path from the root of the repository to the dependency file. This is used to enable dependency support for dependency managers that GitHub does not support.
noDependencies	If present and true, the dashboard will treat this repository as up to date IF there is no GitHub-generated dependency graph and no security alerts.