A generic Drupal site auditing and optional remediation tool.
This repository is a baseline frame and not recommended to install by itself unless you're planning on building your own auditing tool based on top of Drutiny.
You can install Drutiny into your project with composer.
composer require drutiny/drutiny ^3.2.0
Drutiny has native target support for Git and Drush. If you wish to use these types of targets, you must install the underlying software.
For drush, we recommend using drush 8 to access global aliases.
composer global require drush/drush:8
Drutiny is a command line tool that can be called from the composer vendor bin directory:
./vendor/bin/drutiny
Drutiny comes with a policy:list
command that lists all the policies available to audit against.
./vendor/bin/drutiny policy:list
Policies provided by other packages such as drutiny/plugin-distro-common will also appear here, if they are installed.
Additional Drutiny policies, audits, profiles and commands can be installed with composer.
$ composer search drutiny
An audit of a single policy can be run against a site by using policy:audit
and passing the policy name and site target:
./vendor/bin/drutiny policy:audit Drupal-8:PageCacheExpiry @drupalvm.dev
The command above would audit the site that resolved to the @drupalvm.dev
drush alias against the Drupal-8:PageCacheExpiry
policy.
Some policies have parameters you can specify which can be passed in at call time. Use policy:info
to find out more about the parameters available for a check.
./vendor/bin/drutiny policy:audit -p value=600 Drupal-8:PageCacheExpiry @drupalvm.dev
Audits are self-contained classes that are simple to read and understand. Policies are simple YAML files that determine how to use Audit classes. Therefore, Drutiny can be extended very easily to audit for your own unique requirements. Pull requests are welcome as well, please see the contributing guide.
A site audit is running a collection of checks that make up a profile. This allows you to audit against a specific standard, policy or best practice. Drutiny comes with some base profiles which you can find using profile:list
. You can run a profile with profile:run
in a simlar format to policy:audit
.
./vendor/bin/drutiny profile:run d8 @drupalvm.dev
Parameters can not be passed in at runtime for profiles but are instead predefined by the profile itself.
Because this is a Symfony Console application, you have some other familiar commands:
./vendor/bin/drutiny help profile:run
In particular, if you use the -vvv
argument, then you will see all the drush commands, and SSH commands printed to the screen.
You can find more documentation in the docs folder.
./vendor/bin/phpcs --config-set installed_paths vendor/phpcompatibility/php-compatibility
./vendor/bin/phpcs -p src --standard=PHPCompatibility --runtime-set testVersion $PHP_VERSION
- Theodoros Ploumis for creating the logo for Drutiny.