For years, a recurring part of my work has been auditing Drupal projects. Slow websites land on my desk, sites with security issues nobody has reviewed in months, projects inherited from another agency where nobody really knows what state things are in. The common thread is almost always the same: there are obvious problems that have been sitting there for a while and haven't been caught because nobody had a systematic process to look for them.
For that work I had my own scripts. I built and refined them over time, adding checks as I came across new types of problems in my clients' projects. They worked well, but they were loose scripts, hard to maintain and hard to share.
A few months ago I decided to unify everything into a contributed Drupal module.
Why a module instead of sticking with scripts
The practical difference is significant. A contributed module on Drupal.org means anyone can install it on any project with a single Composer command, regardless of the hosting provider they're using. No scripts to copy, no special configuration, no strange dependencies. And the code is completely open source, so anyone can see exactly what it checks and how it works before installing it on production.
The result is Drupal Site Audit, a free module that analyzes your Drupal installation and generates scores from 0 to 100 across different categories: modules and updates, performance, technical SEO, cache configuration, content architecture, security, frontend, multilingual, and more. Each category has its own detailed report with the detected issues and specific recommendations to improve that score.
The module is organized into independent submodules. You install only what you need for each project. If all you want is to track updates and security advisories, audit_updates is enough. If you need a deep analysis of cache configuration and Dynamic Page Cache, you have audit_cache. To review custom module code quality, audit_phpstan and audit_phpcs work in development and staging environments.
Installation is straightforward:
composer require drupal/audit
drush en audit_allThe full report appears under Admin > Reports > Audit. All analysis stays on your server.
The other problem: continuous monitoring
Having a module that generates audits solves the problem of running a quick initial analysis. But I had a different problem: the ongoing monitoring of my clients' projects.
Logging into each project separately to check for pending updates, whether the performance score has dropped, whether a new security advisory has appeared... for one project it's manageable. For several clients at once, it's an amount of time I don't want to spend reviewing configurations repeatedly. I'd rather spend that time finding and applying real solutions, which is where the value I can offer actually sits.
That's where the idea for DruScan came from, a centralized dashboard where I connect all my Drupal projects. The module sends audit data to the dashboard via cron, and from there I can see the status of all my projects on a single screen without logging into any of them.
What I find most useful day to day isn't just seeing the current score, it's seeing how it evolves over time. If the performance score of a project drops from one month to the next, I want to know. If a new security advisory comes out, I want to get a notification that same day, not find out when the client calls me.
It also helps me show clients how their project is evolving. Instead of explaining what I've done over the past month in words, I can show them a graph where the security score went from 65 to 88. That's a lot more tangible than a summary in an email.
Another line of business
I want to be honest about what DruScan is beyond a personal tool and why I've made it available for others to use.
I've also built it as a business line. The reality of freelance work is that my income is limited by my hours, and hours are what they are.
DruScan is my attempt to have a scalable service without depending directly on selling my hours, while staying within the Drupal space.
The free plan lets you connect unlimited projects and see current scores. Paid plans add score history, daily sync, automatic email alerts when a metric drops or a security update appears, environment comparison, and team access so clients can view the dashboard without you having to give them access to the Drupal admin panel.
As a special offer, the first 100 paid projects get a guaranteed 30% discount for three years. The service is in early adopter phase and that's exactly what it is: I want real people to use it on real projects before scaling.
You can use it for free, and you can contact me if you're genuinely interested in getting discounted access to the paid version. Right now paid access is limited and managed manually, not available to everyone yet.
Why this might be useful even if you're not me
If you manage several Drupal projects, you have exactly the same blind spot I had. Knowing the real state of each project without that information costing you hours of work every week. The module solves the part of running audits quickly. The dashboard solves the part of not having to repeat that process manually every week.
And if you take on audit projects like I do, the module gives you a structured analysis in minutes instead of hours. You can walk into an unfamiliar project, run the analysis, and have a clear picture of the problems before talking to the client.
From experience I can tell you that most projects that come to me for an audit have the same types of problems: misconfigured cache, outdated modules, Views without cache that invalidate the cache of multiple pages, bad practices in custom modules and themes, CSS and JS aggregation disabled on production, poor SEO configuration, and many other typical issues that go unnoticed unless you know where to look. The module detects all of them systematically and prioritizes them.
Try it and tell me what you find
The module is at drupal.org/project/audit and is completely free. DruScan is at druscan.com and the free plan doesn't require a credit card.
If you install it and find something that doesn't work, that's missing, or that could be better thought out, I'd like to know. You can reach me by email at [email protected], on LinkedIn, or by opening an issue directly in the module's queue on drupal.org. I'm at a stage where feedback from people using it in real situations has a direct impact on what gets built next.
It took me quite a bit longer than I expected to get this published as a contributed module. The scripts worked and there was always something more urgent. But the reality is that having everything inside a standard Drupal module, with the drupal.org infrastructure behind it, is a qualitative step forward compared to maintaining loose scripts. I wish I'd done it sooner.