Thanks avpaderno, cmlara, and Drumm -
I am not a developer or a sys admin, but in a security role between management and the development team. We basically use a in house private Platform as a Service (PaaS). (So I can not run commands on PHP, I don't have access to the LAMP stack, etc.) My main role is with security compliance, documentation, processes, etc.
I have built a Microsoft SharePoint List of the modules manually getting the modules from the configuration files I got from our code management solution. (I uploaded a screenshot of what I built for tracking.) This took hours of work and is quickly outdated as modules are updated (both on our websites, and on the Drupal.org side.) I have subscribed to all the 300+ project emails but the emails don't easily provide the data that I am looking for. (Feature Request and bug tracking, etc.)
I did try to see if I could scrape the data of the 300+ modules via the project pages using Microsoft Powershell (since it is included on all Windows systems and I do not have administrator rights to my Government computer. But the websites will give an error about using methods such as this to try and scrape the data. I was not aware of any APIs or composer audit.
The API could be preferred solution since I could possibly create a csv file of the data needed and then use it (maybe with Microsoft Power Automate) to update the SharePoint List.
My goal are to track/know:
- The modules we use in our organization and on what system those modules are used on.
- The latest information on the module such as the latest supported version, latest update date.
- What Drupal versions are supported on the module.
- If module is obsolete and/or if the module is deprecated.
- If the project is not covered by the Drupal security advisory policy.
I think it would be great if the Drupal Security dashboard would allow me to have a table 2-5. If there was a way to put my own notes in, (or my own tags) I could mark #1 - so I could tell what sites have the modules.
If you can provide me details on how to use the API to get the data, I might be able to script a solution to save the data to Microsoft Excel.
Ciao Alberto,
Thank you for your reply. I am not a developer myself, but I work in a security role overseeing multiple Drupal websites—currently tracking 311 contributed modules.
I've have subscribed to emails, but keeping track of module versions, deprecated projects, and security coverage is challenging. Mostly the emails have "Bug report", "Feature request", "Support request", etc. Specifically, I am interested in:
- Identifying obsolete/deprecated modules.
- Monitoring the latest versions and update timelines.
- Knowing which modules are not covered by the Drupal security advisory policy—those flagged as “Use at your own risk!”
Since web scraping isn’t allowed on the drupal.org website, I manually maintain a Microsoft List for tracking, but it quickly becomes outdated. My columns include things like the module name, latest versions (D7, D9, D10), release dates, security coverage, project type, and notes.
A process improvement suggestion that could add value to the Drupal community:
Would Drupal.org consider offering a custom module tracking dashboard? This would allow subscribed users to view all their selected contributed modules in one place, with filters for security status, deprecated projects, or unsupported versions (e.g., D7 modules not available in D10/11).
A centralized Drupal Module Status Dashboard would significantly enhance security tracking and maintenance for customers managing multiple sites.
Thanks again, Alberto! I’d love to hear your thoughts and if you have any suggestions on where I can post this request.
davidwise → created an issue.