audit

A Drupal site auditing framework that identifies configuration issues, performance problems, and best practice violations. Tracks all installed modules with versions and detects pending updates, including security releases.

The module is free and open source, and works completely standalone. Optionally, it can connect to DruScan, a centralized dashboard where you can see audit scores and module versions from all your Drupal projects in one place.

What you get

• Module inventory: Complete list of installed modules with current versions, available updates, and security patches flagged.
• Health scores: 0-100 scores for performance, SEO, content structure, Views, caching, fields, and more.
• Project Score: Overall weighted score combining all audit results.
• Detailed reports per category: Each submodule has its own report page showing detected issues, current configuration, and specific recommendations to improve that category's score.

Submodules

Install only what you need:

• audit_status - Server compatibility (PHP, database versions)
• audit_cron - Cron status and configuration
• audit_modules - Module recommendations, unused extensions
• audit_updates - Pending updates with version tracking
• audit_fields - Content structure, unused fields
• audit_views - Views performance and caching
• audit_blocks - Block configuration and cache
• audit_twig - Template code quality
• audit_images - Responsive images configuration
• audit_seo - Metatags, pathauto, sitemap, robots.txt
• audit_performance - Cache and CSS/JS aggregation
• audit_database - Database size and optimization
• audit_i18n - Multilingual configuration
• audit_security - Security configuration checks
• audit_watchdog - Log analysis, recurring errors
• audit_search_api - Search API configuration
• audit_phpstan - Static code analysis (dev only)
• audit_phpcs - Coding standards (dev only)
• audit_all - Enables all recommended submodules

Installation

composer require drupal/audit
drush en audit

Enable all audits at once:

drush en audit_all

Production use

Yes, most submodules work fine on production. Exception: audit_phpstan and audit_phpcs require dev dependencies. Enable these only in development or staging environments.

Optional: connect to DruScan dashboard

If you manage multiple Drupal projects, checking audit results site by site gets old fast. DruScan is a centralized dashboard where you can see all your projects together. The main advantage is having a single place to check which projects have pending module updates, which ones have security patches waiting, and how each project scores across all audit categories.

Once configured, the module sends only aggregate scores (0-100 per enabled submodule) and the list of installed modules with versions via cron. No code, content, user data, or configuration details ever leave your server. The full audit report stays on your Drupal installation.

Registration is free and supports unlimited projects. For more details on available plans, visit druscan.com.

Does this replace a professional audit?

No. Audit automates detection of common issues and saves hours of manual work, but it doesn't replace a senior developer reviewing custom code and architectural decisions. Think of it as a thorough first pass that catches 80% of common problems.