Drupal Application Analysis


The Drupal coordinate based matching feature provides the ability to scan and evaluate  Drupal extensions (modules and themes).

What is supported

Files named drupal-components.csv  (comma separated list of Drupal extensions) will be analyzed

What do we parse from the file?

Only the extension name (value in parentheses) and version of each extension are evaluated, for example:

Automated Cron (automated_cron),8.7.10

Integrations with Drupal scanning support

  • CLI from version 90
  • Jenkins from version 3.9.20200623-110149.2e546a0
  • Bamboo from version 1.16.0

Steps to analyze using the CLI

Create drupal-components.csv file

Run the drush pm-list command and pipe results to a csv file.

drush pm-list --fields=name,version --status=enabled --format=csv > drupal-components.csv

Example drupal-components.csv file 

Automated Cron (automated_cron),8.7.10
Simplenews (simplenews),2.0.0
Crumbs (crumbs),2.2.0
Course (course),6.0.0

Run a scan

Invoke a CLI scan of a directory or subdirectories containing a drupal-components.csv file.  Instructions on how to do this can be found here: Nexus IQ CLI.

Output from cli

Dashboard results

Report results

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the drupal-components.csv  file.  A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication: 'SampApp', iqScanPatterns: [[scanPattern: '**/drupal-components.csv']], iqStage: 'build'

To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.

Steps to analyze using the Bamboo plugin

Bamboo Scan Targets control what files are examined.  To evaluate Drupal, add drupal-components.csv to the scan targets via "**/drupal-components.csv".  To find more information on how to configure Bamboo please go to the Nexus IQ for Bamboo.