Advertising sustains the DA. Ads are hidden for members. Join today

Opting into security advisory coverage

The Drupal project has a volunteer security team, who handle confidential reports of security problems in projects hosted on drupal.org. Maintainers of projects can opt in to coverage by the security team, thereby agreeing to respond appropriately to security problem reports. This section describes the process.

In brief, an individual Drupal community member applies once for a particular project to be covered by security advisories. The code in the project is reviewed. Once that community member has had a project approved, they can opt in for additional projects they maintain without further reviews.

Pre-requisites for applying for the permission to opt into security advisory coverage

What is needed before applying for the permission to opt into security advisory coverage

Apply for the permission to opt into security advisory coverage

A one-time review process to opt your projects into security advisory coverage

Application checklist

What a reviewer will look for in your security coverage application

What to expect from the review process

What to expect from the review process for security advisory coverage

Tips for ensuring a smooth review

Miscellaneous tips for a better review outcome

Review bonus

Speed your project review by reviewing other projects

GitLab CI

GitLab CI is now available for every project

Guide maintainers

avpaderno's picture
jhodgdon's picture