Last updated 8 March 2017.
You may go through a one-time review process to get permission to mark your projects as covered for security advisories.
This shows users they can be more confident in running your project on their site and re-affirms your agreement to work with the Drupal Security Team when necessary.
Before you enter the project application process, you should first make sure that your project is a release candidate (RC). You don’t have to make the tags and releases right away – your project should measure up to the RC standard. Entering the process too early with a poorly documented and buggy project will usually result in the review process taking a much longer time than necessary.
When you enter the process, the application review volunteers will review your code to ensure you are writing secure code, following the coding standards, generally following best practices, familiar with proper usage of the Drupal APIs, and promoting collaboration over competition (i.e., not duplicating functionality already available in other modules). For more details, read what to expect during a review.
Please note: there is currently a large backlog of projects waiting review. Projects that haven't completed the review bonus program can take up to a year to be reviewed. See step #7 below for more information.
Here is the process:
- Obtain basic Git access and Create a sandbox project for your code.
- Get your project into a state you feel is release-ready. Ideally, you would commit the project early and have a track record of several weeks/months of commits so that application reviewers can get an idea of your development and maintenance style.
- Have a look at the Project application checklist and try to resolve common issues.
- Once ready, create a new issue in the Project Applications queue [Note: Do NOT edit that page! Create a new issue.]
- Fill out the issue form:
- [Dx] Your project name
- Use [D6], [D7] or [D8] to specify which Drupal version your project uses.
- e.g. [D7] Unicorn Integration
- Project: Drupal.org Project applications
- Category: task
- Status: needs review
- Component: 'module', 'theme' or 'feature' (depending on the application)
- A detailed description of what your project does, including how it is different from other, similar projects, if applicable.
- For themes it's helpful to include a screenshot.
- A link to your project page. As for the contents of your project page, you may want to use the Project page template as a guide, and it may be a good idea to also read tips for a great project page.
- A git clone command. You can find the correct git clone command for your sandbox by clicking on the Version control tab, removing the checkbox in front of "Maintainer", and clicking Show. You can then copy-paste the git clone command from the codeblock below "Setting up repository for the first time". The git clone command should be version specific, for example, 7.x-1.x branch for Drupal 7 version as below.
git clone --branch 7.x-1.x email@example.com:sandbox/username/123456.git module_name
- A list of links to reviews of other project applications that you did.
- Reviewers will then examine your code and provide feedback over the coming days/weeks (again see What to Expect). Please be patient, and make the changes requested of you. Also note that if your sandbox duplicates the features of an already existing, unsupported, or abandoned project, you may be asked to change your application into an abandoned project application.
- As the application process is fully volunteer driven, many of our most active reviewers use the review bonus program to prioritize which applications they review. This program gives priority to those who are also helping to review other applications. Participation is not mandatory, but it does provide a significant fast-track through the applications process. Due to limited resources, it could otherwise take a number of weeks between reviews of your own application. To participate in the Review Bonus program, review three other project applications and reference them in your own application. We are a community and we help each other, so we are counting on you!
- Once given the sign off, you will be granted permissions both to create full projects and to promote your sandbox projects to full projects.
Once this comes into place there is no need to submit project applications for review as at this stage you are considered a trusted contributor. This makes it unnecessary for you to add to the project application queue but you should promote your projects to full projects when they are ready.