Discussed with Cash Williams today the problem of security releases for PHP libraries being used by Drupal modules (especially contrib).

There is some effort to catalog those that could be used as a basis for notification:
https://github.com/FriendsOfPHP/security-advisories

Proposal: Integrate into the nspi module a minimal version of the checking code from:
https://github.com/sensiolabs/security-checker

(e.g. omit the console commands and any dependencies).
Since this is MIT licensed code, any part of it may be merged into GPL code and become GPL.

Display any problems locally in the UI and send data back to Acquia subscription.

Since similar functionality is being proposed to be added to Drupal 8.x core, bonus points for a version which could be pulled into core.

Comments

pwolanin created an issue. See original summary.

Dane Powell’s picture

Dane Powell CreditAttribution: Dane Powell at Acquia commented
Status: Active » Closed (won't fix)

Thanks for taking the time to recommend this feature. We are not considering new features for Acquia Connector at this time, but if there's some other way that this use case could be satisfied (possibly in another product like Insight, separately from Connector), feel free to submit a support ticket with product feedback, or contact me privately and I can submit product feedback on your behalf. Thanks again.