This project is not covered by Drupal’s security advisory policy.

Tools to monitor the code of your Drupal site.

NOTE: This module is not intended to be installed on your public production site. It is to be used as part of an internal review. Any site running this module *will* see at least one of its CPU cores pegged while it processes the full commit history of any git repos you track with it.

When you tell Project QA to scan a repo, it checks the repo out locally (or updates it if it already has a copy from a previous run), and then begins stepping backwards through the git history one commit at a time. A record of the commit is saved, including the commit hash, the timestamp of the commit, and the author of the commit. After each commit is checked out a hook is fired to allow submodules to act on the repo in its current state. After all commits have been processed, Project QA evaluates the existing tags in the repo and matches them up with the imported commits.

Every action or piece of data is always linked back to a specific git commit. The code being evaluated doesn't need to be Drupal code, or even PHP code; as long as it exists in a git repo you can access.

Initial release includes a PHPLOC submodule providing you with the data and views to access PHPLOC data on your repo history.


  1. Download this module to a Drupal site.
  2. Use drush to install this module and submodule: drush en projectqa projectqa_phploc -y (using the UI will not handle the composer dependencies).
  3. Add a repo to track to the projectqa_repo table.
  4. Run drush pqa and grab some popcorn or a beer (especially if the project is a big one).
  5. Use views to create reports on the data. Two default views for PHPLOC are included.

Project Information