This project is not covered by Drupal’s security advisory policy.

Shepherd will allow maintainers of multiple websites to view the status of the security updates pending for each website. This alleviates the need to check each site individually for the current update status. When new security updates are released the maintainer will be able to see quickly which sites are affected.

Shepherd operates in a simple client / server model. It has two components. Any combination of components can be enabled, client-only, server-only, or both.

The Shepherd server enables a callback that allows a POST from clients on an IP whitelist. It also provides the 'Flock Report' of tracked clients. It can be installed on a current drupal instance, or separately as part of a stand-alone drupal instance.

The Shepherd client (a sheep), checks for and reports pending security releases to the shepherd server.

To facilitate the client information, sheep nodes are created, saved, and updated over time. They have node ids, but rely on a hash key generated from the client site name, ip address, and base url / vhost information. The sheep nodes can be deleted at any time if needed. They will repopulate on the next cron run of the client.

The server provides a shepherd flock report that details all reporting clients and the modules reporting security necessary updates.


  • Replace cck type with custom content type, removing dependency on content.
  • Add normal module updates listing
  • Add plug-able client notifications

Project information