The Drupal Health Platform

Stop finding out about your clients' problems when it's already too late

Your Drupal sites, controlled from one screen. Install the free audit module, connect to your dashboard, and know exactly which sites need attention today. No more Friday-evening surprises.

See the health of all my sites Audit my first project free

Open-source module published on drupal.org. Free forever for unlimited projects.

druscan audit --project=client-site.com
Scanning modules_
drupal/core
10.3.1 ✓ latest
drupal/webform
6.2.0 → 6.2.2
drupal/views_bulk_operations
SECURITY UPDATE
drupal/pathauto
1.12.0 ✓ latest
drupal/metatag
2.0.0 → 2.1.0
drupal/redirect
1.9.0 ✓ latest
Scan complete · 47 modules analyzed
4 up to date 2 updates 1 security

Running multiple Drupal projects? This is what it's costing you.

Six problems every Drupal agency knows by heart. Every one of them quietly drains your hours, your margin, or your client's trust.

Updates, no priorities

Updates drop every week and you can't tell which sites are most exposed or which patches are security. The client usually notices before you do.

Clients want proof

Clients can't judge technical work, they judge what they see. Without a score climbing month after month, you can't prove the value, and renewals quietly slip away.

Losing on price

Other agencies automated the analysis, charge less, and keep better margin. You come out the most expensive on every quote.

Regressions caught live

Without comparing staging to production, you can't tell if the deploy is better or worse than what's live. The client notices the regression before you do.

Unpaid discovery work

Inheriting a project means hours of unpaid auditing just to map what's there and what's broken. The client won't pay for it, but you can't touch a line without it.

Code review skipped

Junior devs and AI tools ship code that runs but skips Drupal best practices for security, performance, and maintainability. No budget covers a senior reviewing every commit, so it all ships untouched.

What changes when you use DruScan

Centralized visibility

Stop reviewing sites one by one. One dashboard, all your projects, all the alerts. No module update, no Drupal core patch, no security advisory slips through the cracks across any of your projects.

A client calls because their site got hacked. Turns out a module had a security advisory 6 months ago and nobody applied the patch. With DruScan, you'd have seen it across all your projects the same day it was published.

Prove your work to clients

Share the dashboard with your client. With historical tracking on paid plans, they see the security score went from 68 to 91. Problems detected and resolved. Without jargon, without preparing reports. The dashboard speaks for you.

An agency that proves tangible value retains maintenance clients. If the contract is €300 to €500 a month, keeping one client for an extra year is €3,600 to €6,000. The dashboard is a client retention tool, not just monitoring.

Safety net for custom code & AI

The Drupal community's best practices as an automatic quality gate. Whether a dev or an AI wrote the code, the audit module checks it against real community standards.

Generate code with AI. Validate it with the community.

Every pending update across all your projects. One screen.

Instead of logging into each admin panel individually, see every pending update across your entire portfolio in one view. Know exactly which client sites have security updates waiting. No more discovering critical updates three weeks late.

  • Complete module inventory

    Every module on every project, with current and available versions.

  • Security updates flagged instantly

    Know about a security advisory the same day it drops, not three weeks later when something breaks.

  • Your team focuses on fixing, not checking

    Stop spending hours verifying what needs updating. DruScan shows you. You fix it.

Pending Updates 7 across 4 projects
views_bulk_operations
client-site.com, agency-portal.com, shop.example.org
SECURITY
webform
client-site.com
6.2.0 → 6.2.2
metatag
shop.example.org, intranet.corp.com
2.0.0 → 2.1.0
token
agency-portal.com
1.12.0 → 1.13.0
New: AI code validation

Generate code with AI. Validate it with the community.

In the age of AI, the amount of Drupal code being generated has multiplied. But quality doesn't always keep up. A dev or an AI writes a hook, a controller, a service. It works in local. Passes the tests. But it doesn't follow Drupal coding standards, misuses APIs, and hides subtle security issues.

Those problems don't explode immediately. They pile up. And one day in production, something breaks and nobody knows why. The audit module is the automatic code review that applies the Drupal community's standards, regardless of who wrote the code.

  • Community-backed standards, not arbitrary rules

    The audit module checks against best practices agreed upon by the Drupal community.

  • Custom code analysis

    Security issues, anti-patterns, incorrect API usage. Catches the problems a manual review would catch.

  • Safety net for junior devs and AI tools

    Supervise the code your team or AI tools generate without reviewing every line manually.

audit code review
WARN Direct database query in controller. Use Entity API instead.
SEC Unescaped user input in render array. XSS risk detected.
STYLE Hook implementation doesn't follow coding standards.
API Static \Drupal:: call in service class. Use dependency injection.
WARN 2 of 4 custom modules need attention.

24 specialized audits. Activate only the ones each project needs.

Each submodule covers a specific area of your Drupal site. Enable just the ones that matter for each client. No bloat, no wasted resources. Every check produces a score between 0 and 100, so you know exactly what to fix first.

Scores are calculated on your server. Only the numbers come to us. Your code and data stay private.

Site Health & Status

PHP version, MySQL version, Drupal core version and the basic system indicators that tell you whether the site is running on a stable foundation or on outdated infrastructure.

Security Configuration

Detects misconfigurations and potential vulnerabilities: dangerous file permissions, exposed paths, risky module combinations and missing hardening. The silent issues attackers look for.

Pending Updates

Tracks pending updates for core, contrib modules and themes. Security releases are flagged first so you never miss a critical patch on any project in your portfolio.

Modules & Themes Inventory

Lists every module and theme installed, detects unused extensions and provides recommendations based on the project type. Removes the guesswork of "what is actually being used here?"

Performance & Caching

Reviews performance configuration, cache modules and detects cache bypasses introduced by custom code. Where most "why is this site slow?" investigations actually start.

Cache Bins & Efficiency

Analyzes cache bins, configuration and how efficiently your caching layer is actually being used. Caches that exist but are not invalidated correctly do more harm than good.

Database Size & Tables

Tracks total database size and the largest tables. Spots bloat in cache_render, watchdog, sessions or revisions before it slows queries down across the entire site.

Logs & Errors (Watchdog)

Reviews recent watchdog entries for errors, warnings and patterns that indicate code or performance problems that nobody is currently watching.

Cron & Queue Workers

Verifies cron is running, queue workers are actually processing jobs and that no scheduled tasks are silently failing in the background.

Fields, Bundles & View Modes

Analyzes every entity field, bundle and view mode. Surfaces unused fields and orphaned configuration that drag down performance and clutter the editorial UI.

Content Volume

Volume by entity type, bundle and language. Detects empty bundles, revision bloat and translation gaps that quietly grow over the years.

Views Configuration

Reviews every Views display, its cache settings and Search API usage. Uncached Views are one of the top reasons agencies inherit slow Drupal sites.

Blocks & Placement

Block types, instances, placement and cache configuration across the entire site. Misconfigured block cache contexts break page caching for everyone.

Menu Architecture

Menu structure, depth and navigation issues. Deep, broken or duplicated menus hurt usability and SEO at the same time.

Twig Templates

Inspects custom Twig templates for unused field renders and theming anti-patterns that break cache bubbling. The kind of issue that only shows up under real traffic.

Images & Responsive

Image styles, responsive image styles, breakpoints and field formatters. Most "why is this site slow on mobile?" answers live right here.

Technical SEO

SEO modules, configuration and image optimization. The technical foundation Google evaluates before it even looks at your content.

URL Aliases & Redirects

Detects redirect loops, alias collisions, broken targets and routes shadowed by aliases. Invisible problems that quietly hurt SEO and break links.

Search API

Search API indexes and servers status. Stale or broken indexes silently break site search without any visible error to your editors.

Internationalization

Multilingual configuration and translation status across content, interface and configuration. Where most multilingual implementations quietly break.

PHP CodeSniffer

Checks custom code against Drupal coding standards. For development environments only. The phpcs binary is too resource intensive for production.

PHPStan Static Analysis

Static analysis to catch type errors, dead code and potential bugs in custom modules. For development environments only. Too resource intensive for production.

PHPUnit Tests & Coverage

Runs custom-module unit tests and reports code coverage. For development environments only. PHPUnit with Xdebug or PCOV is too resource intensive for production.

Code Complexity

Lines of code, cyclomatic complexity and maintainability index for custom modules and themes. For development environments only. Too resource intensive for production.

Set up your health check in 10 minutes

No complex setup. No hosting restrictions. Works with Drupal 10 and 11.

1

Install the module on each project

Run a Composer command. Enable the base module. Then turn on only the submodules you need: Updates, SEO, Performance, Fields, Views, i18n, and many more. Each project gets exactly the monitoring it needs. Nothing more.

composer require drupal/audit && drush en audit audit_seo audit_updates
2

Connect to your dashboard

Create your free account at app.druscan.com, get an API key, paste it into the module settings. That's it. Cron automatically sends scores to your dashboard. The Updates module also sends your module list with versions. Your passwords, code, content, and user data never leave your server. We only receive scores from 0 to 100, module versions, and Drupal core version. Nothing else.

3

Open DruScan with your morning coffee

In 30 seconds you know which sites need attention today.

Free plan: Current health scores for all your projects. Paid plans: Historical trends, email alerts when scores drop, and environment comparison.

Built by someone who's been in your shoes

15+

Years of Drupal development experience behind every check in the audit module.

200+

Individual checks the audit module runs per site, across 24 specialized submodules.

100%

Open-source. Published on drupal.org. Inspect every line of code before you install.

Who uses DruScan

Whether you manage the sites or pay for them, DruScan gives you the visibility you need.

For Drupal agencies & developers

Install the free module on each client site and see your entire portfolio's health from one screen.

With paid plans, DruScan runs every day on every project. Like having a senior reviewer constantly inspecting code, configurations, and security across your portfolio, surfacing what needs attention first and alerting you the moment something changes.

Free for unlimited projects. Paid plans cost less than one developer's monthly salary for a full year of daily monitoring.

For website owners

Ask your agency to invite you to view your site's dashboard. Stop wondering if your maintenance budget is being well spent.

See the score climb month after month, tangible proof that the work is real. Green means healthy, red means action needed. No technical jargon to decode.

No technical knowledge required. Your agency controls access and you see what they share.

Start free. Upgrade when you need the full picture.

7-Day Trial

Each new project gets 7 days to test every Business feature. Moves to the Free plan automatically unless you upgrade.

Free

€0

per project

  • 1 environment per project
  • Weekly data sync
  • All audit scores
  • Detailed module list
  • Update alerts
  • Multi-user access
  • Historical data
Sign up free

Starter

€99 -30%
€69

per project / year

  • 1 environment per project
  • Weekly data sync
  • All audit scores
  • Detailed module list with versions
  • Monthly update alerts
  • Multi-user access
  • Historical data
Sign up free

Pro

€199 -30%
€139

per project / year

  • 2 environments per project
  • Daily data sync
  • All audit scores
  • Detailed module list with versions
  • Weekly update alerts
  • Multi-user access
  • Historical data (30 days)
Sign up free
Best Value

Business

€399 -30%
€279

per project / year

  • Unlimited environments
  • Daily data sync
  • All audit scores
  • Detailed module list with versions
  • Daily update alerts
  • Multi-user access
  • Historical data (90 days)
Try free for 7 days

Mix free and paid projects however you want. Annual billing or one-time lifetime payment. Prices shown exclude taxes.

Early Adopter

30% off, limited to the first 100 paid projects. Once the limit is reached, prices return to the standard rate.

The math is simple

Less than one developer's monthly salary, for monitoring that runs every day of the year.

Continuous daily monitoring across every project, prioritized fixes for your team to ship, and a score history your clients can watch climb with every release.

For an agency with 10 Drupal sites:

Today, manual
260h /year

~5h every week across 10 sites: triaging updates, reviewing security and performance, auditing SEO, spotting bad code, comparing staging vs production. Tedious. Easy to miss. Hard to prove to clients.

With DruScan Pro
€1,990 /year

10 sites × €199/year. Same audit, run every day and prioritized. Alerts the moment a security advisory drops. Score history your clients can watch climb.

Try free for 7 days

Frequently asked questions

What data is sent to the dashboard?

Only scores from 0 to 100 for each enabled audit category. If you enable the Updates module, we also receive your module list with version numbers so we can show you pending updates across all your sites in one dashboard. We never see passwords, code, content, user data, emails, or database contents. The full audit report stays on your server.

How do I install the module?

Run composer require drupal/audit in your project. Enable the base module in Drupal. Then enable the submodules you need: Updates, SEO, Performance, Fields, etc. Get your API key from app.druscan.com, paste it in, and you're done. Cron handles the rest automatically.

Do you offer a free trial?

Yes. Every new project you add starts as a 7-day Business trial, with full access to every paid feature: daily sync, unlimited environments, multi-user access, all audit scores, detailed module list, daily update alerts, and 90 days of historical data. Use it exactly as if you were on the Business plan. After 7 days, the project automatically moves to the Free plan (weekly sync, current scores, no history) unless you choose to upgrade to Starter, Pro, or Business. No credit card required to start the trial. No automatic charges, no surprises.

Can I mix free and paid projects?

Absolutely. Most agencies start with everything on Free, then upgrade individual projects when they need daily sync instead of weekly, multiple environments per project, or team access. You might keep internal projects free while upgrading client-facing ones. It's flexible.

How does billing work?

Paid plans come in two formats: annual (billed once a year per project) or lifetime (one-time payment per project that never expires). Both are paid by bank transfer, with no automatic charges and no recurring payments. When you upgrade a project, we send you an invoice and you pay by transfer. For annual plans, we email you before your year is up so you can decide whether to renew. Simple as that.

What happens when my plan expires?

Lifetime plans never expire: pay once and the plan stays with the project forever. For annual plans, we email you 30 days and 7 days before expiration. If you want to keep going, you pay for another year by bank transfer and nothing changes. If you don't renew, the project goes back to the Free plan. No penalties, no surprise charges.

How does the early adopter 30% discount work?

The first 100 paid projects get 30% off the standard price. The discount applies to your current payment only. Annual plans: 30% off your first year. Future renewals are charged at the standard rate. Example: a Pro annual plan today is €139 instead of €199; next year's renewal will be €199. Lifetime plans: 30% off your one-time payment. Since lifetime is paid only once, the discount stays with you forever. Example: a Pro lifetime is €697 instead of €995, and that's it.

What counts as one project?

One project = one Drupal installation, and you pay per project. If the same site has multiple environments (development, staging, production), paid plans let you send data from each environment to the same project, compare scores side by side, and get alerts when they diverge. This is ideal for catching code or configuration regressions before they reach production. Free plans only support one environment per project. Drupal multisite: technically each site is a separate installation, but since multisites usually share code and configuration, sending data from a single representative site is often enough to get a useful picture of overall quality.

Does it work with any hosting provider?

Yes. DruScan works on any hosting that lets you install a Drupal module and make outbound internet connections. Shared hosting, VPS, or dedicated servers, all of them work. The module runs on your own server, calculates the scores there, and only sends the results to DruScan. If your hosting allows installing modules and has internet access, you are good to go.

Can I run this on production?

Yes, and that's where most people run it. The module performs read-only audits. It doesn't modify files, database, or configuration. It just inspects and reports. No risk to your live site. The only exception: code audit submodules that require PHPStan or PHPCS should run in development or staging environments only.

What about my code privacy and security?

The complete audit report never leaves your server. We only receive scores from 0 to 100 per category, your module list with versions, and Drupal core version. We never collect specific errors, view names, content structure, custom code, configurations, database content, user data, or credentials. Your code and data remain 100% private.

Which Drupal versions are supported?

Drupal 10 and 11. Drupal 7, 8, and 9 are not supported.

How can I get support or request a demo?

Email us at [email protected] for any technical questions, support requests, or to ask for demo access to the paid features. If you are an agency managing multiple client sites and want to discuss pricing, just mention it in your email. We respond within 24 hours on business days.

Stop wondering if your Drupal sites are healthy. Start knowing.

Managing multiple Drupal sites? Centralize all your updates, audit scores, and health metrics in one dashboard. No more logging into each site to check what needs attention.

The monitoring tool built by Drupal developers, for Drupal developers.

Update tracking Performance & Technical SEO Best practices detection
Install Free Create Dashboard Account

No payment required. Unlimited free projects. Upgrade when you need more.