What benefits can I expect after signing up for Drop Guard?

Just to mention a few:

  • Spending less time on update process and website maintenance, thus reducing costs and improving the efficiency of your business;
  • Ensuring continuous security of the contributed modules, libraries, and Drupal core of your website around the clock;
  • Performing updates automatically in a highly controlled environment aligned with your QA process;
  • More efficient selling of Support Level Agreements to your customers;
  • One platform to centralize the whole update process provides an all-around overview of your projects.

What do automatic updates mean?

Drop Guard works in alignment with your Git-based workflow, which means that no updates or modifications will be ever pushed directly to your server without control about what happens. Drop Guard performs actions against the local copy of the Git repository and only affects the branches, (or spins up new branches) as per project configuration. You can, for example, configure Drop Guard to apply highly critical or critical security updates automatically right after they’re released, but again - all the updates will be pushed to the appropriate branches and it’s your call on how and when to deploy them. Integrated with your CI system, Drop Guard can let you test the updates on a separate instance, run automated tests via ssh commands and/ or visual regression tests with the Backtrac integration or let you test manually and deploy to live after your approval.

What makes Drop Guard unique?

Drop Guard combines two categories of the Saas market which are still offered separately:

1. Monitoring of updates Unlike Update Manager and similar online services, Drop Guard does not only detects the available updates but allows to group them into categories by their importance (so called “update types”). It allows fine-grained control of an individual set process pipeline when the update of a certain type was detected.

For example, you may want to notify your developer in case the normal update for a module was released, but in the case of a highly critical update the lead developer gets the “urgent type” email and a @channel message in Slack could be created.

2. Actually Applying and Deploying Updates as well Drop Guard is not just about monitoring; it’s about taking action in a controlled environment. The platform enables your team to set up your individual update workflow and integrates with your tools as well.

Drop Guard combines the best of two worlds, and how it is used is your choice!

Can I use my favourite CI or testing tool with Drop Guard?

Writing tests in Behat or PhpUnit, running them with TravisCI and deploying with Jenkins, at the same time calling your coffee machine via the API to prep the perfect espresso when the build passes? We’ve got you covered!

Drop Guard’s architecture was initially designed to be extensible by any number of external tools a developer might use in their workflow, no matter how complex it is. When certain events occur, you can send the HTTP request to the CI server, or execute SSH commands on your server - the possibilities are limitless.

When certain events occur, you can send the HTTP request to the CI server, or execute SSH commands on your server - the possibilities are limitless.

Just an example - let Drop Guard create a feature branch for a module update, spin up a feature branch instance out of that branch, run your automated tests via ssh commands and/ or visual regression tests with the Backtrac integration, and notify your QA team.

When the QA team is satisfied with the results and sets the update task on “test passed”, let Drop Guard merge a feature branch back, run tests again, and trigger a deployment to the dev server.

After you set up a project like in this example above, this pipeline will be processed for an update type automatically, until you want to change the behavior.

Is there a hosted version of Drop Guard available?

If you are running behind a private VPN, firewall or on the local network, please contact us via info@drop-guard.net for our solution for you!

What level of expertise is required to use Drop Guard?

In general, Drop Guard is made to be used by developers and also non-developers so that everyone of your team could be included if needed.

To enjoy the full potential of Drop Guard you should at least:

  • Have a basic knowledge of Git and have your code committed to a Git repository;
  • Have a way to deploy (pull) the code from the Git repository to your production server. It can be the full blown CI system, or a simple bash script doing “git pull”. You can also configure Drop Guard to login to your server and run the deployment commands locally, so no extra tools or scripts are needed.

Is Drop Guard intended to replace my current workflows?

Absolutely not. Instead of trying to replace the existing workflows and habits, Drop Guard integrates into your processes with minimal changes required from your side. Once configured properly, Drop Guard runs silently in the background, notifying you and your tools when certain events are worth paying attention to. We can tell that you won’t like to miss this team member again.

My website is heavily patched, will Drop Guard work for me?

Sure! When Drop Guard detects a code modification in one of the modules or Drupal core, it makes a patch out of it, does the update job, and tries to reapply the previously generated patch on top. With this mechanism, no code modifications will get lost after updates have been processed.

In the case of success, the update is considered as “passed” and you will get a nice overview on what was patched and a full auto generated patch output. In case the patch fails to apply, the update process stops, and you get a notification about the error.

Pro tip: This way Drop Guard can be used to detect malicious code inserts, debugging code left by a careless developer, or accidental code modifications. If you face any issues with a (heavily) patched website, you can always reach out for our support via support@drop-guard.net or join our Slack channel.

Do you provide any testing capabilities?

At the moment Drop Guard doesn’t do any testing by itself - it’s up to you which testing system or approach you’d like to use. You can integrate visual regression testing directly with our Backtrac Beta integration. However, we are considering native integrations with more external testing services. If you are interested or have a tool to suggest - please contact us via info@drop-guard.net

Can Drop Guard be used as a deployment tool?

By default, Drop Guard is not implied to be a deployment tool. There are plenty alternatives to choose from, both paid and free, complex and simple.

However, you can configure Drop Guard to run the deployment scripts on your live server, or even login via SSH and execute any number of commands locally needed to deploy the code.

Why should I install the Drop Guard module on my website?

The Drop Guard module isn’t a requirement anymore. It helps us with fetching the information on enabled modules and themes and their versions. If you use composer and don’t need to monitor the actual modules on your live site, you can use Drop Guard easily without installing its module. Your module information will be checked directly within your composer.lock file.

How secure is Drop Guard itself?

Drop Guard is as secure as your server, and Drupal installation are. It acts on the copy of the Git repository without requiring server access. The client module transfers data on enabled projects over an encrypted connection, and we use 4096 bits keys to connect to your Git repository.

How much time is needed to integrate Drop Guard into my current workflow?

Depending on your experience and knowledge, it can be as low as 30 minutes of your time to learn the basic concepts and run your first project with Drop Guard.

For more complex workflows, a bit of clicking around and experiments is required, so the time may increase.

You can easily clone a project’s settings if you like to, so the setup time decreases to 5 minutes.

Always remember, though - the time spent on learning and configuring Drop Guard will allow you to save countless hours in future.

Besides, we are always happy to assist you in setting up your first projects in a hands-off session with Drop Guard expert. Just leave a note at support@drop-guard.net.

Can Drop Guard work with Acquia Cloud, Platform.sh and Pantheon?

Sure! You can use Acquia Cloud, Pantheon, Platform.sh or any other hosting provider with Drop Guard. If you think your provider is not supported or having trouble with setting Drop Guard on it, just contact us, and we’ll investigate the case.

What Drupal versions does Drop Guard support?

Drop Guard provides full support for Drupal 7 and Drupal 8. Earlier versions can not be used with Drop Guard, as they are not officially supported anymore.

Can Drop Guard break my site? And if yes, who will be responsible for it?

Drop Guards acts on the copy of the Git repository and doesn’t require access to the live server, so there is no chance it will break the website.

However, due to the Drop Guard’s flexible configuration possibilities, it is very much possible to configure it to execute harmful commands.

Drop Guard is not a magic bullet and an answer to all possible problems. In the end, it’s a tool to assist a team in its update process routine. All the actions and commands entered into the project configuration are the responsibility of the person who configures a project.

We always recommend to test SSH commands and deployment hooks before saving the configuration and work with development and feature branches avoiding pushing things directly to the production branches.

Do you provide a trial period or a free website to try Drop Guard?

First of all, Drop Guard can be used for monitoring of any number of websites completely free of charge. Just connect Drop Guard to your Git repository and the website and enjoy the robust notification system, 3rd party tools integration and other integration capabilities. You can even create tasks in your project management system when the new update arrives.

However, if you decide to let Drop Guard taking care of the updates for you, you can try it for 1 month for free. If you need more time - just let us know and we will find a solution.

Do you support any project management system?

At the moment we support Jira and Redmine. If you want your project management system to be added, just send us a note.

Where can I download the Drop Guard badge to put it on my website?

To show that you care about security and continuous updates, you can put a little badge on your website. The HTML code can be downloaded here.

Does Drop Guard support Composer- or Drush makefiles- managed websites?

At the moment Drop Guard supports Composer-managed websites. An official Drupal.org repository and the Drupal Composer Packagist are supported. Instead of updating the actual Drupal codebase in your Git repository, Drop Guard makes changes to the composer.lock file, filling it with proper modules and core versions as per Update behaviour configuration, then runs "composer update" command and pushes the changed files to your Git repository. It is a responsibility of a user to configure the appropriate Drop Guard actions for running deployment commands in the local shell or use a CI.

Does Drop Guard support projects checked out from Git? Added as Git submodules?

Drop Guard provides support for git submodules and projects checked out from drupal.org git repository. In the latter case, you will need Git deploy module installed for the Update Manager to fetch currently installed project information.

Does Drop Guard support dev versions of modules?

Yes. In the event of dev version detection, Drop Guard will compare project's datestamp with the datestamp of the latest "recommended" release, and if your version is older than the recommended one, an update will be offered. Otherwise, no update task will be created, and you are free to stay on the dev version for as long as you wish.Yes. In the event of dev version detection, Drop Guard will compare project's datestamp with the datestamp of the latest "recommended" release, and if your version is older than the recommended one, an update will be offered. Otherwise, no update task will be created, and you are free to stay on the dev version for as long as you wish. However, if the newer "recommended" release appears, and you still want to remain on the dev branch, it is mandatory to exclude the module from updates, or just ignore the update task created for it.

Does Drop Guard update Drupal core?

Absolutely. Drop Guard takes care of the Drupal core and contributed modules updates.

Is database access required to connect Drop Guard to my site?

No. Drop Guard never asks you to provide the database access details, because the only thing it deals with is the codebase managed by Git.

Where are your servers located?

The underlying infrastructure is located in Germany.

How can I exclude single modules from an update process?

Depending on your site configuration, you can exclude a module from an update process in two ways:

You will find an “exclude from updates” button on the “Modules and tasks” page within your project overview.

Update process

For composer-based projects, all restrictions could be specified in composer.json file (to avoid updates, you need to specify the specific version of any module there) and enable the “respect version constraints” mode on the “Site config” tab of the configuration screen within your project. In this case, tasks will still be created within an update process, but no module will be updated.

Update process 2

Is the patching process the same for a Composer managed D8 site as with a non-composer managed D7 site?

No. When you are using composer (doesn't matter if in D7 or D8), the patching process differentiates from the case when modules are placed in the repository directly. Within a composer managed process you can use the internal patching mechanism from composer. Drop Guard doesn’t apply any custom patche solutions in this case.

How much time does Drop Guard need to display the available update?

It can take up to 10 minutes until Drop Guard displays you the release update within all of your projects.

Why are some updates displayed without a security type and need to be set manually by the Drop Guard team?

When Drop Guard detects any new release information for a module update, it first checks one parameter: is it a security-related update or not? After that, Drop Guard tries to get the information about the specific update type for all undefined security releases on Drupal.org. If Drop Guard can't detect it automatically, our Drop Guard team solves this manually. New tasks will be created only after this was defined.

There was a Security update release but Drop Guard didn't create an update task. What might have happened?

a) Drop Guard didn’t detect the latest release yet. It can take up to several minutes for it.

b) Drop Guard didn’t detect the specific update type for the latest release. In this case, our team will set the update type manually and you can create new tasks for the released update.

c) Drop Guard didn’t create an update task for this module in your project yet.

d.) Some of your configurations withhold Drop Guard to create tasks properly. You can always ask our support team for help via support@drop-guard.net or join our Slack channel.

Your questions weren't mentioned above? Leave a comment or contact us - we're looking forward to your suggestions!