Update automation sounds nice as long as you don’t think about your (heavily) patched Drupal project, right?
In this “recipe” I will explain how Drop Guard handles custom patches within an fully or partly automated update process.
1. Update release
An update got released on Drupal.org. Only a few minutes later, Drop Guard detects the update release information, such as update type and version.
A lot of Drop Guard users faced their first Highly Critical SA-CORE-2018-002 update within the PSA-2018-001 release last week. We interviewed a bunch of them and want to share Drop Guard’s performance with you. This means that we will share its achievements, its flaws and its “should have performed better”.
The Good - hard data about Drop Guard's victory
Until today, Drop Guard performed 7370 updates for Drupal agencies and their clients all around the globe.
I've collected a bunch of articles for you, where Drupal agencies describe their processes, workflows and experience with the Drupal update release PSA-2018-001.
Hard facts: The update was announced one week earlier and released on March 28th between 18:00 and 19:30 UTC. Due to the flood of site views and very motivated F5 finger exercises, Drupal.org was down for around an hour. Fortunately, the Drupal Community worldwide was prepared with snacks, pizza, and more pizza, remote hangman, and a lot of memes.
For detailed information, the Drupal Security Team provided this FAQ about SA-CORE-2018-002.
This article is meant to be a further step to raise agencies’ and also customers’ awareness of the huge expenses when it comes to update management in Drupal.
It’s not about promoting a single solution or product. It’s about getting more sensitive for processes which could or should be way smarter and more efficient than they are in most companies right now. It’s about creating processes which are ressource friendly, customer focused and support automation.
Hello everybody! You might've experienced some changes of the project settings interface already - here’s the broad summary of what makes Drop Guard more efficient and more powerful now: composer package manager mode, speeding up the setup of update type behaviors (with a short mode option) and live site monitoring.
A study from the North Carolina State University discovered that projects which are using open source libraries are updated 60% more often when using automatic updates via pull requests. The base of the study are 7,470 repositories on GitHub. This blog post is a summary of the most important facts and highlights of the methods, challenges and tools when it comes to use of automation for reaching a higher security level while using open source libraries.
There are 3 main facts why open source updates are a pain for developers
Developers are always busy and doing updates is no fun
Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.
Dip Your Toes in the Sea of Security - by James Titcumb
Automatic updates have been discussed since years already. The pro and con of letting Drupal update itself are discussed in different Drupal.org issues queues. It was not a big surprise that Dries mentioned automatic Drupal core updates as part of the strategic roadmap of Drupal in his Driesnote at DrupalCon Vienna 2017.
While working with other agencies and NGOs during the last 1,5 years, we collected more and more information about the time and money that Drop Guard will save your agency. On our website, we claim that Drop Guard will cut your update costs by 40%. CTOs and COOs want to challenge numbers like this and ask how exactly this ROI is calculated. That’s why I want to share the detailed information in this blog post with you.
Security updates are released every Wednesday. If you work in a Drupal shop that cares about security, you have to apply updates for every site every Wednesday or at least Thursday.
With the end of September, DrupalCon Vienna is also coming closer and we can't wait to welcome you to our booth #S08. As a Silver sponsor of the event, we'll have the chance to present continuous update management to you on site. But - we also can't wait to learn a lot from other agencies and attendees! At DrupalCon there's always a chance to learn something new, be it a whole new approach or a connecting piece of unidentified issues - by asking but most of all by listening.