GSoC 2015 - Security Review D8 - Wrap up

I've spent most of this summer working on the Drupal module called Security Review. My project was porting it to Drupal 8 as part of Google Summer of Code 2015. I'm happy to say that the requirements have been met long before the end of the programme, so there was no rush at the end of the coding period.

How it all started

It all started with a simple Facebook post in my faculty's FB group. I didn't even notice it as I was too busy learning for a midterm, but thankfully my friends were kind enough to procrastinate at the time and showed me the link to GSoC. It didn't take long until I found that Drupal would be a perfect candidate for me, even without any experience related to it. So I took a leap of faith and started writing a proposal for the project that I liked most, "Port security_review to Drupal 8". I liked the cause (eliminate security vulnerabilites from misconfiguration), the freedom of designing a new architecture from scratch and the GSoC t-shirt I hope I will soon receive.

Preparation for GSoC

Drupal requires GSoC student candidates to complete the ladder called Getting Started with Drupal for GSoC Students. This is really a necessity as it teaches the basics which students will need numerous times during working on Drupal.

Finishing the ladder, I've tried to get a mentor for my project as it didn't have one, and who could be better than the module's owner!? So I went ahead and contacted coltrane, who then shortly accepted to be the mentor of the project. He is pretty awesome and helpful, I really enjoyed working with him.

Writing a good proposal might have been the hardest part of the whole project, so I advise every future student to take their time to work out a really good one. There are links to a lot of resources in the Google Summer of Code Drupal group that were really helpful, so I highly recommend future students to read everything they can find there.

After the proposal

Days went by and finally the accepted projects were announced and I could see my name in the list. Of course I celebrated the event properly, but soon I had to realize that all of this won't be easy. Finals here in Hungary started on 25th May... yes, the same as the coding period. So I went ahead and did a little work on the module before finals so that I would be able to concentrate on my studies on the first week. I was soon ready with some parts of the module that meant 1-2 weeks worth of work according to my proposal, so all I had to focus on were my finals. Writing 4 exams in 1 week and passing all of them is very hard and I don't recommend it to anyone as the stress levels get way too high, but I somehow managed to do it.

Starting the work on the second week I was so relieved that my summer had finally started and I could do what I was waiting for: coding. Of course GSoC is not just programming, there are meetings students have to attend: one every week with the organization admins (we could choose from 2 meetings, whichever worked best in our timezone) and one or more with our mentor(s). I've had all my meetings on tuesdays so that I could work more flexibly on the other days. Another thing that is required that does not involve coding is maintaining a blog. Students have to write a blog post every week about their progress in a way that anyone who is not familiar with their project or GSoC will be able to understand it, also it should be written in a Drupal Planet compatible way, so the word about GSoC can be spread.

My task was mostly doing what I wrote in the proposal's timeline, but sometimes I had to solve issues posted on my GitHub (by my mentor) and also in the issue queue (by the community). In the first couple of weeks I did 10-12 hours of work a day and needless to say that got me ahead of my schedule fast. Soon came the midterm evaluation and I was about 75% done with the project. The evaluation itself didn't require much interaction from my part, I just had to fill a short questionnaire about my progress and my thoughts about the project and my mentor.

The second coding period went much slower. On average I think it's safe to say that I did no more 20-30 hours of work per week. Slow weeks may sound nice at first, but aren't actually enjoyable. Still, the module got finished around week 9 or 10 and the last few weeks were spent with polishing it and looking for ways to improve it.

The results

What I learnt

Before GSoC I had, let's say, pretty limited knowledge about Drupal. All I knew is that it exists. Now I'm familiar with how to operate a Drupal website, how to write modules for Drupal 7 and 8 that don't just work, but also use the technologies provided by Drupal. By learning Drupal 8 one can learn a bit about Symfony 2 too, as D8 uses a lot of S2 components.

After GSoC 2015

I have plans for Security Review 8.x-2.x, I also wish to have time to make a Drupal based website for myself to get familiar with site building using Drupal. So in conclusion I will definitely keep working with and on Drupal in the future.


I would like to thank Slurpee and cs_shadow for dedicating their valuable times for the weekly check-in meetings that sometimes took hours and a huge thanks for Ben Jeavons (coltrane) for providing fast and valuable help and an amazing summer! Also I would like to thank for the free membership, it was pretty useful, I wish I started to use it sooner. And last but not least I would like to thank the Google Summer of Code organizers for the opportunity and the amazing experience.