For several years, we did numerous audits for small to big websites, small agencies and huge corporations, and always faced the same issues. What should you look for when running a website audit? What tools could help you? At which level of disaster you should advice your customer to recode entirely the website? This session covers a methodology and set of tools to organize efficiently your Drupal websites audits https://drupalcampkyiv.org/node/73

1. Drupal audits made
FASTR
1

2. Hello!
2
I am David Ferlay
Web Architect
from Paris with Love
I am Alexey Gaydabura
Software Architect
El beast from Kharkov

3. 3
Summary
For several years, we did
numerous audits for small to big
websites, web agencies and huge
corporations, and often faced the
same issues.
▫ What should you look for when
running a website audit?
▫ What tools could help you?
▫ At which level of disaster you
should advice your customer to
recode entirely the website?

4. Table of contents
1. Why even care ?
▪ Issues commonly faced
2. What solutions ?
▪ From pre-sale to reporting
3. What results ?
▪ Based on a few recents audits
4
4. The political message
of an audit report
5. Surprise

5. 1.
Why even care ?
Let’s start with the issues commonly faced with audits

6. 1. Why even care ?
▫ "Audit" can mean different things for different people
▪ Business side, top manager side, project manager side
▪ Development team side
▫ "Audit" can be about different scopes
▪ it's about project as a whole
▪ Anomalies identified to put into perspective
▫ Conducting audits in a different way each time
▪ When we actually always looks at the same things
▪ So it could be written, iterated, updated together
6

7. 1. Why even care ?
▫ Losing time on audit setup
▪ Re-deploying locally takes (un-accounted for) ressources
▪ Reproducing prod env can be complex
▫ Redacting report results differently each time
▪ Every dev has its own way
▪ Every client has its own expectations
▪ Every tool has its own reporting "format"
7

8. 2.
What solutions did we find ?
An audit methodology from pre-sale to reporting,
making extensive use of templates

9. 2. What solutions did we find ?
▫ Pre-sale with a mind map
▪ Define client’s expectations ...
▪ Scope
▪ Direction
▪ Goal
▪ … using a generic mindmap
▪ Themes
▪ User stories
9

10. ▫ A strict methodology : Who do what + how
▪ Gitlab Wiki repository
▪ Themes, User stories
▪ Acceptance criterias
▪ Gitlab Code repository
▪ Sources to audit
▪ Resolved tasks .md output
▪ Story task branches
▪ Delivery in MR, use of comments
10
2. What solutions did we find ?

11. 11Example of gitlab wiki : Theme “Information structure”
��

12. 12Example of gitlab wiki : Theme “Information structure”
��

13. 13Example of gitlab wiki : User Story “Content type”

14. 14Example of gitlab task : Output template

15. 15Example of gitlab task : User Story “Content type”

16. 16Example of gitlab MR list, created for each task & story

17. 17Example of gitlab task : User Story “Content type”

18. ▫ A strict methodology : Who do what + how
▪ Automated tools : For analysing source code & generating reports
▪ PHP version support (PHP Code Fixer)
▪ Drupal standards (PHP Code Sniffer)
▪ Code complexity (PHP Mess Detector)
▪ Static Analysis Tool (PHP Stan)
▪ PHP Copy/Paste Detector (PHP Cpd)
▪ Symfony Security Checker
18
2. What solutions did we find ?

19. ▫ Audit setup with sources only
▪ no DB, no local build
= tons of time/money saved
+ GDPR compliant
▫ So how ? ag, grep, vim
▪ D8 > yml config files
▪ D7 > feature files
▪ Php custom code
19
2. What solutions did we find ?

20. ▫ Using standard templates for report
▪ Main report :
▪ Presentation template to use as starter
Summary > rating by theme > recommended actions
▪ Oral strategic presentation & discussion
▪ Annexes :
▪ .md task output converted to .pdf (using md-to-pdf)
▪ Included for a more technical audience
20
2. What solutions did we find ?

21. Let’s summarize
Pre-sale with a mind map
Show all that’s possible
Define scope with client
Listen to direction/focus
given
Write down acceptance
criterias
For each and all user stories
Confront opinions of devs &
pms
Iterate and improve all along
Distributes work meaningfully
Do not leak data & accesses
given by client
PM also has tasks (docs)
Plan for dev-pm discussions
21
Conduct audit
Look at code, not content
Don’t spin up site locally
Use automated tools in
docker
Use your CLI skills (ag, grep)
Deliver audit result
Use an audit task template
Use branches and MR
Use comments to discuss
Use git to version task
results
Format reports
Start from a generic ppt template
Stick to the same plan (audience)
Convert markdown output to pdf
Package all and send in advance
➊ ➋ ➌
➍ ➎ ➏

22. 3.
What results
with this new methodology ?
REX from a few audits performed that way

23. Better everything
▫ Time spent, global planning, report quality +
knowledge gained + data responsibility
▫ Better guidelines and communication
▫ Set the base for more automated audits
▫ Distribute & scale tasks in a meaningful way : PM, devs
23
Downsides
▫ Unsettling approach (client, dev)
▫ Would be harder in certain cases (D7 without feature)
▫ Automated reports are verbose
▫ Writing final report (presentation) still takes time

24. 4.
The political message of
an audit report
Think twice

25. Typical quirk
▫ Audits are often asked to "condemn"
▫ Don’t fall into this trap
What you can do about it
▫ Use them as the opportunity to
▪ learn from someone else's mistakes
▪ Provide constructive feedbacks
▪ Show the directions for improvements
▪ Good occasion to spread good practices
25
4. Advices on the political message of audit report
That’s how we grow as a Community

26. 5.
Surprise

27. Alexey will now tell you
his best joke
also ...
27

28. 28

29. 29
hires worldwide
Backenders, Frontenders, QA, DM, PM, PD, DevOps

30. 30
Thanks!
Any questions?
You can find us around our Drupalcamp stand
& on drupal.org or skilld.fr
This template is free to use under Creative Commons Attribution license and courtesy of www.slidescarnival.com

31. 31Our generic pre-sale mindmap (using freemind)