How Security Scanning Works
SiteDash continuously monitors your Drupal sites against the official Drupal security advisories database. Each scan checks:
- Core version: Whether your Drupal core version has known vulnerabilities
- Contributed modules: Each installed module is compared against the security advisories feed
- PHP version: Your PHP runtime is checked for known CVEs
- Configuration risks: Common misconfigurations such as exposed admin paths or debug mode left enabled
Scan Frequency
Security scans run automatically every six hours. You can also trigger a manual scan from the site detail page by clicking Scan Now.
Interpreting Results
Each finding is assigned a severity level:
- Critical: Actively exploited or trivially exploitable vulnerabilities. Immediate action required.
- High: Serious vulnerabilities that should be patched within days.
- Medium: Moderate risk issues. Plan to address within your next maintenance window.
- Low: Minor issues with limited impact. Address when convenient.
Remediation Steps
- Review the advisory details linked from the scan results page
- Check whether a patched version of the affected module or core is available
- Test the update in a staging environment
- Deploy the update to production
- Re-run the SiteDash scan to confirm the issue is resolved
Notifications
SiteDash sends an alert whenever a new critical or high severity issue is detected. Configure your notification preferences in Settings > Alerts.