bluefly / secure_drupal

Enterprise security baseline extending security_review, key, encrypt, and compliance modules with FedRAMP, PCI, HIPAA, SOC2 automation and AI-powered security monitoring.

Maintainers

Details

gitlab.bluefly.io/llm/drupal-recipes//secure_drupal

Type:drupal-recipe

pkg:composer/bluefly/secure_drupal

v1.0.0 2025-08-14 00:19 UTC

Requires

php: >=8.1
drupal/core: ^10.3 || ^11

Requires (Dev)

None

Suggests

bluefly/alternative_services: Alternative service providers support
bluefly/api_normalizer: API standardization across providers
bluefly/gov_compliance: Government compliance features
bluefly/recipe_onboarding: Recipe system onboarding tools
drupal/admin_audit_trail: Administrative audit trail
drupal/admin_toolbar: Enhanced admin toolbar
drupal/advancedqueue: Advanced queue management
drupal/ai: AI integration framework
drupal/ai_provider_openai: OpenAI provider integration
drupal/antibot: Anti-bot protection
drupal/autologout: Automatic logout for security
drupal/backup_migrate: Secure backup and migration
drupal/captcha: CAPTCHA protection
drupal/config_split: Configuration management
drupal/consumers: API consumer management
drupal/ctools: Chaos tool suite
drupal/devel: Developer tools
drupal/eca: Event-condition-action framework
drupal/encrypt: Data encryption
drupal/entity: Entity API enhancements
drupal/entity_browser: Entity browser interface
drupal/entity_reference_revisions: Entity reference revisions
drupal/external_entities: External entity integration
drupal/facets: Search facets
drupal/facets_summary: Facets summary
drupal/feeds: Data import/export
drupal/field_encrypt: Field-level encryption
drupal/field_encryption: Advanced field encryption
drupal/field_group: Field grouping
drupal/field_permissions: Field permissions
drupal/field_validation: Field validation
drupal/gdpr: GDPR compliance
drupal/gin: Modern admin theme
drupal/honeypot: Spam protection
drupal/hook_event_dispatcher: Event dispatching
drupal/htmlpurifier: HTML purification
drupal/http_client_manager: HTTP client management
drupal/jsonapi_extras: JSON:API enhancements
drupal/key: Key management system
drupal/login_history: Login attempt tracking
drupal/masquerade: User masquerading
drupal/mcp: Model Control Protocol
drupal/openapi: OpenAPI documentation
drupal/openapi_jsonapi: OpenAPI JSON:API integration
drupal/openapi_ui: OpenAPI user interface
drupal/paranoia: Additional security hardening
drupal/password_policy: Password policy enforcement
drupal/pathauto: Automatic URL aliasing
drupal/project_browser: Project browsing interface
drupal/purge: Cache purging
drupal/purge_drush: Drush integration for purge
drupal/queue_order: Queue ordering
drupal/queue_ui: Queue management UI
drupal/redis: Redis cache backend
drupal/restui: REST UI management
drupal/schema_metatag: Schema.org metatags
drupal/search_api: Search API framework
drupal/search_api_db: Database search backend
drupal/search_api_solr: Solr search backend
drupal/seckit: Security kit
drupal/security_headers: Security header management
drupal/security_review: Security review
drupal/session_limit: Limit concurrent user sessions
drupal/shield: HTTP authentication for staging environments
drupal/simple_oauth: OAuth authentication
drupal/stage_file_proxy: Stage file proxy
drupal/tfa: Two-factor authentication
drupal/token: Token replacement
drupal/ui_patterns: UI patterns
drupal/ui_styles: UI styles
drupal/username_enumeration_prevention: Username enumeration prevention
drupal/vault: Vault integration
drupal/view_usernames: Username visibility control
drupal/views_bulk_operations: Bulk operations
drupal/webprofiler: Web profiler
drupal/workbench_access: Workbench access control

Provides

None

Conflicts

None

Replaces

None

GPL-2.0-or-later 904b8ff955934f913de5ff26f9822071209f93b7

LLM Platform Security Team <security.woop@bluefly.dev>

security drupal enterprise recipe hardening hipaa compliance pci fedramp soc2

dev-main
v1.0.0
0.1.1
0.1.0
dev-feature/mvp-config-file-renames
dev-development
dev-feature/mvp-recipe-enterprise-fixes
dev-feature/registry-support
dev-feature/0.1.0-security-modularization
dev-feature/0.1.0
dev-feature/infrastructure-sync
dev-feature/0.1.0-wip

This package is auto-updated.

Last update: 2025-11-22 18:28:18 UTC

README

FedRAMP-aligned recipe for government compliance and security-hardened Drupal installation.

Part of the OSSA Ecosystem - Security-hardened Drupal recipe with government compliance features.

Overview

This recipe provides a complete security-hardened Drupal installation with:

FedRAMP compliance framework
NIST 800-53 controls
Security monitoring and audit logging
Compliance validation and reporting
Government-grade security configurations

Installation

composer require drupal/secure_drupal
drush recipe:install secure_drupal

Features

Security-hardened Drupal core configuration
Compliance monitoring and reporting
Audit logging and trail management
Security policy enforcement
Government compliance validation

Part of the OSSA Ecosystem

This recipe is part of the OSSA (Open Standard for AI Agents) ecosystem:

OSSA - The open standard (specification)
Agent Buildkit - CLI for building and managing agents
Agent Studio - GUI platform for agent orchestration

OSSA-Compliant • FedRAMP-Aligned • Production-Ready

License

GPL-2.0-or-later