Agenda

Start the day with FLDC updates, thank you's, and announcements!

Learn how volunteers from the Drupal community built a platform that provides instant demos of Drupal site templates and how you can use Drupal Forge to market amazing Drupal services.

Ever feel like requirements gathering produces documents nobody reads, leaving developers guessing what stakeholders actually want? Or ship a feature only to hear "that's not what I meant"? 

There's a better approach: collaborative workshops where stakeholders, developers, and testers work through concrete examples together—defining requirements in plain language that become your automated tests. No more translation gaps between what's requested and what's built.

In this session, you'll learn a workshop technique called Example Mapping that transforms vague feature requests into clear, testable requirements. We'll walk through how these examples written in plain language flow directly into automated tests using Behat and Behavior Driven Development (BDD), turning those examples into tests that automatically confirm you built the right thing.

What you'll learn:

• Learning how to facilitate a collaborative requirements workshop with your team
• Using the four-color card system (stories, rules, examples, questions)
• Writing examples in plain language that everyone can understand
• Translating examples into automated test scenarios for Behat
• Integrating this testing approach into your Drupal development workflow
• Real-world examples from Drupal projects

Who should attend:

This session is for developers, project managers, business analysts, and anyone involved in defining or building Drupal features. No prior testing experience required.

Security and privacy compliance certifications—like SOC 2 (a leading audit standard for security, availability, and confidentiality) and HITRUST (a healthcare-focused security framework) — are becoming requirements for healthcare, finance, and other high-trust industries. Waiting until audit season to start to prepare can be overwhelming.

This session shares engineering-side lessons from Encore Healthcare’s journey to SOC 2 and HITRUST readiness. Instead of a checklist of requirements, we’ll focus on designing systems, processes, and documentation so you’re always ready to provide evidence to an auditor. We’ll walk through how we integrated compliance into our SDLC, infrastructure, access control, logging, and team processes—what worked, what didn’t, and the pitfalls we wish we’d avoided.

You’ll leave with a blueprint for making security compliance part of your natural engineering workflow, not a stressful scramble.

Learning Objectives

By the end of this session, attendees will be able to:

1. Apply engineering practices (SDLC, logging, IaC, access control) that generate audit-ready evidence automatically.
2. Perform internal reviews (onboarding checklists, policy adherence, vendor management) that reduce last-minute compliance gaps.
3. Develop a practical plan for working with consultants, clarifying ambiguous audit requests, and avoiding common pitfalls in SOC 2/HITRUST readiness.

Target Audience

• Engineering leaders and senior developers responsible for compliance-sensitive Drupal applications
• DevOps and infrastructure teams preparing for SOC 2 or HITRUST
• Technical managers balancing product delivery with compliance requirements

Prerequisites

• Familiarity with modern software development practices (version control, CI/CD, IaC)
• Experience operating Drupal or other SaaS/web applications in production
• No prior compliance experience required — this is about engineering preparation, not legal fine print

With git worktree it's easy to have multiple versions of your Drupal project checked out into different directories.

And DDEV has a special feature to let you have the name of the project be determined by the directory it's in.

So you can have the same git repository checked out 5 places and all 5 of them (with different features or bugs or whatever) running at the same time.

This is surprisingly easy and pretty mature stuff. Take a moment with it and we'll have fun!

Single Directory Components have changed the way some Drupal sites are themed. Drupal Canvas (formerly Experience Builder) has the potential to change how some Drupal sites are built. What happens when both are available widely?

In this session, we'll take a look at how to create forward-looking Single Directory Components that will integrate nicely with Drupal Canvas. We'll cover the basics of SDCs (especially their component.yml files) as well as demonstrate SDC usage inside of Drupal Canvas.

Drupal sites rarely stay simple for long. New content types, fields, roles, and menus are added over the years, often by different teams. When it is time for a redesign, a migration, or a new feature, one of the most complex parts is answering basic questions like “what is actually on this site,” “what is still in use,” and “where is this configured.”

This session will examine common discovery challenges and demonstrate how the Audit Export module can provide a clear, repeatable view of a Drupal site. We will focus on how Audit Export helps you prepare for redesigns and migrations, understand inherited projects, and keep ongoing work grounded in the actual structure of the site.

You will see how to run the built-in reports from the admin UI to review content types, fields, roles, menus, taxonomy vocabularies, and views. From there, we will examine scheduling those audits to run regularly, exporting results to CSV for your team, and utilizing Drush commands to integrate audits into technical discovery, deployment, and maintenance workflows. Along the way, we will briefly note that Audit Export is also available as a plugin for WordPress, allowing the same approach to be used across mixed Drupal and WordPress portfolios.

To conclude, we will explore how the Audit Export Tool submodule exposes audits through Drupal’s Tool API, enabling other systems to interact with them in a structured manner. This opens the door to automation and deeper analysis, including integration with modern tools like ChatGPT and Claude when you are ready to explore AI-assisted workflows.

You will leave with a clear understanding of:

• How to use the default Audit Export reports to understand site structure quickly
• How to add custom reports for site-specific entities and business rules
• How to schedule and automate audits with cron and Drush
• How the Audit Export Tool submodule and Tool API prepare your site for integration with external tools

No prior experience with automation or AI tools is required. Basic familiarity with Drupal administration or development is recommended.

Sunday lunch is typically pizzas, salads, and soft drinks from a local pizza restaurant. We'll be sure to accommodate any vegetarian and vegan needs.

Why contribute?

The more that people contribute, the stronger Drupal becomes. The more polished and refined the project is, the more job security we all have.

Why sprint?

It’s an excellent opportunity to connect with other contributors, help collaborate and brainstorm, and move the Drupal project forward. Contributing is a fantastic way to receive feedback and build skills while learning from those more experienced.

Not a coder or new to tech?

That’s great! It’s your turn to shine.

Not everyone who works on Drupal is a developer: Project Managers, Customer Service, and those who hold non-technical roles can all give back to the community. Code is important, but so are all the other parts.

We got you covered!

There will be mentors available for those who need a little help to get started.

We will make sure you stay caffeinated, fed, and hydrated.