├── .github
└── workflows
│ └── hacktrack.yml
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── ca8467c41b9abc10ce0f62c3b24bcbaa
├── README.md
├── author_elective_update
│ ├── scan_linter_check_c2db61672f561110a1803e0ef699b64b.xml
│ ├── scan_table_check_0306196a07221110e765f9fc7c1ed07b.xml
│ ├── scan_table_check_d44f0a4097b29510dd0178300153af7e.xml
│ ├── scan_table_check_e660164097b29510dd0178300153af2e.xml
│ ├── scan_table_check_eb21adf797697110710650081153af9c.xml
│ ├── scan_table_check_fbdce17f2fb2fc505dcb59ab2799b6d0.xml
│ ├── sys_scope_privilege_3a88af181b1afc10ce0f62c3b24bcbca.xml
│ ├── sys_scope_privilege_3e88af181b1afc10ce0f62c3b24bcbd2.xml
│ ├── sys_scope_privilege_4da9ef581b1afc10ce0f62c3b24bcb9e.xml
│ ├── sys_scope_privilege_7a88af181b1afc10ce0f62c3b24bcbd0.xml
│ ├── sys_scope_privilege_7e886f181b1afc10ce0f62c3b24bcbda.xml
│ ├── sys_scope_privilege_ba88af181b1afc10ce0f62c3b24bcbcc.xml
│ └── sys_scope_privilege_dfc9a3981b1afc10ce0f62c3b24bcb34.xml
├── checksum.txt
├── sys_app_ca8467c41b9abc10ce0f62c3b24bcbaa.xml
└── update
│ ├── scan_column_type_check_4514d5c7400730107f44dbb3b15cf295.xml
│ ├── scan_column_type_check_57d17e91c3dd56108dbc32f1b4013125.xml
│ ├── scan_column_type_check_c5493fd897523110839d76021153afb8.xml
│ ├── scan_column_type_check_ee62ee7e97b131106c7cfed11153af4f.xml
│ ├── scan_linter_check_0b7623d41b1afc10ce0f62c3b24bcb24.xml
│ ├── scan_linter_check_0eeac3042f0730103307235df699b6d1.xml
│ ├── scan_linter_check_1043deaf2ffa7c505dcb59ab2799b6a6.xml
│ ├── scan_linter_check_1c72ae442fc370905dcb59ab2799b6e2.xml
│ ├── scan_linter_check_22a19fd62f4778105dcb59ab2799b6e5.xml
│ ├── scan_linter_check_266f89b32f2d7110d53f821df699b626.xml
│ ├── scan_linter_check_2e2a8fc02f0730103307235df699b659.xml
│ ├── scan_linter_check_4986078c2f6330d05dcb59ab2799b6d9.xml
│ ├── scan_linter_check_4bdb65272f561110a1803e0ef699b68e.xml
│ ├── scan_linter_check_51e943c02f0730103307235df699b64b.xml
│ ├── scan_linter_check_85c352ae2f3db11002eb2ca62799b68e.xml
│ ├── scan_linter_check_88cb65272f561110a1803e0ef699b688.xml
│ ├── scan_linter_check_90db61672f561110a1803e0ef699b648.xml
│ ├── scan_linter_check_b46a4fc02f0730103307235df699b6e0.xml
│ ├── scan_linter_check_c0f4d1102f87b0905dcb59ab2799b693.xml
│ ├── scan_linter_check_d58d1d3f2f6d7110d53f821df699b63d.xml
│ ├── scan_linter_check_e09640b5158330107f4499658835edbb.xml
│ ├── scan_linter_check_f7cb61672f561110a1803e0ef699b618.xml
│ ├── scan_script_only_check_0376b5332f21b110d53f821df699b664.xml
│ ├── scan_script_only_check_0dfff25a2f83301002f0ffecf699b649.xml
│ ├── scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml
│ ├── scan_script_only_check_266f17f52f121110a1803e0ef699b6a1.xml
│ ├── scan_script_only_check_46f6b819834592106137b6cfeeaad352.xml
│ ├── scan_script_only_check_4cfd41f82f43f0107c12db9df699b691.xml
│ ├── scan_script_only_check_63ddf5782f6691104f07a1fef699b624.xml
│ ├── scan_script_only_check_6b832a7953d1d61000b51901a0490e24.xml
│ ├── scan_script_only_check_718e43b42f2330100b40bea62799b67f.xml
│ ├── scan_script_only_check_7f8a38342f0330103307235df699b6b3.xml
│ ├── scan_script_only_check_9c5f1fb52f121110a1803e0ef699b6ad.xml
│ ├── scan_script_only_check_d11fd7f52f121110a1803e0ef699b601.xml
│ ├── scan_script_only_check_fb01f46edb7a9190c4ebc5860596190b.xml
│ ├── scan_table_check_003db2922f43301002f0ffecf699b617.xml
│ ├── scan_table_check_01342bc1c3ed12103acc7275e40131eb.xml
│ ├── scan_table_check_01c1c08ec3a19610afa6fc84e401310d.xml
│ ├── scan_table_check_076448b12ffd311002eb2ca62799b628.xml
│ ├── scan_table_check_110515e547819210b8ca0b02d16d4308.xml
│ ├── scan_table_check_1284f489879a855009eaed3e8bbb35d6.xml
│ ├── scan_table_check_12b47a84977211108e72fed11153af8e.xml
│ ├── scan_table_check_145e91272f367c505dcb59ab2799b6c0.xml
│ ├── scan_table_check_1d39dcb22ff9b110b0b62d5df699b6a2.xml
│ ├── scan_table_check_22407c16473d35103899fa37536d43e3.xml
│ ├── scan_table_check_22a8ebad2fd3301036c51e282799b6b4.xml
│ ├── scan_table_check_28d33b441bdabc10ce0f62c3b24bcbcb.xml
│ ├── scan_table_check_2b77e92f2fb67c505dcb59ab2799b61f.xml
│ ├── scan_table_check_2ca086f597d25d10e6cd3bc3f153afee.xml
│ ├── scan_table_check_2dfd38d983ed1210e0def6d6feaad3ee.xml
│ ├── scan_table_check_306c378183c5d2100283b955eeaad3f5.xml
│ ├── scan_table_check_310106cb2fa57110d53f821df699b661.xml
│ ├── scan_table_check_31a4075807f61110ce33f61d7c1ed0e9.xml
│ ├── scan_table_check_33687cb02f0330103307235df699b685.xml
│ ├── scan_table_check_352f210a97e211108e72fed11153af7f.xml
│ ├── scan_table_check_3b163adc2f9bb4505dcb59ab2799b616.xml
│ ├── scan_table_check_42653cc9879a855009eaed3e8bbb35f3.xml
│ ├── scan_table_check_4b353cc9879a855009eaed3e8bbb35ed.xml
│ ├── scan_table_check_532dc24e976611108e72fed11153af9a.xml
│ ├── scan_table_check_552c3f3a400330107f44dbb3b15cf2f8.xml
│ ├── scan_table_check_589b8c9283251210a765fecfeeaad37a.xml
│ ├── scan_table_check_5adc555e2f9b30100b40bea62799b6e3.xml
│ ├── scan_table_check_62e0ecfa2ff9b110b0b62d5df699b6ee.xml
│ ├── scan_table_check_659f29c297e211108e72fed11153af44.xml
│ ├── scan_table_check_6b1a4ee9c34d9210193f37cc0501312e.xml
│ ├── scan_table_check_6db4a7081b9abc10ce0f62c3b24bcbd0.xml
│ ├── scan_table_check_6f14fe555359161000b51901a0490ef9.xml
│ ├── scan_table_check_7334dda283455210ae0854b6feaad378.xml
│ ├── scan_table_check_7558925a83211210533ecc50ceaad346.xml
│ ├── scan_table_check_7589e10ebc0330107f448f0d4936142b.xml
│ ├── scan_table_check_76dc11c747011210b8ca0b02d16d439a.xml
│ ├── scan_table_check_7741e65ac3291210766bb3edd40131e6.xml
│ ├── scan_table_check_77a6af2f1b363c10b32c642aab4bcb36.xml
│ ├── scan_table_check_7818ddaa07221110e765f9fc7c1ed0a5.xml
│ ├── scan_table_check_7c3f6f6b1b763c10b32c642aab4bcb10.xml
│ ├── scan_table_check_889f5a42976a11108e72fed11153af50.xml
│ ├── scan_table_check_88fbb74c1bdabc10ce0f62c3b24bcb22.xml
│ ├── scan_table_check_8adbad272f561110a1803e0ef699b626.xml
│ ├── scan_table_check_8b90df49839112107b681390ceaad3be.xml
│ ├── scan_table_check_8ddb61672f561110a1803e0ef699b68b.xml
│ ├── scan_table_check_8de1905683e512103d6c98c6feaad3b9.xml
│ ├── scan_table_check_952af3c81bdabc10ce0f62c3b24bcbb6.xml
│ ├── scan_table_check_98b51b14477131108fc4750cd36d436c.xml
│ ├── scan_table_check_9d4676f6c34d52d08dbc32f1b4013165.xml
│ ├── scan_table_check_a1544896c3211210d419de1d050131e8.xml
│ ├── scan_table_check_a6f17e0e47d156109c6152e1d16d43d5.xml
│ ├── scan_table_check_ae4970f02f0330103307235df699b60b.xml
│ ├── scan_table_check_b04679fb2ff2fc505dcb59ab2799b623.xml
│ ├── scan_table_check_b31e1c5c2f0e7110b0b62d5df699b619.xml
│ ├── scan_table_check_b68a2d5ac3111210eb11ba2ed40131fa.xml
│ ├── scan_table_check_b8ae9202976a11108e72fed11153afee.xml
│ ├── scan_table_check_b909b0f02f0330103307235df699b62c.xml
│ ├── scan_table_check_ba0c998d875251106b0f20af8bbb3515.xml
│ ├── scan_table_check_bb3bf7a31bf63c10b32c642aab4bcb75.xml
│ ├── scan_table_check_bd68e1cabc0330107f448f0d49361473.xml
│ ├── scan_table_check_c4b11137c3511210eb11ba2ed4013189.xml
│ ├── scan_table_check_cc993cf02f0330103307235df699b60d.xml
│ ├── scan_table_check_cdd8763a8301121059f46b70deaad38b.xml
│ ├── scan_table_check_cf0d6b87c3951610eb11ba2ed4013162.xml
│ ├── scan_table_check_cf9d1010c34916908dbc32f1b4013184.xml
│ ├── scan_table_check_d3f47b4b97823110dd0178300153af08.xml
│ ├── scan_table_check_d4be41f82f43f0107c12db9df699b69d.xml
│ ├── scan_table_check_dcc8978c2f4a7110b0b62d5df699b603.xml
│ ├── scan_table_check_dcd18896c3211210d419de1d05013128.xml
│ ├── scan_table_check_df3c9331470271103899fa37536d43ca.xml
│ ├── scan_table_check_e19656212ff1311002eb2ca62799b639.xml
│ ├── scan_table_check_e6cb0310073a1110ce33f61d7c1ed052.xml
│ ├── scan_table_check_eb1388ea2f2a91108e343e0ef699b6b0.xml
│ ├── scan_table_check_f0e1a8581b27705088d943fddc4bcbc3.xml
│ ├── scan_table_check_f9f9659e977931106c7cfed11153afc7.xml
│ ├── scan_table_check_fbdce17f2fb2fc505dcb59ab2799b6d0.xml
│ ├── sys_relationship_55e9076607933850be01f03c7c1ed0b2.xml
│ ├── sys_relationship_62b6cf6207933850be01f03c7c1ed06d.xml
│ ├── sys_relationship_84c903a607933850be01f03c7c1ed09d.xml
│ ├── sys_relationship_eb33476e07533850be01f03c7c1ed0fa.xml
│ ├── sys_ui_list_control_1b5a4fe607933850be01f03c7c1ed0b8.xml
│ ├── sys_ui_list_control_5318c32607933850be01f03c7c1ed0f7.xml
│ ├── sys_ui_list_control_b6a74be207933850be01f03c7c1ed068.xml
│ ├── sys_ui_list_control_df7a432a07933850be01f03c7c1ed08c.xml
│ └── sys_ui_list_control_f336436207933850be01f03c7c1ed002.xml
└── sn_source_control.properties
/.github/workflows/hacktrack.yml:
--------------------------------------------------------------------------------
1 | #This file is for ServiceNow Dev Program Hacktoberfest Tracking and can be ignored or deleted.
2 |
3 | name: Record Hacktrack Event
4 | on:
5 | push:
6 | branches: master
7 | fork:
8 | branches: master
9 | issues:
10 | types: [opened, closed]
11 | branches: master
12 | pull_request_target:
13 | types: [opened, closed]
14 | branches: master
15 | jobs:
16 | deployment:
17 | if: github.repository == 'ServiceNowDevProgram/example-instancescan-checks'
18 | runs-on: ubuntu-latest
19 | steps:
20 | # - name: Log payload
21 | # env:
22 | # GITHUB_CONTEXT: ${{ toJson(github) }}
23 | # run: |
24 | # echo "$GITHUB_CONTEXT"
25 | - name: Contact DPR
26 | id: myRequest
27 | uses: fjogeleit/http-request-action@v1.8.1
28 | with:
29 | url: ${{ format('https://{0}.service-now.com/api/x_snc_hacktrack/hacktrack', secrets.HT_INSTANCE_NAME) }}
30 | method: 'POST'
31 | contentType: application/json
32 | data: ${{ toJson(github) }}
33 | username: ${{ secrets.ADMIN_USERNAME }}
34 | password: ${{ secrets.ADMIN_PASSWORD }}
35 | - name: Show Response
36 | run: echo ${{ steps.myRequest.outputs.response }}
37 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 |
3 | ## General requirements
4 |
5 | - Pull request descriptions must be explicit and descriptive to what is being changed.
6 | - Changes that are not within the scope of the description will result in the entire PR being rejected
7 | - Low effort/spam Pull Requests will be marked as spam accordingly.
8 |
9 | ## Process
10 |
11 | 1. Fork this repo
12 | 2. Go to your ServiceNow instance
13 | 3. Go to `System Applications` => `Studio`
14 | 4. Once Studio loads, select `Import From Source Control`
15 | 5. Use your forked repo to [Import your application](https://developer.servicenow.com/dev.do#!/learn/learning-plans/quebec/new_to_servicenow/app_store_learnv2_devenvironment_quebec_importing_an_application_from_source_control)
16 | 5. Make updates to the application
17 | 6. In Studio, commit your changes to source control
18 | 7. If you added a new Instance Scan check, add documentation of the check to the README.md file.
19 | 8. Submit a pull request to the ServiceNowDevProgram/example-instancescan-checks
20 | `master` branch
21 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/README.md:
--------------------------------------------------------------------------------
1 | # Generated files
2 | This repository contains generated files and a checksum.
3 |
4 | If you find yourself unable to import your repository due to the presence of files edited outside an instance of ServiceNow, merge commits that mix files from different revisions, or other data that does not match the checksum, you may recover using either of the following techniques:
5 | * Remove the problem commits:
6 | 1. Clone your repository to a personal computer with the git command line tools installed and open a git command prompt in the repository root
7 | 2. Run `git log` and take note of the SHA1s of the problem commits
8 | 3. Build revert commits using `git revert SHA1` repeatedly, working backward in time, for each commit that introduced changes not generated by a ServiceNow instance
9 | 4. Run `git push`
10 |
11 | * Overwrite the problem code snapshot with a known good one:
12 | 1. Clone your repository to a personal computer with the git command line tools installed and open a git command prompt in the repository root,
13 | 2. Locate a known good code snapshot and record its SHA1. For this step, `git log` can be useful.
14 | 2. Run `git reset --hard SHA1` to a commit that was generated by a ServiceNow instance
15 | 3. Run `git reset HEAD{1}`
16 | 4. Run `git add -A`
17 | 5. Run `git commit`
18 | 6. Run `git push`
19 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt:
--------------------------------------------------------------------------------
1 | vqS62dwsHOftj0lK7PR87gomw2pIhK44opT0jPKRyjaGenHOsrTkyPCKzQ7rEUQHL5wJzSlMh2o7sx36ilRDd4i88RNzKdRmZQrAE43MBZiIP0vH5yIkRc9lrfiqlfrqlDa5QTwro6H3y4_p_S4sJaGSnLteaAJVb5sn7kboEKpPAvpdV8cgu-rlAKAzB9vegqMVyfgzrzzPlsZhChJpJZzGaqAhnN8h8VY1CH05130BFPqoo1M4DPdLevgSBoH_Hdx1UI4gh7XNIc722PYxnWc-suyoupr9vJk1mHKv0TtIG1UVf1UdlYuLplbA83Xjv-BGOzuHYCCBHy6DG97PjEYe_dHt5OE_51l59nDazeJXpYqQUQ21dEF4pnh1ZkKf3opqlxB7cHRtDL4-Fvj0HKemx8WjSoDC2ww_kGolUrR8KNWIewMS8de65BZMOFuvi0DvA2M0RjNSdxtDtGuJbGfd1gXuk8EO8B69uuyTDBD1q7hzowaVGXALNqKfLEk_BqsTv03-3sX1AAC7lU2VNjqCcESKEPimlLbYEh2xZUySwNJ3nsugjviNfHsGofds0xUjVfNJEoQtqEOu3VfMFK0zufXyLkCxLH-HFKwAy1tb2_Z0RvVK8MhrHfcqE5dQSbGTpOKW4J-OR939_Vx2KD1hwu901aNQmO6NMN5ix2c
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/sys_app_ca8467c41b9abc10ce0f62c3b24bcbaa.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | log
6 |
7 | false
8 | false
9 | helsinki_es5
10 | true
11 |
12 | none
13 |
14 | none
15 |
16 |
17 | Example Instance Checks
18 | false
19 | false
20 |
21 | x_appe_exa_checks
22 | false
23 | Provide Examples of new Instance Checks
24 | x_appe_exa_checks
25 |
26 |
27 | sys_app
28 |
29 | daniel.draes
30 | 2021-08-26 12:31:40
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 | 2
33 | admin
34 | 2021-09-30 12:05:06
35 |
36 | true
37 | false
38 |
39 |
40 |
41 | 1.0.0
42 |
43 |
44 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_column_type_check_4514d5c7400730107f44dbb3b15cf295.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | performance
5 | script
6 | Using getRowCount method of GlideRecord can cause performance issues while quering on tables with high record count. The method counts each row one by one to determine the total row count and hence more the number of rows, more time it would take to execute scripts that uses it.
7 | https://developer.servicenow.com/dev.do#!/reference/api/rome/server_legacy/c_GlideAggregateAPI
8 | scan_finding
9 | Do not use getRowCount() for fetching row count
10 | 3
11 | Instead of using getRowCount, use GlideAggregate to retrieve table row count as this will improve performance because it works like a stored procedure.
12 |
13 | 100
14 | 0
15 | 1
16 |
24 | Do not use getRowCount() for fetching row count
25 | scan_column_type_check
26 | ali.abdulrazak
27 | 2021-10-11 16:31:10
28 | 4514d5c7400730107f44dbb3b15cf295
29 | 1
30 | Do not use getRowCount() for fetching row count
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_column_type_check_4514d5c7400730107f44dbb3b15cf295
35 | ali.abdulrazak
36 | 2021-10-11 17:02:49
37 |
38 |
39 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_column_type_check_57d17e91c3dd56108dbc32f1b4013125.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | performance
5 | script
6 | Avoid using gs.sleep() in any script because it does not release session and will cause delays, and add logs to the script whenever gs.sleep() has to be used.
7 | https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0747610
8 | scan_finding
9 | Avoid Use of gs.sleep() in Server-side scripts
10 | 2
11 | Use gs.eventQueueScheduled() or wait timers in workflow/flow as an altrenative approach based on the use case
12 |
13 | 100
14 | 0
15 | 1
16 |
22 | Avoid Use of gs.sleep() in Server-side scripts
23 | scan_column_type_check
24 | nia.mccash
25 | 2024-10-16 14:13:00
26 | 57d17e91c3dd56108dbc32f1b4013125
27 | 3
28 | Avoid Use of gs.sleep() in Server-side scripts
29 | ca8467c41b9abc10ce0f62c3b24bcbaa
30 |
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 | scan_column_type_check_57d17e91c3dd56108dbc32f1b4013125
33 | nia.mccash
34 | 2024-10-16 15:00:47
35 |
36 |
37 |
38 | 57d17e91c3dd56108dbc32f1b4013125
39 | nia.mccash
40 | 2024-10-16 14:13:00
41 | 3d4376d1c3dd56108dbc32f1b4013112
42 | 0
43 | nia.mccash
44 | 2024-10-16 14:13:00
45 |
scan_column_type_check
46 | true
47 |
48 |
49 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_column_type_check_c5493fd897523110839d76021153afb8.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | script
6 | GlideLDAP API is Unsupported and should be avoided to query the LDAP server
7 | https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0961314
8 | scan_finding
9 | Unsupported API : GlideLDAP
10 | 3
11 | GlideLDAP API usage is unsupported by ServiceNow and hence should be avoided, rather use LDAP Server Data Sources to pull data from LDAP via MID Server or directly through an internet facing LDAP
12 |
13 | 100
14 | 0
15 | 1
16 |
36 | GlideLDAP API is Unsupported and should be avoided to query the LDAP server
37 | scan_column_type_check
38 | admin
39 | 2023-10-31 17:25:20
40 | c5493fd897523110839d76021153afb8
41 | 0
42 | Unsupported API : GlideLDAP
43 | ca8467c41b9abc10ce0f62c3b24bcbaa
44 |
45 | ca8467c41b9abc10ce0f62c3b24bcbaa
46 | scan_column_type_check_c5493fd897523110839d76021153afb8
47 | admin
48 | 2023-10-31 17:25:20
49 |
50 |
51 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_column_type_check_ee62ee7e97b131106c7cfed11153af4f.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | security
5 | script
6 | Variable declaration defines the scope of the variable, ensuring it's accessible only within the intended block. This prevents unintended variable pollution and conflicts.
7 | https://www.servicenow.com/community/developer-forum/why-declaration-of-variables-is-essential-in-servicenow/m-p/2379013
8 | scan_finding
9 | For loop iterators "i" should be declared
10 | 3
11 | Rather than using a construction like "for (i=0; i<10; i++)," it's advisable to explicitly declare the iterator "i" within the for loop by using the "var" keyword, like this: "for (var i=0; i<10; i++)". This ensures proper variable scoping and avoids unintended issues in your code.
12 |
13 | 100
14 | 0
15 | 1
16 |
22 | Declare the iterator "i" in for loops to avoid variable pollution and conflicts
23 | scan_column_type_check
24 | admin
25 | 2023-10-14 09:00:00
26 | ee62ee7e97b131106c7cfed11153af4f
27 | 1
28 | For loop iterators "i" should be declared
29 | ca8467c41b9abc10ce0f62c3b24bcbaa
30 |
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 | scan_column_type_check_ee62ee7e97b131106c7cfed11153af4f
33 | admin
34 | 2023-10-14 09:05:26
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_0eeac3042f0730103307235df699b6d1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | performance
5 | getXMLAnswer only retrieves the Answer which we are actually after. getXML retrieves the whole XML document. In most cases, we are not interested in the whole XML document, though only in the Answer.
6 | For the rare cases where you are interested in the whole XML document, simply mute the generated scan finding.
7 | https://community.servicenow.com/community?id=community_article&sys_id=1c10a1fedbbd4890feb1a851ca961909
8 | scan_finding
9 | Consider using getXMLAnswer instead of getXML
10 | 3
11 | Replace the usage of getXML by getXMLAnswer.
12 |
13 | 100
14 | 0
15 | 1
16 |
29 | Consider using getXMLAnswer instead of getXML
30 | scan_linter_check
31 | mark.roethof
32 | 2021-10-02 17:26:47
33 | 0eeac3042f0730103307235df699b6d1
34 | 0
35 | Consider using getXMLAnswer instead of getXML
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 |
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 | scan_linter_check_0eeac3042f0730103307235df699b6d1
40 | mark.roethof
41 | 2021-10-02 17:26:47
42 |
43 |
44 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_1043deaf2ffa7c505dcb59ab2799b6a6.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 | security
6 | The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error, for example.
7 | https://developer.servicenow.com/dev.do#!/guides/rome/now-platform/tpb-guide/scripting_technical_best_practices#avoid-the-eval-function-
8 | scan_finding
9 | Avoid the eval function
10 | 1
11 | Consider the following code to achieve the same outcome:
12 | GlideEvaluator.evaluateString("gs.log('Hello World');");
13 |
14 | 100
15 | 0
16 | 1
17 |
28 | Avoid the eval function
29 | scan_linter_check
30 | nia.mccash
31 | 2021-10-01 00:07:47
32 | 1043deaf2ffa7c505dcb59ab2799b6a6
33 | 18
34 | Avoid the eval function
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 |
37 | ca8467c41b9abc10ce0f62c3b24bcbaa
38 | scan_linter_check_1043deaf2ffa7c505dcb59ab2799b6a6
39 | nia.mccash
40 | 2021-10-02 14:12:05
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_1c72ae442fc370905dcb59ab2799b6e2.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 | manageability
6 | Avoid using hard-coded values in scripts, as they can lead to unpredictable results and can be difficult to track down later. Hard coding sys_ids is not recommended, as they may not be the same between instances.
7 | https://developer.servicenow.com/dev.do#!/guides/rome/now-platform/tpb-guide/scripting_technical_best_practices#do-not-use-hard-coded-values
8 | scan_finding
9 | Do not use hard-coded sys_ids
10 | 3
11 | Instead, try looking up a value by reference or by creating a property and retrieving the value with gs.getProperty().
12 |
13 | 100
14 | 0
15 | 1
16 |
35 | Do not use hard-coded sys_ids
36 | scan_linter_check
37 | nia.mccash
38 | 2021-10-02 14:30:00
39 | 1c72ae442fc370905dcb59ab2799b6e2
40 | 6
41 | Do not use hard-coded sys_ids
42 | ca8467c41b9abc10ce0f62c3b24bcbaa
43 |
44 | ca8467c41b9abc10ce0f62c3b24bcbaa
45 | scan_linter_check_1c72ae442fc370905dcb59ab2799b6e2
46 | nia.mccash
47 | 2021-10-04 14:07:43
48 |
49 |
50 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_266f89b32f2d7110d53f821df699b626.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | performance
5 | getReference is no longer considered best practice due to its performance impact and it is recommended to use g_scratchpad or GlideAjax instead
6 | https://docs.servicenow.com/bundle/utah-application-development/page/script/client-scripts/concept/client-script-best-practices.html
7 | scan_finding
8 | Avoid using getReference()
9 | 3
10 | If a getReference function is found (either with callback or not), replace it with g_scratchpad or GlideAjax to retrieve the exact information you need
11 |
12 | 100
13 | 0
14 | 1
15 |
29 | Avoid using getReference()
30 | scan_linter_check
31 | admin
32 | 2023-10-04 19:30:23
33 | 266f89b32f2d7110d53f821df699b626
34 | 6
35 | Avoid using getReference()
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 |
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 | scan_linter_check_266f89b32f2d7110d53f821df699b626
40 | nia.mccash
41 | 2023-10-04 21:16:59
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_2e2a8fc02f0730103307235df699b659.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | In general, you should use the array literal notation when possible. It is easier to read, it gives the compiler a chance to optimize your code, and it's mostly faster too.
6 | https://www.java67.com/2014/08/difference-between-string-literal-and-new-String-object-Java.html
7 | scan_finding
8 | Don't use new Array()
9 | 4
10 | Use [] instead of new Array().
11 |
12 | 100
13 | 0
14 | 1
15 |
28 | Don't use new Array()
29 | scan_linter_check
30 | mark.roethof
31 | 2021-10-02 17:23:33
32 | 2e2a8fc02f0730103307235df699b659
33 | 0
34 | Don't use new Array()
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 |
37 | ca8467c41b9abc10ce0f62c3b24bcbaa
38 | scan_linter_check_2e2a8fc02f0730103307235df699b659
39 | mark.roethof
40 | 2021-10-02 17:23:33
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_4bdb65272f561110a1803e0ef699b68e.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | The gs.info() statement can be used to write information to the system log. It is generally used when debugging. Using gs.info() statements will pollute the system log. Prior to promoting artifacts to a production instance, debugging statement should - in most cases - be removed.
6 |
7 | scan_finding
8 | Scripts should not contain gs.info statements
9 | 4
10 | The best practice is to remove debug statements from scripts or making them conditionally controlled by a property.
11 |
12 | 100
13 | 0
14 | 1
15 |
47 | Scripts should not contain gs.info statements
48 | scan_linter_check
49 | admin
50 | 2022-10-08 17:05:28
51 | 4bdb65272f561110a1803e0ef699b68e
52 | 0
53 | Scripts should not contain gs.info statements
54 | ca8467c41b9abc10ce0f62c3b24bcbaa
55 |
56 | ca8467c41b9abc10ce0f62c3b24bcbaa
57 | scan_linter_check_4bdb65272f561110a1803e0ef699b68e
58 | admin
59 | 2022-10-08 17:05:28
60 |
61 |
62 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_51e943c02f0730103307235df699b64b.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | In general, you should use the object literal notation when possible. It is easier to read, it gives the compiler a chance to optimize your code, and it's mostly faster too.
6 | https://www.java67.com/2014/08/difference-between-string-literal-and-new-String-object-Java.html
7 | scan_finding
8 | Don't use new Object()
9 | 4
10 | Use {} instead of new Object().
11 |
12 | 100
13 | 0
14 | 1
15 |
28 | Don't use new Object()
29 | scan_linter_check
30 | mark.roethof
31 | 2021-10-02 17:22:22
32 | 51e943c02f0730103307235df699b64b
33 | 0
34 | Don't use new Object()
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 |
37 | ca8467c41b9abc10ce0f62c3b24bcbaa
38 | scan_linter_check_51e943c02f0730103307235df699b64b
39 | mark.roethof
40 | 2021-10-02 17:22:22
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_88cb65272f561110a1803e0ef699b688.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | security
5 | It is possible to script REST messages directly. When doing so, using the .setBasicAuth method is considered a security risk. Doing so, the username and password are entered - unprotected - in server side scripting.
6 |
7 | scan_finding
8 | Avoid using setBasicAuth for REST messages
9 | 1
10 | Apply methods like using a credentials record, or setup a REST message record and call this scripted.
11 |
12 | 100
13 | 0
14 | 1
15 |
26 | Avoid using setBasicAuth for REST messages
27 | scan_linter_check
28 | admin
29 | 2022-10-08 17:05:00
30 | 88cb65272f561110a1803e0ef699b688
31 | 0
32 | Avoid using setBasicAuth for REST messages
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_linter_check_88cb65272f561110a1803e0ef699b688
37 | admin
38 | 2022-10-08 17:05:00
39 |
40 |
41 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_90db61672f561110a1803e0ef699b648.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | The gs.log() statement can be used to write information to the system log. It is generally used when debugging. Using gs.log() statements will pollute the system log. Prior to promoting artifacts to a production instance, debugging statement should - in most cases - be removed.
6 |
7 | scan_finding
8 | Scripts should not contain gs.log statements
9 | 4
10 | The best practice is to remove debug statements from scripts or making them conditionally controlled by a property.
11 |
12 | 100
13 | 0
14 | 1
15 |
47 | Scripts should not contain gs.log statements
48 | scan_linter_check
49 | admin
50 | 2022-10-08 17:05:17
51 | 90db61672f561110a1803e0ef699b648
52 | 0
53 | Scripts should not contain gs.log statements
54 | ca8467c41b9abc10ce0f62c3b24bcbaa
55 |
56 | ca8467c41b9abc10ce0f62c3b24bcbaa
57 | scan_linter_check_90db61672f561110a1803e0ef699b648
58 | admin
59 | 2022-10-08 17:05:17
60 |
61 |
62 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_d58d1d3f2f6d7110d53f821df699b63d.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | user_experience
5 | It is recommended to use an OOB library for modals in order to improve the user experience
6 |
7 | Special thanks to Bhupinder Singh and his article:
8 | https://www.servicenow.com/community/now-platform-articles/demystifying-instance-scan-linter-check/ta-p/2312466
9 | https://sn-nerd.com/2023/09/05/why-you-should-stop-using-alert-in-your-client-scripts-now/
10 | scan_finding
11 | Avoid using alert() in client scripts
12 | 4
13 | Review the documentation for GlideModal to find an appropiate replacement: https://docs.servicenow.com/bundle/vancouver-api-reference/page/app-store/dev_portal/API_reference/GlideModalClientSideV3/concept/c_GlideModalV3API.html
14 |
15 | 100
16 | 0
17 | 1
18 |
31 | Avoid using alert() in client scripts
32 | scan_linter_check
33 | admin
34 | 2023-10-04 20:23:03
35 | d58d1d3f2f6d7110d53f821df699b63d
36 | 0
37 | Avoid using alert() in client scripts
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 |
40 | ca8467c41b9abc10ce0f62c3b24bcbaa
41 | scan_linter_check_d58d1d3f2f6d7110d53f821df699b63d
42 | admin
43 | 2023-10-04 20:23:03
44 |
45 |
46 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_e09640b5158330107f4499658835edbb.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | Hard coding instance URL is not a best practice as they reduce the usability of your code. The URL remains static and it does not change when you move the code to a different instance or it can get overwritten during clone backs. This can break the related functionalities or create unexpected results
6 |
7 | scan_finding
8 | Hard coded Instance URL
9 | 3
10 | For server side scripts, Use gs.getProperty("instance_name") for dynamic generation of URL
11 | For client side scripts, you can either access the URL via scractpad from server side or use GlideURL() or top.location
12 |
13 | 100
14 | 0
15 | 1
16 |
27 | Usage of hard coded value for Instance name in URL or similar cases
28 | scan_linter_check
29 | admin
30 | 2021-10-07 13:38:22
31 | e09640b5158330107f4499658835edbb
32 | 1
33 | Hard coded Instance URL
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_linter_check_e09640b5158330107f4499658835edbb
38 | admin
39 | 2021-10-07 13:39:33
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_f7cb61672f561110a1803e0ef699b618.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | upgradability
5 | Good naming convention and self-descriptive code contain "new" to define GlideRecord. In some versions or for some parts of the Platform leaving "new" off will work, though for other parts of the Platform or after upgrades this can cause unexpected behavior.
6 |
7 |
8 | scan_finding
9 | Call GlideRecord using new
10 | 4
11 | When using GlideRecord, always prefix using "new"
12 |
13 | 100
14 | 0
15 | 1
16 |
27 | Call GlideRecord using new
28 | scan_linter_check
29 | admin
30 | 2022-10-08 17:05:15
31 | f7cb61672f561110a1803e0ef699b618
32 | 0
33 | Call GlideRecord using new
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_linter_check_f7cb61672f561110a1803e0ef699b618
38 | admin
39 | 2022-10-08 17:05:15
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_0dfff25a2f83301002f0ffecf699b649.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 | manageability
6 | Update set should not have more than 1000 updates as it makes it difficult for the release team to analyze, also could potentially bring in environment slowness while committing
7 |
8 | scan_finding
9 | Update set should not have more than 1000 updates
10 | 3
11 | Rework story so they are more granular or split the updates into multiple updates sets
12 |
13 | 100
14 | 0
15 | 1
16 |
33 | Update set should not have more than 1000 updates
34 | scan_script_only_check
35 | admin
36 | 2021-10-09 18:01:53
37 | 0dfff25a2f83301002f0ffecf699b649
38 | Update set should not have more than 1000 updates
39 | ca8467c41b9abc10ce0f62c3b24bcbaa
40 |
41 | ca8467c41b9abc10ce0f62c3b24bcbaa
42 | scan_script_only_check_0dfff25a2f83301002f0ffecf699b649
43 |
44 |
45 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | 906611642f2330100b40bea62799b6b7
5 | security
6 | It is worthy to check all reports that are with role public - as they can expose data to unauthenticated users via:
7 | https : / / <instance>.service-now.com/sys_report_display.do?sysparm_report_id=<sysID>
8 |
9 |
10 | Public reports to be verified
11 | 2
12 |
13 |
14 |
15 |
16 |
17 |
28 | Candidates of publicly available reports (without needs to authorize) that shoul
29 | scan_script_only_check
30 | admin
31 | 2021-10-28 18:46:02
32 | 1e7511642f2330100b40bea62799b6f1
33 | Public reports to be verified
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_script_only_check_1e7511642f2330100b40bea62799b6f1
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_63ddf5782f6691104f07a1fef699b624.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | security
5 | EDM ( Employee Document Management) Module table as part of HRSD contains sensitive employee files e.g offer letters, term letters, promotion letter etc . This data should not be cloned from production to sub production instances since sub prod may have many admins which can see this data which will cause security issues.
6 | /api/now/v1/context_doc_url/CSHelp:exclude-table
7 | scan_finding
8 | EDM table doesn't have clone exclusion on Prod
9 | 3
10 | 1. Verify production instance to check if sn_hr_ef_employee_document Table is configured in clone exclude table.
11 | 2. Set up exclusion for this table in production instnace if not already present.
12 | gs.getProperty('sn_appclient.instance_type') == 'production'
13 | 100
14 | 0
15 | 1
16 |
35 | EDM table doesn't have clone exclusion on Prod
36 | scan_script_only_check
37 | admin
38 | 2022-10-12 15:36:34
39 | 63ddf5782f6691104f07a1fef699b624
40 | EDM table doesn't have clone exclusion on Prod
41 | ca8467c41b9abc10ce0f62c3b24bcbaa
42 | read
43 | ca8467c41b9abc10ce0f62c3b24bcbaa
44 | scan_script_only_check_63ddf5782f6691104f07a1fef699b624
45 |
46 |
47 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_6b832a7953d1d61000b51901a0490e24.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | upgradability
5 | Use Logging Levels: Instead of gs.log(), consider using more appropriate logging levels, such as:
6 | gs.info() for informational messages.
7 | gs.warn() for warnings that don’t break functionality but may need attention.
8 | gs.error() for logging errors that require investigation.
9 |
10 | scan_finding
11 | Avoid usage of gs.log()
12 | 3
13 |
14 |
15 | 100
16 | 0
17 | 1
18 |
27 | Avoid usage of gs.log() in prod
28 | scan_script_only_check
29 | admin
30 | 2024-10-18 02:30:31
31 | 6b832a7953d1d61000b51901a0490e24
32 | 0
33 | Avoid usage of gs.log()
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_script_only_check_6b832a7953d1d61000b51901a0490e24
38 | admin
39 | 2024-10-18 02:30:31
40 |
41 |
42 |
43 | 6b832a7953d1d61000b51901a0490e24
44 | admin
45 | 2024-10-18 02:30:31
46 | 07a5a23953d1d61000b51901a0490e95
47 | 0
48 | admin
49 | 2024-10-18 02:30:31
50 |
scan_script_only_check
51 | true
52 |
53 |
54 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_718e43b42f2330100b40bea62799b67f.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | 125fc7742f2330100b40bea62799b6fb
5 | security
6 |
7 |
8 |
9 | Locked out user for Scheduled Job
10 | 2
11 |
12 |
13 |
14 |
15 |
16 |
28 | Locked out user detection in Run as for Scheduled Jobs
29 | scan_script_only_check
30 | admin
31 | 2021-10-29 22:13:02
32 | 718e43b42f2330100b40bea62799b67f
33 | Locked out user for Scheduled Job
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_script_only_check_718e43b42f2330100b40bea62799b67f
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_7f8a38342f0330103307235df699b6b3.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | In general, for a single record only a few Workflow context will be running. If a high number of Workflow context are active, this often indicates an issue on the starting conditions of your Workflow. More then 10 active Workflow context is considered being a high number.
6 |
7 | scan_finding
8 | High number of workflows running for a single record
9 | 2
10 | Resolve the high number of triggered Workflow context and investigate the starting conditions of your Workflow and correct where necessary.
11 |
12 | 100
13 | 0
14 | 1
15 |
45 | High number of workflows running for a single record
46 | scan_script_only_check
47 | mark.roethof
48 | 2021-10-04 14:52:29
49 | 7f8a38342f0330103307235df699b6b3
50 | 0
51 | High number of workflows running for a single record
52 | ca8467c41b9abc10ce0f62c3b24bcbaa
53 |
54 | ca8467c41b9abc10ce0f62c3b24bcbaa
55 | scan_script_only_check_7f8a38342f0330103307235df699b6b3
56 | mark.roethof
57 | 2021-10-04 14:52:29
58 |
59 |
60 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_fb01f46edb7a9190c4ebc5860596190b.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | manageability
5 | When cloned, records from http_connection table which is extended from sys_connection table is orphaned or cannot be viewed. Even though clone is excluding and preserving sys_connection but not any data on http_connection and hence clone leaves the orphan record on the table sys_connection and this creates issues to view, delete those records. Login to the production instance and check to see if the http_connection table is excluded in the exclude tables module under System Clones.
6 |
7 | Note: It was suggested by ServiceNow support to add table "http_connection" in clone excluder and preserver for one the cases as i faced an similar issue.
8 |
9 | scan_finding
10 | HTTP connection records not excluded on clones from Prod
11 | 3
12 | 1. Check Production to see if http_connection table is excluded in the exclude tables module under System Clones.
13 | 2. Set up exclusions.
14 |
15 | 100
16 | 0
17 | 1
18 |
30 | HTTP connection records not excluded on clones from Prod
31 | scan_script_only_check
32 | admin
33 | 2022-10-30 07:13:38
34 | fb01f46edb7a9190c4ebc5860596190b
35 | HTTP connection records not excluded on clones from Prod
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 |
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 | scan_script_only_check_fb01f46edb7a9190c4ebc5860596190b
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_003db2922f43301002f0ffecf699b617.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | manageability
7 | descriptionISEMPTY^state!=ignore^EQ
8 |
9 |
10 |
11 | Update set description provides the release management team to better understand what's getting pushed
12 |
13 | scan_finding
14 | Update Set Description Empty
15 | 4
16 | The description should not be empty
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Update set descriptions should not be left empty
27 | scan_table_check
28 | admin
29 | 2021-10-09 16:31:59
30 | 003db2922f43301002f0ffecf699b617
31 | Update Set Description Empty
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_003db2922f43301002f0ffecf699b617
36 |
50 | true
51 |
52 |
53 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_110515e547819210b8ca0b02d16d4308.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | scriptLIKEsetWorklfow(false)^EQ
7 |
8 |
9 | As setWorkflow(false) method will stop the execution of business rules on that particular GlideRecord object, this will result in unexpected behaviour where the execution of business rules skipped. Maintain caution while using this method and perform regression testing to avoid possible risk. It can have noticeable impact on Audit, Journal fields, notifications, SLA engine, workflow, flow engine etc.,
10 | https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0867584
11 | scan_finding
12 | Limit use of setWorkflow(false) in business rules
13 | 2
14 | Based on the scenario or use case, think of alternative approach instead of using setWorkflow(false) especially in business rules. Reaserch about the system property trigger_engine.ignore.set_workflow
15 |
16 | 100
17 | 0
18 | 1
19 |
24 | Use of setWorkflow(false) in business rules will cause unexpected issues
25 | scan_table_check
26 | admin
27 | 2024-10-04 15:57:42
28 | 110515e547819210b8ca0b02d16d4308
29 | 1
30 | Limit use of setWorkflow(false) in business rules
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_110515e547819210b8ca0b02d16d4308
35 | admin
36 | 2024-10-04 16:00:33
37 |
sys_script
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_1284f489879a855009eaed3e8bbb35d6.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | manageability
7 | cat_itemISEMPTY^variable_setISEMPTY^EQ
8 |
9 |
10 |
11 | Variables should be used in Catalog Item or a Variable Set.
12 |
13 | scan_finding
14 | Delete orphaned variables
15 | 3
16 | If variable is not in use, it should be deleted
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Delete orphaned variables
27 | scan_table_check
28 | nia.mccash
29 | 2022-03-15 22:30:47
30 | 1284f489879a855009eaed3e8bbb35d6
31 | Delete orphaned variables
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_1284f489879a855009eaed3e8bbb35d6
36 |
item_option_new
37 | false
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_12b47a84977211108e72fed11153af8e.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | security
6 | employment_end_date<javascript:gs.beginningOfToday()^user.active=true^EQ
7 |
8 |
9 |
10 | Shows a list of users still active in the ServiceNow Platform even past their employment end date.
11 |
12 | scan_finding
13 | Active users with past employment end date
14 | 3
15 | Review active users whose employment end dates are in the past, this leads to a potential issue on the platform as they still can access the environment. Regular review of these user needs to be done and proper action needs to be taken.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Active users with past employment end date
26 | scan_table_check
27 | admin
28 | 2022-10-22 22:07:49
29 | 12b47a84977211108e72fed11153af8e
30 | Active users with past employment end date
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_12b47a84977211108e72fed11153af8e
35 |
48 | false
49 |
50 |
51 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_22407c16473d35103899fa37536d43e3.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | active=true^state=7^ORstate=8^EQ
7 |
8 |
9 |
10 |
11 | If records closed or canceled are still active, it can influence the state of the reports on the table. The close_states/work_states may not be set correctly in the column attributes.
12 |
13 | scan_finding
14 | Check incidents that are closed or cancelled but still active
15 | 3
16 |
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Verify that closed or canceled records are not active anymore
27 | scan_table_check
28 | admin
29 | 2023-10-12 11:23:44
30 | 22407c16473d35103899fa37536d43e3
31 | 0
32 | Check incidents that are closed or cancelled but still active
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_22407c16473d35103899fa37536d43e3
37 | admin
38 | 2023-10-12 11:23:44
39 |
incident
40 | false
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_22a8ebad2fd3301036c51e282799b6b4.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | security
7 | locked_out=false^roles=admin^last_login_timeRELATIVELT@month@ago@1^ORlast_login_timeISEMPTY^EQ
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 | scan_finding
16 | Admins not logged in for 1 month
17 | 2
18 |
19 |
20 | 100
21 | 0
22 | 1
23 |
28 | List users with admin role that were inactive for at least 1 month
29 | scan_table_check
30 | admin
31 | 2021-10-19 21:45:37
32 | 22a8ebad2fd3301036c51e282799b6b4
33 | Admins not logged in for 1 month
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_table_check_22a8ebad2fd3301036c51e282799b6b4
38 |
sys_user
39 | false
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_28d33b441bdabc10ce0f62c3b24bcbcb.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | messagesISEMPTY^scriptLIKEgetMessage^EQ
7 |
8 |
9 |
10 | getMessage used in a client script needs to have the message key added to the Messages field on the script record.
11 | http://docs.servicenow.com/csh?topicname=t_TranslateAClientScriptMessage.html
12 | getMessage() called in Client Script
13 | 3
14 | Use the messages field on the client script record to load the message key being used in getMessage().
15 |
16 | 100
17 | 0
18 | 1
19 |
24 | getMessage() called in Client Script without preloading message key
25 | scan_table_check
26 | daniel.draes
27 | 2021-08-26 13:40:16
28 | 28d33b441bdabc10ce0f62c3b24bcbcb
29 | 0
30 | getMessage() called in Client Script
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_28d33b441bdabc10ce0f62c3b24bcbcb
35 | daniel.draes
36 | 2021-08-26 13:40:16
37 |
sys_script_client
38 | false
39 |
40 |
41 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_2b77e92f2fb67c505dcb59ab2799b61f.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | table=global^active=true^EQ
7 |
8 |
9 |
10 | A global client script is any client script where the selected Table is Global. Global client scripts have no table restrictions; therefore they will load on every page in the system introducing browser load delay in the process. There is no benefit to loading this kind of scripts on every page.
11 | https://developer.servicenow.com/dev.do#!/guides/rome/now-platform/tpb-guide/client_scripting_technical_best_practices#client-scripting-practices-to-avoid-
12 | Avoid Global Client Scripts
13 | 2
14 | As an alternative, and for a more modular and scalable approach, consider moving client scripts to a base table (such as Task [task] or Configuration Item [cmdb_ci]) that can be inherited for all the child/extending tables. This eliminates the system loading the scripts on every form in the UI - such as home pages or Service Catalog where they are rarely (if ever) needed.
15 |
16 | 100
17 | 0
18 | 1
19 |
24 | Avoid Global Client Scripts
25 | scan_table_check
26 | nia.mccash
27 | 2021-09-30 20:56:41
28 | 2b77e92f2fb67c505dcb59ab2799b61f
29 | 1
30 | Avoid Global Client Scripts
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_2b77e92f2fb67c505dcb59ab2799b61f
35 | nia.mccash
36 | 2021-10-04 00:51:52
37 |
sys_script_client
38 | false
39 |
40 |
41 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_2ca086f597d25d10e6cd3bc3f153afee.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | security
6 | active=false^locked_out=false^EQ
7 |
8 |
9 |
10 | If the user is deactivated he should also be locked out otherwise he could still be able to use Table API.
11 |
12 | scan_finding
13 | Inactive users not locked out
14 | 1
15 |
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Inactive users should be also locked out
26 | scan_table_check
27 | admin
28 | 2022-10-03 08:11:09
29 | 2ca086f597d25d10e6cd3bc3f153afee
30 | Inactive users not locked out
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_2ca086f597d25d10e6cd3bc3f153afee
35 |
sys_user
36 | false
37 |
38 |
39 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_2dfd38d983ed1210e0def6d6feaad3ee.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | active=false^sys_updated_on<javascript:gs.beginningOfLast90Days()^sys_created_by!=glide.maint^sys_updated_by!=admin^EQ
7 |
8 |
9 |
10 |
11 |
12 | If the business rule is inactive for more than 90 days and not created by glide.maint and updated by admin
13 |
14 | scan_finding
15 | Check Inactive Business Rules over 90 days
16 | 4
17 |
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Looks at Business Rules which is inactive for more than 90 days
28 | scan_table_check
29 | admin
30 | 2024-10-28 16:07:29
31 | 2dfd38d983ed1210e0def6d6feaad3ee
32 | 0
33 | Check Inactive Business Rules over 90 days
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_table_check_2dfd38d983ed1210e0def6d6feaad3ee
38 | admin
39 | 2024-10-28 16:07:29
40 |
sys_script
41 | false
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_310106cb2fa57110d53f821df699b661.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | manageability
6 |
7 | Script Includes names should not include spaces. When creating a script include it is possible to add a space to the name, resolve any errors and still save the Script Include. This check will alert for any Script Includes that contain spaces.
8 |
9 | scan_finding
10 | Valid Script Include Name - No Spaces
11 | 2
12 | Remove spaces in the name field of the Script Include
13 |
14 | 100
15 | 0
16 | 1
17 |
25 | Verifies Script Include Names to Ensure No Spaces Exist
26 | scan_table_check
27 | admin
28 | 2023-10-02 15:07:07
29 | 310106cb2fa57110d53f821df699b661
30 | 0
31 | Valid Script Include Name - No Spaces
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_310106cb2fa57110d53f821df699b661
36 | admin
37 | 2023-10-02 15:07:07
38 |
36 | false
37 |
38 |
39 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_33687cb02f0330103307235df699b685.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | state=ready^sys_created_onRELATIVELT@minute@ago@5^EQ
7 |
8 |
9 |
10 | External Communication Channel (ECC) Queue is a connection point between an instance and the MID Server. Jobs that the MID Server needs to perform are saved in this queue until the MID Server is ready to handle them. The default polling interval is set to 40 seconds. When there are unprocessed queue records, this can indicate a large volume of queue records, a processing issue in general, or a MID Server issue.
11 |
12 | scan_finding
13 | Unprocessed queues
14 | 1
15 | Investigate the unprocessed queue records.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Unprocessed queues
26 | scan_table_check
27 | mark.roethof
28 | 2021-10-04 14:43:47
29 | 33687cb02f0330103307235df699b685
30 | 0
31 | Unprocessed queues
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_33687cb02f0330103307235df699b685
36 | mark.roethof
37 | 2021-10-04 14:43:47
38 |
ecc_queue
39 | false
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_352f210a97e211108e72fed11153af7f.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | active=true^sys_created_on>=javascript:gs.beginningOfLast6Months()^EQ
7 |
8 |
9 |
10 | If the number of records grows in the Workflow context table, it may slow down the execution of the other contexts or even slow down when you try to open the context table as they may consume a lot of DB space which will impact your instance performance.
11 |
12 | scan_finding
13 | Old Workflow Contexts Cleanup
14 | 3
15 | Review why the workflows are stuck or they can be moved to another configuration or way to achieve the requirement.
16 | https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0538279
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Workflow contexts still active for more than 6 months
27 | scan_table_check
28 | admin
29 | 2022-10-16 11:46:12
30 | 352f210a97e211108e72fed11153af7f
31 | Old Workflow Contexts Cleanup
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_352f210a97e211108e72fed11153af7f
36 |
wf_context
37 | false
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_3b163adc2f9bb4505dcb59ab2799b616.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | manageability
7 | applicationNSAMEASupdate_set.application^EQ
8 |
9 |
10 | Updates in the wrong update set scope may generate an error like the following when previewed:
11 |
12 | Cannot commit Update Set 'UPDATE_SET_NAME' because: Update scope id 'x' is different than update set scope id 'y'. Resolve the problem before committing.
13 |
14 | scan_finding
15 | Updates in wrong update set scope
16 | 2
17 | The scope of the Customer Update [sys_update_xml] record should match the scope of the Update Set in which it resides.
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Updates in wrong update set scope
28 | scan_table_check
29 | nia.mccash
30 | 2021-10-15 20:50:09
31 | 3b163adc2f9bb4505dcb59ab2799b616
32 | 1
33 | Updates in wrong update set scope
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_table_check_3b163adc2f9bb4505dcb59ab2799b616
38 | nia.mccash
39 | 2021-10-23 23:25:03
40 |
sys_update_xml
41 | false
42 |
43 |
44 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_42653cc9879a855009eaed3e8bbb35f3.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | manageability
7 | cat_itemISEMPTY^variable_setISEMPTY^EQ
8 |
9 |
10 |
11 | Catalog Client Script should be used in either a Catalog Item or a Variable Set.
12 |
13 | scan_finding
14 | Delete Orphaned Catalog Client Scripts
15 | 3
16 | If Catalog Client Script is not in use, it should be deleted
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Delete Orphaned Catalog Client Scripts
27 | scan_table_check
28 | nia.mccash
29 | 2022-03-15 22:32:14
30 | 42653cc9879a855009eaed3e8bbb35f3
31 | Delete Orphaned Catalog Client Scripts
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_42653cc9879a855009eaed3e8bbb35f3
36 |
catalog_script_client
37 | false
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_4b353cc9879a855009eaed3e8bbb35ed.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | manageability
7 | catalog_itemISEMPTY^variable_setISEMPTY^EQ
8 |
9 |
10 |
11 | Catalog UI policy should be used in either a Catalog Item or a Variable Set.
12 |
13 | scan_finding
14 | Delete Orphaned Catalog UI Policies
15 | 3
16 | If Catalog UI policy is not in use, it should be deleted
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Delete Orphaned Catalog UI Policies
27 | scan_table_check
28 | nia.mccash
29 | 2022-03-15 22:31:33
30 | 4b353cc9879a855009eaed3e8bbb35ed
31 | Delete Orphaned Catalog UI Policies
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_4b353cc9879a855009eaed3e8bbb35ed
36 |
catalog_ui_policy
37 | false
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_532dc24e976611108e72fed11153af9a.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | descriptionISEMPTY^scriptNOT LIKE//^scriptNOT LIKE/*^EQ
7 |
8 |
9 |
10 |
11 | Ideally, all scripts should have descriptions or comments added to the code to make it more readable to someone.
12 |
13 | scan_finding
14 | Check Business Rules without Discription or comment
15 | 4
16 | - Update the Description on the Business rule record
17 | - Add comments on the script either a single line using "//" OR "/* */"
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Looks at Business rules which donot have a comment or description added
28 | scan_table_check
29 | admin
30 | 2022-10-16 15:11:54
31 | 532dc24e976611108e72fed11153af9a
32 | Check Business Rules without Discription or comment
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_532dc24e976611108e72fed11153af9a
37 |
48 | false
49 |
50 |
51 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_659f29c297e211108e72fed11153af44.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | sys_created_on<=javascript:gs.beginningOfLast6Months()^stateINWAITING,IN_PROGRESS,QUEUED^EQ
7 |
8 |
9 |
10 | If the number of records grows in the flow context table, it may slow down the execution of the other contexts or even slow down when you try to open the context table as they may consume a lot of DB space which will impact your instance performance.
11 |
12 | scan_finding
13 | Older Flow Contexts Cleanup
14 | 3
15 | Review why the flows are stuck or they can be moved to another configuration or way to achieve the requirement.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Flow contexts still active for more than 6 months
26 | scan_table_check
27 | admin
28 | 2022-10-16 12:49:58
29 | 659f29c297e211108e72fed11153af44
30 | Older Flow Contexts Cleanup
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_659f29c297e211108e72fed11153af44
35 |
sys_flow_context
36 | false
37 |
38 |
39 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_6db4a7081b9abc10ce0f62c3b24bcbd0.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | manageability
6 |
7 | When two Script Includes exist with the same name in the same scope, when those script includes are called it is unreliable as to which Script Include will actually be instantiated.
8 | http://docs.servicenow.com/csh?topicname=c_ScriptIncludes.html
9 | Duplicate Script Include Name
10 | 2
11 | Ensure all your Script Includes have unique names. Rename any script include with a duplicate name with a unique name.d
12 |
13 | 100
14 | 0
15 | 1
16 |
31 | Duplicate Script Include Names
32 | scan_table_check
33 | daniel.draes
34 | 2021-08-26 12:32:26
35 | 6db4a7081b9abc10ce0f62c3b24bcbd0
36 | 0
37 | Duplicate Script Include Name
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 |
40 | ca8467c41b9abc10ce0f62c3b24bcbaa
41 | scan_table_check_6db4a7081b9abc10ce0f62c3b24bcbd0
42 | daniel.draes
43 | 2021-08-26 12:32:26
44 |
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_76dc11c747011210b8ca0b02d16d439a.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | scriptLIKEgs.sleep^EQ
7 |
8 |
9 | Avoid using gs.sleep() in any script because it does not release session and will cause delays, and add logs to the script whenever gs.sleep() has to be used.
10 |
11 | scan_finding
12 | Avoid use of gs.sleep() in server-side scripts
13 | 1
14 | Use gs.eventQueueScheduled() or wait timers in workflow/flow as an altrenative approach based on the use case
15 |
16 | 100
17 | 0
18 | 1
19 |
24 | Avoid using gs.sleep() in any server-side script
25 | scan_table_check
26 | admin
27 | 2024-10-09 08:18:54
28 | 76dc11c747011210b8ca0b02d16d439a
29 | 0
30 | Avoid use of gs.sleep() in server-side scripts
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_76dc11c747011210b8ca0b02d16d439a
35 | admin
36 | 2024-10-09 08:18:54
37 |
sysevent_in_email_action
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_7741e65ac3291210766bb3edd40131e6.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | assigned_to.active=false^EQ
7 |
8 |
9 | Make sure that a problem ticket is not assigned to an inactive user
10 |
11 | scan_finding
12 | Check problem assigned to inactive user
13 | 2
14 |
15 |
16 | 100
17 | 0
18 | 1
19 |
24 | Check problem assigned to inactive user
25 | scan_table_check
26 | admin
27 | 2024-11-01 01:46:12
28 | 7741e65ac3291210766bb3edd40131e6
29 | 1
30 | Check problem assigned to inactive user
31 | ca8467c41b9abc10ce0f62c3b24bcbaa
32 |
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 | scan_table_check_7741e65ac3291210766bb3edd40131e6
35 | admin
36 | 2024-11-01 01:48:09
37 |
problem
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_77a6af2f1b363c10b32c642aab4bcb36.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | security
6 | requires_authentication=false^web_service_definition.enforce_aclISEMPTY^EQ
7 |
8 |
9 |
10 | Enforce existing access controls and require additional access to data. In addition to requiring authentication to access the API, require authorization to access data.
11 | https://docs.servicenow.com/csh?topicname=scripted-rest-good-practices.html
12 | Scripted REST API without Authentication
13 | 2
14 | Scripted REST APIs should be not be public but enforce access controls and require additional access to data.
15 | Requests such as PUT, POST, and DELETE should require a higher level of access than GET.
16 | Configure these API resources to require a more strict ACL.
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Scripted REST APIs should be not be public
27 | scan_table_check
28 | jochen.larbig
29 | 2021-10-01 06:12:59
30 | 77a6af2f1b363c10b32c642aab4bcb36
31 | 7
32 | Scripted REST API without Authentication
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_77a6af2f1b363c10b32c642aab4bcb36
37 | jochen.larbig
38 | 2021-10-01 08:08:05
39 |
sys_ws_operation
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_7818ddaa07221110e765f9fc7c1ed0a5.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | manageability
6 | active=true^EQ
7 |
8 |
9 |
10 |
11 | scan_finding
12 | Active groups without active users
13 | 3
14 |
15 |
16 | 100
17 | 0
18 | 1
19 |
28 | Finds active groups that do not contain active users
29 | scan_table_check
30 | admin
31 | 2022-10-17 23:21:27
32 | 7818ddaa07221110e765f9fc7c1ed0a5
33 | Active groups without active users
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_table_check_7818ddaa07221110e765f9fc7c1ed0a5
38 |
sys_user_group
39 | false
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_7c3f6f6b1b763c10b32c642aab4bcb10.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | active=true^modelISEMPTY^EQ
7 |
8 |
9 |
10 | Catalog Items in the Product Catalog should be created from the underlying Product Model and this association should be kept intact.
11 | Models are specific versions or various configurations of an asset.
12 | Models are used for managing and tracking assets through various ServiceNow platform asset applications, including Product Catalog, Asset Management, and Procurement.
13 | http://docs.servicenow.com/csh?topicname=c_ManagingProductCatalogItems.html
14 | Product Catalog without Product Models
15 | 3
16 | An Item in the Product Catalog should always be linked to a Product Model.
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Hardware or Software Catalog Items without matching Product Model
27 | scan_table_check
28 | jochen.larbig
29 | 2021-10-01 06:50:09
30 | 7c3f6f6b1b763c10b32c642aab4bcb10
31 | 4
32 | Product Catalog without Product Models
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_7c3f6f6b1b763c10b32c642aab4bcb10
37 | jochen.larbig
38 | 2021-10-01 08:04:58
39 |
pc_product_cat_item
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_889f5a42976a11108e72fed11153af50.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | descriptionISEMPTY^scriptNOT LIKE//^scriptNOT LIKE/*^EQ
7 |
8 |
9 |
10 |
11 | Ideally, all scripts should have descriptions or comments added to the code to make it more readable to someone.
12 |
13 | scan_finding
14 | Check Script Includes without Discription or comment
15 | 4
16 | - Update the Description on the script include record
17 | - Add comments on the script either a single line using "//" OR "/* */"
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Looks at Script Includes which donot have a comment or description added
28 | scan_table_check
29 | admin
30 | 2022-10-16 15:16:11
31 | 889f5a42976a11108e72fed11153af50
32 | Check Script Includes without Discription or comment
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_889f5a42976a11108e72fed11153af50
37 |
sys_script_include
38 | false
39 |
40 |
41 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_88fbb74c1bdabc10ce0f62c3b24bcb22.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | security
6 |
7 | Every table should be secured by ACLs
8 | http://docs.servicenow.com/csh?topicname=acl-rule-types.html
9 | Tables without ACLs
10 | 2
11 | For tables that have no ACLs defined, the default deny property can be used to make the wildcard table ACL rules restrict the read, write, create, and delete operations on all tables unless the user has the admin role or meets the requirements of another table ACL rule. This means that custom tables without ACLs will not be accessible by any other user beside admin.
12 |
13 | 100
14 | 0
15 | 1
16 |
31 | Tables without ACLs
32 | scan_table_check
33 | daniel.draes
34 | 2021-08-26 14:19:30
35 | 88fbb74c1bdabc10ce0f62c3b24bcb22
36 | 3
37 | Tables without ACLs
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 |
40 | ca8467c41b9abc10ce0f62c3b24bcbaa
41 | scan_table_check_88fbb74c1bdabc10ce0f62c3b24bcb22
42 | daniel.draes
43 | 2021-08-26 14:24:33
44 |
sys_db_object
45 | false
46 |
47 |
48 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_8adbad272f561110a1803e0ef699b626.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | user_experience
6 | prefixISNOTEMPTY^EQ
7 |
8 |
9 | Creating new number records does not require uniqueness. Though having duplicate number records causes some ServiceNow core functionality not to behave as expected. For example, the search might return a record from another table the number prefix is also used on.
10 | https://docs.servicenow.com/csh?topicname=c_ManagingRecordNumbering.html&version=latest
11 | scan_finding
12 | Added a Number Prefix which already exists
13 | 3
14 | Change the number prefix to a unique value.
15 |
16 | 100
17 | 0
18 | 1
19 |
37 | Added a Number Prefix which already exists
38 | scan_table_check
39 | admin
40 | 2022-10-08 17:05:24
41 | 8adbad272f561110a1803e0ef699b626
42 | 0
43 | Added a Number Prefix which already exists
44 | ca8467c41b9abc10ce0f62c3b24bcbaa
45 |
46 | ca8467c41b9abc10ce0f62c3b24bcbaa
47 | scan_table_check_8adbad272f561110a1803e0ef699b626
48 | admin
49 | 2022-10-08 17:05:24
50 |
sys_number
51 | false
52 |
53 |
54 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_8ddb61672f561110a1803e0ef699b68b.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | parent.sys_idISEMPTY^ORchild.sys_idISEMPTY^EQ
7 |
8 |
9 |
10 | CI Relationship records without a parent or a child record should not exist. Such CI Relationship records technically won't function. Situations like these are likely to occur due to incorrect manual System Administrative duties or incorrect automated processes.
11 |
12 | scan_finding
13 | Corrupt CI Relationships
14 | 3
15 | Cleanup or repair the corrupt ci relationships AND investigate why/how these occurred.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Corrupt CI Relationships
26 | scan_table_check
27 | admin
28 | 2022-10-08 17:05:19
29 | 8ddb61672f561110a1803e0ef699b68b
30 | 0
31 | Corrupt CI Relationships
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_8ddb61672f561110a1803e0ef699b68b
36 | admin
37 | 2022-10-08 17:05:19
38 |
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_b04679fb2ff2fc505dcb59ab2799b623.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | upgradability
7 | super_class.name=sys_choice^EQ
8 |
9 |
10 | Extending the sys_choice table is not supported.
11 | https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0538947
12 | scan_finding
13 | Choice table should not be extended
14 | 2
15 | Reevaluate the requirements behind this and remove the extended tables:
16 | - Different process-related requirements should be tackled by standardizing processes at an organizational level
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Choice table should not be extended
27 | scan_table_check
28 | nia.mccash
29 | 2021-10-01 16:38:29
30 | b04679fb2ff2fc505dcb59ab2799b623
31 | 0
32 | Choice table should not be extended
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_b04679fb2ff2fc505dcb59ab2799b623
37 | nia.mccash
38 | 2021-10-01 16:38:29
39 |
sys_db_object
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_b31e1c5c2f0e7110b0b62d5df699b619.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | true
5 | false
6 | manageability
7 | active=true^owner.active=false^EQ
8 |
9 |
10 | For the dashboard there should be an active owner who can administer/customize/adjust dashboards.
11 | During the time it can be a situation that person is no longer active in the system. It can be discovered and fixed with new person.
12 |
13 | scan_finding
14 | Active notification without any recipients
15 | 3
16 | Find a new active person who can act as a dasboard owner
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Dashboard Owner no longer active
27 | scan_table_check
28 | admin
29 | 2023-10-18 15:12:12
30 | b31e1c5c2f0e7110b0b62d5df699b619
31 | 1
32 | Active notification without any recipients
33 | global
34 |
35 | global
36 | scan_table_check_b31e1c5c2f0e7110b0b62d5df699b619
37 | admin
38 | 2023-10-18 15:13:15
39 |
pa_dashboards
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_b8ae9202976a11108e72fed11153afee.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | descriptionISEMPTY^scriptNOT LIKE//^scriptNOT LIKE/*^EQ
7 |
8 |
9 |
10 |
11 | Ideally, all scripts should have descriptions or comments added to the code to make it more readable to someone.
12 |
13 | scan_finding
14 | Check Client Scripts without Discription or comment
15 | 4
16 | - Update the Description on the client script record
17 | - Add comments on the script either a single line using "//" OR "/* */"
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Looks at Client scripts which donot have a comment or description added
28 | scan_table_check
29 | admin
30 | 2022-10-16 15:12:08
31 | b8ae9202976a11108e72fed11153afee
32 | Check Client Scripts without Discription or comment
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_b8ae9202976a11108e72fed11153afee
37 |
sys_script_client
38 | false
39 |
40 |
41 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_ba0c998d875251106b0f20af8bbb3515.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | scriptLIKEGlideRecord^EQ
7 |
8 |
9 | Client script should be using GlideAjax if you need to make asyc calls to Server to get data from Server. GlideRecord() API shouldn't be used to avoid performance issues.
10 |
11 | scan_finding
12 | GlideRecord API in client script
13 | 2
14 | Client scripts run on browser and they uses either data available on the form or data retrieved from the database.
15 | Use client data as much as possible to eliminate the need for time-consuming server lookups i.e. GlideRecord.
16 | The best ways to get data into form/browser from the database are g_scratchpad, and asynchronous GlideAjax lookup
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Client script with GlideRecord API calls
27 | scan_table_check
28 | admin
29 | 2022-09-30 21:33:04
30 | ba0c998d875251106b0f20af8bbb3515
31 | GlideRecord API in client script
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_ba0c998d875251106b0f20af8bbb3515
36 |
sys_script_client
37 | false
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_bb3bf7a31bf63c10b32c642aab4bcb75.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | upgradability
6 | super_class=f662b6fc1b263010043fdc61ab4bcb00^EQ
7 |
8 |
9 | The baseline restriction to extend the Incident table has been removed and at least one child table extending Incident has been created.
10 | - To support a custom Incident table a high amount of customization to the other ITSM processes is required
11 | - New functionality in future releases might not work on extended tables or would require further customization.
12 |
13 | Incident table should not be extended
14 | 1
15 | Reevaluate the requirements behind this and remove the extended tables:
16 | - Different process-related requirements should be tackled by standardizing processes at an organizational level.
17 | - Non-ITSM Incidents, e.g. a Facility Incident, should be either build as a custom app or by leveraging existing applications on the ServiceNow store.
18 |
19 | 100
20 | 0
21 | 1
22 |
27 | Extending Incident with custom child tables should not be done
28 | scan_table_check
29 | jochen.larbig
30 | 2021-10-01 07:45:55
31 | bb3bf7a31bf63c10b32c642aab4bcb75
32 | 2
33 | Incident table should not be extended
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 |
36 | ca8467c41b9abc10ce0f62c3b24bcbaa
37 | scan_table_check_bb3bf7a31bf63c10b32c642aab4bcb75
38 | jochen.larbig
39 | 2021-10-01 08:04:58
40 |
38 | false
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_df3c9331470271103899fa37536d43ca.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | manageability
6 | active=true^EQ
7 |
8 |
9 | If all the requested items in a request are closed, the request should close automatically. If the request does not close automatically, probably the flows of the items do not set the stages correctly, or the default Stages for requested items were changed and the Completed Stage does not have the correct value. This can show wrongly in reports active requests that actually are closed and also can cause confusion for users who will see their requests still open.
10 |
11 | scan_finding
12 | Open Requests with closed requested items
13 | 4
14 |
15 |
16 | 100
17 | 0
18 | 1
19 |
31 | Check that finds open Requests for which all the requested items are closed
32 | scan_table_check
33 | admin
34 | 2023-10-23 20:54:58
35 | df3c9331470271103899fa37536d43ca
36 | 0
37 | Open Requests with closed requested items
38 | ca8467c41b9abc10ce0f62c3b24bcbaa
39 |
40 | ca8467c41b9abc10ce0f62c3b24bcbaa
41 | scan_table_check_df3c9331470271103899fa37536d43ca
42 | admin
43 | 2023-10-23 20:54:58
44 |
sc_request
45 | false
46 |
47 |
48 |
49 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e19656212ff1311002eb2ca62799b639.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | run_business_rules=true^active=true^EQ
7 |
8 |
9 |
10 | Running business rules during transform may cause the transform to take longer than expected, or cause the instance to slow down.
11 | https://docs.servicenow.com/bundle/vancouver-integrate-applications/page/administer/technical-best-practice/concept/c_TroubleshootImportSetPerformance.html
12 | scan_finding
13 | Running Business Rules on Transform Maps
14 | 1
15 | Do not run items like business rules, workflows, approval engines, and so on during a transform unless you want all insert and update business rules, notifications, and workflows to run. For example, when importing all data from an old system, you may not want notifications to run. To disable these items from running and to cease auditing and field normalization within the transform map for that import, deselect the Run business rules check box.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Running Business Rules on Transform Maps
26 | scan_table_check
27 | admin
28 | 2023-10-10 11:06:48
29 | e19656212ff1311002eb2ca62799b639
30 | 1
31 | Running Business Rules on Transform Maps
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_e19656212ff1311002eb2ca62799b639
36 | admin
37 | 2023-10-10 11:08:53
38 |
sys_transform_map
39 | false
40 |
41 |
42 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e6cb0310073a1110ce33f61d7c1ed052.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | security
6 | user.active=false^EQ
7 |
8 |
9 |
10 |
11 | scan_finding
12 | List Inactive users from active group
13 | 3
14 |
15 |
16 | 100
17 | 0
18 | 1
19 |
29 | List inactive users that still belongs to activate groups
30 | scan_table_check
31 | admin
32 | 2022-10-23 18:15:44
33 | e6cb0310073a1110ce33f61d7c1ed052
34 | List Inactive users from active group
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 |
37 | ca8467c41b9abc10ce0f62c3b24bcbaa
38 | scan_table_check_e6cb0310073a1110ce33f61d7c1ed052
39 |
sys_user_grmember
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_eb1388ea2f2a91108e343e0ef699b6b0.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | manageability
6 | templateLIKEdocument.^ORclient_scriptLIKEdocument.^ORclient_scriptLIKEwindow.document^EQ
7 |
8 |
9 |
10 |
11 | Always avoid using native js "document" object for DOM manipulation in service portal. Instead we should use AngularJS equalent capabilities to achieve the same.
12 |
13 | scan_finding
14 | Avoid using javascrip "document" object in Portal
15 | 2
16 | Make sure to utilize the AngularJS capbilities to achive the tasks instead of using the "document" objects.
17 |
18 | 100
19 | 0
20 | 1
21 |
26 | Avoid using javascript "document" object in Portal
27 | scan_table_check
28 | admin
29 | 2022-10-17 17:31:11
30 | eb1388ea2f2a91108e343e0ef699b6b0
31 | 3
32 | Avoid using javascrip "document" object in Portal
33 | ca8467c41b9abc10ce0f62c3b24bcbaa
34 |
35 | ca8467c41b9abc10ce0f62c3b24bcbaa
36 | scan_table_check_eb1388ea2f2a91108e343e0ef699b6b0
37 | admin
38 | 2022-10-17 18:03:38
39 |
sp_widget
40 | false
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f0e1a8581b27705088d943fddc4bcbc3.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | client_scriptLIKE$rootScope.$on^client_scriptNOT LIKE$scope.$on('destroy'^ORclient_scriptNOT LIKE$scope.$on("destroy"^EQ
7 |
8 |
9 |
10 |
11 | $rootScope.$on listeners will remain in memory if not properly cleaned up. This will create a memory leak if the controller falls out of scope.
12 |
13 | scan_finding
14 | $rootScope.$on listener
15 | 1
16 | api.controller = function ($rootScope, $scope) {
17 | /* widget controller */
18 | var c = this;
19 |
20 | var deregister = $rootScope.$on("someevent", function () {});
21 |
22 | $scope.$on("$destroy", function destroyScope() {
23 | deregister();
24 | });
25 | };
26 |
27 | 100
28 | 0
29 | 1
30 |
35 | Always deregister $rootScope.$on listeners on the scope $destory event
36 | scan_table_check
37 | admin
38 | 2021-10-27 20:20:15
39 | f0e1a8581b27705088d943fddc4bcbc3
40 | 8
41 | $rootScope.$on listener
42 | ca8467c41b9abc10ce0f62c3b24bcbaa
43 |
44 | ca8467c41b9abc10ce0f62c3b24bcbaa
45 | scan_table_check_f0e1a8581b27705088d943fddc4bcbc3
46 | admin
47 | 2021-10-27 21:53:56
48 |
sp_widget
49 | false
50 |
51 |
52 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f9f9659e977931106c7cfed11153afc7.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 | performance
6 | type=JDBC^use_last_run_datetime=false^EQ
7 |
8 |
9 |
10 | Using "last run datetime" is a best practice in data integration processes using JDBC. It enables incremental data loading and improves performance.
11 |
12 | scan_finding
13 | Use last run datetime for JDBC data loads
14 | 4
15 | In your JDBC data load configuration, ensure that the "last run datetime" option is set to true, and configure the target database field to serve as a timestamp.
16 |
17 | 100
18 | 0
19 | 1
20 |
25 | Use last run datetime for JDBC data loads
26 | scan_table_check
27 | admin
28 | 2023-10-12 15:37:21
29 | f9f9659e977931106c7cfed11153afc7
30 | 1
31 | Use last run datetime for JDBC data loads
32 | ca8467c41b9abc10ce0f62c3b24bcbaa
33 |
34 | ca8467c41b9abc10ce0f62c3b24bcbaa
35 | scan_table_check_f9f9659e977931106c7cfed11153afc7
36 | admin
37 | 2023-10-12 15:45:31
38 |
sys_data_source
39 | false
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_fbdce17f2fb2fc505dcb59ab2799b6d0.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | false
5 |
6 | upgradability
7 | super_class.name=sys_user^EQ
8 |
9 |
10 | Extending the sys_user table is NOT recommended because it can cause problems when a user needs to be present in both tables. Remember that the User ID [sys_user.user_name] is a unique field.
11 |
12 | If you have:
13 | sys_user
14 | contract_user extends sys_user
15 | subsidiary_user extends sys_user
16 | Then you create Bob who is a contract_user
17 | Bob's class will never be sys_user.
18 | Bob can never be a subsidiary_user.
19 | To make Bob both a contract_user and a subsidiary_user, Bob must have 2 accounts.
20 |
21 | scan_finding
22 | User table should not be extended
23 | 2
24 | Reevaluate the requirements behind this and remove the extended tables:
25 | - Different process-related requirements should be tackled by standardizing processes at an organizational level.
26 |
27 | 100
28 | 0
29 | 1
30 |
35 | User table should not be extended
36 | scan_table_check
37 | nia.mccash
38 | 2021-10-01 16:32:00
39 | fbdce17f2fb2fc505dcb59ab2799b6d0
40 | 1
41 | User table should not be extended
42 | ca8467c41b9abc10ce0f62c3b24bcbaa
43 |
44 | ca8467c41b9abc10ce0f62c3b24bcbaa
45 | scan_table_check_fbdce17f2fb2fc505dcb59ab2799b6d0
46 | nia.mccash
47 | 2021-10-01 16:34:13
48 |