- A -


= Access Control List

Agile Development (ServiceNow)

ServiceNow Agile application for managing user stories, epics and defects.


= Application Programming Interface

Apex class (Salesforce)

An Apex class is a template or blueprint from which Apex objects are created. Classes consist of other classes, user-defined methods, variables, exception types, and static initialization code. 

Apex component (Salesforce)

Visualforce components are small, reusable pieces of functionality - think widgets, panels, user interface elements, that kind of thing - that you use in Visualforce page markup. 

Apex page (Salesforce)

A Visualforce page - webpage that belong to Salesforce.

Apex trigger (Salesforce)

A trigger is Apex code that executes before or after specific data manipulation language (DML) events occur, such as before object records are inserted into the database, or after records have been deleted.


= Automated Test Framework

Automated Test Framework

A ServiceNow application for setting up and running automated regression testing of functionality build in ServiceNow.


= Amazon Web Services

Amazon Web Services

Cloud service for hosting applications, SaaS platforms etc. Quality Clouds is hosted on AWS.

Back to top

- B -

Baseline ruleset

Set of default best practices provided by Quality Clouds. The main quality metrics are always calculated against the default ruleset, so that they can serve us as a baseline. This is especially useful when, for example, you run scans using different sets of customized best practices. In this case, comparing baseline values gives you a better view of the global quality trends. 

Best practice

A standard to follow for optimal platform quality.

Business rule (ServiceNow) 

A business rule is a server-side script that runs when a record is displayed, inserted, updated, or deleted, or when a table is queried. Use business rules to accomplish tasks like automatically changing values in form fields when certain conditions are met, or to create events for email notifications and script actions.

Back to top

- C -


The ServiceNow application which provides a service catalog from which catalog items (eg. laptop, phone) can be ordered.


= Configuration Element (CE)

Code quality 

The average number of issues to lines of code.


Changes to the behavior of the system in a way that does not impact its upgradeability, using a 'no-code' (i.e. configuration only) solution.

Configuration Element

Quality Clouds general term for any object or component which we scan eg. a 'business rule' or 'script include' in ServiceNow world, or an 'Apex class' or 'custom object' in Salesforce.

Custom rulesets

Set of best practices defined by you, which ignores or overrides specific rules of the default set of best practices provided by Quality Clouds. The quality metrics obtained by applying this set of rules, are labeled as Custom Ruleset Metrics, and are displayed in a prominent place in the dashboards.


Modifications the out of the box behavior of the system in a material way, through the introduction of code rather than using a no-code solution. The more customized something is, the more difficult its maintenance and scaleability are.

Back to top

- D -


Dashboards display the results of Quality Clouds scans. They present the values for different metrics and Key Performance Indicators (KPIs), which allow you to measure, manage and govern the quality of your SaaS deployments.  Each SaaS platform has a defined set of dashboards available. 

Back to top

- E -

Executive dashboard

The aim of the executive dashboard is to give at first sight the quality status of the platform with the Quality Clouds for ServiceNow KPIs. The dashboard covers the metrics for apps with issues and affected area (scalability, upgradeability, security, performance, maintainability, manageability).

Back to top

- F -

Feature branch scan

Checks all the changes you're working on in a feature branch before deploying them to a Git master branch. The feature branch scans run against different repositories on each scan, and only scan the changes that have been committed to the feature branch. The name of the feature branch needs to be specified at the time of launching a scan.

Field analysis

Quality Clouds application on the ServiceNow Store which analyses the custom database table fields and gives visibility as to which fields are populated and which are not. This analysis helps identify custom fields which are underused, and custom fields which have not been updated in a long time based on configurable thresholds. 

Full-code scan

A full-code scan is a unique time Quality Clouds runs the quality checks of a SaaS platform instance. The full-code scan creates a complete drill-down view of the quality data, and it refreshes all the dashboards. 

Back to top

- G -


= General Data Protection Regulation (GDPR)

Governance dashboard

Governance dashboard displays cross-platform results (ServiceNow, Salesforce and Office 365), both for quality and operational metrics. They are designed to show common KPIs affecting all your instances in a single view.

Back to top

- H -

Health Scan

ServiceNow’s automated instance scanning system. It is a “full-body” assessment of your instance health that analyzes your system configuration and provides insights and recommendations for what you should continue doing and where you might be able to improve.

Back to top

- I -

Impact areas

The areas where software quality can be impacted (as monitored by Quality Clouds). See > Manageability; Performance; Scalability; Security.


An individual instance of the ServiceNow platform. Also sometimes used to generically describe a Salesforce org.


Non-compliance with a best practice/rule.


IT Service Management 

Back to top

- J -

Jenkins scan

Quality Clouds scans can be executed directly from the Jenkins plugin. This plugin gives you the ability to perform automatic code scans, with the results of the scans being available to view in Jenkins interface format.

Back to top

- K -


= Key Performance Indicator (KPI)

Key Performance Indicator

A measurable value that demonstrates how effectively a company is achieving key business objectives, e.g. improving Quality of Cloud or reducing Technical Debt.

Back to top

- L -

Live Check

Quality Clouds functionality to check a ServiceNow configuration element or update set against best practices.

Back to top

- M -


Defines the effectiveness and capability of persons, products or systems able to be managed or controlled. This can be accomplished in the form of tactical, operational and/or strategic mechanisms. This characteristic is composed of the following sub-characteristics: Availability: The degree to which a system, product or component is operational and accessible when required for use. Conformity: Continuous security, compliance and cost management. Fault tolerance: The degree to which a system, product or component operates as intended despite the presence of hardware or software faults. Adaptability: The degree to which a product or system can effectively and efficiently be adapted for different or evolving hardware, software or other operational or usage environments. Replaceability: The degree to which a product can replace another specified software product for the same purpose in the same environment.

Module (ServiceNow)

A module is a function within an application. eg. Instances, Scans and Issues are all modules within the Quality Clouds ServiceNow application

- N -


Namespaces are used to organize code into logical groups and to prevent name collisions that can occur especially when your code base includes multiple libraries. Namespaces are used in Salesforce to separate and identify managed packages and by ServiceNow to identify scoped applications.

Back to top

- O -

Object (Salesforce)

Salesforce objects are database tables that permit you to store the data specific to an organization. Salesforce objects are of two types: Standard Objects - Standard objects are the kind of objects that are provided by, such as users, contracts, reports, dashboards, etc. and Custom Objects - Custom objects are those that are created by users. It supplies information that is unique and essential to their organization. It is the heart of any application. It provides a structure for sharing data.


= Out of the box

OOTB modified

Where a default system functionality (i.e. a core component or application provided by ServiceNow) has been modified using code. This type of change can impact upgradeability directly for that instance.

Operational scan

The operational scan or Admin bot is an automated process that runs periodically against your productive SaaS environments and warns you about alerts that need attention. The scan is scheduled to run daily and results in an email report. 

Out of the box

Refers to the functionality available directly after the software has been installed. Neither the core functionality nor the installed applications have been customized.


= Open Web Application Security Project (OWASP) 

Back to top

- P -


Represents the action or process of performing a task or function. This characteristic is composed of the following sub-characteristics: Time behavior: The degree to which the responsive / processing times and throughput rates of a product or system, related to the performance of functions when meeting the requirements. Resource utilization: The degree to which the amounts and types of resources used by a product or system, when performing its functions meet the requirements. Capacity: The degree to which the maximum limits of a product or system parameter fulfills the requirements.


The number of CEs created by developer.

Profiling scan

A profiling scan is a scheduled scan, run on a frequent, regular basis (usually weekly, depending on your pricing scheme) to check for the health of your instance and generate the high-level KPIs only in the Instance Profiling dashboard.

Back to top

- Q -


= Quality of Cloud

Quality in Use

Quality-in-use metrics are operational metrics coming from operational scans, and are only available when the instance is used in real conditions. Ideally, the internal quality determines the external quality and external quality determines quality in use.

Quality of Cloud

Provides an indication of the overall health of your instance or org. The 'Quality of Cloud' is calculated in the following way: We assign 100% of the quality at the start to each new instance added. We then subtract different % value based on the number of issues and their severity found in each scan. The % value comes from our experience in ServiceNow and Salesforce implementation projects.

Back to top

- R -

Rest API

A RESTful API is an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. REST is commonly used for cloud applications (eg. QualityClouds, ServiceNow, Salesforce) to send information to and from one another. 


A Quality Clouds definition of best practice which contains the resulting issue severity, the area it is impacting, associated technical debt and the remediation.


Set of rules that are applied to a platform scan. You can manage and customize your rulesets from the Rulesets section in the portal.

Rule threshold

Rule threshold an issue trigger type. The threshold value is a single point or two points at which a corresponding issue is created. The threshold value can be defined as greater than or less or equal than.

Back to top

- S -


Software As a Service


It's a cloud-based software company which provides customer-relationship management service and also sells a complementary suite of enterprise applications focused on customer service, marketing automation, analytics, and application development.


Defines the effectiveness and efficiency with which a product or system can be used or produced in a wide range of capabilities; in this case impacting the way in which a product is modified to improve, correct or adapt it to changes in an environment, and its requirements. This characteristic is composed of the following sub-characteristics: Modularity: The degree to which a system or computer program is composed of discrete components such that a change to one component has minimal impact on other components. Reusability: The degree to which an asset can be used in more than one system, or in building other assets. Analysability: The degree of effectiveness and efficiency with which it is possible to assess the impact on a product or system of an intended change to one or more of its parts, or to diagnose a product for deficiencies or causes of failures, or to identify parts to be modified. Modifiability: The degree to which a product or system can be effectively and efficiently modified without introducing defects or degrading existing product quality. Testability: The degree of effectiveness and efficiency with which test criteria can be established for a system, product or component and tests can be performed to determine whether those criteria have been met.


A Quality Clouds assessment of your instance quality. 

Scoped application (ServiceNow)

A scoped application is a ServiceNow application which is protected by identifying and restricting access to application files and data. Each scoped application will have a unique namespacer identifier.

Script Include

Script includes are used to store JavaScript that runs on the server. Create script includes to store JavaScript functions and classes for use by server scripts. Each script include defines either an object class or a function, and are a good way of centralising code and sharing across multiple CES. Can help mitigate against code duplication.


Defines the degree to which a product or system protects information and data so that persons, products or systems have the necessary amount of data access apt to their types and levels of authorization. This characteristic is composed of the following sub-characteristics: Confidentiality: The degree to which a product or system ensures that data are accessible only to those authorized to have access. Integrity: The degree to which a system, product or component prevents unauthorized access to, or modification of, computer programs or data. Non-repudiation: The degree to which actions or events can be proven to have taken place so that the events or actions cannot be discredited later. Accountability: The degree to which the actions of an entity can be traced particularly to the entity. Authenticity: The degree to which the identity of a subject or resource is verified to be the one claimed.


ServiceNow is a SaaS/PaaS provider, providing technical management support, such as IT service management, to the IT operations of large corporations, including providing help desk functionality. The company's core business revolves around management of "incident, problem, and change" IT operational events and business workflows. ServiceNow is a 'lo-code' platform which also allows customers to build bespoke workflows through configuration and customization (code scripting) on the ServiceNow platform.

Back to top

- T -

Technical debt

Technical debt is a KPI (Key Performance Indicator) that represents the implied cost in hours of development effort needed to solve the issues/violations detected in the platform due to non-adherence to best practices and changes to the out-of-the-box functionality. 


= Rule threshold

Back to top

- U -

Update set

ServiceNow mechanism for moving a set of changes between instances eg. between a Development instance to a Testing instance.

Update set scan

An update set scan gives you a visual list of the type of issues found and a link to the ServiceNow pages with the best practices.

Back to top

- V -

- W -

- X -


= Cross-site scripting (XSS)

Back to top

- Y -

- Z -

Back to top

What's here

Last modified on Feb 23, 2021