ServiceNow Best Practice rules

The below table shows the list of ServiceNow best practices that are checked by Quality Clouds.

The severity, area of impact and affected element for each best practice validation are also detailed.

The update set scan feature includes a sub-set of these checks.


ID

Description

Severity

Area of impact

Affected element

Included in Instance Scan

Included in Live Check Scan

Included in Update Set Scan

1

Business Rules defined on the Global table

High

Scalability

Business Rule

(tick)

(tick)

(tick)

2

Unused Inactivity Monitors

High

Performance

Inactivity Monitors

(tick)

(error)

(error)

5

Potential Recursive Business Rules

High

Performance

Business Rule

(tick)

(tick)

(tick)

6

Synchronous AJAX call (getReference, getXMLWait) in Client Scripts

High

Performance

Client Script

(tick)

(tick)

(tick)

7

GlideRecord usage on Client Scripts

High

Performance

Client Script / Portal Widget

(tick)

(tick)

(tick)

9

Too many fields in a Form Section

Medium

Performance

Form Section

(tick)

(error)

(error)

15

Business Rules using GlideRecord and getRowCount

Medium

Scalability

Business Rule

(tick)

(tick)

(tick)

16

High Security Settings plugin disabled

High

Security

Plugin

(tick)

(error)

(error)

17

Client Scripts with the console.log debugging method

Medium

Performance

Client Script

(tick)

(tick)

(tick)

18

Client Scripts without function

Medium

Scalability

Client Script

(tick)

(tick)

(tick)

19

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Client Scripts

(tick)

(tick)

(tick)

19

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Portal Widget - Client Script

(tick)

(tick)

(tick)

21

Modules pointing to big tables without filter

Medium

Performance

Module

(tick)

(error)

(error)

22

Document Object Model (DOM) manipulation in Client UI Actions

High

Manageability

UI Action

(tick)

(tick)

(tick)

23

The default system User Preference "Rows per Page" set above 100

Medium

Performance

User Preference

(tick)

(error)

(error)

24

JDBC Data Sources with "Use last run datetime" option unchecked

Warning

Performance

Data Source

(tick)

(error)

(error)

25

Transform Maps with "Run business rules" option enabled

Low

Performance

Transform Map

(tick)

(tick)

(tick)

26

Business Rules with debugging statements in production

Low

Scalability

Business Rule

(tick)

(error)

(tick)

27

Business Rules using eval function

Low

Security

Business Rule

(tick)

(tick)

(tick)

28

The "Log/trace level of TaskSLAController" System Property not set to "notice"

Low

Performance

System Property

(tick)

(error)

(error)

29

UI Policy Actions without field effects

Low

Performance

UI Policy Action

(tick)

(tick)

(tick)

32

Client Scripts defined on the Global table

High

Scalability

Client Script

(tick)

(tick)

(tick)

33

Business Rules using the SOAP getResponse method

High

Performance

Business Rule

(tick)

(tick)

(tick)

35

Contextual Security Plugin disabled

High

Security

Plugin

(tick)

(error)

(error)

36

The "Update on Iterate" System Property enabled

Medium

Performance

System Property

(tick)

(error)

(error)

37

The "Go To search" System Property set to "contains" operator

Low

Performance

System Property

(tick)

(error)

(error)

38

Debugging properties enabled in production environments

Low

Performance

System Property

(tick)

(error)

(error)

39

The "Security Manager" System Property default behaviour set to "Allow Access"

High

Security

System Property

(tick)

(error)

(error)

40

Client Scripts with empty script field

Low

Performance

Client Script

(tick)

(tick)

(tick)

41

Document Object Model (DOM) manipulation in UI Policies

High

Manageability

UI Policy

(tick)

(tick)

(tick)

42

Server UI Actions using GlideRecord and getRowCount

Medium

Scalability

UI Action

(tick)

(tick)

(tick)

43

Script Includes using GlideRecord and getRowCount

Medium

Scalability

Script Include

(tick)

(tick)

(tick)

44

Client UI Actions using GlideRecord

High

Performance

UI Action

(tick)

(tick)

(tick)

45

UI Policies using GlideRecord

High

Performance

UI Policy

(tick)

(tick)

(tick)

46

Synchronous AJAX call (getReference, getXMLWait) in UI Policies

High

Performance

UI Policy

(tick)

(tick)

(tick)

47

Synchronous AJAX call (getReference, getXMLWait) in Client UI Actions

High

Performance

UI Action

(tick)

(tick)

(tick)

48

Business Rules with hard-coded sys_ids

Medium

Manageability

Business Rule

(tick)

(tick)

(tick)

49

Users with too many rows per page

Medium

Performance

User Preference

(tick)

(error)

(error)

50

Client Scripts with hard-coded sys_ids

Medium

Manageability

Client Script

(tick)

(tick)

(tick)

51

Script Includes with hard-coded sys_ids

Medium

Manageability

Script Include

(tick)

(tick)

(tick)

52

UI Policies with hard-coded sys_ids

Medium

Manageability

UI Policy

(tick)

(tick)

(tick)

53

UI Actions with hard-coded sys_ids

Medium

Manageability

UI Action

(tick)

(tick)

(tick)

54

Transform Maps with hard-coded sys_ids

Medium

Manageability

Table Transform Map

(tick)

(tick)

(tick)

55

Transform Scripts with hard-coded sys_ids

Medium

Manageability

Transform Script

(tick)

(tick)

(tick)

57

The "Items per Page" System Property includes options over 100

Medium

Performance

System Property

(tick)

(error)

(error)

58

The "Database Rotation" Plugin disabled

Medium

Manageability

Plugin

(tick)

(error)

(error)

59

ACL Rules using GlideRecord

Medium

Performance

Access Control

(tick)

(tick)

(tick)

60

The "Database Rotation with Default Tables" Plugin disabled

Medium

Manageability

Plugin

(tick)

(error)

(error)

61

SOAP Timeout Value over 500 minutes

High

Performance

System Property

(tick)

(error)

(error)

62

The "Auto-Complete Wait Time" System Property exceeds 750ms

Medium

Performance

System Property

(tick)

(error)

(error)

67

Forms with too many sections

Low

Performance

Forms

(tick)

(error)

(error)

70

The "Auto-complete Search" System Property set to "contains" operator

Low

Manageability

System Property

(tick)

(error)

(error)

75

Script Includes with debugging statements in production

Low

Scalability

Script Include

(tick)

(error)

(tick)

76

UI Actions with debugging statements

Low

Scalability

UI Action

(tick)

(error)

(tick)

81

Business Rules without function

High

Scalability

Business Rule

(tick)

(tick)

(tick)

84

Synchronous Business Rules making SOAP or REST calls

High

Performance

Business Rule 

(tick)

(tick)

(tick)

84

Synchronous Business Rules making SOAP or REST calls

High

Performance

Portal Widget - Server Script

(tick)

(tick)

(tick)

86

Synchronous AJAX call (getReference, getXMLWait) in Catalog Client Scripts

High

Performance

Catalog Client Script

(tick)

(tick)

(tick)

87

GlideRecord usage on Catalog Client Scripts

High

Performance

Catalog Client Script

(tick)

(tick)

(tick)

88

Catalog Client Scripts with the console.log debugging method

Medium

Performance

Catalog Client Script

(tick)

(tick)

(tick)

89

Catalog Client Scripts without function

Medium

Scalability

Catalog Client Script

(tick)

(tick)

(tick)

90

Document Object Model (DOM) manipulation in Catalog Client Scripts

High

Manageability

Catalog Client Script

(tick)

(tick)

(tick)

91

Catalog Client Scripts with empty script field

Low

Performance

Catalog Client Script

(tick)

(tick)

(tick)

92

Catalog Client Scripts with hard-coded sys_ids

Medium

Manageability

Catalog Client Script

(tick)

(tick)

(tick)

93

Notification Email Scripts with hard-coded sys_ids

Medium

Manageability

Notification Email Scripts

(tick)

(tick)

(tick)

94

Portal Widgets with hard-coded sys_ids

Medium

Manageability

Portal Widget - Client and Server Scripts

(tick)

(tick)

(tick)

95

Angular Providers with hard-coded sys_ids

Medium

Manageability

Angular Providers

(tick)

(tick)

(tick)

102

Workflows with over 50 activities

Medium

Performance

Workflow

(tick)

(error)

(error)

103

Workflows with over 10 Timer activities

Medium

Performance

Workflow

(tick)

(error)

(error)

104

UI Scripts with hard-coded sys_ids

Medium

Manageability

UI Script

(tick)

(tick)

(tick)

106

Synchronous AJAX call (getReference, getXMLWait) in UI Scripts

High

Performance

UI Script

(tick)

(tick)

(tick)

107

GlideRecord usage on UI Scripts

High

Performance

UI Script

(tick)

(tick)

(tick)

108

Workflows with Notification Activities

Medium

Manageability

Workflow

(tick)

(error)

(error)

117

UI Scripts with the console.log debugging method

Medium

Performance

UI Script

(tick)

(tick)

(tick)

118

UI Scripts without function

Medium

Scalability

UI Script

(tick)

(tick)

(tick)

119

Document Object Model (DOM) manipulation in UI Scripts

High

Manageability

UI Script

(tick)

(tick)

(tick)

130onBefore Business Rules should not update records on other tables.HighPerformanceBusinessRule(tick)(tick)(tick)
134onBefore Transform Scripts should only update the target table.HighPerformanceTransform Script(tick)(tick)(tick)

140

UI Scripts with empty script field

Low

Performance

UI Script

(tick)

(tick)

(tick)

164Scripts should not use gs.sqlHighManageabilityScript Include(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityBusiness Rule(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityPortal Widget - Server side script(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityAccess Control(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityUI Action(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityTransform Map(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityTransform Script(tick)(tick)(tick)
164Scripts should not use gs.sqlHighManageabilityRecord Producer(tick)(tick)(tick)

229

Catalog UI Policy Actions without field effects

Low

Performance

Catalog Ui Policy Action

(tick)

(tick)

(tick)

241

Document Object Model (DOM) manipulation in Catalog UI Policies

High

Manageability

Catalog UI policy

(tick)

(tick)

(tick)

245

Catalog UI Policies using GlideRecord

High

Performance

Catalog UI policy

(tick)

(tick)

(tick)

246

Synchronous AJAX call (getReference, getXMLWait) in Catalog UI Policies

High

Performance

Catalog UI policy

(tick)

(tick)

(tick)

252

Catalog UI Policies with hard-coded sys_ids

Medium

Manageability

Catalog UI policy

(tick)

(tick)

(tick)

253Inbound Email Actions with hard-coded sys_ids.MediumManageabilityInbound Email Action(tick)(tick)(tick)

254

Inbound Email Actions using GlideRecord and getRowCount.MediumScalabilityInbound Email Action(tick)(tick)(tick)

255

Event Script Action with hard-coded sys_ids.MediumManageabilityScript Action(tick)(tick)(tick)

256

Event Script Action using GlideRecord and getRowCount.MediumScalabilityScript Action(tick)(tick)(tick)
175SOAP Request Strict Security should be enabledHighSecuritySystem Property(tick)(error)(error)
182Java Package Collection mode and Collection mode override properties should be disabledHighSecuritySystem Property(tick)(error)(error)
183Client Generated Scripts Sandbox should be enabledHighSecuritySystem Property(tick)(error)(error)
184Cookies – HTTP Only should be enabledHighSecuritySystem Property(tick)(error)(error)
185Escape HTML should be enabledHighSecuritySystem Property(tick)(error)(error)
186CSV Request Authorization should be enabledHighSecuritySystem Property(tick)(error)(error)
187SSLv2/SSLv3 should be disabledHighSecuritySystem Property(tick)(error)(error)
188AJAXGlideRecord ACL Checking should be enabledHighSecuritySystem Property(tick)(error)(error)
189SLA logging level should be set to "notice"HighPerformanceSystem Property(tick)(error)(error)
190Basic Auth SOAP Requests setting should be enabledHighSecuritySystem Property(tick)(error)(error)
191Old UI enabled or being used

High

SecuritySystem Property(tick)(error)(error)
192Script Request Authorization should be enabledHighSecuritySystem Property(tick)(error)(error)
193Escape Jelly should be enabledHighSecuritySystem Property(tick)(error)(error)
194Allow Javascript tags in Embedded HTML property should be disabledHighSecuritySystem Property(tick)(error)(error)
196Enable AJAXEvaluate should be disabledHighSecuritySystem Property(tick)(error)(error)
197Anti-CSRF Token setting should be enabledHighSecuritySystem Property(tick)(error)(error)
198Escape XML should be enabledHighSecuritySystem Property(tick)(error)(error)
199HTML Sanitizer property should be enabledHighSecuritySystem Property(tick)(error)(error)
200Check UI Action Conditions check before Execution should be enabledHighSecuritySystem Property(tick)(error)(error)