ServiceNow coding best practice rules

The below table shows the list of ServiceNow coding best practices that are checked by Quality Clouds.

The severity, area of impact and affected element for each best practice validation are also detailed.

The update set scan feature includes a sub-set of these checks.

Download free now!

Our new development report is out and features insights into how ServiceNow platforms evolved over the last year.

Download here


Description

Severity

Area of impact

Affected element

Included in Instance Scan

Included in Live Check Scan

Included in Update Set Scan

Business Rules defined on the Global table

High

Scalability

Business Rule

Unused Inactivity Monitors

High

Performance

Inactivity Monitors

Potential Recursive Business Rules

High

Performance

Business Rule

Synchronous AJAX call (getReference, getXMLWait) in Client Scripts

High

Performance

Client Script

GlideRecord usage on Client Scripts

High

Performance

Client Script / Portal Widget

Too many fields in a Form Section

Medium

Performance

Form Section

Business Rules using GlideRecord and getRowCount

Medium

Scalability

Business Rule

High Security Settings plugin disabled

High

Security

Plugin

Client Scripts with the console.log debugging method

Medium

Performance

Client Script

Client Scripts without function

Medium

Scalability

Client Script

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Client Scripts

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Portal Widget - Client Script

Modules pointing to big tables without filter

Medium

Performance

Module

Document Object Model (DOM) manipulation in Client UI Actions

High

Manageability

UI Action

The default system User Preference "Rows per Page" set above 100

Medium

Performance

User Preference

JDBC Data Sources with "Use last run datetime" option unchecked

Warning

Performance

Data Source

Transform Maps with "Run business rules" option enabled

Low

Performance

Transform Map

Business Rules with debugging statements in production

Low

Scalability

Business Rule

Business Rules using eval function

Low

Security

Business Rule

The "Log/trace level of TaskSLAController" System Property not set to "notice"

Low

Performance

System Property

UI Policy Actions without field effects

Low

Performance

UI Policy Action

Client Scripts defined on the Global table

High

Scalability

Client Script

Business Rules using the SOAP getResponse method

High

Performance

Business Rule

Contextual Security Plugin disabled

High

Security

Plugin

The "Update on Iterate" System Property enabled

Medium

Performance

System Property

The "Go To search" System Property set to "contains" operator

Low

Performance

System Property

Debugging properties enabled in production environments

Low

Performance

System Property

The "Security Manager" System Property default behaviour set to "Allow Access"

High

Security

System Property

Client Scripts with empty script field

Low

Performance

Client Script

Document Object Model (DOM) manipulation in UI Policies

High

Manageability

UI Policy

Server UI Actions using GlideRecord and getRowCount

Medium

Scalability

UI Action

Script Includes using GlideRecord and getRowCount

Medium

Scalability

Script Include

Client UI Actions using GlideRecord

High

Performance

UI Action

UI Policies using GlideRecord

High

Performance

UI Policy

Synchronous AJAX call (getReference, getXMLWait) in UI Policies

High

Performance

UI Policy

Synchronous AJAX call (getReference, getXMLWait) in Catalog UI PoliciesHighPerformanceCatalog UI Policy

Synchronous AJAX call (getReference, getXMLWait) in Client UI Actions

High

Performance

UI Action

Business Rules with hard-coded sys_ids

Medium

Manageability

Business Rule

Users with too many rows per page

Medium

Performance

User Preference

Client Scripts with hard-coded sys_ids

Medium

Manageability

Client Script

Script Includes with hard-coded sys_ids

Medium

Manageability

Script Include

UI Policies with hard-coded sys_ids

Medium

Manageability

UI Policy

UI Actions with hard-coded sys_ids

Medium

Manageability

UI Action

Transform Maps with hard-coded sys_ids

Medium

Manageability

Table Transform Map

 

Transform Scripts with hard-coded sys_ids

Medium

Manageability

Transform Script

The "Items per Page" System Property includes options over 100

Medium

Performance

System Property

The "Database Rotation" Plugin disabled

Medium

Manageability

Plugin

ACL Rules using GlideRecord

Medium

Performance

Access Control

The "Database Rotation with Default Tables" Plugin disabled

Medium

Manageability

Plugin

SOAP Timeout Value over 500 minutes

High

Performance

System Property

The "Auto-Complete Wait Time" System Property exceeds 750ms

Medium

Performance

System Property

Forms with too many sections

Low

Performance

Forms

The "Auto-complete Search" System Property set to "contains" operator

Low

Manageability

System Property

Script Includes with debugging statements in production

Low

Scalability

Script Include

UI Actions with debugging statements

Low

Scalability

UI Action

Business Rules without function

High

Scalability

Business Rule

Synchronous Business Rules making SOAP or REST calls

High

Performance

Business Rule 

Synchronous Business Rules making SOAP or REST calls

High

Performance

Portal Widget - Server Script

Synchronous AJAX call (getReference, getXMLWait) in Catalog Client Scripts

High

Performance

Catalog Client Script

GlideRecord usage on Catalog Client Scripts

High

Performance

Catalog Client Script

Catalog Client Scripts with the console.log debugging method

Medium

Performance

Catalog Client Script

Catalog Client Scripts without function

Medium

Scalability

Catalog Client Script

Document Object Model (DOM) manipulation in Catalog Client Scripts

High

Manageability

Catalog Client Script

Catalog Client Scripts with empty script field

Low

Performance

Catalog Client Script

Catalog Client Scripts with hard-coded sys_ids

Medium

Manageability

Catalog Client Script

Notification Email Scripts with hard-coded sys_ids

Medium

Manageability

Notification Email Scripts

Portal Widgets with hard-coded sys_ids

Medium

Manageability

Portal Widget - Client and Server Scripts

Angular Providers with hard-coded sys_ids

Medium

Manageability

Angular Providers

Workflows with over 50 activities

Medium

Performance

Workflow

Workflows with over 10 Timer activities

Medium

Performance

Workflow

UI Scripts with hard-coded sys_ids

Medium

Manageability

UI Script

Synchronous AJAX call (getReference, getXMLWait) in UI Scripts

High

Performance

UI Script

GlideRecord usage on UI Scripts

High

Performance

UI Script

Workflows with Notification Activities

Medium

Manageability

Workflow

UI Scripts with the console.log debugging method

Medium

Performance

UI Script

UI Scripts without function

Medium

Scalability

UI Script

Document Object Model (DOM) manipulation in UI Scripts

High

Manageability

UI Script

onBefore Business Rules should not update records on other tables.HighPerformanceBusinessRule

onBefore Transform Scripts should only update the target table.HighPerformanceTransform Script

UI Scripts with empty script field

Low

Performance

UI Script

Scripts should not use gs.sqlHighManageabilityScript Include

Scripts should not use gs.sqlHighManageabilityBusiness Rule

Scripts should not use gs.sqlHighManageabilityPortal Widget - Server side script

Scripts should not use gs.sqlHighManageabilityAccess Control

Scripts should not use gs.sqlHighManageabilityUI Action

Scripts should not use gs.sqlHighManageabilityTransform Map

Scripts should not use gs.sqlHighManageabilityTransform Script

Scripts should not use gs.sqlHighManageabilityRecord Producer

Catalog UI Policy Actions without field effects

Low

Performance

Catalog Ui Policy Action

Document Object Model (DOM) manipulation in Catalog UI Policies

High

Manageability

Catalog UI policy

Catalog UI Policies using GlideRecord

High

Performance

Catalog UI policy

Synchronous AJAX call (getReference, getXMLWait) in Catalog UI Policies

High

Performance

Catalog UI policy

Catalog UI Policies with hard-coded sys_ids

Medium

Manageability

Catalog UI policy

Inbound Email Actions with hard-coded sys_ids.MediumManageabilityInbound Email Action

Inbound Email Actions using GlideRecord and getRowCount.MediumScalabilityInbound Email Action

Event Script Action with hard-coded sys_ids.MediumManageabilityScript Action

Event Script Action using GlideRecord and getRowCount.MediumScalabilityScript Action

SOAP Request Strict Security should be enabledHighSecuritySystem Property

Java Package Collection mode and Collection mode override properties should be disabledHighSecuritySystem Property

Client Generated Scripts Sandbox should be enabledHighSecuritySystem Property

Cookies – HTTP Only should be enabledHighSecuritySystem Property

Escape HTML should be enabledHighSecuritySystem Property

CSV Request Authorization should be enabledHighSecuritySystem Property

SSLv2/SSLv3 should be disabledHighSecuritySystem Property

AJAXGlideRecord ACL Checking should be enabledHighSecuritySystem Property

SLA logging level should be set to "notice"HighPerformanceSystem Property

Basic Auth SOAP Requests setting should be enabledHighSecuritySystem Property

Old UI enabled or being used

High

SecuritySystem Property

Script Request Authorization should be enabledHighSecuritySystem Property

Escape Jelly should be enabledHighSecuritySystem Property

Allow Javascript tags in Embedded HTML property should be disabledHighSecuritySystem Property

Enable AJAXEvaluate should be disabledHighSecuritySystem Property

Anti-CSRF Token setting should be enabledHighSecuritySystem Property

Escape XML should be enabledHighSecuritySystem Property

HTML Sanitizer property should be enabledHighSecuritySystem Property

Check UI Action Conditions check before Execution should be enabledHighSecuritySystem Property

Client Scripts should not use unsupported
scripting APIs

HighManageabilityClient Scripts

Catalog Client Scripts should not use unsupported
scripting APIs
HighManageabilityCatalog Client Scripts

Creating custom tables in the global scope should be avoided.WarningManageabilityTables

GlideRecord API usage in Scripted REST API Resource.HighSecurityScripted REST API Resource

REST API Resource modifying data without Authentication check.HighSecurityScripted REST API Resource

REST API Resource modifying data without Authorization check.HighSecurityScripted REST API Resource

Modified Out of the Box ElementWarningManageabilityAll elements