ServiceNow Coding Best Practice rules

The below table shows the list of ServiceNow coding best practices that are checked by Quality Clouds.

The severity, area of impact and affected element for each best practice validation are also detailed.

The update set scan feature includes a sub-set of these checks.


ID

Description

Severity

Area of impact

Affected element

Included in Instance Scan

Included in Live Check Scan

Included in Update Set Scan

1

Business Rules defined on the Global table

High

Scalability

Business Rule

2

Unused Inactivity Monitors

High

Performance

Inactivity Monitors

5

Potential Recursive Business Rules

High

Performance

Business Rule

6

Synchronous AJAX call (getReference, getXMLWait) in Client Scripts

High

Performance

Client Script

7

GlideRecord usage on Client Scripts

High

Performance

Client Script / Portal Widget

9

Too many fields in a Form Section

Medium

Performance

Form Section

15

Business Rules using GlideRecord and getRowCount

Medium

Scalability

Business Rule

16

High Security Settings plugin disabled

High

Security

Plugin

17

Client Scripts with the console.log debugging method

Medium

Performance

Client Script

18

Client Scripts without function

Medium

Scalability

Client Script

19

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Client Scripts

19

Document Object Model (DOM) manipulation in Client Scripts

High

Manageability

Portal Widget - Client Script

21

Modules pointing to big tables without filter

Medium

Performance

Module

22

Document Object Model (DOM) manipulation in Client UI Actions

High

Manageability

UI Action

23

The default system User Preference "Rows per Page" set above 100

Medium

Performance

User Preference

24

JDBC Data Sources with "Use last run datetime" option unchecked

Warning

Performance

Data Source

25

Transform Maps with "Run business rules" option enabled

Low

Performance

Transform Map

26

Business Rules with debugging statements in production

Low

Scalability

Business Rule

27

Business Rules using eval function

Low

Security

Business Rule

28

The "Log/trace level of TaskSLAController" System Property not set to "notice"

Low

Performance

System Property

29

UI Policy Actions without field effects

Low

Performance

UI Policy Action

32

Client Scripts defined on the Global table

High

Scalability

Client Script

33

Business Rules using the SOAP getResponse method

High

Performance

Business Rule

35

Contextual Security Plugin disabled

High

Security

Plugin

36

The "Update on Iterate" System Property enabled

Medium

Performance

System Property

37

The "Go To search" System Property set to "contains" operator

Low

Performance

System Property

38

Debugging properties enabled in production environments

Low

Performance

System Property

39

The "Security Manager" System Property default behaviour set to "Allow Access"

High

Security

System Property

40

Client Scripts with empty script field

Low

Performance

Client Script

41

Document Object Model (DOM) manipulation in UI Policies

High

Manageability

UI Policy

42

Server UI Actions using GlideRecord and getRowCount

Medium

Scalability

UI Action

43

Script Includes using GlideRecord and getRowCount

Medium

Scalability

Script Include

44

Client UI Actions using GlideRecord

High

Performance

UI Action

45

UI Policies using GlideRecord

High

Performance

UI Policy

46

Synchronous AJAX call (getReference, getXMLWait) in UI Policies

High

Performance

UI Policy

47

Synchronous AJAX call (getReference, getXMLWait) in Client UI Actions

High

Performance

UI Action

48

Business Rules with hard-coded sys_ids

Medium

Manageability

Business Rule

49

Users with too many rows per page

Medium

Performance

User Preference

50

Client Scripts with hard-coded sys_ids

Medium

Manageability

Client Script

51

Script Includes with hard-coded sys_ids

Medium

Manageability

Script Include

52

UI Policies with hard-coded sys_ids

Medium

Manageability

UI Policy

53

UI Actions with hard-coded sys_ids

Medium

Manageability

UI Action

54

Transform Maps with hard-coded sys_ids

Medium

Manageability

Table Transform Map

 

55

Transform Scripts with hard-coded sys_ids

Medium

Manageability

Transform Script

57

The "Items per Page" System Property includes options over 100

Medium

Performance

System Property

58

The "Database Rotation" Plugin disabled

Medium

Manageability

Plugin

59

ACL Rules using GlideRecord

Medium

Performance

Access Control

60

The "Database Rotation with Default Tables" Plugin disabled

Medium

Manageability

Plugin

61

SOAP Timeout Value over 500 minutes

High

Performance

System Property

62

The "Auto-Complete Wait Time" System Property exceeds 750ms

Medium

Performance

System Property

67

Forms with too many sections

Low

Performance

Forms

70

The "Auto-complete Search" System Property set to "contains" operator

Low

Manageability

System Property

75

Script Includes with debugging statements in production

Low

Scalability

Script Include

76

UI Actions with debugging statements

Low

Scalability

UI Action

81

Business Rules without function

High

Scalability

Business Rule

84

Synchronous Business Rules making SOAP or REST calls

High

Performance

Business Rule 

84

Synchronous Business Rules making SOAP or REST calls

High

Performance

Portal Widget - Server Script

86

Synchronous AJAX call (getReference, getXMLWait) in Catalog Client Scripts

High

Performance

Catalog Client Script

87

GlideRecord usage on Catalog Client Scripts

High

Performance

Catalog Client Script

88

Catalog Client Scripts with the console.log debugging method

Medium

Performance

Catalog Client Script

89

Catalog Client Scripts without function

Medium

Scalability

Catalog Client Script

90

Document Object Model (DOM) manipulation in Catalog Client Scripts

High

Manageability

Catalog Client Script

91

Catalog Client Scripts with empty script field

Low

Performance

Catalog Client Script

92

Catalog Client Scripts with hard-coded sys_ids

Medium

Manageability

Catalog Client Script

93

Notification Email Scripts with hard-coded sys_ids

Medium

Manageability

Notification Email Scripts

94

Portal Widgets with hard-coded sys_ids

Medium

Manageability

Portal Widget - Client and Server Scripts

95

Angular Providers with hard-coded sys_ids

Medium

Manageability

Angular Providers

102

Workflows with over 50 activities

Medium

Performance

Workflow

103

Workflows with over 10 Timer activities

Medium

Performance

Workflow

104

UI Scripts with hard-coded sys_ids

Medium

Manageability

UI Script

106

Synchronous AJAX call (getReference, getXMLWait) in UI Scripts

High

Performance

UI Script

107

GlideRecord usage on UI Scripts

High

Performance

UI Script

108

Workflows with Notification Activities

Medium

Manageability

Workflow

117

UI Scripts with the console.log debugging method

Medium

Performance

UI Script

118

UI Scripts without function

Medium

Scalability

UI Script

119

Document Object Model (DOM) manipulation in UI Scripts

High

Manageability

UI Script

130onBefore Business Rules should not update records on other tables.HighPerformanceBusinessRule

134onBefore Transform Scripts should only update the target table.HighPerformanceTransform Script

140

UI Scripts with empty script field

Low

Performance

UI Script

164Scripts should not use gs.sqlHighManageabilityScript Include

164Scripts should not use gs.sqlHighManageabilityBusiness Rule

164Scripts should not use gs.sqlHighManageabilityPortal Widget - Server side script

164Scripts should not use gs.sqlHighManageabilityAccess Control

164Scripts should not use gs.sqlHighManageabilityUI Action

164Scripts should not use gs.sqlHighManageabilityTransform Map

164Scripts should not use gs.sqlHighManageabilityTransform Script

164Scripts should not use gs.sqlHighManageabilityRecord Producer

229

Catalog UI Policy Actions without field effects

Low

Performance

Catalog Ui Policy Action

241

Document Object Model (DOM) manipulation in Catalog UI Policies

High

Manageability

Catalog UI policy

245

Catalog UI Policies using GlideRecord

High

Performance

Catalog UI policy

246

Synchronous AJAX call (getReference, getXMLWait) in Catalog UI Policies

High

Performance

Catalog UI policy

252

Catalog UI Policies with hard-coded sys_ids

Medium

Manageability

Catalog UI policy

253Inbound Email Actions with hard-coded sys_ids.MediumManageabilityInbound Email Action

254

Inbound Email Actions using GlideRecord and getRowCount.MediumScalabilityInbound Email Action

255

Event Script Action with hard-coded sys_ids.MediumManageabilityScript Action

256

Event Script Action using GlideRecord and getRowCount.MediumScalabilityScript Action

175SOAP Request Strict Security should be enabledHighSecuritySystem Property

182Java Package Collection mode and Collection mode override properties should be disabledHighSecuritySystem Property

183Client Generated Scripts Sandbox should be enabledHighSecuritySystem Property

184Cookies – HTTP Only should be enabledHighSecuritySystem Property

185Escape HTML should be enabledHighSecuritySystem Property

186CSV Request Authorization should be enabledHighSecuritySystem Property

187SSLv2/SSLv3 should be disabledHighSecuritySystem Property

188AJAXGlideRecord ACL Checking should be enabledHighSecuritySystem Property

189SLA logging level should be set to "notice"HighPerformanceSystem Property

190Basic Auth SOAP Requests setting should be enabledHighSecuritySystem Property

191Old UI enabled or being used

High

SecuritySystem Property

192Script Request Authorization should be enabledHighSecuritySystem Property

193Escape Jelly should be enabledHighSecuritySystem Property

194Allow Javascript tags in Embedded HTML property should be disabledHighSecuritySystem Property

196Enable AJAXEvaluate should be disabledHighSecuritySystem Property

197Anti-CSRF Token setting should be enabledHighSecuritySystem Property

198Escape XML should be enabledHighSecuritySystem Property

199HTML Sanitizer property should be enabledHighSecuritySystem Property

200Check UI Action Conditions check before Execution should be enabledHighSecuritySystem Property