Can customers see scripts of a Protected scoped app published on the Store?

KhushbooS168433 · 7 hours ago

I have developed a scoped application and set the Protection Policy for my scripts and other resources to Protected.

If I publish this scoped app to the ServiceNow Store and a customer installs it in their instance, will they be able to view the scripts and internal functionalities of the application?

Or does the protection ensure that the code remains hidden and only the functionality is exposed?

Thanks in advance!

M Iftikhar · 4 hours ago

Hi Khushboo,

Great question! This is a common consideration when publishing scoped applications to the ServiceNow Store.

When you set the Protection Policy of your scripts and resources to Protected, it ensures that the internal implementation details (such as business rule logic, script includes, or client scripts) are not exposed to customers who install your application. Customers can still use and benefit from the functionality of your app, but they will not have direct visibility into the code itself.

Here are a few important points to keep in mind:

Functionality vs. Implementation
Customers get access to the functionality your app provides, but the underlying implementation logic remains hidden when marked as protected.
Preservation of IP
Protection safeguards your intellectual property by preventing direct modification or copying of your core scripts. This is especially important for apps distributed via the Store.
Customization Boundaries
While customers can still configure, extend, or integrate your app using the supported extension points you provide (such as scriptable APIs or configuration tables), they won’t be able to edit or override your protected scripts.
Documentation & Extensibility
Since protected code isn’t visible, it’s a good practice to provide clear documentation and, if needed, well-defined extension points so customers can safely adapt the app to their needs without accessing hidden internals.

In short, yes, the Protected setting ensures that your code remains hidden, and only the intended functionality is available to customers after installation.

Hope this helps!
Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution so others can benefit as well.

Bhuvan · 3 hours ago

@KhushbooS168433

If you have set protection policy to protected, then customers cannot see any code or logic used for the scoped application.

If you have used protection as none, customer can read and edit the code. If it is read-only, they can read but cannot edit.

As per community guidelines, you can accept more than one answer as accepted solution. If my response helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

Bhuvan · 3 hours ago

@KhushbooS168433

https://www.servicenow.com/docs/bundle/zurich-application-development/page/build/applications/concep...

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

dzmitryKon · 2 hours ago

The Protected flag on a scoped application means that internal implementation details (Business Rules, Script Includes, ACL scripts, etc.) are marked “Protection policy – Protected.” When the app is installed on a customer instance, those scripts are not visible; customers can use the functionality and extension points but cannot read or edit protected scripts. Only objects without protection (e.g., tables, forms) are viewable. Therefore, using a protected scope and setting the “Protection policy” on each script ensures your intellectual property remains hidden.