Can customers see scripts of a Protected scoped app published on the Store?

KhushbooS168433
Tera Contributor

10 hours ago

I have developed a scoped application and set the Protection Policy for my scripts and other resources to Protected.

If I publish this scoped app to the ServiceNow Store and a customer installs it in their instance, will they be able to view the scripts and internal functionalities of the application?

Or does the protection ensure that the code remains hidden and only the functionality is exposed?

Thanks in advance!

0 Helpfuls
  • 241 Views
6 REPLIES 6

nityabans27
Giga Guru

3 hours ago

Hi @KhushbooS168433 ,

When an application is installed from the ServiceNow Store, the visibility and editability of its scripts depend on the protection policy set by the application developer. 
 
  • Protected Script Includes: 
    Developers can choose to protect Script Includes within their applications. If a Script Include is set to "Protected," its code is encrypted and cannot be viewed or edited on instances where the application is installed from the ServiceNow Store. This is a common practice to safeguard intellectual property.
  • Read-only Script Includes: 
    If a Script Include's protection policy is set to "Read-only," instances with the installed application can view the script but cannot modify it.
  • Unprotected Elements: 
    Other elements within the application, such as UI Pages, tables, or client scripts, might not be protected and could potentially be viewed or even edited by users with appropriate access permissions on the instance.
In summary, while some components like Script Includes can be protected and made invisible or read-only, not all scripts within a ServiceNow Store application are necessarily hidden after installation. The level of script visibility depends on the developer's chosen protection policies for each individual component.
 
If you find my answer useful please mark it helpful and accept it as solution.
0 Helpfuls

OlaN
Giga Sage
Giga Sage

2 hours ago

Hi,

I would say it depends.

As several has pointed out, your code is safeguarded when using it on a cloud instance.

But customers can also run ServiceNow in an onPrem fashion, and in this case I'm not sure the protection is enough. Given that the customer can access the DB directly the data can perhaps be accessed.

I have not tested this, so I'm speculating a bit here, just to give some perspective.