Ignore commented code in Instance Scan Checks

Mark Roethof
Tera Patron

yesterday

Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

 

Hi there,

 

I've written a ton of Instance Scan Checks, all working nicely... only one thing... those false positives on commented code. Arghh 😖! Feel the same pain?
No worries though, there's a solution for that 🙂.

 

Let's dive in!


Type of Scan Checks

ServiceNow's out-of-the-box (free) Instance Scan application comes with four types of Scan Checks:

  • Table Check
  • Column Type Check
  • Script Only Check
  • Linter Check

 

The first three types of Scan Checks originate from the initial version of Instance Scan (introduced in the Orlando release), while Linter Check were introduced later with the Quebec release.

 

You might have already noticed something interesting:

  • False positives appear in Table Checks / Column Type Checks / Script Only Checks
  • No false positives in Linter Checks

 

That's correct.

 

Linter Checks automatically ignore commented code, while the other type of Scan Checks do not which leads to unnecessary and misleading Scan Findings.

 

Out-of-the-box method

You could think of several ways to ignore commented code when writing Instance Scan Checks. Out-of-the-box, ServiceNow already provides a solution in some Scan Checks by using the JavaScript replace() function in combination with a regular expression.

 

This approach is only applied in a small number of Scan Checks (about 5% of the out-of-the-box Scan Checks), which explains why false positives are so common.

 

Below are a few examples of how this method is used out-of-the-box.

 

Table Check

Code - Table Check.png

 

Script Only Check

Code - Script Only Check.png

 

Column Type Check

Code - Column Type Check.png

 

Replace()

The out-of-the-box approach may look almost too simple, but it works as a charm! Just a replace() statement in combination with a solid regular expression statement.

 

Personally, I do always place this kind of logic in a Script Include. This allows me to create reusable functions and in this case, avoid repeating the same strip commented code logic across hundreds of Scan Checks.

 

My preferred setup looks like this.

 

Column Type Check

Replace - Check.png

 

Script Include - ColumnTypeCheckRegExValidation

Replace - Script Include.png

 

Script Include - _StripScriptCommentedCode

Replace - Strip.png

---


And that's it, not much to it! Hope you like it. If any questions or remarks, let me know!

 

C

If this content helped you, I would appreciate it if you hit bookmark or mark it as helpful.

 

Interested in more Articles, Blogs, Videos, Podcasts, Share projects I shared/participated in?
- Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

 

Kind regards,


Mark Roethof

Independent ServiceNow Consultant
10x ServiceNow MVP

---

LinkedIn

0 Helpfuls
  • 22 Views
Version history
Last update:
3 weeks ago
Updated by:
Tera Patron
Contributors