Issue with Instance Scan - executing a Suite Scan by Scoped App

maynartt
Kilo Guru

‎03-26-2024 06:21 AM

Does anyone know why some checks in a suite get skipped/ignored when executing a suite scan by Scoped App?

 

Here's what I'm running into:
I'm trying to run Instance Scan's "Best Practices" suite against a scoped app in our instance. It has 34 checks.

maynartt_0-1711458669048.png

 


I click the "Execute Suite Scan" button, and on the following dialog, I select "Full Instance", and click "Execute Scan".

maynartt_1-1711458700725.png

 


After the scan completes, I get the following, and click on "Go to Result".

maynartt_2-1711458729671.png

 


Result record SR00000087 is displayed showing it included the 34 checks.  No problem with this, but please keep reading.

maynartt_3-1711458759874.png

 


I go back to the "Best Practices" suite, click "Execute Suite Scan", then on the following dialog, select "Scoped App", choose/enter "Admin Experience Framework" as the app (ServiceNow is the vendor), then click "Execute Scan".

maynartt_4-1711458808252.png

 


After the scan completes, I get the following, and click on "Go to Result".

maynartt_5-1711458828675.png

 


Result record SR00000089 is displayed showing it included only 25 of the 34 checks.

maynartt_6-1711458845383.png

 


I go back to the "Best Practices" suite, click "Execute Suite Scan", then on the following dialog, select "Scoped App", choose/enter a custom app that we developed, then click "Execute Scan".

maynartt_7-1711458868537.png

 


After the scan completes, I get the following, and click on "Go to Result".

maynartt_8-1711458891176.png

 


Result record SR00000090 is displayed showing it included only 26 of the 34 checks.

maynartt_9-1711458908839.png

 

The checks that were skipped in both "Scoped App" scans are (except where noted):

  • $rootScope.$on listener (only skipped when scanning "Admin Experience Framework")
  • Could not verify Remote instance connection
  • High number of workflows running for a single record
  • Parent All Nodes/Active Nodes without childs
  • Product Catalog without Product Models
  • Unprocessed queues
  • Unprocessed schedules
  • Updates in wrong update set scope
  • Using Synchronous AJAX calls in client script

From the checks that were skipped by scoped app scans, the ones that had findings under SR00000087 (the Full Instance scan) - just 2 of them:

  • Could not verify Remote instance connection
    • 2 Finding records.
    • Package <sys_package> of Finding [scan_finding] is empty in both cases.
  • Updates in wrong update set scope
    • 598 Finding records.
    • Package <sys_package> of Finding [scan_finding] is empty in all cases.

 

I first suspected cross-scope priv errors, but I didn't find any in the logs.


I have a related but different scenario where I used my own developed checks that show script-only checks being included when scanning the full instance, but being skipped when executing the suite scan by Scoped App. I can provide those details if needed.

0 Helpfuls
  • 870 Views
0 REPLIES 0