Does instance scan detect hardcoded IDs in workflow activities?

Chinmayee Mishr · ‎03-10-2022

Hi ,

I recently observed some hardcoded IDs are there in some of the old workflows in our instance. I checked in the past "instance scan" lists as well and didn't find any such instance scan item , which have detected hardcoded IDs or URL in workflows. Does it actually detect in workflows and for some reason missed in our instance or it doesn't detect it at all ?

Please advise.

Best Regards,

Chinmayee Mishra

Mark Roethof · ‎03-10-2022

Hi there,

Do you mean with Instance Scan, the application which is out-of-the-box on every instance available since Quebec? If so, it does not contain an out-of-the-box Scan Check which checks for hardcoded sys_ids.

You could create such a Scan Check though.

Do be aware... you should not only create a Scan Check to check scripting! A hardcoded sys_id could be in multiple places, like condition fields, though also within workflow scripts... which are NOT stored in an actual script field.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

View solution in original post

Mark Roethof · ‎03-10-2022

Hi there,

Do you mean with Instance Scan, the application which is out-of-the-box on every instance available since Quebec? If so, it does not contain an out-of-the-box Scan Check which checks for hardcoded sys_ids.

You could create such a Scan Check though.

Do be aware... you should not only create a Scan Check to check scripting! A hardcoded sys_id could be in multiple places, like condition fields, though also within workflow scripts... which are NOT stored in an actual script field.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Mark Roethof · ‎03-16-2022

Hi there,

Any follow-up needed? Or was my answer sufficient?
Let me know.

If your question is solved, please close the topic by marking my answer as correct. This will help others searching for a similar question and will remove the topic from the unsolved list.

Kind regards,
Mark
2020-2022 ServiceNow Community MVP
2020-2022 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

SaschaWildgrube · ‎08-29-2022

The CodeSanity app contains a set of Instance Scan checks aimed at improving source code and application quality. Developers should run them before shipping a new application version.

Checking for hardcoded sys_ids in source code is one of them!

Vote to make it part of the platform OOTB!

https://community.servicenow.com/community?id=view_idea&sysparm_idea_id=23716958db25d514904fa9fb1396...

Or install it right away:

https://www.wildgrube.com/servicenow-codesanity