Healthscan definitions updates: May 2025 store

  • Release version: Australia
  • Updated June 16, 2026
  • 8 minutes to read

    • Some HealthScan definitions are deprecated or updated between releases.

    New definitions

    The following definitions have been added for the May 2025 release to improve performance, reduce false positives, and meet the latest coding practices. Some of these definitions will have a positive or negative impact on your customer instance scores.

    Due to process and technical constraints, a comprehensive impact analysis for the overall score impact could not be fully conducted for customer instances. As a result, there may be potential impact score drops that have not been identified or addressed.

    Table 1. New definitions (May 2025 release)
    Number Short description Rating Category Update description
    HSD0022569 Service Operations Workspace ITSM Applications is installed and active Discuss User Experience​ New definition that checks if the plugin sn_sow_itsm_cont is installed and activated​
    HSD0024649 Reports with very long execution times​ Discuss User Experience​ New definition to identify long running reports per DT thresholds​

    Updated definitions

    The following definitions have been updated for the May 2025 release to improve performance, reduce false positives, and meet the latest coding practices. Some of these definitions will have a positive or negative impact on your customer instance scores.

    Due to process and technical constraints, a comprehensive impact analysis for the overall score impact could not be fully conducted for customer instances. As a result, there may be potential impact score drops that have not been identified or addressed.

    Table 2. Updated definitions (May 2025 release)
    Number Short description Rating Category Update description
    HSD0001011 Common slow loading forms in the last 30 Days Discuss Performance
    • New client threshold is 1 second (1000ms)​
    • New total response threshold is 5 seconds (5000ms)​
    HSD0001106 Applications should use Source Control Discuss Manageability
    • New version runs in sub-prod only.​ ​
    • Added better error handling.​
    • Added manual statistic​
    HSD0001107 JavaScript Mode is not set correctly on application​ Discuss Manageability New version makes clear distinction that globally scoped apps should be on ES5and scoped apps should be on ES12​
    HSD0001116 Client Scripts should not be defined against the Global table​ Recommend Performance Changed documentation URL to: https://developer.servicenow.com/dev.do#!/guides/latest/now-platform/tpb-guide/client_scripting_technical_best_practices#avoid-global-client-scripts
    HSD0001164 Use state, not Incident State or Problem State​ Recommend Manageability
    • Condition filtered only for global scope incident and problem tables​
    • Overall code standardization​
    HSD0001174 Scripted Web Services writing data directly​ Recommend Security
    • Removed matching requirement for semicolons​
    • Improved Regex to a single pattern
    • Removed repeated use of Regex patterns
    • Migrated from String.match to Pattern.test​
    • Add updateMultiple() to pattern​
    • Added 1K limit to findings
    • Forced Statistic even on failures
    HSD0001193 Use the condition field in Business Rules​ Discuss Manageability
    • Simplified scriptingAmended query to allow
    • Findings on insert, update, delete and query
    • Business Rules​Corrected RegExp Pattern​
    • Clarified verbiage
    • Added condition to ignore "Auto Business rules" generated by the system​
    HSD0001205 Widgets not used in any dashboards​ Discuss Manageability
    • New version ensures that each finding flags custom widget that it is truly unrelated to a dashboard​
    • Added defensive scripting​
    • Added statistic​
    HSD0001207 Form layout whitespace: make sure layout split does not have large empty areas because only one side contains fields.​ Recommend User Experience​
    • Updated Findings to be against sys_ui_sections containing the elements
    • Updated script to confirm these
    • Sections were updated by customer​
    • Updated Findings display to contain the view names for these forms​
    HSD0001275 Scripts should not contain hard-coded IDs​ Recommend Manageability Excluded any tables starting with itfm_​
    HSD0001281 getMessage() called in Client Script without preloading message key​ Recommend Manageability
    • Condensed a couple regex into single pattern​
    • Removed some string manipulation and replaced with regex capturing​
    • Now detecting messages in double quotes as well​
    HSD0001344 Minimize the number of options in a choice field​ Discuss User Experience​
    • Updated the script to correctly check for the presence of sys_choice_set updates in sys_update_xml​
    • Updated the messaging in the Findings to show the Language in question to the customer​
    • Confirmed that the sys_language record is also active​
    HSD0001378 Reports not run for 3 months​ Discuss Manageability​ Updated the query to filter out reports that are no longer active​
    HSD0001385 Check for automatic indicators with no scores collected​ Recommend Manageability​
    • Updated script to confirm that baseline / provided indicators have active m2m records to collection jobs which are also active​
    • Adjusted some variable names and return values to be more intuitive
    • Updated short description and recommendation to be more clear​
    HSD0001398 Script Includes with duplicate names​ Act Manageability​ An additional Base version check is added to trigger a finding for only non OOB records.​
    HSD0001467 Duplicate foundation/core data found​ Act Manageability​
    • Updated statistics and findings to show the duplicate count per foundation table​
    • Findings url gives an encoded url for next experience instances showing a descending order and for the non next experience providing a non encoded url (with out specifying order)
    HSD0001507 Scheduled jobs should run as dedicated integration user accounts rather than as default system​ Act Security
    • Short description: Scheduled jobs should run as dedicated integration user accounts rather than as default system​
    • Excluded sys_flow_trigger_auto_script​
    HSD0001533 The default "system" user preference for "rows per page" should be set to 50 or less​ Recommend Performance Recommendation: Set the default rows per page global default property to max 50. Consider also setting the max allowable values in glide.ui.per_page property to 10,25,50. To change specific user's preferences back from larger values to lower ones, consider using a scheduled job to reset them after 7-14 days back to lower values unless the user continues to require large sets of data.​
    HSD0001561 Client Scripts should check for isLoading and return​ Discuss Performance
    • Modified the regular expression for robustness​
    • Filters out base version (OOB) client scripts​
    • Elaborated the description​
    HSD0001627 Do not query audit log in your custom integrations and code.​ Recommend Performance Added ua_scripted_defn to the excluded tables list​
    HSD0001695 Modification of State Choice set (install_status) on alm_asset table.​ Act Upgradeability
    • Altered code from using hardcoded list of states to checking for sys_update_xml from the customer marking the sys_choice_set as replace on upgrade == false
    • Updated the short description to "Modification of State Choice set (install_status) on alm_assettable." Where it was previously "Modification of State"​ ​
    HSD0001755 Modification of State Choice set (state) on resource_plan table.​ Recommend Upgradeability Altered code from using hardcoded list of states to checking for sys_update_xml from the customer marking the sys_choice_set as replace on upgrade == false​
    HSD0002020 Avoid long module titles​ Discuss User Experience​
    • Updated documentation url​ Updated code to ignore module titles containing "deprecated"
    • Added defensive scripting​
    • Added statistic​
    • Made code a little more efficient via more reliance on the database​
    • Measurably improved performance​
    HSD0002089 Breakdown element filter should have valid conditions​ Act Manageability
    • Fixed issues with empty field name
    • General code cleanup
    • Now ignoring RLQ queries​
    HSD0002130 Valid To dates set to reasonable values​ Recommend User Experience​
    • Updated definition to check for latest default
    • Valid to date = '2100-01-01'​
    • Updated description to Valid to date = '2100-01-01'​
    • Updated to relevant documentation url​
    • Added defensive scripting
    ​ ​
    HSD0002151 Use AngularJS services rather than window objects​ Act Performance
    • Removed accidental inclusion of versioned HSD number in the short description
    • ​Added manual exception for the following line of code from cloned widgets:​

      var dateFormat = window.NOW.dateFormat;​
    HSD0002342 Each Policy Statement should have a valid attestation template. Discuss Manageability
    • Description updated
    • Documentation link adjusted​ Implemented 1k threshold on Findings​
    • Resolved HSINQ0006628, HSINQ0005842, HSINQ0006736​
    HSD0002464 Inactive Knowledge Author​ Act User Experience​
    • Adjusted the script to correctly return the link to the records indicated in the Finding
    • Also adjusted script to only return a Finding where this is 1 or more KB Articles with a non-active Author reference​
    HSD0002602 List Layout with more than one List Element on the same position​ Act Manageability An additional Base version check is added to trigger a finding for only non OOB records.​
    HSD0002737 UI Actions displayed as a button should be short and precise​ Discuss User Experience​
    • Updated documentation url
    • Elaborated the recommendation a little more
    HSD0002808 Scripts without description​ Recommend​ Manageability
    • Definition now queries only
    • Client Scripts and Script Includes.
    • Definition flags customized record versions only (no base versions).​
    • Redundant code was eliminated.​
    • Defensive coding was added.​
    • Tests showed performance improvement with 50% run time reduction​
    • Code is easier to read​
    HSD0003076 Basic authentication credentials on SOAP Message definition​ Recommend Manageability
    • If a SOAP Message Definition is utilizing a Basic Auth Profile, it is no longer reported​
    • Added a standard try/catch to capture any potential errors​
    • Added a summary Statistic​
    HSD0003094 Enable Email Spam Scoring and Filtering​ Recommend Security Updated documentation link to point to the same content in the newer syntax​
    HSD0003220 Agent Workspace should be used for Incident Management​ Recommend User Experience​

    The definition is deprecated and is replaced by HSD0022569 (Service Operations Workspace ITSM).
    HSD0003238 Cannot Implement before Planned start date​ Recommend Manageability​
    • Fixed Query to look for future dates only​
    • Updated documentation
    • URL​ Limiting to 1000 records
    HSD0003995 Change Management - CAB Manager role and CAB Management group​ Recommend Manageability​
    • Finding now pointing to the active CAB group without active members
    • Finding also created when there is no Active CAB groups​
    • Finds more than one group with this scenario​
    HSD0004447 Enforce Strict User Image Upload​ Recommend Security Updated the docs link to point to same content in the newer syntax​
    HSD0007988 Technical Service Offerings with Parent Technical Service Reference​ Recommend User Experience​
    • Fixed the calculation formula that was resulting in NaN​
    • General code cleanup​
    HSD0008013 Check for scheduled imports running at the same time.​ Act Performance Removed a couple || conditions that would never match to simplify the code.​
    HSD0008070 Synchronous outbound calls should be carefully used in Business Rules and UI Actions.​ Act Performance
    • Removed the 2nd sentence in the Recommendation field​
    • Removed incorrect query condition incorrect query condition 'scriptNOTLIKEsetMIDServer'​
    • Replaced the finding overrides and added line numbering to the output​
    • Replaced ScriptUtils.removeCommentsfunction call use with new more performant and more accurate removeComments function​
    HSD0009985 Last family release upgrade occurred over 1 year ago​ Act Upgradeability Checking glide.war property instead​
    HSD0012244 HW Product Model with Useful Life​ Discuss Manageability
    • Updated Recommendation
    • Updated Documentation URL​
    • Limited results to 100​
    HSD0013510 Validate Remote Host​ Recommend​ Security Updated description to state that if the setting is set to False vs "if not set to true"​
    HSD0013559 Do Not Use Demo Certificates for Active SAML Configurations​ Discuss Security
    • Corrected logic problem​
    • Added try/catch​ ​
    • Added forced statistic​
    HSD0015207 Limit Attachment Size in Training and Prediction Flows​ Recommend Security Corrected system property and code​
    HSD0015246 Enforce Credential Alias Usage​ Discuss Security
    • Optimized remote script to take only
    • Validated MID servers into account. (at least 1)
    • Added try / catch​
    • Added Statistic​
    • Altered documentation link to be more specific to this issue​