Understand scan results and findings

  • Release version: Australia
  • Updated June 1, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understand scan results and findings

    After running a scan in your ServiceNow instance, you can monitor its progress in real-time, review completed results, and address the findings to resolve issues. This process involves two key phases: viewing scan results and working with individual findings to apply fixes or submit exceptions.

    Show full answer Show less

    Reviewing Scan Results

    You can track an active scan’s status, duration, and progress or open a completed scan record to analyze the results. This visibility helps you stay informed and plan remediation efforts effectively.

    Working with Findings

    Each finding identified by the scan is evaluated on two dimensions to guide prioritization and enforcement:

    • Level of Finding: Determines enforcement behavior — whether an action is blocked, warned against, or simply informed. Levels include ACT, RECOMMEND, SUGGEST, and REVIEW.
    • Impact to Instance: Measures the business and technical risk on a scale from 1 (minimal) to 10 (critical). Higher impact findings require faster remediation.

    Understanding these dimensions allows you to balance strict enforcement with risk prioritization, focusing efforts where they matter most.

    Enforcement Levels and Actions

    Level of Finding Impact to Instance (Typical) Severity Description Enforcement Behavior & Recommended Action
    ACT 8–10 Critical issues that can break functionality, cause security vulnerabilities, or block upgrades. Record cannot be saved until fixed. No exception allowed without admin override or disabling the definition.
    RECOMMEND 5–7 High severity issues that may affect performance, stability, or security. Saving is blocked until issue is fixed or formally approved exception is provided. Exceptions allowed with governance.
    SUGGEST 2–4 Moderate issues related to optimization, maintainability, or best practices. Does not block progress. Address during future development cycles with prompts to consider improvements.
    REVIEW 0–1 Low impact, informational findings with minimal risk. Monitor and optionally fix in later cycles.

    Practical Implications for ServiceNow Customers

    • Prioritize remediation: Focus immediately on ACT-level high-impact findings to prevent functionality or security issues.
    • Govern exceptions: Use formal exception processes for RECOMMEND-level findings to maintain compliance while managing risk.
    • Plan improvements: Schedule SUGGEST and REVIEW level issues for future development cycles without blocking current work.
    • Maintain visibility: Continuously monitor scan progress and findings to stay ahead of risks and maintain instance health.

    After a scan runs, you can monitor its progress in real-time, review the completed results, and then work with the findings it identifies to resolve issues in your instance.

    Reviewing scan results and acting on findings is a two-phase process.

    1. View scan results: Monitor an active scan or open a completed scan record to see its status, duration, and batch progress. See View scan results for Scan Engine.
    2. Work with findings: Open individual findings from the scan record to understand their enforcement level and impact, then apply fixes or submit exceptions for review. See Work with Scan Engine findings.

    How findings are evaluated

    Every finding in your instance is evaluated along two critical dimensions to help your team prioritize remediation efforts and maintain compliance standards.

    Level of finding
    The enforcement behavior is determined whether the system blocks an action, issues a warning, or provides informational guidance. Levels are ACT, RECOMMEND, SUGGEST, and REVIEW.
    Impact to instance
    The business and technical risk of leaving the finding unresolved, rated from 1 (minimal) to 10 (critical). Higher values indicate findings that should be addressed first.

    Together, these two dimensions help you balance enforcement requirements against risk prioritization. For full details, see Work with Scan Engine findings.

    Enforcement levels and risk impact

    Table 1. Scan Engine finding levels, risk, and enforcement behavior
    Level of finding Impact to instance (typical) Severity description Enforcement behavior / recommended action
    ACT 8–10 Critical issues that can break functionality, cause security vulnerabilities, or block upgrades.
    • The record can not be saved until the code is fixed to meet the requirements in the definition.
    • No exception reason option is available.
    • An override requires admin-level rights or the disabling of the definition.
    RECOMMEND 5–7 High severity issues that may degrade performance, stability, or security. Exceptions with governance are allowed.
    SUGGEST 2–4 Moderate issues, often related to optimization, maintainability, or best practices.
    • Address during future development cycle
    • Does not block progress
    • Prompts to check for a better solution, if one is available.
    REVIEW 0-1 Low impact, informational findings with minimal impact (e.g., unused fields or minor UI inconsistencies). Monitor and optionally fix during future development cycles.

    Examples

    These two metrics work together to help teams balance enforcement and risk prioritization, ensuring critical issues are addressed first while maintaining development velocity.

    • ACT level finding with impact to instance of 9: Critical and must be fixed immediately before proceeding. No exceptions.
    • SUGGEST level with impact to instance of 8: High-risk but does not block development. Should still be prioritized for remediation.