Exploring Instance Scan

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Instance Scan

    Instance Scan is a tool designed to help ServiceNow customers assess the health and security of their instances by running focused checks against tables, records, or metadata. It detects anomalies and opportunities related to security, upgrade best practices, manageability, user experience, and performance vulnerabilities. Although it supports domain separation visually based on the source record’s domain, full domain separation is not yet implemented.

    Show full answer Show less

    Key Features

    • Checks: Singular, rule-based validations that identify potential issues or improvements within the instance.
    • Results and Findings: Results summarize the scan status and type, while findings reference specific records that violate a check’s rule.
    • Dashboard: Provides a system-wide visual summary of instance health, helping users manage and analyze scan outcomes.
    • Quota Rule: Limits scan execution time to prevent long-running scans from impacting instance performance.
    • Scan Types:
      • Full Scan: Runs all active checks across the entire instance.
      • Point Scan: Executes checks against a single record, update set, or application, scanning only relevant records.
      • Test Scan: Allows testing of individual checks to verify their operation without running a full scan.

    Instance Scan Users and Roles

    • scanuser: Can run scans, read and execute checks, and view findings and results.
    • scancheckwriter: Includes all scanuser permissions plus the ability to create new checks.

    Benefits for ServiceNow Customers

    • Create and manage checks and check suites to proactively monitor instance health.
    • Execute and schedule scans to continuously assess security and performance issues.
    • Monitor ongoing scans and analyze results through the dashboard for informed decision-making.

    Next Steps

    Customers can deepen their use of Instance Scan by exploring configuration options, learning how to effectively use it, and reviewing references to optimize instance health management.

    If you are new to Instance Scan, read this overview to learn what the tool can do. Follow the tutorial to create checks and execute scans that uses most basics of Instance Scan features.

    Note:
    Instance Scan doesn't fully support domain separation. Findings are visibly domain separated based on the domain of the source record. For more information see Domain separation.

    Instance Scan overview

    Instance Scan uses the following records, components and scan types.
    Checks
    Checks are singular focused rules that detect anomalies or opportunities in an instance. These checks can run against tables, records, or metadata. Checks are defined to identify security, upgrade best practices, manageability, user experience and performance vulnerabilities. See Getting started with checks for more information.
    Results
    An Instance Scan result reports the status and type of the scan. See Results for more information.
    Findings
    A finding is a reference to a record that has violated a rule from a check on the instance. See Findings for more information.
    Dashboard
    The Instance Scan dashboard is a system-wide visual representation of the health of your instance. The dashboard helps you manage and analyze the full scan results against your instance. See Instance Scan dashboard for more information.
    Quota rule
    A quota rule determines the execution threshold of a scan. The quota rule prevents the instance from running long scans. For example, any scan running longer than the threshold set by the quota rule will result in a failure. See Quota rules for more information.
    Full scan
    Execute a scan for the entire instance by selecting Execute Full Scan. Implementing a full scan runs all the active checks present in your instance.
    Point scan
    Execute all applicable checks against a single record, update set, or an application by selecting Run Point Scan. For example, if you execute a point scan against a business rule, only the checks that are applicable to the business rule table run, and only that single target record is scanned. If you execute an update set scan or an application scan, all records related to that update set or application are scanned. See Execute an app scan and Execute an update set scan for more information.
    Test scan
    Execute a test scan to verify if the check works as expected. The test scan enables you to test a single check instead of a full scan by selecting a single check and selecting Test Check on the Check form.

    Instance Scan users

    Instance Scan has the following roles.
    Users Description
    scan_user The scan_user role can run different types of scans, read checks, execute checks, and view the findings and results.
    scan_check_writer This role includes the scan_user role and provides permission to create new checks.

    Instance Scan benefits

    Benefit Feature Users
    Create checks and check suites to know the health of your instance scan_user
    Execute scans on the created checks to review the instance health Executing a scan scan_user
    Scheduling of scans and suite scan scan_user
    Monitor your scans to ensure no health issues of your instance Monitoring a scan scan_user
    Manage and analyze the results of full scan against your instance Instance Scan dashboard scan_user

    What to explore next

    To learn more about using Instance Scan, see: