Discovery on Code Signing instances

  • Release version: Australia
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Discovery on Code Signing instances

    Discovery on instances with Code Signing enabled ensures the integrity and security of Discovery components by validating their digital signatures before execution. This validation occurs both at the ServiceNow instance and MID Server levels, preventing unauthorized or tampered scripts from running on MID Servers and target machines.

    Show full answer Show less

    How It Works

    • Instance-level validation: The instance checks signatures on probes and probe parameters. Tampered probes are rejected and not sent to MID Servers, while untrusted parameters are excluded from probe execution.
    • MID Server-level validation: The MID Server verifies signatures on patterns, MID script includes, and script files. Invalid patterns are not downloaded or are deleted if previously downloaded, preventing their execution until properly signed.
    • Signatures are automatically included with Discovery applications and plugins when platform and store app requirements are met, eliminating the need for manual signing.

    Benefits

    • Security protection: Blocks execution of unsigned or altered payloads, reducing risks from compromised instances.
    • Authenticity verification: Ensures probes, parameters, and sensors originate from trusted sources and have not been modified.
    • Compliance support: Enhances audit capabilities by preventing unauthorized script execution without impacting Discovery performance.
    • Integrity assurance: Confirms that sensitive Discovery component fields remain unaltered after signing.

    Requirements

    • ServiceNow Australia release version of the AI Platform.
    • Installed ServiceNow Store apps with minimum versions: Discovery Admin Workspace v1.13.0, Visibility Content v6.13.10, Discovery and Service Mapping Patterns v1.30.2.
    • Code Signing enabled and Circle of Trust configured.

    Supported Discovery Types

    • IP-based Discovery
    • Cloud Discovery (requires additional configuration)

    Signature Validation Scope

    Code Signing validates signatures on Discovery tables containing executable scripts or commands, including probes, probe parameters, sensors, and patterns executed on target machines or MID Servers.

    Limitations

    The pattern debugger is not available on code-signed instances, which may affect troubleshooting capabilities for Discovery patterns.

    Discovery is supported on instances with Code Signing enabled. Code signing validates the integrity of Discovery components before execution to help prevent unauthorized scripts from running on MID Servers and target machines.

    How it works

    When Code Signing is enabled, Discovery validates signatures on components that contain scripts or commands before execution. Validation occurs at both the instance level and the MID Server level.

    The instance validates signatures on probes and probe parameters. If a probe is tampered with, the instance rejects it and doesn't send it to the MID Server for processing. If probe parameters aren't trusted, they aren't added to the probe. The probe still launches, but without the untrusted parameters.

    The MID Server validates signatures on patterns, MID script includes, and MID script files. If a pattern's signature is invalid, the MID Server won't download it. If the pattern was previously downloaded, it's deleted. Discovery can't run that pattern on any machine until it's re-signed.

    Signatures are included automatically with Discovery applications and plugins. When your platform and store apps meet the requirements, code signing for Discovery works without manual signing. For more information about how code signing works, see Code Signing.

    Benefits

    The following examples highlight the primary advantages of using code signing:
    • Security protection: Blocks unsigned or tampered payloads from executing on MID Servers and target machines, helping prevent malicious actors from running dangerous commands even if an instance is compromised.
    • Authenticity verification: Confirms that probes, parameters, and sensors originate from a trusted source and haven’t been modified since signing.
    • Compliance support: Strengthens audit capabilities by helping prevent unauthorized script execution without impacting discovery performance.
    • Integrity assurance: Validates that sensitive fields in Discovery components haven’t been altered after signing.

    Requirements

    Code signing for Discovery requires the following dependencies:
    • You must be using the Australia version of the ServiceNow AI Platform.
    • You must have the following ServiceNow Store applications and versions installed:
      • Discovery Admin Workspace v1.13.0
      • Visibility Content v6.13.10
      • Discovery and Service Mapping Patterns v1.30.2
    • You must have Code Signing enabled with the Circle of Trust established. For more information, see Configuring Code Signing.

    Supported discovery types

    Code signing for Discovery supports the following discovery methods:

    Signature validation scope

    Code signing validates signatures on Discovery tables that contain scripts or commands executed on target machines or MID Servers. This includes probes, probe parameters, sensors, patterns, and more.

    Limitations

    Pattern debugger isn’t available on code-signed instances.