How to exclude certain tables from Instance Scan

Mark Roethof · ‎08-01-2022

Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Hi there,

When running Instance Scan Scan Checks, you will face Scan Checks which you might not want to run against all tables. Especially when it concerns Column Type Checks or Linter Checks because these type of Scan Checks are scanning almost all tables with script fields. I used to prevent tables from being scanned by adding a check within the Scan Check script field, though did you know that there's an undocumented feature available for this?

Example

Why would you want to exclude certain tables from being scanned by Instance Scan, or at least from generating Scan Findings? An example is the "Script Execution History" table [sys_script_execution_history]. A table that amongst others stores background scripts that have been executed. If you have Scan Checks active on your instance, checking for scripting best practices, then it most likely will not be useful to have Scan Findings generated for this table. Or what about tables that you would like to exclude, due to their size and the execution time it takes?

current.getTableName()

Within the Script field of Scan Checks, you do have the current object available (using engine.current). And with having the current object available, amongst others engine.current.getTableName() is available to use. In the past I used this, to include or exclude tables (in combination with a Script Include, for maintainability). It works fine, though it feels like a workaround. Shouldn't this just be an out-of-the-box option or property within Instance Scan?

glide.scan.exclusion_list.custom

Fellow Now Community member Dustin Watkins recently shared the result of a Support Case he raised for excluding tables from being scanned. The result from the Support Case was that you could update System Property "glide.scan.exclusion_list.custom" and list the tables you want to exclude (comma separated). This System Property does not exist out-of-the-box though, so you would need to add it yourself.

After having added the glide.scan.exclusion_list.custom System Property, it will be immediately effective on all newly performed Scans. If you for example have Column Type Checks or Linter Checks in place, the Scan Checks won't run against the excluded tables anymore (limiting the execution time) and no Scan Findings on the excluded tables will be generated anymore (preventing unnecessary Scan Findings).

There are some need to knows about using the glide.scan.exclusion_list.custom System Property:
- Tables in the System Property should be added in the value field, separated by a comma.
- Triggering the Scan Checks themselves is not prevented. Looking at Scan Results you will still see the Scan Check listed, though while running the Scan Checks they will ignore the excluded tables. So this does mess a bit with statistics.
- Excluding tables does not work for Script Only Checks. Script Only Checks will still run against excluded tables and produce Scan Findings.
- When creating a new Table Check for an excluded table, a validation error will occur due to an out-of-the-box Business Rule.

---

And that's it actually. Another undocumented feature documented. Hope you like it. If any questions or remarks, let me know!

C	If this content helped you, I would appreciate it if you hit bookmark or mark it as helpful. Interested in more Articles, Blogs, Videos, Podcasts, Share projects I shared/participated in? - Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Kind regards,

Mark Roethof

Independent ServiceNow Consultant
3x ServiceNow Developer MVP

3x ServiceNow Community MVP

---

Dustin Watkins · ‎08-02-2022

Thank you Mark!

Mark Roethof · ‎08-02-2022

I mentioned your name in the article, because it was due to a question and response of yours 🙂

Did do some more investigation on the system property and mentioned some need to knows which I found.

Kind regards,
Mark