How to run Instance Scan Scan Checks only on Produ... - ServiceNow Community

How to run Instance Scan Scan Checks only on Production (or only on Sub-production)

Mark Roethof
Tera Patron
Tera Patron

‎06-05-2022 10:12 PM - edited ‎08-08-2024 08:44 AM

Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

 

Hi there,

 

When creating new Instance Scan Scan Checks, you will face Scan Checks which you might only want to run on a Production instance or only on Sub-Production instances. Out-of-the-box, Instance Scan does not come with an option, a configurable field for example, which you can tick to select the environment to run a Scan Check on. So is there something we can do about this?


Options

Several options could be thought of, for example deactivating Scan Checks or having Scan Checks only on a particular instance. Both would be an issue when performing System Clones if no Clone Definitions are added.

Another option might be to use the Script field on Scan Checks. This can be seen in some out-of-the-box Scan Checks and Instance Troubleshooter Scan Checks where scripted Plugins are checked. Although this is used out-of-the-box, this is not the correct way to go and is a poor design by ServiceNow. Why? The Run Condition field!


Run Condition

Before Scan Checks are executed, the Run Condition field is evaluated. If it is true (or blanc), then the Scan Check will be executed. When having the actual condition within the Script field of a Scan Check, the Scan Check always runs. It's the same behavior as for example the Condition field on Business Rules.

 

Additionally on the overhead of always running the Scan Check when using the Script field instead of the Run Condition field, this will make scores collected by Instance Scan incorrect.


sn_appclient.instance_type

So we should use the Run Condition field, though what to add? A method I like to use is querying System Property "sn_appclient.instance_type". This System Property holds a value that represents what type of Instance it concerns. Values like:
- production
- sub_production
- developer

 

Knowing this, to query if it concerns a Production instance, we could come up with:

 

gs.getProperty('sn_appclient.instance_type') == 'production'

 

Or, to query if it does not concern a Production instance, we could come up with:

 

gs.getProperty('sn_appclient.instance_type') != 'production'

 

Result

Just add this small line of code to the Run Condition field of the Scan Checks where you would like to use this. When the Scan Check is triggered, the Run Condition field will first be evaluated, and depending on the result the Scan Check will be executed.

 

find_real_file.png

 

That's it, not much more to it!

---

And that's it actually. Hope you like it. If any questions or remarks, let me know!

 

C

If this content helped you, I would appreciate it if you hit bookmark or mark it as helpful.

 

Interested in more Articles, Blogs, Videos, Podcasts, Share projects I shared/participated in?
- Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

 

Kind regards,


Mark Roethof

Independent ServiceNow Consultant
3x ServiceNow Developer MVP

3x ServiceNow Community MVP

---

LinkedIn

Preview file
3 KB
  • 2,171 Views
Version history
Last update:
‎08-08-2024 08:44 AM
Updated by:
Tera Patron
Contributors