Hi there,

Instance Scan, one of the great new features from the Quebec-release. Wrong! For all you out there still on the Paris-release or even the Orlando-release… Instance Scan is already on your instances. It's good to have that said 🙂

So how to use the Instance Scan? Or if it's already on Paris and Orlando instances, where is it then?

I'll be sharing a few blogs on Instance Scan:
- Using Instance Scan on Orlando/Paris instances
- Creating your own Instance Scan, Scan Checks
- Unrevealing Instance Scan and sharing parts of the undocumented

The first blog to share how to get to the hidden Instance Scan on Orlando/Paris instances and to mention some of the differences to expect as opposed to Quebec.
The second blog to share experiences gained on how to build your own Scan Checks. At this moment, there's zero official ServiceNow documentation on this.
The third blog to share some thoughts and experiences I've gained the past few weeks on Instance Scan, to fill in some blanks because documentation on Instance Scan is really missing out there.

Let's get after it!

Isn't Instance Scan new in Quebec?

Yes according to the Release Notes. No, if you actually look at your instance.

If you are on an Orlando or Paris instance, you already have Instance Scan. Instance Scan is added by default on new and upgraded instances. No additional plugins, no additional costs. So where is it you might wonder? The Application Menu is simply hidden. Nothing more! Why is it hidden… I don't know. Looking at the differences with the Quebec release, I can imagine it is due to the lack of functionality in the previous releases. Technically though, the engine which performs the Scan Checks is really nice.

So where is this hidden Application Menu?

Navigate to:
System Definition > Application Menus, and search for "Instance Scan".

Or:
https://your-instance.service-now.com/nav_to.do?uri=sys_app_application.do?sys_id=4ae80717530233004733ddeeff7b12b2

Activate the Application Menu record, and Instance Scan is available 🙂

* Note: Suites was introduced with Paris

Can we actually use the Instance Scan?

I've been running the Instance Scan on several (non-production) customer instances for a few weeks now on the Paris release. No issues at all. I can imagine though, that if you might want to raise a Support Case at ServiceNow for some reason, that you would get an answer like "not supported". Officially the Instance Scan is introduced with the Quebec release.

What are the differences between Orlando, Paris and Quebec concerning Instance Scan?

First, if the engine has been changed/improved, can't tell. That's hidden for us. The differences that we can see:

Check Suites

In the navigator image above, Suites is listed. This has been added with the Paris release. Basically, you could add Scan Check to Check Suites. For example, for our company we are using Check Suites "Core Instance", "Data" and "Best Practices". Check Suites can also be attached to other Check Suites.

With the Quebec release adding Scan Checks changed visually a bit, though the same scan_check_suite_check table is used. On the Suite Tests, with Quebec also a field "Score Weight" has been added. Out-of-the-box though, it's not on the list or form lay-out, and all out-of-the-box checks have a weight of 1.
Another addition to the Quebec release, the table Suite Relationships. The table contains a Parent Suite and Child Suite field, which could provide you with a many to many relationship. This clearly has been intended to replace the "parent" field on a Check Suite.

Last difference between Paris and Quebec on Check Suites. A related list Schedule has been added. This let's you Schedule Check Suites with ease (through a dialog). A record will be stored in the new sysauto_scan table, which looks pretty similar like Scheduled Jobs. Well actually, probably because the table is extended from Scheduled Job 🙂 Scheduling this way makes it easy to schedule scanning a Check Suite and a Full Instance Scan, a Scoped App or an Update Set (this combination being stored in table scan_combo which also has been added in Quebec).

Scan Checks

Out-of-the-box with Orlando 22 Scan Checks are offered, with Paris 81 Scan Checks are offered and with Quebec 86 Scan Checks are offered. Scan Checks on three different types, where with Quebec also a fourth type has been added: Linter Check. No clue yet on this last one, no out-of-the-box examples, and the Docs is really limited on this.

Looking at the Checks themselves, the template script has been changed between Paris and Quebec. Where On Orlando and Paris object "finding" is used, this changed in Quebec to object "engine". No documentation on the why of this, though the out-of-the-box checks still use object "finding" which also still works fine in Quebec.

With the Paris release, a field "Documentation URL" has been added to the form lay-out. With the Quebec release also fields "Max Scorable Findings", "Min Scorable Findings", "Run Condition" and "Scoring Scale" have been added. While field "Attributes" is not used anymore.
Not using the field "Attributes" anymore had to do with the ability to Mute Scan Checks. With the Quebec release, this is deprecated. The UI Actions for this are also deactivated.

Other differences on the Scan Checks. On Quebec, the New UI Action let's you schedule Scan Checks. Similar like mentioned before for the Check Suites.

Results

With the Quebec release, Related Lists "Scan Statistics" and "Targets" have been added. Targets which would show records if the target concerns an Application, Update Set, or an artifact from a Point Scan.
Also added with the Quebec release fields "Actions", "Combo" and "Finding Count" have been added. Field Actions simply shows a UI Action to the new "Result Dashboard", effective… though looks actually unused… not on a list or form lay-out present. "Finding Count" a good addition, a field I was missing in the Orlando/Paris release. It simply contains the total number of findings (which don't have a Mute Rule).

The last Quebec addition concerning results is a pretty nice one: "Results Dashboard", which is available as UI Action. This UI Action takes you to a new $scan_result.do page.

Findings

Six new fields have been added with the Quebec release. "Finding Details", "Mute Rule", "Package", "Product Family", "Task" and "User". Finding details seems to be unused, it's not on the list/form layout and write-protected through ACL. Package is a reference to the Plugin which contains the artifacts. Task is a reference to the new Scan Task table, obviously to create Tasks which can be assigned to work on Scan Findings. Mute Rule is one I was missing, in Orlando/Paris you could mute a check manually, though you couldn't provide any background of the why. Now at least, it's a choice field to the new Mute Rule table. The behavior of the Muted field did change due to this, in Orlando/Paris you would check this field yourself, that's not possible anymore with Quebec. The Muted field is only set to true when performing a new Scan Check which detects artifacts that already are muted in the past (a Mute Rule is present). This field also influences the Results Dashboard. Last change on Scan Findings… the new User field, one I was missing in Orlando/Paris. This field captures the user_id of who last updated the artifact concerned.

Dashboard

No changes. Still the same - useless - dashboard.

Is that it?!

Pfff… yes 🙂 Hope this additional background on Instance Scan helps some people/companies. We can all wait for upgrading to Quebec, though for some of you this might be more than six months from now. So why not start using the Instance Scan already on your Orlando/Paris instance!

---

If any questions or remarks, let me know!

Kind regards,
Mark
2020-2021 ServiceNow Community MVP
2020-2021 ServiceNow Developer MVP

---

LinkedIn