Release date: 14 January 2020 #
Quality Clouds for ServiceNow #
Customizing rulesets #
You can now ignore individual rules, or change their severity and time to fix to match your specific context.
See how to manage rulesets …
Baseline vs customized ruleset KPI calculation #
We are now calculating the KPI values against the baseline (Quality Clouds default) ruleset and against the customized (defined by you) ruleset. You will now see both values in your high level KPIs, the customized one being the main one.
More about the ruleset types …
Changes to best practices #
- The issue type JavaScript – Optimize loops has now been downgraded in severity from LOW to WARNING.
Impact on your KPIs: This means that you can see the overall Technical Debt and number of issues decrease. All issues of this type should be closed after your next scan and replaced by warnings.
- General Data Protection Regulation (GDPR) issues are now split to explicitly indicate whether the Personally Identifiable Information (PII) matching keyword was found on a code block, on a table column name or in a label.
This allows for different severity values to be assigned to each issue type, if needed.
- UI Policy and Catalog UI Policy issues have now been split to indicate whether the issue is found on the “scriptTrue” or “scriptFalse” code blocks of the UI Policy. Previously, we have not been specifying in which code block the issue was found.
Impact on your KPIs: This means that the following new issue types listed below will be created after the first scan on your instance after this release. However, the total number of issues should remain unaffected, so this change will not have any impact on the main KPIs.
The following are the new issues types added:
| Best practice | Affected element | Location |
|---|---|---|
| JavaScript – Optimize Loops | UI Policy | scriptTrue |
| JavaScript – Optimize Loops | UI Policy | scriptFalse |
| JavaScript – Use === comparison | UI Policy | scriptTrue |
| JavaScript – Use === comparison | UI Policy | scriptFalse |
| JavaScript – Avoid unrestricted targetOrigin on cross-domain messaging | UI Policy | scriptTrue |
| JavaScript – Avoid unrestricted targetOrigin on cross-domain messaging | UI Policy | scriptFalse |
| JavaScript – Avoid use of Function Constructors | UI Policy | scriptTrue |
| JavaScript – Avoid use of Function Constructors | UI Policy | scriptFalse |
| JavaScript – Avoid use of WebDB | UI Policy | scriptTrue |
| JavaScript – Avoid use of WebDB | UI Policy | scriptFalse |
| JavaScript – Avoid use of debugger statements | UI Policy | scriptTrue |
| JavaScript – Avoid use of debugger statements | UI Policy | scriptFalse |
| Possible use of private data | UI Policy | scriptTrue |
| Possible use of private data | UI Policy | scriptFalse |
| JavaScript – Avoid making connections on unsafe protocols | UI Policy | scriptTrue |
| JavaScript – Avoid making connections on unsafe protocols | UI Policy | scriptFalse |
| JavaScript – Optimize Loops | Catalog UI Policy | scriptTrue |
| JavaScript – Use === comparison | Catalog UI Policy | scriptTrue |
| JavaScript – Avoid unrestricted targetOrigin on cross-domain messaging | Catalog UI Policy | scriptTrue |
| JavaScript – Avoid use of Function Constructors | Catalog UI Policy | scriptTrue |
| JavaScript – Avoid use of WebDB | Catalog UI Policy | scriptTrue |
| JavaScript – Avoid use of debugger statements | Catalog UI Policy | scriptTrue |
| Possible use of private data | Catalog UI Policy | scriptTrue |
| JavaScript – Avoid making connections on unsafe protocols | Catalog UI Policy | scriptTrue |
| Document Object Model (DOM) manipulation in UI Policies | Catalog UI Policy | scriptTrue |
| UI Policies using GlideRecord | Catalog UI Policy | scriptTrue |
| JavaScript – Optimize Loops | Catalog UI Policy | scriptFalse |
| JavaScript – Use === comparison | Catalog UI Policy | scriptFalse |
| JavaScript – Avoid unrestricted targetOrigin on cross-domain messaging | Catalog UI Policy | scriptFalse |
| JavaScript – Avoid use of Function Constructors | Catalog UI Policy | scriptFalse |
| JavaScript – Avoid use of WebDB | Catalog UI Policy | scriptFalse |
| JavaScript – Avoid use of debugger statements | Catalog UI Policy | scriptFalse |
| Possible use of private data | Catalog UI Policy | scriptFalse |
| JavaScript – Avoid making connections on unsafe protocols | Catalog UI Policy | scriptFalse |
| Document Object Model (DOM) manipulation in UI Policies | UI Policy | scriptFalse |
| UI Policies using GlideRecord | UI Policy | scriptFalse |
| Synchronous AJAX call in UI Policies | UI Policy | scriptTrue |
| Synchronous AJAX call in UI Policies | UI Policy | scriptFalse |
| UI Policies with hard-coded sys_ids | UI Policy | scriptTrue |
| UI Policies with hard-coded sys_ids | UI Policy | scriptFalse |
| Synchronous AJAX call in Catalog UI Policies | UI Policy | scriptTrue |
| Synchronous AJAX call in Catalog UI Policies | UI Policy | scriptFalse |
| Document Object Model (DOM) manipulation in Catalog UI Policies | Catalog UI Policy | scriptTrue |
| Document Object Model (DOM) manipulation in Catalog UI Policies | Catalog UI Policy | scriptFalse |
| Catalog UI Policies using GlideRecord | Catalog UI Policy | scriptTrue |
| Catalog UI Policies using GlideRecord | Catalog UI Policy | scriptFalse |
| Catalog UI Policies with hard-coded sys_ids | Catalog UI Policy | scriptTrue |
| Catalog UI Policies with hard-coded sys_ids | Catalog UI Policy | scriptFalse |
- New rule has been added – Synchronous AJAX calls in Catalog UI Policies are now being detected
Bug fix #
Lines of code on portal widget client side scripts are now being included in the total Lines of Code (LoC) count.
