ServiceNow Rules – Quality Clouds Community

Documentation
Roadmap
Product Release
Developers
Academy

Documentation
Roadmap
Product Release
Developers
Academy

Shopping Cart

No products in the cart.

Sign in

Quality Clouds Community

Search for:

Quality Clouds Community

Documentation
Roadmap
Product Release
Developers
Academy

Search for:

Configuring ServiceNow Instances

Configure ServiceNow Instances
Configure For Non-Admin User
Configure Access To A Single-Tenant Environment

Connecting Salesforce with QualityClouds

Detecting Code Duplication In Salesforce
Connecting Salesforce
Creating A Connected App In Salesforce
Setting Up Salesforce Orgs
Setting Up Salesforce Git Repositories
Testing Connectivity

Connecting ServiceNow with QualityClouds

Detecting Empty ACLs
Connecting ServiceNow
Defining ServiceNow Instances
Testing Instance Connectivity
Check list

Quality Clouds For Salesforce AppExchange 2.0

Quality Clouds For Salesforce 2.0
Working With Instances
Working With Scans
Working With Issues

Rules

Code Duplication Rules List
Possible Extra-Sensitive PII Usage In Configuration Element – Gender
Possible Extra-Sensitive PII Usage In Configuration Element – Religion
Possible Use Of Private Data
Possible Use Of Private Data – UI Policy scriptTrue
Possible Use Of Private Data – UI Policy scriptFalse
Possible Use Of Private Data – Catalog UI Policy scriptTrue
Possible Use Of Private Data – Catalog UI Policy scriptFalse
Possible PII Usage In Configuration Element – Address
Possible PII Usage In Configuration Element – Email
Possible PII Usage In Configuration Element – Nationality
Possible PII Usage In Configuration Element – Passport
Possible PII Usage In Table Column – Address
Possible PII Usage In Table Column – Email
Possible PII Usage In Table Column – Nationality
Possible PII Usage In Table Column – Passport
Possible Extra-Sensitive PII Usage In Table Column – Gender
Possible Extra-Sensitive PII Usage In Table Column – Religion
Data Sensitivity Level Of Field Email Is Not Set
Data Sensitivity Level Of Field Passport Is Not Set
Data Sensitivity Level Of Field Address Is Not Set
Data Sensitivity Level Of Field Nationality Is Not Set
Data Sensitivity Level Of Field Gender Is Not Set
Data Sensitivity Level Of Field Religion Is Not Set
JavaScript Rules List
JavaScript – Avoid Making Connections On Unsafe Protocols
JavaScript – Avoid Making Connections On Unsafe Protocols – UI Policy scriptTrue
JavaScript – Avoid Making Connections On Unsafe Protocols – UI Policy scriptFalse
JavaScript – Avoid Making Connections On Unsafe Protocols – Catalog UI Policy scriptTrue
JavaScript – Avoid Making Connections On Unsafe Protocols – Catalog UI Policy scriptFalse
JavaScript – Avoid Unrestricted targetOrigin On Cross-Domain Messaging
JavaScript – Avoid Unrestricted targetOrigin On Cross-Domain Messaging – UI Policy scriptTrue
JavaScript – Avoid Unrestricted targetOrigin On Cross-Domain Messaging – UI Policy scriptFalse
JavaScript – Avoid Unrestricted targetOrigin On Cross-Domain Messaging – Catalog UI Policy scriptTrue
JavaScript – Avoid Unrestricted targetOrigin On Cross-Domain Messaging – Catalog UI Policy scriptFalse
Javascript – Avoid Use Of Alert Function
JavaScript – Avoid Use Of Debugger Statements
JavaScript – Avoid Use Of Debugger Statements – UI Policy scriptTrue
JavaScript – Avoid Use Of Debugger Statements – UI Policy scriptFalse
JavaScript – Avoid Use Of Debugger Statements – Catalog UI Policy scriptTrue
JavaScript – Avoid Use Of Debugger Statements – Catalog UI Policy scriptFalse
JavaScript – Avoid Use Of Eval Function
Server Side: JavaScript – Avoid Use Of Eval Function
JavaScript – Avoid Use Of Function Constructors
JavaScript – Avoid Use Of Function Constructors – UI Policy scriptTrue
JavaScript – Avoid Use Of Function Constructors – UI Policy scriptFalse
JavaScript – Avoid Use Of Function Constructors – Catalog UI Policy scriptTrue
JavaScript – Avoid Use Of Function Constructors – Catalog UI Policy scriptFalse
Javascript – Avoid Use Of Local Storage On Client Scripts
JavaScript – Avoid Use Of WebDB
JavaScript – Avoid Use Of WebDB – UI Policy scriptTrue
JavaScript – Avoid Use Of WebDB – UI Policy scriptFalse
JavaScript – Avoid Use Of WebDB – Catalog UI Policy scriptTrue
JavaScript – Avoid Use Of WebDB – Catalog UI Policy scriptFalse
JavaScript – Optimize Loops
JavaScript – Optimize Loops – UI Policy scriptTrue
JavaScript – Optimize Loops – UI Policy scriptFalse
JavaScript – Optimize Loops – Catalog UI Policy scriptTrue
JavaScript – Optimize Loops – Catalog UI Policy scriptFalse
JavaScript – Use === comparison
JavaScript – Use === Comparison – UI Policy scriptTrue
JavaScript – Use === Comparison – UI Policy scriptFalse
JavaScript – Use === Comparison – Catalog UI Policy scriptTrue
JavaScript – Use === Comparison – Catalog UI Policy scriptFalse
UI Actions With Debugging Statements
Javascript – Avoid Use Of Local Storage On Catalog Client Scripts
PMD – Apex Class Rules
PMD – Apex Trigger Rules
PMD – Lightning Rules
Accessing Endpoints Over Unencrypted Http Should Be Avoided
Access Permissions Should Be Checked Before A SOQL/SOSL/DML Operation
Apex Unit Tests Should Include At Least One Assertion
Apex Unit Tests Should Not Use @isTest(seeAllData=true)
Avoid Classes With Too Many Fields
Avoid Classes With Too Many Public Methods
Avoid Constructors With Excessive Lines of Code Count
Avoid Creating Deeply Nested If-Then Statements
Avoid Declaring Multiple Variables In A Single Line
Avoid DML Statements Inside Loops
Avoid Empty Block Statements
Avoid Empty Catch Block
Avoid Empty If Statements
Avoid Empty Try Or Finally Blocks
Avoid Empty While Statements
Avoid Excessive Class File Lengths
Avoid Excessive Cyclomatic Complexity
Avoid Excessive Standard Cyclomatic Complexity
Avoid Hardcoded Credentials Used In Requests To An Endpoint
Avoid Hardcoding IDs
Avoid Implementing Business Logic In Triggers
Avoid Methods With Excessive Lines Of Code Count
Avoid Processing Unescaped URL Parameters
Avoid SOQL Inside Loops
Avoid Sosl Calls Within Loops
Avoid System.debug And Configuration.disableTriggerCRUDSecurity()
Avoid Types With Excessive Lines Of Code Count
Avoid Using “for” Statements Without Using Surrounding Braces
Avoid Using “while” Statements Without Using Braces To Surround The Code Block
Avoid Using DML Operations In Apex Class Constructor/Init Method
Avoid Using If…Else Statements Without Using Surrounding Braces
Avoid Using If Statements Without Using Braces To Surround The Code Block
Avoid Using Untrusted / Unescaped Variables In DML Queries
Calls To addError With Disabled Escaping Should Be Avoided
Classes Should Explicitly Declare A Sharing Mode If DML Methods Are Used
Class Names Should Always Begin With An Upper Case Character
Final Variables Should Be Fully Capitalized And Non-Final Variables Should Not Include Underscores
Method Names Should Always Begin With A Lower Case Character And Should Not Contain Underscores
Methods With Numerous Parameters Should Not Be Used
Missing ApexDoc @description
Missing ApexDoc Comment
Non-Constructor Methods Should Not Have The Same Name As The Enclosing Class
Randomly Generated IVs And Keys Should Be Used For Crypto Calls
Redirects To User-Controlled Locations Should Be Avoided
The Global Modifier Should Be Avoided
Variable Names Should Start With A Lowercase Character
Variables Should Start With A Lowercase Character
Avoid Directly Accessing Trigger.old And Trigger.new
Avoid Using The With Keyword
Avoid Functions With Inconsistent Return Types
Avoid Unintended Global Variables
Avoid Unintended Modification Of Variables Outside Loops
Avoid Using The ParseInt Function Without An Explicit Base Parameter
Avoid Assignments In Operands
Avoid Using For Statements Without Using Curly Braces
Avoid Using If…Else Statements Without Using Curly Braces
Avoid Using If Statements Without Using Curly Braces
Avoid Return Statements In If Blocks
Avoid Unnecessary Code Blocks
Avoid Unnecessary Parenthesis
Avoid Using “while” Statements Without Using Curly Braces
Avoid Trailing Commas In Object Or Array Literals
Avoid Use Of The “==” Operator
Avoid Declaring Integers Over 15 Digits
All Apex Classes Should Have At Least One Test Class
“System.debug” First Parameter Has To Be Logging Level
Apex Assertions Should Include Message
Apex Unit Test Method Should Have “@IsTest” Annotation
Field Naming Conventions
Formal Parameter Naming Conventions
Local Variable Naming Conventions
Method Naming Conventions
Property Naming Conventions
Cognitive Complexity
Avoid Non Existent Annotations
Inaccessible Aura Enabled Getter
Override Both Equals And Hashcode
Eagerly Loaded Describe SObject Result
Test Methods Must Be In Test Classes
Field Declarations Should Be At Start
Unused Local Variable
Apex Class Rules
Apex Component Rules
Apex Page Rules
Apex Trigger Rules
Custom Field Rules
Duplicate Rules
Object Rules
Org Configuration Rules
Profiles Rules
Report Rules
Static Resource Rules
Avoid Maintaining Legacy Code With Outdated API Versions
Avoid Using Function SObjectType.getDescribe In FLS Checks
Avoid Importing Multiple JavaScript Files Individually
Avoid Using Outdated API Versions In New Code
Avoid Using Data Grids
Avoid Importing Multiple CSS Files Individually
Avoid Using An Excessive Number Of Images
Component Id Must Be Unique
Page Names Should Always Begin With An Upper Case Character
Use Custom Components To Lazy Load Data In APEX Pages
Static Resources Should Be Used To Serve JavaScript, CSS And Images
Action Pollers Should Not Use Short Polling Intervals
Avoid Displaying The Results Of Unbounded Queries On A Page
Avoid Importing Images From Sources Other Than Static Resources
Avoid Using More Than One Tag Per Page
Avoid Importing CSS And Javascript Files From Sources Other Than Static Resources
Use The Render Attribute To Update The Component
Optimize HTML By Removing Unnecessary HTML
Optimize Javascript
Avoid Custom Fields Without Description Or Help Text
Avoid Defining Multiple Triggers Per Object
Avoid Defining More Than One Trigger Per Object – Medium
Avoid Excessive Sharing Rules On An Object
Avoid Formula Fields With JavaScript Code
Avoid Inactive Validation Rules
Avoid Objects Without Indexed Fields
Ratio Custom Fields To Total Fields In Standard Objects – Low
Avoid Objects Without Picklist Fields
Avoid Free Entry Custom Fields With No Data Restrictions
Avoid Excessive Validation Rules
Ratio Custom Fields To Total Fields In Standard Objects – High
Avoid Hardcoded URLs
Avoid Unreachable Code
Ratio Custom Fields To Total Fields In Standard Objects – Medium
Bounded Relative Date Values Should Be Used Whenever Appropriate
Details Should Not Be Shown By Default
The “contains” And “does not contain” Filter Operators Should Not Be Used
The number of fields on a Report should be kept to a minimum
The “or” Operator Should Not Be Used
The Show Filter Should Not Contain The “All” Option
Unbounded Time Intervals Should Not Be Used
Unused Report: Last Run Over Two Years
Unused Report: Last Run From 1 To 2 Years
Unused Report: Last Run From 90 Days To 1 Year
Avoid using apex:includeScript
Avoid Using HTML Tags Which Will Be Removed By The VisualForce Page
Include JavaScript Code From Static Resources
Avoid Using The File Download Servlet To Reference Static Resources
Use Of Open Source Javascript Framework
Password Policy Complexity Too Weak – No Restrictions
Password Policy Expiration Too Weak – Non-Expiring Passwords
Password Policy Expiration Too Weak – Password Lifetime Over 90 Days
Password Policy Repetition Too Weak
Password Policy Max Login Attempts Too Wide
Password Policy: Obfuscate The Secret Answer For Password Resets
Password Policy: Password Question Requirement Set To None
The Trusted IP Range Is Too Wide
Password Policy Minimum Password Length Too Weak
Ratio Of Custom Objects To Standard Objects – High
Ratio Of Custom Objects To Standard Objects – Medium
Ratio Of Custom Objects To Standard Objects – Low
Too Many Apex Classes (Over 50 – Does Not Include Test Classes Or Downloaded Apps)
Too Many Roles (Over 20)
Too Many Branches On Role Hierarchy
Too Many Custom Reports Over Used Objects
Too Much Views Over Used Objects
Too Many Profiles And Permission Sets
Avoid Having More Than One Apex Trigger Per Object
Too Many Reports And Views Without Folder Assigned
The Percentage Of Asynchronous Classes Is Too High
The Instance Has More Than 5.000 Lines Of APEX Code
Coverage Of Unit Tests Is Less Than 75%
Cross-Site Request Forgery (CSRF) Protection On GET Requests On Non-Setup Pages Is Disabled
Cross-Site Request Forgery (CSRF) Protection On POST Requests On Non-Setup Pages Is Disabled
Clickjack Protection For Non-Setup Salesforce Pages Is Disabled
Clickjack Protection For Customer Visualforce Pages With Standard Headers Turned On Is Disabled
Clickjack Protection For Customer Visualforce Pages With Standard Headers Turned Off Is Disabled
Clickjack Protection For Setup Pages Is Disabled
The Browser Is Not Prevented From Inferring The MIME Type From The Document Content And From Executing Malicious Files
Cross-Domain Session Information Is Exchanged Using A GET Request Instead Of A POST Request
Protection Against Reflected Cross-Site Scripting Attacks Is Disabled
The IP Addresses In Login IP Ranges Are Enforced Only When A User Logs In
There Is No Sessions Time Out For Inactive Users
Visualforce, Salesforce Sites, Or Communities Must Use HTTPS
Prevent Unauthorized Used Of Session ID
HTTPS Is Not Required To Log In To Or Access Salesforce
Session Policy – Enable Content Security Policy
Inactivity Time Warning
There Are Free Entry Custom Fields With No Data Restriction
Convert Attachments To Files
Password Policy Password Hint Contains Password
Password Policy Complexity Too Weak – Alphanumeric Restriction Only
Password Policy Expiration Too Weak – Never
Password Policy Expiration Too Weak – Six Months
Password Policy Expiration Too Weak – One Year
Password Policy Max Login Attempts – Unlimited
Password Policy: Obfuscate The Secret Answer
Avoid Using The Attachments Object
Avoid Picklist Fields With Too Many Values
Naming Convention For Salesforce
Avoid Catch Block With Just Logs
Avoid Configuration Elements Without “description”
Avoid Return Statements In try/catch Finally Blocks
ServiceNow Rules List
Rules By Configuration Element
Access Control Rules
Business Rules Rules
Catalog Rules
Catalog Client Scripts Rules
Catalog Item Rules
Catalog UI Policy Action Rules
Catalog UI Policy Rules
Client Script Rules
Data source Rules
Dictionary Rules
Dictionary Entry Override Rules
Email Script Rules
Form Layout Rules
Form Sections Rules
Inactive Security Plugins Rules
Inactivity Monitor Rules
Inbound Email Action Rules
Modules Rules
Notification Rules
Record Producer Rules
REST Message Rules
Script Action Rules
Script Include Rules
Scripted Rest Resource Rules
Service Catalog Rules
SOAP Message Rules
System Property Rules
Table Rules
Table Transform Map Rules
Transform Script Rules
UI Action Rules
UI Policy Action Rules
UI Policy Rules
UI Scripts Rules
User Preferences Rules
Variable Rules
Variable Set Rules
Widget Rules
Widget Angular Provider Rules
Workflow Rules
Update Set Rules
Field Map Rules
Roles Rules
Security Best Practices For ServiceNow
ACLs Using GlideRecord Queries
Business Rules Using Eval Function
Contextual Security Plugin Disabled
GlideRecord API Usage In Scripted REST API Resource
High Security Settings Plugin Disabled
Modified Out Of the Box ElemenT
REST API Resource Modifying Data Without Authentication Check
REST API Resource Modifying Data Without Authentication Check – No Author
Scripted REST API Resource With Hard-Coded sys_ids
Scripts Should Not Use gs.sql
Catalog Items Without Short Description
Catalog Items With Short Description Equal To Name
Multiple Choice Catalog Variables With Too Many Options
Catalog Items Without Description
Notification Email Scripts With Hard-Coded sys_ids
Catalog With No Usage Of META Tags
Catalog With Very Low Usage Of META Tags
Catalog With Low Usage Of META Tags
Client Scripts With Hard-Coded sys_ids
Document Object Model (DOM) Manipulation In Client Scripts
Synchronous AJAX Call In Client Scripts
Client Scripts Should Not Use Unsupported Scripting APIs
Client Scripts With The console.log Debugging Method
GlideRecord Usage On Client Scripts
Client Scripts With Empty Script Field
Client Scripts Defined On The Global Table
Client Scripts Without Function
Catalog Client Scripts With Hard-Coded sys_ids
Catalog Client Scripts Without Function
Document Object Model (DOM) Manipulation In Catalog Client Scripts
Catalog Client Scripts With The console.log Debugging Method
Synchronous AJAX Call In Catalog Client Scripts
GlideRecord Usage On Catalog Client Scripts
Catalog Client Scripts With Empty Script Field
Catalog Client Scripts Should Not Use Unsupported Scripting APIs
GlideRecord Usage On Portal Widget Client Scripts
Portal Widgets With Hard-Coded sys_ids
Synchronous Business Rules Making SOAP Or REST Calls
Angular Providers With Hard-Coded sys_ids
UI Actions With Hard-Coded sys_ids
Server UI Actions Using GlideRecord And getRowCount
Synchronous AJAX Call In UI Actions
Document Object Model (DOM) Manipulation In UI Actions
UI Actions Using GlideRecord
UI Policy Action Without Field Effects
Catalog UI Policy Action Without Field Effects
Transform Maps With Hard-Coded sys_ids
Transform Maps With “Run business rules” Option Enabled
Transform Scripts With Hard-Coded sys_ids
onBefore Transform Scripts Should Only Update The Target Table
Too Many Fields In A Form Section
Forms With Too Many Sections
Inbound Email Actions With Hard-Coded sys_ids
Inbound Email Actions Using GlideRecord And getRowCount
Event Script Action With Hard-Coded sys_ids
Event Script Action Using GlideRecord And getRowCount
UI Scripts With Hard-Coded sys_ids
Synchronous AJAX Call In UI Scripts
UI Scripts With The console.log Debugging Method
UI Scripts With Empty Script Field
GlideRecord usage on UI Scripts
Document Object Model (DOM) Manipulation In UI Scripts
UI Scripts Without Function
Avoid Global UI Scripts
UI Scripts Including Open Source Libraries
Business Rules Defined On The Global Table
Business Rules Without Function
Business Rules Using GlideRecord And getRowCount
Business Rules With Debugging Statements
Business Rules Using The SOAP getResponse Method
onBefore Business Rule Should Only Update The Target Table
Business Rules With Hard-Coded sys_ids
Potential Recursive Business Rules
Script Includes With Hard-Coded sys_ids
Script Includes Using GlideRecord And getRowCount
Script Include With Debugging Statements
Creating Custom Tables In The Global Scope Should Be Avoided
JDBC Data Sources With “Use last run datetime” Option Unchecked
The Default System User Preference “Rows per Page” Set Above 100
Unused Inactivity Monitors
Avoid Workflows With Too Many Activities
Avoid Workflows With Too Many Timer Activities
Workflows With Notification Activities
Synchronous AJAX Call In UI Policies – scriptFalse
UI Policies Using GlideRecord – scriptFalse
UI Policies Using GlideRecord – scriptTrue
UI Policies With Hard-Coded sys_ids – scriptFalse
UI Policies With Hard-Coded sys_ids – scriptTrue
Document Object Model (DOM) Manipulation In UI Policies – scriptFalse
Document Object Model (DOM) Manipulation In UI Policies – scriptTrue
Catalog UI Policies Using GlideRecord – scriptFalse
Catalog UI Policies Using GlideRecord – scriptTrue
Catalog Policies With Hard-Coded sys_ids – scriptTrue
Catalog UI Policies With Hard-Coded sys_ids – scriptFalse
Document Object Model (DOM) Manipulation In Catalog UI Policies – scriptTrue
Document Object Model (DOM) Manipulation In Catalog UI Policies – scriptFalse
Synchronous AJAX Call In Catalog UI Policies – scriptTrue
Synchronous AJAX Call In Catalog UI Policies – scriptFalse
The System Property “Go To Search” Is Set To “Contains”
The System Property “Update on Iterate” Is Enabled
Debug System Properties Enabled
The “Log/trace level of TaskSLAController” System Property Not Set To “notice”
Debugging Properties Enabled In Production Environments
The System Property “Auto Complete Wait Time” Exceeds 750 ms
The System Property “Items per page” Includes Options Over 100
The SOAP Timeout Value Is Over 5 Minutes
The “Security Manager” System Property Is Set To “Allow Access”
SOAP Request Strict Security Should Be Enabled
SSLv2/SSLv3 Should Be Disabled
Escape Jelly Should Be Enabled
Escape HTML Should Be Enabled
Enable AJAXEvaluate Should Be Disabled
AJAXGlideRecord ACL Checking Should Be Enabled
“Check UI Action Conditions check before Execution” Should Be Enabled
Escape XML Should Be Enabled
Client Generated Scripts Sandbox Should Be Enabled
HTML Sanitizer Property Should Be Enabled
Java Package Collection Mode And Collection Mode Override Properties Should Be Disabled
Cookies – HTTP Only Should Be Enabled
CSV Request Authorization Should Be Enabled
Basic Auth SOAP Requests Setting Should Be Enabled
Old UI Enabled Or Being Used
Script Request Authorization Should Be Enabled
“Allow Javascript tags in Embedded HTML” Property Should Be Disabled
Anti-CSRF Token Setting Should Be Enabled
SLA Logging Level Should Be Set To “notice”
The System Property “Auto Complete Search” Is Set To “Contains”
Modules Pointing To Big Tables Without Filter
Avoid Updating The Source Table On Transform Maps
Avoid Updating The Source Table On Transform Scripts
Unlogged API Call Error Condition
Fields Used To Coalesce Records In A Table Transform Map Should Be Indexed
Update Sets Should Contain A Description
The demo_data_running_trigger Business Rule Should Be Disabled
The glide.businessrule.callstack System Property Is Set To True
The sn_hr_core.impersonateCheck System Property Is False
The glide.db.clone.allow_clone_target System Property Is Set To True
Dot Walking To sys_id
Dot Walking To sys_id – Portal Widget clientScript
Dot Walking To sys_id – UI Policy scriptTrue
Dot Walking To sys_id – UI Policy scriptFalse
Dot Walking To sys_id – Catalog UI Policy scriptTrue
Dot Walking To sys_id – Catalog UI Policy scriptFalse
Usage Of g_form.setValue On A Reference Field Without displayValue
Usage Of g_form.setValue On A Reference Field Without displayValue – Portal Widget clientScript
Usage Of g_form.setValue On A Reference Field Without displayValue – UI Policy scriptTrue
Usage Of g_form.setValue On A Reference Field Without displayValue – UI Policy scriptFalse
Usage Of g_form.setValue On A Reference Field Without displayValue – Catalog UI Policy scriptTrue
Usage Of g_form.setValue On A Reference Field wWithout displayValue – Catalog UI Policy scriptFalse
The “glide.login.autocomplete” System Property Is Set To True
Scripts Directly Call To Java Packages
Avoid Creating Unnecessary Tables In Scoped Applications Which Can Impact Your Licensing Cost
Usage Of getMessage Function Without A Second Parameter
Usage Of getMessage Function Without A Second Parameter – Portal Widget clientScript
Usage Of getMessage Function Without A Second Parameter – UI Policy scriptTrue
Usage Of getMessage Function Without A Second Parameter – UI Policy scriptFalse
Usage Of getMessage Function Without A Second Parameter – Catalog UI Policy scriptTrue
Usage Of getMessage Function Without A Second Parameter – Catalog UI Policy scriptFalse
Roles Without Any User
Scheduled Jobs Without A Dedicated Integration User
Reports Should Not Be Made Public
Usage Of current.update() In Script Workflow Activities
Scheduled Imports Should Not Run At The Same Time
Avoid Script Includes With Duplicate Names
Usage Of gs.sleep() On Workflow Activities
Scheduled Jobs Run By Deleted Users
Usage Of gs.cacheFlush() On Scripts
Auditing For Update Sets Should Be Enabled
Usage Of Window Objects Instead Of AngularJS Services
Forms With Duplicate Fields
Portal Widgets Should Not Be Made Public
The Change Request Table Should Not Be Extended
Portal Pages Should Not Be Made Public
Too Many Delete Actions On An Update Set
The assessment_take2 UI Page Should Be Public
Transform Maps With Boolean Fields In Their Import Set Table
Update Sets Should Not Include Images Without Review
Update Sets Should Not Include Knowledge Base Articles Without Review
Avoid Creating cross-table Business Rule Recursive Loops
Dictionary Entries Present For A Table That Does Not Exist
Groups Should Not Have An Inactive Manager
Flows Should Not Be Client Callable
Actions Should Not Be Client Callable
HHRR System Properties Outside The “Human Resource Scoped” Category
Groups Should Not Have Inactive Members
Flows Should Not Run Using The Admin Role
Integration Accounts Should Not Use The Admin Role
Workflows Should Not Use Stages That Are Not Defined In A Stage Set
Stage Sets With Duplicates Entries
Child Group Does Not Contain All Parent Roles
The “glide.email.read.active” System Property Is Set To “false”
The “glide.email.smtp.active” System Property Is Set To “false”
The “glide.uxf.js_server.consolidate” System Property Is Set To “false”
The “glide.image_provider.security_enabled” System Property Is Set To “false”
Usage Of getMessage() Without Preloading Message Key
The Out Of The Box Admin Account Should Not Be Inactive Or Locked Out
Empty Role Assigned To A User
Empty Roles Assigned To A Group
Roles Assigned To An Invalid User
The glide.xmlutil.max_entity_expansion System Property Value Is Not Set To 3000
Maximum Number Of Actions Per Flow And Subflow
Potential Recursive Business Rules – current.update()
ACLs Should Not Be Entirely Empty Or Contain The “Public” Role
Scheduled Jobs Should Specified A Value For “Run as” Field
Scheduled Jobs Should Not Be Run By inactive/locked Out Users
GlideRecord And GlideRecordSecure Should Not Be Used In Client Side Scripts
GlideRecord And GlideRecordSecure Should Not Be Used In Service Portal Widget-Client Script
GlideRecord And GlideRecordSecure Should Not Be Used In Catalog UI Policies. Script False
GlideRecord And GlideRecordSecure Should Not Be Used In Catalog UI Policies. Script True
GlideRecord And GlideRecordSecure Should Not Be Used In UI Policies. Script False
GlideRecord And GlideRecordSecure Should Not Be Used In UI Policies. Script True
Vulnerabilities in Open Source Libraries List
AngularJS – Denial of Service attack through DOM clobbering on versions under 1.6.3
AngularJS – Prototype Pollution Vulnerability Under 1.7.9
AngularJS – XSS vulnerability Using AngularJS Under 1.6.5 In Firefox And Safari – Sanitize On Inert Documents
AngularJS – XSS Vulnerability Through The Attribute “usemap” From 1.0.0 To 1.2.30
AngularJS – XSS Vulnerability Through The Attribute “usemap” From 1.3.0 To 1.5.0-rc2
AngularJS – XSS Vulnerability Under 1.8.0 – Input HTML
AngularJS – XSS Vulnerability Using AngularJS Under 1.6.9 With Firefox
jQuery – XSS Vulnerability Under 3.5.0, When Using htmlPrefilter
XSS Vulnerability In Ext JS Action Column getTip
jQuery – Prototype Pollution Vulnerability Under 3.4.0
jQuery – XSS Vulnerability Under 1.6.3, When Using location.hash
jQuery – XSS Vulnerability Under 1.9.0, When Using jQuery(strInput)
jQuery – XSS Vulnerability Under 3.0.0, When Making Cross-Domain Calls Without The dataType Option
jQuery-ui-tooltip – XSS Vulnerability Under 1.10.0, Title Attribute
jQuery-ui-dialog – XSS Vulnerability Under 1.10.0, Title Attribute
jQuery-ui-dialog – XSS Vulnerability Under 1.10.0, closeText Parameter
moment.js – Regular Expression Denial Of Service Vulnerability
Bootstrap – XSS Vulnerability On Versions Under 2.1.0, On popover / tooltip
Bootstrap – XSS Vulnerability On Versions Under 3.4.0, On data-target Attribute
Bootstrap – XSS Vulnerability On Versions Between 4.0.0 And 4.1.2, On data-target Attribute
Bootstrap – XSS Vulnerability On Versions Under 3.4.1, On data-template, data-content And data-Title Attributes
Bootstrap – XSS Vulnerability On Versions Between 4.0.0 And 4.3.1, On data-template, data-content And data-title Attributes
swfobject – XSS Vulnerability On Versions Under 2.1, On swfobject.getQueryParamValue
tinyMCE – Static Code Injection Vulnerability On Versions Under 1.4.2, In inc/function.base.php
tinyMCE – XSS Vulnerability On Versions Under 4.2.4, In Media Plugin
tinyMCE – XSS Vulnerability On Versions Under 4.2.0, In Some Default Config Implementations
tinyMCE – XSS Vulnerability On Versions Under 4.7.12, In Links With XLINK:HREF Attributes
tinyMCE – XSS Vulnerability On Versions Under 5.1.6, In CDATA Elements
tinyMCE – XSS Vulnerability On Versions Under 5.2.2, In Media Elements
tinyMCE – XSS Vulnerability On Versions Under 5.4.0, In iframe Elements
tinyMCE – XSS Vulnerability On Versions Between 5.0.0 And 5.1.4, On The Core Parser, Paste And visualcharts Plugins
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via JQLite DOM Manipulation Functions
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via Nested Option In Select Elements
jQuery – XSS Vulnerability On Versions Under 3.5.0, Via The htmlPrefilter Method
Handlebars – Remote Code Execution Possible In Compat And Strict Mode On Versions Under 4.7.7
Handlebars – Template Injection And Remote Code Execution On Versions Under 4.6.0
Handlebars – Remote-code-execution Exploits Where Misusing prototype-builtins On Versions Under 4.5.3
Handlebars – Remote-code-execution Exploits Where Misusing The Helper blockHelperMissing On Versions Under 4.3.0
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 4.0.0 And Less Than 4.0.14
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 3.0.0 And Less Than 3.0.7
Handlebars – Prototype Pollution Vulnerability On Versions Between 4.0.14 And 4.1.2
Handlebars – Prototype Pollution Vulnerability On Versions Under 4.0.14
Handlebars – XSS Vulnerability On Versions Under 4.0.0
Vue. Possible XSS Vector On Versions Under 2.4.3
Vue. Potential XSS In SSR When Using v-bind On Versions Under 2.5.17
Vue. vue-server-renderer’s Dependency Of serialize-javascript To 2.1.2 On Versions Under 2.6.11
React. Potential XSS Vulnerability When Using User Data As A Key. This Only Affects v0.5.x And v0.4.x
React. XSS Via A Spoofed React Element On Versions Under 0.14.0
Dynamics 365 Rules List
Avoid Using Deprecated Event Registration And Handling Methods
Avoid Using Deprecated Global Context Methods
Avoid Using Deprecated GridRow And GridRowData Methods
Avoid Using Deprecated Methods
Avoid Using Deprecated Xrm.Page.context Methods
Avoid Using Deprecated Xrm.Utility Methods
Avoid Using DOM Manipulation
Avoid Using Silverlight Web Components
List Of Configuration Elements Scanned In Salesforce
List Of Configuration Elements (CEs) Scanned In ServiceNow
JavaScript Best Practices
Quality Clouds Dynamics 365 Best Practices
Deprecated Client APIs
Avoid using size() in SOQL queries.xg
Use of GlideRecord and getRowCount
Inline Scripts should not contain many lines of code
Exception Classes Should Extend an Exception
Avoid Using HTTP Referer Headers
Avoid Messaging Operation In Loop
Avoid Async scheduling or queueing Operation In Loop.
Avoid invocation of future methods inside loops
Switch Statements Should Have a When Else Case
React. XSS Via A Spoofed React Element On Versions Under 0.14.0
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via Nested Option In Select Elements
React. Potential XSS Vulnerability When Using User Data As A Key. This Only Affects v0.5.x And v0.4.x
Vue. vue-server-renderer’s Dependency Of serialize-javascript To 2.1.2 On Versions Under 2.6.11
Vue. Potential XSS In SSR When Using v-bind On Versions Under 2.5.17
Vue. Possible XSS Vector On Versions Under 2.4.3
Handlebars – XSS Vulnerability On Versions Under 4.0.0
Handlebars – Prototype Pollution Vulnerability On Versions Under 4.0.14
Handlebars – Prototype Pollution Vulnerability On Versions Between 4.0.14 And 4.1.2
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 3.0.0 And Less Than 3.0.7
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 4.0.0 And Less Than 4.0.14
Handlebars – Remote-code-execution Exploits Where Misusing The Helper blockHelperMissing On Versions Under 4.3.0
Avoid Losing Exception Information
Avoid duplicate queueable jobs
Set maximum depth for chained queueable jobs
Avoid using Tab Characters Check
Set minimum queueable delay for chained queueable jobs
Avoid multiple unary operators
GlideRecordSecure should not be used in Inline Scripts.
GlideRecord should not be used in Inline Scripts.
Remove unused private methods
Remove unused apex classes

What Is Quality Clouds?

Benefits
Features
Services and Components

Copado integration

Copado Integration for Salesforce
Working With Copado User Stories

Get Started

Glossary
What will you see?
Quick Checklist
Quality Clouds Portal and Admin Portal
Views in Quality Clouds
Rules And Rulesets
- Rules And Rulesets in Quality Clouds
- Managing Rulesets
Governing Your SaaS Environments
Administering your account
- Actions to manage your account
Quality Clouds Applications And Integrations
- Applications And Integrations
Scans
- About Scans
- Scanning Update Sets In ServiceNow
KPIs And Basic Terms
Quality Clouds Security
General Funcionalities

Live Check Quality for Salesforce - Code Builder extension

Code Builder extension
Checking your code with Code Builder

Rules for ServiceNow

Quality Clouds ServiceNow Coding Best Practice Rules.
List Of Configuration Elements (CEs) Scanned In ServiceNow
ServiceNow Rules
By Configuration Element
By Impact Area
- Security Best Practices For ServiceNow
Vulnerabilities in Open Source Libraries ServiceNow
Data Privacy and GDPR ServiceNow
JavaScript Rules

Applications And Integrations For ServiceNow

Applications And integrations List For ServiceNow
Field Analysis For ServiceNow
- Field Analysis For ServiceNow platform
- Field Analysis – Versions
Quality Clouds ServiceNow Store Application
Live Check Quality for ServiceNow - Visual Studio Code Extension
Working with Issues in Quality Clouds ServiceNow App

Operational Scans

Operational Scans On ServiceNow

Operational Scans

About Operational Scans

Quality Clouds For ServiceNow

Get Started with Quality Clouds For ServiceNow

Quality Clouds For Salesforce

Get Started with Quality Clouds For Salesforce
Operational Scans
- Operational Scans On Salesforce

Quality Clouds For Office 365

Get Started with Quality Clouds For Office 365
Connecting O365 with QualityClouds
Operational Scans
- Operational Scans On Office 365

Code Duplication Rules

Code Duplication Rules List
Code Duplication – High
Code Duplication – Low
Code Duplication – Medium

Dynamics 365 Best Practices

Quality Clouds Dynamics 365 Best Practices
Deprecated Client APIs

PMD Rules

PMD – Apex Class Rules
PMD – Apex Trigger Rules
PMD – Lightning Rules
Accessing Endpoints Over Unencrypted Http Should Be Avoided
Access Permissions Should Be Checked Before A SOQL/SOSL/DML Operation
Apex Unit Tests Should Include At Least One Assertion
Apex Unit Tests Should Not Use @isTest(seeAllData=true)
Avoid Classes With Too Many Fields
Avoid Classes With Too Many Public Methods
Avoid Constructors With Excessive Lines of Code Count
Avoid Creating Deeply Nested If-Then Statements
Avoid Declaring Multiple Variables In A Single Line
Avoid DML Statements Inside Loops
Avoid Empty Block Statements
Avoid Empty Catch Block
Avoid Empty If Statements
Avoid Empty Try Or Finally Blocks
Avoid Empty While Statements
Avoid Excessive Class File Lengths
Avoid Excessive Cyclomatic Complexity
Avoid Excessive Standard Cyclomatic Complexity
Avoid Hardcoded Credentials Used In Requests To An Endpoint
Avoid Hardcoding IDs
Avoid Implementing Business Logic In Triggers
Avoid Methods With Excessive Lines Of Code Count
Avoid Processing Unescaped URL Parameters
Avoid SOQL Inside Loops
Avoid Sosl Calls Within Loops
Avoid System.debug And Configuration.disableTriggerCRUDSecurity()
Avoid Types With Excessive Lines Of Code Count
Avoid Using “for” Statements Without Using Surrounding Braces
Avoid Using “while” Statements Without Using Braces To Surround The Code Block
Avoid Using DML Operations In Apex Class Constructor/Init Method
Avoid Using If…Else Statements Without Using Surrounding Braces
Avoid Using If Statements Without Using Braces To Surround The Code Block
Avoid Using Untrusted / Unescaped Variables In DML Queries
Calls To addError With Disabled Escaping Should Be Avoided
Classes Should Explicitly Declare A Sharing Mode If DML Methods Are Used
Class Names Should Always Begin With An Upper Case Character
Final Variables Should Be Fully Capitalized And Non-Final Variables Should Not Include Underscores
Method Names Should Always Begin With A Lower Case Character And Should Not Contain Underscores
Methods With Numerous Parameters Should Not Be Used
Missing ApexDoc @description
Missing ApexDoc Comment
Non-Constructor Methods Should Not Have The Same Name As The Enclosing Class
Randomly Generated IVs And Keys Should Be Used For Crypto Calls
Redirects To User-Controlled Locations Should Be Avoided
The Global Modifier Should Be Avoided
Variable Names Should Start With A Lowercase Character
Variables Should Start With A Lowercase Character
Avoid Directly Accessing Trigger.old And Trigger.new
Avoid Using The With Keyword
Avoid Functions With Inconsistent Return Types
Avoid Unintended Global Variables
Avoid Unintended Modification Of Variables Outside Loops
Avoid Using The ParseInt Function Without An Explicit Base Parameter
Avoid Assignments In Operands
Avoid Using For Statements Without Using Curly Braces
Avoid Using If…Else Statements Without Using Curly Braces
Avoid Using If Statements Without Using Curly Braces
Avoid Return Statements In If Blocks
Avoid Unnecessary Code Blocks
Avoid Unnecessary Parenthesis
Avoid Using “while” Statements Without Using Curly Braces
Avoid Trailing Commas In Object Or Array Literals
Avoid Use Of The “==” Operator
Avoid Declaring Integers Over 15 Digits
All Apex Classes Should Have At Least One Test Class
“System.debug” First Parameter Has To Be Logging Level
Apex Assertions Should Include Message
Apex Unit Test Method Should Have “@IsTest” Annotation
Field Naming Conventions
Formal Parameter Naming Conventions
Local Variable Naming Conventions
Method Naming Conventions
Property Naming Conventions
Cognitive Complexity
Avoid Non Existent Annotations
Inaccessible Aura Enabled Getter
Override Both Equals And Hashcode
Eagerly Loaded Describe SObject Result
Test Methods Must Be In Test Classes
Field Declarations Should Be At Start
Unused Local Variable
Avoid Non Restrictive Queries
Avoid Queueable Without Finalizer
Avoid Operation With High Cost In Loop
Remove unused public methods
Remove unused private methods
Remove unused apex classes

Salesforce Rules

Avoid Maintaining Legacy Code With Outdated API Versions
Avoid Using Function SObjectType.getDescribe In FLS Checks
Avoid Importing Multiple JavaScript Files Individually
Avoid Using Outdated API Versions In New Code
Avoid Using Data Grids
Avoid Importing Multiple CSS Files Individually
Avoid Using An Excessive Number Of Images
Component Id Must Be Unique
Page Names Should Always Begin With An Upper Case Character
Use Custom Components To Lazy Load Data In APEX Pages
Static Resources Should Be Used To Serve JavaScript, CSS And Images
Action Pollers Should Not Use Short Polling Intervals
Avoid Displaying The Results Of Unbounded Queries On A Page
Avoid Importing Images From Sources Other Than Static Resources
Avoid Using More Than One Tag Per Page
Avoid Importing CSS And Javascript Files From Sources Other Than Static Resources
Use The Render Attribute To Update The Component
Optimize HTML By Removing Unnecessary HTML
Optimize Javascript
Avoid Custom Fields Without Description Or Help Text
Avoid Defining Multiple Triggers Per Object
Avoid Defining More Than One Trigger Per Object – Medium
Avoid Excessive Sharing Rules On An Object
Avoid Formula Fields With JavaScript Code
Avoid Inactive Validation Rules
Avoid Objects Without Indexed Fields
Ratio Custom Fields To Total Fields In Standard Objects – Low
Avoid Objects Without Picklist Fields
Avoid Free Entry Custom Fields With No Data Restrictions
Avoid Excessive Validation Rules
Ratio Custom Fields To Total Fields In Standard Objects – High
Avoid Hardcoded URLs
Avoid Unreachable Code
Ratio Custom Fields To Total Fields In Standard Objects – Medium
Bounded Relative Date Values Should Be Used Whenever Appropriate
Details Should Not Be Shown By Default
The “contains” And “does not contain” Filter Operators Should Not Be Used
The number of fields on a Report should be kept to a minimum
The “or” Operator Should Not Be Used
The Show Filter Should Not Contain The “All” Option
Unbounded Time Intervals Should Not Be Used
Unused Report: Last Run Over Two Years
Unused Report: Last Run From 1 To 2 Years
Unused Report: Last Run From 90 Days To 1 Year
Avoid using apex:includeScript
Avoid Using HTML Tags Which Will Be Removed By The VisualForce Page
Include JavaScript Code From Static Resources
Avoid Using The File Download Servlet To Reference Static Resources
Use Of Open Source Javascript Framework
Password Policy Complexity Too Weak – No Restrictions
Password Policy Expiration Too Weak – Non-Expiring Passwords
Password Policy Expiration Too Weak – Password Lifetime Over 90 Days
Password Policy Repetition Too Weak
Password Policy Max Login Attempts Too Wide
Password Policy: Obfuscate The Secret Answer For Password Resets
Password Policy: Password Question Requirement Set To None
The Trusted IP Range Is Too Wide
Password Policy Minimum Password Length Too Weak
Ratio Of Custom Objects To Standard Objects – High
Ratio Of Custom Objects To Standard Objects – Medium
Ratio Of Custom Objects To Standard Objects – Low
Too Many Apex Classes (Over 50 – Does Not Include Test Classes Or Downloaded Apps)
Too Many Roles (Over 20)
Too Many Branches On Role Hierarchy
Too Many Custom Reports Over Used Objects
Too Much Views Over Used Objects
Too Many Profiles And Permission Sets
Avoid Having More Than One Apex Trigger Per Object
Too Many Reports And Views Without Folder Assigned
The Percentage Of Asynchronous Classes Is Too High
The Instance Has More Than 5.000 Lines Of APEX Code
Coverage Of Unit Tests Is Less Than 75%
Cross-Site Request Forgery (CSRF) Protection On GET Requests On Non-Setup Pages Is Disabled
Cross-Site Request Forgery (CSRF) Protection On POST Requests On Non-Setup Pages Is Disabled
Clickjack Protection For Non-Setup Salesforce Pages Is Disabled
Clickjack Protection For Customer Visualforce Pages With Standard Headers Turned On Is Disabled
Clickjack Protection For Customer Visualforce Pages With Standard Headers Turned Off Is Disabled
Clickjack Protection For Setup Pages Is Disabled
The Browser Is Not Prevented From Inferring The MIME Type From The Document Content And From Executing Malicious Files
Cross-Domain Session Information Is Exchanged Using A GET Request Instead Of A POST Request
Protection Against Reflected Cross-Site Scripting Attacks Is Disabled
The IP Addresses In Login IP Ranges Are Enforced Only When A User Logs In
There Is No Sessions Time Out For Inactive Users
Visualforce, Salesforce Sites, Or Communities Must Use HTTPS
Prevent Unauthorized Used Of Session ID
HTTPS Is Not Required To Log In To Or Access Salesforce
Session Policy – Enable Content Security Policy
Inactivity Time Warning
There Are Free Entry Custom Fields With No Data Restriction
Convert Attachments To Files
Password Policy Password Hint Contains Password
Password Policy Complexity Too Weak – Alphanumeric Restriction Only
Password Policy Expiration Too Weak – Never
Password Policy Expiration Too Weak – Six Months
Password Policy Expiration Too Weak – One Year
Password Policy Max Login Attempts – Unlimited
Password Policy: Obfuscate The Secret Answer
Avoid Using The Attachments Object
Avoid Picklist Fields With Too Many Values
Naming Convention For Salesforce
Avoid Catch Block With Just Logs
Avoid Configuration Elements Without “description”
Avoid Return Statements In try/catch Finally Blocks
Avoid using size() in SOQL queries.xg
Exception Classes Should Extend an Exception
Avoid Using HTTP Referer Headers
Avoid Messaging Operation In Loop
Avoid Async scheduling or queueing Operation In Loop.
Avoid invocation of future methods inside loops
Avoid throwing exception inside finally block
Switch Statements Should Have a When Else Case
Avoid Losing Exception Information
Avoid duplicate queueable jobs
Set maximum depth for chained queueable jobs
Avoid using Tab Characters Check
Set minimum queueable delay for chained queueable jobs
Avoid multiple unary operators
Avoid using Workflow Rules
Avoid spaces in Omniscript elements
Avoid too many elements in Omniscripts
Avoid large Omniscript
Avoid Record-triggered flows without entry criteria.
Avoid inactive flows.
Avoid DML statements in Flow-Loops.
Avoid DML statements without error handling
Avoid using UserInfo.GetSessionId()
Avoid custom applications without logo

Dynamics 365 Rules

Dynamics 365 Rules List
Avoid Using Deprecated Event Registration And Handling Methods
Avoid Using Deprecated Global Context Methods
Avoid Using Deprecated GridRow And GridRowData Methods
Avoid Using Deprecated Methods
Avoid Using Deprecated Xrm.Page.context Methods
Avoid Using Deprecated Xrm.Utility Methods
Avoid Using DOM Manipulation
Avoid Using Silverlight Web Components

By Configuration Elements

Apex Class Rules
Apex Component Rules
Apex Page Rules
Apex Trigger Rules
Custom Field Rules
Duplicate Rules
Object Rules
Org Configuration Rules
Profiles Rules
Report Rules
Static Resource Rules
List Of Configuration Elements Scanned In Salesforce

DevOps Center Integration

DevOps Center
Working with DevOps Center Projects

Live Check Quality For Salesforce - Visual Studio Code Extension

Live Check Quality For Salesforce – Visual Studio Code
Checking Your Code With Live Check Quality extension
Live Check Quality For Salesforce – Versions
Quality Center – Visual Studio Code

Quality Clouds Live Check For Salesforce - Chrome Extension

Quality Clouds Live Check For Salesforce – Chrome
Checking Your Code In Salesforce Developer Console

Quality Center for Salesforce

Quality Center for Salesforce

Vulnerabilities in Open Source Libraries Salesforce

Vulnerabilities in Open Source Libraries List
AngularJS – Denial of Service attack through DOM clobbering on versions under 1.6.3
AngularJS – Prototype Pollution Vulnerability Under 1.7.9
AngularJS – XSS vulnerability Using AngularJS Under 1.6.5 In Firefox And Safari – Sanitize On Inert Documents
AngularJS – XSS Vulnerability Through The Attribute “usemap” From 1.0.0 To 1.2.30
AngularJS – XSS Vulnerability Through The Attribute “usemap” From 1.3.0 To 1.5.0-rc2
AngularJS – XSS Vulnerability Under 1.8.0 – Input HTML
AngularJS – XSS Vulnerability Using AngularJS Under 1.6.9 With Firefox
jQuery – XSS Vulnerability Under 3.5.0, When Using htmlPrefilter
XSS Vulnerability In Ext JS Action Column getTip
jQuery – Prototype Pollution Vulnerability Under 3.4.0
jQuery – XSS Vulnerability Under 1.6.3, When Using location.hash
jQuery – XSS Vulnerability Under 1.9.0, When Using jQuery(strInput)
jQuery – XSS Vulnerability Under 3.0.0, When Making Cross-Domain Calls Without The dataType Option
jQuery-ui-tooltip – XSS Vulnerability Under 1.10.0, Title Attribute
jQuery-ui-dialog – XSS Vulnerability Under 1.10.0, Title Attribute
jQuery-ui-dialog – XSS Vulnerability Under 1.10.0, closeText Parameter
moment.js – Regular Expression Denial Of Service Vulnerability
Bootstrap – XSS Vulnerability On Versions Under 2.1.0, On popover / tooltip
Bootstrap – XSS Vulnerability On Versions Under 3.4.0, On data-target Attribute
Bootstrap – XSS Vulnerability On Versions Between 4.0.0 And 4.1.2, On data-target Attribute
Bootstrap – XSS Vulnerability On Versions Under 3.4.1, On data-template, data-content And data-Title Attributes
Bootstrap – XSS Vulnerability On Versions Between 4.0.0 And 4.3.1, On data-template, data-content And data-title Attributes
swfobject – XSS Vulnerability On Versions Under 2.1, On swfobject.getQueryParamValue
tinyMCE – Static Code Injection Vulnerability On Versions Under 1.4.2, In inc/function.base.php
tinyMCE – XSS Vulnerability On Versions Under 4.2.4, In Media Plugin
tinyMCE – XSS Vulnerability On Versions Under 4.2.0, In Some Default Config Implementations
tinyMCE – XSS Vulnerability On Versions Under 4.7.12, In Links With XLINK:HREF Attributes
tinyMCE – XSS Vulnerability On Versions Under 5.1.6, In CDATA Elements
tinyMCE – XSS Vulnerability On Versions Under 5.2.2, In Media Elements
tinyMCE – XSS Vulnerability On Versions Under 5.4.0, In iframe Elements
tinyMCE – XSS Vulnerability On Versions Between 5.0.0 And 5.1.4, On The Core Parser, Paste And visualcharts Plugins
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via JQLite DOM Manipulation Functions
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via Nested Option In Select Elements
jQuery – XSS Vulnerability On Versions Under 3.5.0, Via The htmlPrefilter Method
Handlebars – Remote Code Execution Possible In Compat And Strict Mode On Versions Under 4.7.7
Handlebars – Template Injection And Remote Code Execution On Versions Under 4.6.0
Handlebars – Remote-code-execution Exploits Where Misusing prototype-builtins On Versions Under 4.5.3
Handlebars – Remote-code-execution Exploits Where Misusing The Helper blockHelperMissing On Versions Under 4.3.0
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 4.0.0 And Less Than 4.0.14
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 3.0.0 And Less Than 3.0.7
Handlebars – Prototype Pollution Vulnerability On Versions Between 4.0.14 And 4.1.2
Handlebars – Prototype Pollution Vulnerability On Versions Under 4.0.14
Handlebars – XSS Vulnerability On Versions Under 4.0.0
Vue. Possible XSS Vector On Versions Under 2.4.3
Vue. Potential XSS In SSR When Using v-bind On Versions Under 2.5.17
Vue. vue-server-renderer’s Dependency Of serialize-javascript To 2.1.2 On Versions Under 2.6.11
React. Potential XSS Vulnerability When Using User Data As A Key. This Only Affects v0.5.x And v0.4.x
React. XSS Via A Spoofed React Element On Versions Under 0.14.0
React. XSS Via A Spoofed React Element On Versions Under 0.14.0
AngularJS – XSS Vulnerability On Versions Under 1.8.0, Via Nested Option In Select Elements
React. Potential XSS Vulnerability When Using User Data As A Key. This Only Affects v0.5.x And v0.4.x
Vue. vue-server-renderer’s Dependency Of serialize-javascript To 2.1.2 On Versions Under 2.6.11
Vue. Potential XSS In SSR When Using v-bind On Versions Under 2.5.17
Vue. Possible XSS Vector On Versions Under 2.4.3
Handlebars – XSS Vulnerability On Versions Under 4.0.0
Handlebars – Prototype Pollution Vulnerability On Versions Under 4.0.14
Handlebars – Prototype Pollution Vulnerability On Versions Between 4.0.14 And 4.1.2
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 3.0.0 And Less Than 3.0.7
Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 4.0.0 And Less Than 4.0.14
Handlebars – Remote-code-execution Exploits Where Misusing The Helper blockHelperMissing On Versions Under 4.3.0

Data Privacy and GDPR O365

Possible Extra-Sensitive PII Usage In Configuration Element – Gender
Possible Extra-Sensitive PII Usage In Configuration Element – Religion
Possible Use Of Private Data
Possible Use Of Private Data – UI Policy scriptTrue
Possible Use Of Private Data – UI Policy scriptFalse
Possible Use Of Private Data – Catalog UI Policy scriptTrue
Possible Use Of Private Data – Catalog UI Policy scriptFalse
Possible PII Usage In Configuration Element – Address
Possible PII Usage In Configuration Element – Email
Possible PII Usage In Configuration Element – Nationality
Possible PII Usage In Configuration Element – Passport
Possible PII Usage In Table Column – Address
Possible PII Usage In Table Column – Email
Possible PII Usage In Table Column – Nationality
Possible PII Usage In Table Column – Passport
Possible Extra-Sensitive PII Usage In Table Column – Gender
Possible Extra-Sensitive PII Usage In Table Column – Religion
Data Sensitivity Level Of Field Gender Is Not Set
JavaScript – Avoid Use Of Function Constructors

Data Privacy and GDPR Salesforce

Possible Extra-Sensitive PII Usage In Configuration Element – Gender
Possible Extra-Sensitive PII Usage In Configuration Element – Religion
Possible Use Of Private Data
Possible Use Of Private Data – UI Policy scriptTrue
Possible Use Of Private Data – UI Policy scriptFalse
Possible Use Of Private Data – Catalog UI Policy scriptTrue
Possible Use Of Private Data – Catalog UI Policy scriptFalse
Possible PII Usage In Configuration Element – Address
Possible PII Usage In Configuration Element – Email
Possible PII Usage In Configuration Element – Nationality
Possible PII Usage In Configuration Element – Passport
Possible PII Usage In Table Column – Address
Possible PII Usage In Table Column – Email
Possible PII Usage In Table Column – Nationality
Possible PII Usage In Table Column – Passport
Possible Extra-Sensitive PII Usage In Table Column – Gender
Possible Extra-Sensitive PII Usage In Table Column – Religion
Data Sensitivity Level Of Field Email Is Not Set
Data Sensitivity Level Of Field Passport Is Not Set
Data Sensitivity Level Of Field Address Is Not Set
Data Sensitivity Level Of Field Nationality Is Not Set
Data Sensitivity Level Of Field Gender Is Not Set
Data Sensitivity Level Of Field Religion Is Not Set
JavaScript – Avoid Use Of Function Constructors

View Categories

Home
Quality Clouds Documentation
QC
Rules for ServiceNow
ServiceNow Rules

ServiceNow Rules

ServiceNow Rules List
ACLs Using GlideRecord Queries
Business Rules Using Eval Function
Contextual Security Plugin Disabled
GlideRecord API Usage In Scripted REST API Resource
High Security Settings Plugin Disabled
Modified Out Of the Box ElemenT
REST API Resource Modifying Data Without Authentication Check
REST API Resource Modifying Data Without Authentication Check – No Author
Scripted REST API Resource With Hard-Coded sys_ids
Scripts Should Not Use gs.sql
Catalog Items Without Short Description
Catalog Items With Short Description Equal To Name
Multiple Choice Catalog Variables With Too Many Options
Catalog Items Without Description
Notification Email Scripts With Hard-Coded sys_ids
Catalog With No Usage Of META Tags
Catalog With Very Low Usage Of META Tags
Catalog With Low Usage Of META Tags
Client Scripts With Hard-Coded sys_ids
Document Object Model (DOM) Manipulation In Client Scripts
Synchronous AJAX Call In Client Scripts
Client Scripts Should Not Use Unsupported Scripting APIs
Client Scripts With The console.log Debugging Method
GlideRecord Usage On Client Scripts
Client Scripts With Empty Script Field
Client Scripts Defined On The Global Table
Client Scripts Without Function
Catalog Client Scripts With Hard-Coded sys_ids
Catalog Client Scripts Without Function
Document Object Model (DOM) Manipulation In Catalog Client Scripts
Catalog Client Scripts With The console.log Debugging Method
Synchronous AJAX Call In Catalog Client Scripts
GlideRecord Usage On Catalog Client Scripts
Catalog Client Scripts With Empty Script Field
Catalog Client Scripts Should Not Use Unsupported Scripting APIs
GlideRecord Usage On Portal Widget Client Scripts
Portal Widgets With Hard-Coded sys_ids
Synchronous Business Rules Making SOAP Or REST Calls
Angular Providers With Hard-Coded sys_ids
UI Actions With Hard-Coded sys_ids
Server UI Actions Using GlideRecord And getRowCount
Synchronous AJAX Call In UI Actions
Document Object Model (DOM) Manipulation In UI Actions
UI Actions Using GlideRecord
UI Policy Action Without Field Effects
Catalog UI Policy Action Without Field Effects
Transform Maps With Hard-Coded sys_ids
Transform Maps With “Run business rules” Option Enabled
Transform Scripts With Hard-Coded sys_ids
onBefore Transform Scripts Should Only Update The Target Table
Too Many Fields In A Form Section
Forms With Too Many Sections
Inbound Email Actions With Hard-Coded sys_ids
Inbound Email Actions Using GlideRecord And getRowCount
Event Script Action With Hard-Coded sys_ids
Event Script Action Using GlideRecord And getRowCount
UI Scripts With Hard-Coded sys_ids
Synchronous AJAX Call In UI Scripts
UI Scripts With The console.log Debugging Method
UI Scripts With Empty Script Field
GlideRecord usage on UI Scripts
Document Object Model (DOM) Manipulation In UI Scripts
UI Scripts Without Function
Avoid Global UI Scripts
UI Scripts Including Open Source Libraries
Business Rules Defined On The Global Table
Business Rules Without Function
Business Rules Using GlideRecord And getRowCount
Business Rules With Debugging Statements
Business Rules Using The SOAP getResponse Method
onBefore Business Rule Should Only Update The Target Table
Business Rules With Hard-Coded sys_ids
Potential Recursive Business Rules
Script Includes With Hard-Coded sys_ids
Script Includes Using GlideRecord And getRowCount
Script Include With Debugging Statements
Creating Custom Tables In The Global Scope Should Be Avoided
JDBC Data Sources With “Use last run datetime” Option Unchecked
The Default System User Preference “Rows per Page” Set Above 100
Unused Inactivity Monitors
Avoid Workflows With Too Many Activities
Avoid Workflows With Too Many Timer Activities
Workflows With Notification Activities
Synchronous AJAX Call In UI Policies – scriptFalse
Synchronous AJAX Call In UI Policies – scriptTrue
UI Policies Using GlideRecord – scriptFalse
UI Policies Using GlideRecord – scriptTrue
UI Policies With Hard-Coded sys_ids – scriptFalse
UI Policies With Hard-Coded sys_ids – scriptTrue
Document Object Model (DOM) Manipulation In UI Policies – scriptFalse
Document Object Model (DOM) Manipulation In UI Policies – scriptTrue
Catalog UI Policies Using GlideRecord – scriptFalse
Catalog UI Policies Using GlideRecord – scriptTrue
Catalog Policies With Hard-Coded sys_ids – scriptTrue
Catalog UI Policies With Hard-Coded sys_ids – scriptFalse
Document Object Model (DOM) Manipulation In Catalog UI Policies – scriptTrue
Document Object Model (DOM) Manipulation In Catalog UI Policies – scriptFalse
Synchronous AJAX Call In Catalog UI Policies – scriptTrue
Synchronous AJAX Call In Catalog UI Policies – scriptFalse
The System Property “Go To Search” Is Set To “Contains”
The System Property “Update on Iterate” Is Enabled
Debug System Properties Enabled
The “Log/trace level of TaskSLAController” System Property Not Set To “notice”
Debugging Properties Enabled In Production Environments
The System Property “Auto Complete Wait Time” Exceeds 750 ms
The System Property “Items per page” Includes Options Over 100
The SOAP Timeout Value Is Over 5 Minutes
The “Security Manager” System Property Is Set To “Allow Access”
SOAP Request Strict Security Should Be Enabled
SSLv2/SSLv3 Should Be Disabled
Escape Jelly Should Be Enabled
Escape HTML Should Be Enabled
Enable AJAXEvaluate Should Be Disabled
AJAXGlideRecord ACL Checking Should Be Enabled
“Check UI Action Conditions check before Execution” Should Be Enabled
Escape XML Should Be Enabled
Client Generated Scripts Sandbox Should Be Enabled
HTML Sanitizer Property Should Be Enabled
Java Package Collection Mode And Collection Mode Override Properties Should Be Disabled
Cookies – HTTP Only Should Be Enabled
CSV Request Authorization Should Be Enabled
Basic Auth SOAP Requests Setting Should Be Enabled
Old UI Enabled Or Being Used
Script Request Authorization Should Be Enabled
“Allow Javascript tags in Embedded HTML” Property Should Be Disabled
Anti-CSRF Token Setting Should Be Enabled
SLA Logging Level Should Be Set To “notice”
The System Property “Auto Complete Search” Is Set To “Contains”
Modules Pointing To Big Tables Without Filter
Avoid Updating The Source Table On Transform Maps
Avoid Updating The Source Table On Transform Scripts
Unlogged API Call Error Condition
Fields Used To Coalesce Records In A Table Transform Map Should Be Indexed
Update Sets Should Contain A Description
The demo_data_running_trigger Business Rule Should Be Disabled
The glide.businessrule.callstack System Property Is Set To True
The sn_hr_core.impersonateCheck System Property Is False
The glide.db.clone.allow_clone_target System Property Is Set To True
Dot Walking To sys_id
Dot Walking To sys_id – Portal Widget clientScript
Dot Walking To sys_id – UI Policy scriptTrue
Dot Walking To sys_id – UI Policy scriptFalse
Dot Walking To sys_id – Catalog UI Policy scriptTrue
Dot Walking To sys_id – Catalog UI Policy scriptFalse
Usage Of g_form.setValue On A Reference Field Without displayValue
Usage Of g_form.setValue On A Reference Field Without displayValue – Portal Widget clientScript
Usage Of g_form.setValue On A Reference Field Without displayValue – UI Policy scriptTrue
Usage Of g_form.setValue On A Reference Field Without displayValue – UI Policy scriptFalse
Usage Of g_form.setValue On A Reference Field Without displayValue – Catalog UI Policy scriptTrue
Usage Of g_form.setValue On A Reference Field wWithout displayValue – Catalog UI Policy scriptFalse
The “glide.login.autocomplete” System Property Is Set To True
Scripts Directly Call To Java Packages
Avoid Creating Unnecessary Tables In Scoped Applications Which Can Impact Your Licensing Cost
Usage Of getMessage Function Without A Second Parameter
Usage Of getMessage Function Without A Second Parameter – Portal Widget clientScript
Usage Of getMessage Function Without A Second Parameter – UI Policy scriptTrue
Usage Of getMessage Function Without A Second Parameter – UI Policy scriptFalse
Usage Of getMessage Function Without A Second Parameter – Catalog UI Policy scriptTrue
Usage Of getMessage Function Without A Second Parameter – Catalog UI Policy scriptFalse
Roles Without Any User
Scheduled Jobs Without A Dedicated Integration User
Reports Should Not Be Made Public
Usage Of current.update() In Script Workflow Activities
Scheduled Imports Should Not Run At The Same Time
Avoid Script Includes With Duplicate Names
Usage Of gs.sleep() On Workflow Activities
Scheduled Jobs Run By Deleted Users
Usage Of gs.cacheFlush() On Scripts
Auditing For Update Sets Should Be Enabled
Usage Of Window Objects Instead Of AngularJS Services
Forms With Duplicate Fields
Portal Widgets Should Not Be Made Public
The Change Request Table Should Not Be Extended
Portal Pages Should Not Be Made Public
Too Many Delete Actions On An Update Set
The assessment_take2 UI Page Should Be Public
Transform Maps With Boolean Fields In Their Import Set Table
Update Sets Should Not Include Images Without Review
Update Sets Should Not Include Knowledge Base Articles Without Review
Avoid Creating cross-table Business Rule Recursive Loops
Dictionary Entries Present For A Table That Does Not Exist
Groups Should Not Have An Inactive Manager
Flows Should Not Be Client Callable
Actions Should Not Be Client Callable
HHRR System Properties Outside The “Human Resource Scoped” Category
Groups Should Not Have Inactive Members
Flows Should Not Run Using The Admin Role
Integration Accounts Should Not Use The Admin Role
Workflows Should Not Use Stages That Are Not Defined In A Stage Set
Stage Sets With Duplicates Entries
Child Group Does Not Contain All Parent Roles
The “glide.email.read.active” System Property Is Set To “false”
The “glide.email.smtp.active” System Property Is Set To “false”
The “glide.uxf.js_server.consolidate” System Property Is Set To “false”
The “glide.image_provider.security_enabled” System Property Is Set To “false”
Usage Of getMessage() Without Preloading Message Key
The Out Of The Box Admin Account Should Not Be Inactive Or Locked Out
Empty Role Assigned To A User
Empty Roles Assigned To A Group
Roles Assigned To An Invalid User
The glide.xmlutil.max_entity_expansion System Property Value Is Not Set To 3000
Maximum Number Of Actions Per Flow And Subflow
Potential Recursive Business Rules – current.update()
ACLs Should Not Be Entirely Empty Or Contain The “Public” Role
Scheduled Jobs Should Specified A Value For “Run as” Field
Scheduled Jobs Should Not Be Run By inactive/locked Out Users
GlideRecord And GlideRecordSecure Should Not Be Used In Client Side Scripts
GlideRecord And GlideRecordSecure Should Not Be Used In Service Portal Widget-Client Script
GlideRecord And GlideRecordSecure Should Not Be Used In Catalog UI Policies. Script False
GlideRecord And GlideRecordSecure Should Not Be Used In Catalog UI Policies. Script True
GlideRecord And GlideRecordSecure Should Not Be Used In UI Policies. Script False
GlideRecord And GlideRecordSecure Should Not Be Used In UI Policies. Script True
Use of GlideRecord and getRowCount
Inline Scripts should not contain many lines of code
System Properties should not be modified.
Avoid adding new dictionary entries without documenting their purpose and rationale.
GlideRecordSecure should not be used in Inline Scripts.
GlideRecord should not be used in Inline Scripts.
Avoid long UI action labels.
Group found with no users
Client Scripts should check for isLoading and return
Remove Unused Services From Client Script

© 2025 - community-development

Report

There was a problem reporting this post.

Harassment Harassment or bullying behavior

Inappropriate Contains mature or sensitive content

Misinformation Contains misleading or false information

Offensive Contains abusive or derogatory content

Suspicious Contains spam, fake content or potential malware

Other

Report note

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

See blocked member's posts
Mention this member in posts
Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .