Merge branch 'master' into Check_Inactive_user_task

Author: SapphicFire

README.md

@@ -12,16 +12,25 @@ Open-Sourced community contributed and owned repository for Instance Scan Defini
 
 ## Category: Manageability
 
+### Inactive user check: Approvals
+Check any approvals waiting in inactive users queue
+
+### Inactive user check: Catalog task Assigned To
+Check any Catalog Tasks Assigned to Inactive user
+
 ### Check any assets assigned to inactive user
 Check if any asset is assigned to inactive users.
 
 ### Check if any incidents are assigned to inactive users.
 Check if any incidents are assigned to inactive user.
 
-### Inactive User Check : Catalog Item
+### Inactive User Check: Catalog Item
 We should ensure that inactive users are removed from being assigned as Catalog item owners.
 
-###Avoid gs.log()Statement
+### Check problem ticket assigned to inactive user
+Make sure that a problem ticket is not assigned to an inactive user.
+
+### Avoid gs.log() Statement
 Use Logging Levels: Instead of gs.log(), consider using more appropriate logging levels, such as:
 gs.info() for informative messages.
 gs.warn() for warnings that don’t break functionality but may need attention.
@@ -173,6 +182,11 @@ Tickets from tables such as Incident, Change Request, Problem, and other task-re
 ### Check Inactive Business Rules over 90 days
 Inactive Business Rules which are not updated for more than 90 days and not created by glide.maint and not updated by admin should be identified to remove unnecessary overhead.
 
+### Update set In Progress/Completed previously Ignored
+Usually, developers mark an updatesets as Ignore if the work done is not required to be promoted or incorrect or irrelavent or due to any other reasons. 
+However, at times, some of the developers may use the ignored set for any active work instead of creating new one by updating the state from Ignore to In-Progress. It is not a good practice to do the same. It may case the deployment issues and also makes the troubleshooting process cumbersome.
+It may also impact the deployment and cause issues in case if the state is changed to In-Progress/Completed for the potential ignored sets.
+
 ## Category: Upgradability
 
 ### Call GlideRecord using new
@@ -277,7 +291,8 @@ Select the check box to ignore flushing some server-side caches, thus flushing o
 Avoid using gs.sleep() in any script because it does not release session and will cause delays, and add logs to the script whenever gs.sleep() has to be used.
 
 ## Category: Security
-##Check Mandatory fields on incident
+
+### Check Mandatory fields on incident
 This check is used to find mandatory fields on incident
 
 ### Avoid using setBasicAuth for REST messages
@@ -346,7 +361,7 @@ Scripts in ACLs ARE executed regardless of whether or not the Advanced checked b
 ### Added a Number Prefix which already exists
 Creating new number records does not require uniqueness. Though having duplicate number records causes some ServiceNow core functionality not to behave as expected. For example, the search might return a record from another table the number prefix is also used on.
 
-## List Inactive users from active group 
+### List Inactive users from active group 
 List inactive users that still belongs to activate groups
 
 ### HTTP connection records not excluded on clones from Prod

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_01c1c08ec3a19610afa6fc84e401310d.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>true</advanced>
+        <category>manageability</category>
+        <conditions table="sys_update_set">state=in progress^ORstate=complete^EQ<item display_value="In progress" endquery="false" field="state" goto="false" newquery="false" operator="=" or="false" value="in progress"/>
+            <item display_value="Complete" endquery="false" field="state" goto="false" newquery="false" operator="=" or="true" value="complete"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Usually, developers mark an updatesets as Ignore if the work done is not required to be promoted or incorrect or irrelavent or due to any other reasons. 
+However, at times, some of the developers may use the ignored set for any active work instead of creating new one by updating the state from Ignore to In-Progress. It is not a good practice to do the same. It may case the deployment issues and also makes the troubleshooting process cumbersome.
+It may also impact the deployment and cause issues in case if the state is changed to In-Progress/Completed for the potential ignored sets.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Update set In Progress/Completed previously Ignored</name>
+        <priority>3</priority>
+        <resolution_details>It is always good and recommended to create a new updateset instead of using already Ignored updatesets by changing the state from Ignore to In-Progress/Completed.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (finding, current) {
+
+	var usSysId = current.getUniqueValue();
+	var audit = new GlideRecord('sys_audit');
+	audit.addEncodedQuery('fieldname=state^tablename=sys_update_set^oldvalue=ignore^newvalue=in progress^ORnewvalue=complete');
+	audit.addQuery('documentkey', usSysId);
+	audit.setLimit(1);
+	audit.query();
+	
+	if(audit.hasNext()){
+		finding.increment();
+	}
+
+})(finding, current);]]></script>
+        <short_description>Already Ignored  Update Set shouldn't be set back to In Pogress/Completed.</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-30 19:28:34</sys_created_on>
+        <sys_id>01c1c08ec3a19610afa6fc84e401310d</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Update set In Progress/Completed previously Ignored</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_01c1c08ec3a19610afa6fc84e401310d</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-30 19:28:34</sys_updated_on>
+        <table>sys_update_set</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_589b8c9283251210a765fecfeeaad37a.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>manageability</category>
+        <conditions table="sc_task">assigned_to.active=false^EQ<item endquery="false" field="assigned_to.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Check any Catalog Tasks Assigned to Inactive user</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Inactive user : Cat task Assignment</name>
+        <priority>2</priority>
+        <resolution_details/>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Check any Catalog Tasks Assigned to Inactive user</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-31 14:50:50</sys_created_on>
+        <sys_id>589b8c9283251210a765fecfeeaad37a</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Inactive user : Cat task Assignment</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_589b8c9283251210a765fecfeeaad37a</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-31 14:50:50</sys_updated_on>
+        <table>sc_task</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=589b8c9283251210a765fecfeeaad37a"/>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_7741e65ac3291210766bb3edd40131e6.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>manageability</category>
+        <conditions table="problem">assigned_to.active=false^EQ<item endquery="false" field="assigned_to.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Make sure that a problem ticket is not assigned to an inactive user</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Check problem assigned to inactive user</name>
+        <priority>2</priority>
+        <resolution_details/>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Check problem assigned to inactive user</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-11-01 01:46:12</sys_created_on>
+        <sys_id>7741e65ac3291210766bb3edd40131e6</sys_id>
+        <sys_mod_count>1</sys_mod_count>
+        <sys_name>Check problem assigned to inactive user</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_7741e65ac3291210766bb3edd40131e6</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-11-01 01:48:09</sys_updated_on>
+        <table>problem</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=7741e65ac3291210766bb3edd40131e6"/>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_8de1905683e512103d6c98c6feaad3b9.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>manageability</category>
+        <conditions table="sysapproval_approver">approver.active=false^EQ<item endquery="false" field="approver.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Check any approvals waitin on inactive users queue</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Inactive user check :  Approval</name>
+        <priority>1</priority>
+        <resolution_details/>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Check any approvals waitin on inactive users queue</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-31 15:26:29</sys_created_on>
+        <sys_id>8de1905683e512103d6c98c6feaad3b9</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Inactive user check :  Approval</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_8de1905683e512103d6c98c6feaad3b9</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-31 15:26:29</sys_updated_on>
+        <table>sysapproval_approver</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=8de1905683e512103d6c98c6feaad3b9"/>
+</record_update>