CodeSanity 1.1.0

Welcome to CodeSanity - created and maintained by Sascha Wildgrube.


Contains a number of instance scan checks to validate source code.


CodeSanity is NOT an officially supported ServiceNow product.

CodeSanity does NOT come with any kind of warranty. If you use it, you own it!

System Requirements


  1. Create an account on GitHub - if not done already)
  2. Create a personal access token for your GitHub account.
  3. Paris or later: Add credentials to access GitHub - use "Basic Auth".
  4. Fork the repository
  5. Go to Studio and import the DevTools application from source control.
  6. Fork the repository
  7. Go to Studio and import the CodeSanity application from source control.

Extending the CodeSanity scan suite

  1. Change the scope to the app which should contain your new check - this should NOT be the CodeSanity app.
  2. Select "Add new check" in the menu.
  3. Create and save the new check - it will automatically be added to the CodeSanity scan suite.

Instance Scan Checks contained in the CodeSanity app

Helpful links on Instance Scan


Copyright 2022 by Sascha Wildgrube

Licensed under the Apache License, Version 2.0 (the "License")

You may not use CodeSanity except in compliance with the License.

You may obtain a copy of the License at:

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Release Notes

1.1.0 - 2022-04-19

  1. DevTools 1.37.0 is now required.
  2. Priority of all checks is now set to "Critical".
  3. Refactored CodeSanity's own code not to trigger any findings other than in the honey pot script include "AntiPatterns".
  4. Added a check against the use of application names in source code.
  5. Added a check if the field "short_description" is used in a condition statement.
  6. Added a check against using the Date class constructor without parameters.
  7. Added a check against the bracket-dot anti-pattern.
  8. Added a check against the string concatenation anti-pattern.
  9. Several exceptions have been added for the check against Sys IDs in scripts as some specific functions will need to contain Sys IDs no matter what.
  10. Corrected a defect in the check against Sys IDs in source code.

1.0.0 - 2022-03-15

First baselined version