ServiceNow Quick Start
SquireX v4.0.0 introduces native scanning for ServiceNow Now Assist AI Agents โ the same security analysis engine that protects Salesforce Agentforce, now extended to ServiceNow's sn_aia_* metadata.
What SquireX Scansโ
| Artifact | Parser | Description |
|---|---|---|
| Update Sets | UpdateSetXmlParser | Extracts sys_update_xml payloads from exported Update Sets |
| AI Agents | SnAiaAgentParser | Analyzes sn_aia_agent records โ instructions, execution mode, role masking |
| AI Tools | SnAiaToolParser | Classifies tool types, cross-scope references, script content |
| GlideScript | GlideScriptParser | Pattern-based JS analysis for GlideRecord, RESTMessageV2, domain queries |
Installationโ
npm install -g squirex
Scanning ServiceNow Codeโ
Option 1: Scan an exported Update Setโ
squirex scan -d ./update-sets/ --format sarif
Option 2: Scan extracted GlideScript filesโ
squirex scan -d ./src/script-includes/ --format sarif
Option 3: Scan via MCP Server (AI-assisted)โ
npx -y @squirex.dev/mcp-server
Then ask your AI coding agent: "Scan my ServiceNow scripts for security issues"
ServiceNow-Specific Rulesโ
SNOW-28: ACL Script Correctnessโ
| Sub-Rule | Severity | Description |
|---|---|---|
| SNOW-28.1 | Critical | GlideRecord in ACL script โ recursive ACL bypass |
| SNOW-28.2 | High | GlideRecord in agent tool โ bypasses user ACLs |
| SNOW-28.3 | High | setWorkflow(false) โ hidden side effects |
Why it matters: GlideRecord bypasses ALL ACL checks. When an AI agent's tool uses GlideRecord instead of GlideRecordSecure, the agent gets unrestricted database access regardless of Role Masking configuration.
// โ VIOLATION: GlideRecord in agent-accessible script
var gr = new GlideRecord('sys_user');
gr.addQuery('user_name', 'admin');
gr.query(); // Bypasses ACLs โ agent sees everything
// โ
SECURE: GlideRecordSecure enforces current user's ACLs
var gr = new GlideRecordSecure('sys_user');
gr.addQuery('user_name', 'admin');
gr.query(); // Respects ACLs โ agent sees only what its role allows
SNOW-29: Domain Separation Driftโ
| Sub-Rule | Severity | Description |
|---|---|---|
| SNOW-29.1 | High | Missing sys_domain constraint in domain-separated instance |
Why it matters: In multi-tenant ServiceNow instances, queries without sys_domain constraints can cross tenant boundaries โ even when using GlideRecordSecure.
// โ VIOLATION: No domain constraint
var gr = new GlideRecordSecure('incident');
gr.addQuery('priority', 1);
gr.query(); // May return incidents from other domains
// โ
SECURE: Domain-scoped query
var gr = new GlideRecordSecure('incident');
gr.addQuery('priority', 1);
gr.addQuery('sys_domain', gs.getSession().getCurrentDomainID());
gr.query(); // Only returns incidents in current domain
SNOW-30: Application Scope Hygieneโ
| Sub-Rule | Severity | Description |
|---|---|---|
| SNOW-30.1 | High | Missing sys_scope declaration โ operates in global scope |
| SNOW-30.2 | High | Cross-scope reference without caller_access |
| SNOW-30.3 | Medium | Agent instructions contain scope escalation language |
SNOW-31: MID Server / Discovery Trustโ
| Sub-Rule | Severity | Description |
|---|---|---|
| SNOW-31.1 | Critical | RESTMessageV2 without OAuth/mTLS in agent context |
| SNOW-31.2 | Critical | setBasicAuth() detected โ credentials exposed |
| SNOW-31.3 | Critical | Hardcoded credentials in MID Server script |
| SNOW-31.4 | High | MID Server command execution pattern detected |
Why it matters: MID Servers bridge ServiceNow's cloud instance to on-premise networks. An AI agent that can control MID Server integrations with weak authentication can execute lateral movement into the customer's internal network.
SARIF Outputโ
All ServiceNow findings are output in SARIF 2.1.0 format, compatible with:
- GitHub Advanced Security (Code Scanning)
- Azure DevOps
- Any SARIF-compliant SIEM
squirex scan -d ./servicenow-code/ --format sarif -o results.sarif