Sample Assessment
InstanceGuard

ServiceNow Configuration Risk Assessment

Generated 7/11/2026 · read-only assessment

1,366 findings require executive attention · 11,323 total scanned

21
/ 100 · overall health
Critical Risk

Your ServiceNow instance contains 1,366 executive-priority issues, out of 11,323 total findings scanned. Most can be resolved by addressing 14 underlying configuration patterns — not 1,366 individual defects. Overall configuration health is 21 / 100 — critical risk. The area needing the most attention is Security (644 findings, worst severity critical). The highest-priority risks are concentrated in Security, each explained in plain language below with a recommended action. This is a read-only assessment — nothing was changed on your instance; every item links to its evidence for your team to confirm.

1,366 executive-priority issues→ resolvable via14 configuration patterns

If no action is taken, future upgrades, audits, and security reviews are likely to become increasingly expensive and time-consuming.

Health by area

Security5
Critical access-control and data-exposure issues require immediate review.
644 findings · worst critical
Upgradeability45
Some customizations may add friction to future upgrades.
262 findings · worst medium
Performance30
Performance patterns may degrade user experience under load.
311 findings · worst high
Maintainability30
Significant technical debt raises long-term maintenance cost and risk.
149 findings · worst high
Governance100
No findings in this area.
no findings
Ai Risk100
No findings in this area.
no findings

Priority action plan

Immediate (Week 1)
  • Add a required role or restricting condition/script to this ACL — 293 findings (critical)
  • Move the query server-side into a client-callable Script Include and call it asynchronously via… — 215 findings (high)
  • Confirm this open write access to a sensitive table is intended — 173 findings (high)
  • Avoid current.update() in business rules — 96 findings (high)
  • Replace getXMLWait with the asynchronous getXMLAnswer/getXML callback pattern. — 69 findings (high)
This month
  • Look records up by a stable key (name, number, property) or store the reference in a system… — 262 findings (medium)
  • Remove setWorkflow(false) unless deliberately bypassing automation, and document the reason inline… — 53 findings (medium)
  • Filter on an indexed field first, avoid leading-wildcard CONTAINS, and add a database index where… — 27 findings (medium)
Later
Nothing in this bucket.

Estimated remediation effort

Immediate · 1–2 weeks
11
fix patterns · 1,024 findings
Planned · 1–3 months
3
fix patterns · 342 findings
Long-term · ongoing governance
0
fix patterns · 0 findings

Effort tracks fix patterns, not raw finding counts — many findings share a single remediation.

Top risks

criticalCustomer-created open ACL on a write/create/delete operation· cmdb_ip_service_ci

Business impact Any authenticated user could create new IP service CI records in the CMDB, potentially introducing false or malicious configuration items that could affect discovery, reporting, and downstream automation decisions.

Recommended action Review the cmdb_ip_service_ci ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict create operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· mid_k8s_deployment_hpav2_behavior_policies

Business impact Any authenticated user could modify Kubernetes deployment behavior policies, potentially disrupting mid-server operations, discovery processes, or integration workflows that depend on these policies.

Recommended action Review the mid_k8s_deployment_hpav2_behavior_policies ACL and add a required role (e.g., mid_server_admin, k8s_admin) to restrict write operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· ecc_queue_stats_by_ecc_agent

Business impact Any authenticated user could delete ECC queue statistics, potentially destroying audit trails, operational metrics, or historical data needed for troubleshooting mid-server and integration issues.

Recommended action Review the ecc_queue_stats_by_ecc_agent ACL and add a required role (e.g., mid_server_admin, ecc_admin) to restrict delete operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· mid_profile_application_m2m

Business impact Any authenticated user could create new mid-server profile application mappings, potentially introducing unauthorized integrations or disrupting existing mid-server configurations.

Recommended action Review the mid_profile_application_m2m ACL and add a required role (e.g., mid_server_admin, integration_admin) to restrict create operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· cmdb_cloud_mgmt_credentials

Business impact Any authenticated user could delete cloud management credentials, potentially disrupting cloud integrations, discovery processes, or automation workflows that depend on these credentials for authentication.

Recommended action Review the cmdb_cloud_mgmt_credentials ACL and add a required role (e.g., cloud_admin, credentials_admin) to restrict delete operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· cmdb_discovery

Business impact Any authenticated user could delete discovery configuration or status records, potentially disrupting discovery processes, losing historical discovery data, or preventing proper tracking of discovered assets.

Recommended action Review the cmdb_discovery ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict delete operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· discovery_status

Business impact Any authenticated user could delete discovery status records, potentially destroying audit trails, operational metrics, or historical data needed for troubleshooting discovery processes and asset tracking.

Recommended action Review the discovery_status ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict delete operations to authorized personnel only.

View technical details →
criticalCustomer-created open ACL on a write/create/delete operation· cmdb_resource_location

Business impact Any authenticated user could delete resource location records, potentially disrupting asset location tracking, discovery processes, or location-dependent automation workflows.

Recommended action Review the cmdb_resource_location ACL and add a required role (e.g., cmdb_admin, asset_admin) to restrict delete operations to authorized personnel only.

View technical details →

Coverage

1,366 executive5,598 technical4,359 hidden11,323 total · 1,362 AI-explained
293critical
5,681high
746medium
0low
4,603info

InstanceGuard performs a read-only assessment. Findings are signals for human review, not confirmed vulnerabilities; each links to its evidence and a suggested remediation.