okay i think we're live i'm looking at the stream i can't see it's working actually is anyone online oh there we go what's going on with the audio no the video want one okay right hopefully you can hear me raffy there hit me in the chat mate i don't know if you're still there it seems like the video is off on the scale which i've never had this problem before i'm just trying to check it i know okay it's just the preview my preview is looking wrong okay all right sorry about this if anyone's still tuned in looks like everyone's dropped so four four potential viewers and now everyone's gone so now we're back we've got one person back so just hit me in the chat let me know if the scale looks okay i know it's just the background at the moment just trying to do some stuff in uh obs let's see i'll cut right boom all right we're on how's that looking welcome to phil ghost deep apologies for the technical issues this evening my preview in youtube studio is literally just the top of this completely retro uh cat i think i might have to change it it's pretty awful cost me one euro hold on it's any better looks cold in england um okay right we've got a couple of viewers now video is off video's off no it's back on isn't it hold on can you hear me though i only see phil goes deep apparently better there we go um okay sorry about this uh people right i'm completely behind the curve now um i have real technical issues the preview in studio is telling me that it's just the top corner so i was panicking a little bit and that's put me right off right off my flow um so tonight we're going to look at instant scans and i've got give a big shout out to mark ruth sorry mark i'm not sure how to pronounce your surname but i've linked it in the description of this video there's a nice blog from mark on linkedin and on the community and the instant scan feature that's now available in the release notes of quebec apparently has been available and it's been hiding and i never looked into that so i didn't know about it i've been waiting for it and i didn't know it was even there so i missed your blog mark but it looks like you've done some really good digging in i've taken a quick look at um instant scan and i want to try and drill into it i think we're going to have to kind of reverse engineer anything so i'm going to try and pull up your community post as well so this is linked in the description just going to switch over screen i need to just update some text as well hold on is yeah this one let me just update the properties here this is quebec so if i try this okay so mark roth off please let me know if i'm saying that right apologies mark yeah this was written a day ago but it's been available since orlando and paris apparently so i have got a quebec instance here and on the left-hand menu instant scan you can see just favorite this you can see i've been if i look at some results i have been running a few of these so i've had a look into it but the api is completely locked down so there's a couple of ways to run um an instant scan you can well schedule schedule the full scan and it looks like this just creates a scheduled job i guess you can get it to run whenever you like basically run on demand get it to run weekly etc and this will trigger a full scan if i go to the checks and click execute full scan uh that's basically going to do the same thing but just as a one-off and it's going to go through all of the active checks that we've got set up there is a dashboard here and i think one of the points that mark was making on the linkedin linkedin post i made is where was that let me just see if i can find it i'm just trying to figure out so i'm very disorganized this evening just take a quick look yeah they're addressed findings and still looking how to get this one on the results dashboard moving so if i look at the results dashboard i'm not even seeing that that widget there mark so um yeah i think that's one of the things i've found just taking a quick look at it if i go to results and this was a full scan okay so you can see findings findings are bad stuff right but if you run a scan for instance here there's one check and it's got three findings here i've done nine checks and you can see the target so i just ran this on an update set and that's something i want to look into tonight actually i've run nine checks and no findings so there's no way here from what i can see to tell me that this was a really good result you know okay is this addressed findings no good findings so there's a few things to navigate around now that's the findings for the result it's the latest scan you can click here for the target product break it down so if i let me do it this way if i go to results try and open up the show in the other window so i'll go to my full scanner i've actually got some findings in here and go to results dashboard this way now we can see by product breakdown okay that's quite nice um sorry there's an email address in there that we shouldn't be seeing um i don't see that critical uh point so sorry let's see critical here still haven't still looking how to get this one on the results dashboard moving addressed findings i'm not sure where we've seen that one category filter here so a lot of this what i've found is is locked down so you've got checks this is where they can be defined and you can create your own new ones okay it's got an interceptor here so you can create a new table check column type check and in the docs there is a little bit of information in here but not a lot sorry i've got my search engine set up correctly so under instant scan you can get started with checks so you've got different types of checks you can create a check create a table type check it doesn't really give you a lot of detail about this check type is applied on only one table at a time you can also include your own script for more complex capabilities but this scripting is the bit that's still a bit of a mystery and i think it's where we might have to kind of reverse engineer a few things so you can create a check from here you can look at all the checks that are already there but if we group it by class and this is another thing mark was saying there's basically no example of a linter check right now so we don't even know what one of them looks like so if i was to create a new linter check it's just an engine here i've tried being a bit sneaky and trying to find some stuff out so if i look at checks and configure the ui actions um let's just filter out application file i haven't seen that mute check i haven't seen that new check that might relate to something else that was being discussed on a different forum execute full scan or test check okay so this is going to test check is going to run at the individual check level execute full scan is going to run everything there's also the concept of suites okay so if we look at the instance security center definitions you can see that these checks are set through a list many to many relationship in here i think if we open this up machine this is a running to many table suite tests yeah it's a very similar concept to automated testing um we can create a suite in here that's security we could create our own suite in here and just go deep i've got a transition i wanted to test out today but i forgot how to add it in but in here i can select a couple of things in here so we've got stuff that's very specific about security incident response differs from baseline let's just grab these baseline checks so i can then click execute suite scan and if i look at this ui action you'll see basically everything's calling this is through a scan ajax processor this scan ajax processor is making calls so that one was for executive scan usage okay interesting a lot of these have got kind of execute test scan xp point scan execute suite scan gc f collector i don't even know what that is gcf sample map but effectively each of these are passing off to this scan instance api okay and this is locked down so if i go and try and find this api it's not there it's hidden if i do a little trick that i love using explore we can it's got its own namespace and you can see that namespace is actually hidden as well so sn instant scan if we run that the prototype is basically completely restricted so there's no way in there's no way to kind of see what's actually happening here it's a scan instance we've got no access to that the only options we've got is to follow the docs let's see how it's working and to also look at some existing checks yes james james has just tuned in uh thanks for the shout on the chat mate let's keep it busy this is about instant scan in quebec but apparently uh it's not it's actually been available and is available in orlando and paris so if you're on orlando and paris and you want to have a little look at instant scan i think the so instant scan can't type instant scan here if i go to this menu option apparently this is here let's copy that url and it's just turned off okay so just check that out in your instance in orlando and paris and see if you can use instant scan i didn't look i didn't i thought it was coming i heard that it was coming in paris so i thought it was coming in paris and then it was not in the release notes so i i didn't even look so when it came out in the release notes of quebec i thought excellent this really ties in with a lot of the stuff that i'm looking at anyway from kind of best practices and even thinking from a kind of product product perspective um you know if you're if you've got a grc implementation maybe there's certain things maybe you want to make sure that there's no controls without an entity or something like that you know can can we load up our own kind of library of definitions and and define those best practices so very excited as you know there's a lot of uh kind of partners out there that have developed their own scans over the over the past somewhere are available on the store others aren't um but yeah this ability to kind of check your instance and if you're doing a kind of service now led project then they will run a sprint scan or a health scan as part of the project right to wrap up the project and that used to be something that you had to get requested i don't know if anyone remembers um the old school ace reports as well what did the ace stand for um uh what was ace configuration automated configuration evaluator or something i'm not sure what they stood for you just better get an ace report run on your instance if you're a customer by special request this is something that can be built into your development flow and make sure that all the things that are happening are aligned with best practice and also start to feed that backlog to remediate um thanks james yeah thank you a lot yeah shout out to all the mvps actually so everybody that's the developer mvps and the community mvps everyone puts in a lot of hours in their own time mostly uh to kind of build the community and i think for me being part of the servicenow community is kind of an opportunity to kind of give back when i was starting uh in the customer side of things i would very heavily lean on the community every question i had you know i tried to search first that's always a good practice go on to the community and check it someone else already asked this question um and then if they haven't if you haven't got an answer or you're really struggling you know post that on the community and back in the day probably chuck would answer it um and you'd keep moving forward right you'd learn and and so i think trying to share that back into the community something that's been quite important to me but there's a lot of people who uh who do a lot of things specifically the community mvps um and obviously the developer mvps as well which is a little bit different i'm not sure exactly what the uh what the difference is but yeah it's an absolute privilege and honor to stand amongst the the other people on the list so it's only valid for a year if i want to be an mvp next year then i've gotta keep keep the game up and yeah let's see what happens uh but i appreciate that james and i appreciate all the activity on linkedin everyone getting the shout outs and probably inspired me to try and up my game and do another stream tonight so appreciate you tuning in mate i hope everything's good and uh things are going well in your kind of cyber security role so where was i took me off uh took me off track uh instant scans yeah so the api is completely locked down i tried to access it this way can't get into the prototype here it's a black box the checks that are available we've got some information but even creating a linter check is very much um a guessing game i think there i'm trying to trying to think about how we can access some of this information but one of the things i notice so execute scans here there are ui actions that pop up in the client side pass off to ajax to call that base scan instance api i'm just going to close some of these browsers windows down i don't think you can see my tabs so one thing i noticed from an update set perspective and let me let me do something in here if i just create in here a example instant scan so here's a global one and if i create a child one i don't think it needs to be in a different instance let's just do that submit current and go into this one so i've got a batch now of update sets right you can see in here so this is the kind of structure that i would look for on a project or kind of uh piece of development i'm doing so this might be the kind of the sprint level this might be a story and something within the story or maybe these would be kind of siblings to each other in fact they are both children of the same yeah perfect okay so these might be story levels um one thing i noticed which one am i in scan three so if i just go to a business rule i don't really care what it is got to be in global because i'm in global right now so let me just deactivate this one everyone knows this trick for getting things into an update set just don't forget to turn them backward oh is that protected yeah turn it off turn it back on that will capture in the update set that's for scan three i'm going to scan to go back to business rules get a different business rule that's in global as i said really don't care what it is my point here is when you're scanning an update set it doesn't seem to handle batching and that's at least one of the things i was hoping to try and address today just see if there's an ability to to scan multiple update sets from a given batch so i've got now two i've got two update sets and in each of those update sets i've got a different business rule okay so there's a business rule there's a different business rule all in global so from this top level one if i go scan update set if i go to result scan find it's not run any checks okay it's not looked down and i've only got one target this target although there's a new button here i can't actually populate it i don't know whether it's an acl on here so i'll just take a quick look at the security goals scan target let's see create it's going to use a admin override so there's no reason that that can't be populated from a security perspective business rules firing it back nine so there's no reason that can't be created so if i go new maybe i'll select in the wrong file last time now you see i'll insert it and it doesn't save so what i was hoping is when i do this scan update set because it's a batch update set that it will go and get all the update sets that are here batch base equals and they will populate them into the list so i'm curious if we grab this my action in fact i need to go through here and it's called execute update set scan so this is the method i want to get let's just paste that in there quickly go back and get the sis idea of my pixel oops and just in the background i'm going to grab something just bear with me one moment sorry i've got a bit of code somewhere that loops through that settings boy so i think it's this one have i got it on explore already let's just see it's not in this instance sorry guys girls people okay let's try just need to bring in an update set that i've got locally and maybe i can tie this together so yeah i didn't really plan this and probably probably not as well equipped it'd be great to have mark involved and point me in the right direction but he's done all the hard work so um you know i i was only just as i decided to do this scan uh this stream i thought i better check uh has anyone else done one and although they hadn't this um this post did come up and i realized that i am well behind the curve so hopefully i can still hopefully i can still find some useful stuff in here and for anyone else that's looking at instant scan at least being aware that yeah the api is completely locked down there's some things we really don't know yet but maybe i can connect in and get it to handle multiple sys ids one thing i wanted to try if i look at how that update set is getting called is passing in a single sys id what i was wondering and the good thing is this is callable from you know is all in global so at least we have got access to call it can i pass in here a list assist id so let's just try that to start with um tell you what i'll do i'll call it array update set like these equals and then i've got three of them haven't i so if i go into my update set this one down here if i just copies this id copy this id let's string this yeah so i've got string sis ids that's exactly what i want oh i've got some areas on my uh preview what they are says report stuff okay i couldn't find a user that's fine let's accept them in the background so i'm wondering if i just pass in three ids more than one id as a string will this handle it obviously we don't want to do that we don't want to go through each time and say add them but i'm just curious if it will handle multiple okay try to hand try to execute scan against an illegal scope let's just change it let's just see if that message is a bit misleading yeah that's fine what did it write back to me gave me back an idea which i assume is the result class is restricted anything that gives us starts with this this looks pretty standard stuff to be honest nothing of interest in there just a java object so is that cis id under scan my result copy this id and the big reveal yeah okay so it gives me that result so it can't handle multiple ids at least not in string format let's just try it no that is a shame so i wonder then if i open this in a new window let's open that record and explore so i've got a scan target and just run this by the way this script history i don't know if anyone tuned into james's james neal's channel the other day he was walking through explore you give a very good overview of that but you've got your script history in here now i think that's new in 4.8 so my scan target okay i wonder if i take the record id which i think record id i got table how does it know how does it know what there's nothing in that table to tell us the results it's obviously a scripted relationship in here skin results ah parent.combo got targets interesting okay so that means then let's jump so what have we got we've got the scan result here scan result scan target so scan result is the parent in this case scan result scan target we can see in that relationship dot target parent.combo.target scan target must have a combo field on it so scan result let's configure the table on that so we've got something called combo but then it's got targets in there so combo is a reference to the combo table lovely that's the combo table scan combo let's just update this one there so so the combo dot target all right so we've got target we've got targets is a list of scan targets i feel like that's the wrong way around sorry about my data modeling is not the cleanest it doesn't intelligent with the with the lines and stuff so so my relationship is saying look at my scan result therefore can i push into scan con scan combo so let's get that scan result um tell you what you should do is create a script include what's going on not too much in the chat a little bit quiet in there let me know if got any ideas if you're following along if you're learning anything or if you want to kind of go a different direction but what i'm going to try and do if i can push my target i wonder then you know earlier when i was creating a new one did it create the targets you just didn't see them because they weren't listed so scan target dot list yeah it created one there so let's copy the cis id of that so let's put in here um add target to combo function will be what do we need target id combo id or result id target result id okay so we target id result id and this will be get combo function target id so you add target to combo so we've got target we've got results scan results so here we've got scan that's a scan target that's brilliant scan result let's do get combo get target this is where there's an argument for using gr um i like to do you know to avoid that i sometimes do this function to get gr i'll make sure that's internal private so be like table name id or something and then rgr table equals new live record and that will be table name if gr table is valid if it's not um and then if gr table dot get id return to your table okay gr table's not really the right name because it should be gr record something like that but um else so here i can then say return this dot get gr scan target id and it should be scan combo the combo won't result as well don't mean so that should be pretty good for just giving us a set of base methods to be able to get some stuff that we want to handle get combo from target so in here i would say i need to get the target id so r gr target equals this dot get target target id okay if gr target if not your target return false therefore return gr target dot get value combo but here this is where naming conventions for me are very important because i say get combo am i getting the combo id which i am in this case because it would get value and it might be blank but maybe get combo without get combo id actually get combo suggests in itself it's going to be the object so if i say here combo id equals then i can say combo that could be false so that would return false only to handle that the thing that i could potentially do and i'm not sure about sometimes about this so gr target i could do this dot gr target right or so if i've never got it before do it that way and here combo id yeah this would be gl combo i'm sure this can start to stack up and not make sense sometimes but if you want to reduce some calls this could help so under gr target rather than just return it you could say this dot gr target equals and then return this.gr target and if we did the same thing on each of these i'm just not sure how many times you might want to reuse there might not only be one result within this api and stuff so um this might not be the right thing to do it just might be interesting to think about this let's just do it here as well maybe i'll regret it this gr combo equals and then if i return it here i could type gr combo then in each case you know the first time you call it the next time you call it it says well gr combo i've already got it well if i go to get combo it populates it can be reused so yeah it could maybe look a bit messier i think if done in a structured way that can be um helpful for reducing database calls and maybe making your code a little bit more optimized so long as it's you know thought through and well structured um getting into that now let me just say this because i've saved it at all yeah so i'm pretty confident that if i add a target to the combo so this dot gr combo equals desktop gr combo or this dot get combo from target id okay so that's going to load up nicely ah do i get combo from target no i get combo from result right pretty sure when i was looking at that a minute ago yeah come back from results i just made my thing wrong so get combo from result that will be resolved we've got result like the target id is necessary the result might be there so there um if anyone's wondering why i'm not using vs code script sync i just haven't got it set up properly on this account so this is actually gr result and this is get results but i think the rest of it works okay so add target to combo so this combo get combo from results and again talking about naming conventions when i first started working in software development my uh kind of team leader shout out to brian russell um like took me down a path for saying write all your code out in the process and then write it out in pseudocode before you start coding okay and maybe i'm not doing that now but at least your variable names and your function names everything should kind of make sense and be readable and if you're looking at a variable going what is that why did i call it that you've probably named it badly just rename it while you're in there while you're creating it don't do this i'll sort it out later because you won't okay it will never happen life moves too quickly just name try and name it correctly in the first place or at least sensibly at the time so i'm going to add target to combo i need to create a target to be able to do this so new what would we call this so create target and what i'm going to need is a table name and a an id and this will be target scan target gr target equals new light record scan target why oh okay because i didn't pass it in inside of the guide record here just wondering yeah is this called again this feature that came out in orlando love it gr target i wonder does it check can you so i've already got one here for this update set i could check the index on the table can i create a new update set for the same thing with it ever so does it have to be unique kind of hope so maybe not okay okay you can have two so i'm just going to follow the rules of the road right now right gr.initialize your lies let's write that correctly gr target dot set value what did we say they were down somewhere explore well we're down to two viewers so give us a shout if you're still tuned in on the chat so we've got table we've got record id table table name and let's say it's record id let's just return return that so create target should return that would be the sys id of the target record has been created add target to combo so yeah let's look at that feature of explore did i have a blank one open pretty much let's go to scripts if i get this script now i can open this in here okay i've just taken a copy of the code but i can work with it in this in this scope basically you can start overriding it so i think i can so create target would be cis three of them i'll put one of them in there but i'll get an id back if i just paste that in okay so sorry james i was watching um james neal i was watching but obviously didn't pay enough attention so i need to watch that one back not a problem though actually i've just had a thought let me just grab that api there this one got my arrays okay so in here i can say four bar i equals zero and say var array target that is that and i can do ray target id stop push oh yes dots create target accept like these i this is going to be this update xml for each one no it's this update set right that is going to give me an array i want to grab it as soon as it's done so hope maybe i should have tested it once it was a little ambitious oh yes dot create so that's a sys id right an update set let's just initialize on here the debugger i'm just going to close that one as well so i've got you on the initialize it should catch notifications blocked okay what happened and catch it there because it don't initialize please it's still crashed out there i got an arrow in my code so things start crashing out like that no reason let's just take it first glance at the logs cool depth wow i don't think i've done anything wrong here right i've seen the arrows in my code create target i've done i suppose initially initially before i did ah it's not a spell checker right is my debugger back on yeah let's see fire this yes that's better still crashed out tell you what let me copy that i don't think i can spell initialize no i've spotted it right what is it crashing out for initialize yeah uh well that's admin it's not me i i think i'm logged in as you know i'm not acting as admin right now so i don't know where that's come from i wonder that probably was my error scripting clues it probably was me because first of all i didn't instantiate i didn't start that with a new see what let's just take this fractal basics in here look outside of the comments even though i didn't need to pull that here script debugger excellent that's what we'd expect and now i can see all my methods and this is great for explore right so if you you know i was trying to do it myself look at those instance scans but if you want to just look at these functions you can see what they are from here why is that not working create target i'm passing in updates there and an id at least i'd expect the debugger to catch table name but there's something wrong here it's more structured isn't it table table now if that was wrong i'd expect it to get to that point if i'm doing something stupid make sure that's running let's try again debugger runs there stopping on that one great okay we're in was it just that initialize them looks like it for some reason so therefore that should work and i should have access to a set of targets i just want to get those targets to start with yes excellent okay worst thing is we don't really know what was wrong so i've got a set of targets there what i'm going to do with them next we've got targets i've got a combo add target to combo i wonder if targets should that be add targets to combo yeah and what if it's already got a target and we want to just append to the existing list so let's start with overwriting it let's just push in a string target ids here i'm going to make sure i'm explicit i want a string of target ids there okay so i'll get a combo if i haven't got it's just a rgr just so i can use it locally i'm gonna go gr combo dot set value what did we say it was if we look at that relationship targets here combo.targets in my diagram targets here set value targets target ids so targets to combo i'm going to call that avatar it's to result converse i'm passing in result idea i'm not passing combo id so i've got my results under my instant scan results yeah this one for example there's one target in here if i copy this id go to explore so my result id equals that i don't want you anymore because i've already run you just keep creating targets i should be able to pass you in here just check if that's handling it nicely being on different lines yes it is cool so last string target ids equals that dot to string okay if you just tuned in just trying to get instant scan to work on multiple update sets at a time based on batching okay so if i can't use instant scan on batching it's a little bit it's a little bit limited for me um i should have a string of target ids targets are my yes targets are my update sets so that's worked so i s dot add target add targets to result combo let's just copy that in here oh yes dot is that gonna work undefined i don't think i'm returning anything in there just reload this i didn't want ah let's try if i get the combo so if i go to this result let's just configure the form layout that's got every message all sorts on here i've not looked at the tables when i first start trying to learn an application i do take a look around the table there if you're adding reference fields to a table please do me the gratitude no do me the what's the word what's the phrase please add the read only attribute is it we have to add it this way advanced view attributes read only click through here we go read only [Music] yes there we go there's no point very limited value and having a reference field that you can't click on if you're designing applications and really think about that from the beginning okay so this is interesting i can just modify them myself in here so why did my ad not work what did that look like undefined it's not catching the debugger just refresh just reload this as well i think it's changed when i saved it is that what happened i don't seem scripting the breakpoints there we go okay let's try again grab that in a debugger okay so what's happening we've got target ids strings come separate values ah okay get combo from result got result id you've got my result got my combo id targets it's just a record there didn't like that gr combo set value oh it's not not even variable see look at that banging on about naming conventions banging on about why so it's my own fault hopefully this works i'm just going gonna skip the debugger and they're in there perfect okay so if i rescan a long way around if i rescan this now does that give me more results at least tell me what checks you've run yes okay so now it's actually checking across those targets so what i want to do is grab the update set id and loop through it okay so i should have if i go to explore go to script let's open a new one i'm not committed no okay i haven't committed it i previewed it that's fine okay when that comes in all i don't want to do is write code right now to try and loop through different update sets i've already got some stuff that we can reuse i've built something that i'm not sure how much of it i can share right now i've just got some errors and commits i thought i'd solve them so does this just let's just refresh that in still not coming in just copy this over just try and take what we need from it so run update set id get chart update sets i'll copy them into here set set update i think let's just see if i take then uh the parent update set this one copy that's this id and all right batch id and do a get child update set just get charged um yeah that's my recursive one this one get child update sets one two three and i've got the one that i passed in as well so i've got the parent one and i've got the all the children of it very happy that that is what i'm looking for so what happens when we run that rescan and we're on a report here we scan what does that call it execute scan from combo current.combo you see so it knows it's got a combo record trigger scan from combo and it's passing in the combo id okay so getting chasing my town around a little bit here so say run scan which will be function combo id so that'll get us the trigger scan from combo only for a result that's got a combo already so that rescan on a result i'm guessing there's a different copy ui actions i bet there's a different type of rescan oh okay there isn't it's only for current combo so we'll work out the data to model a little bit but at least we know for an update set batch is going to have a combo anyway so when we're in an update set though it's going off let's go to that update so scan update set that update set is getting is creating a result with the combo records for us so i don't think we can interject on that it's like we need to scan it and then go in afterwards and update it and rescan it i'm not sure it's a bit messy right now but let's just see if we can trigger a scan on a batch update set bear with me one moment please just going to let the dog in he's crying a bit okay so just be warned there may be some background noise now my dog once he falls asleep let's just check the chat is anything happening i'm sure he's still tuned in and he's still following along so i've got an update set here but it is a batch update set so if i click scan update set it's only going to scan this top one and there's no updates in here so that's not going to work for me so what i want to do is scan not just scan the update set but i want to create i need to create a result and a combo record attach the update sets into the combo record and then scan that combo record i think that's what needs to happen so let's see if we can very easily write that code out so in here we're going to trigger the scan from the combo that's fine we're going to create scan result i don't know what we need to pass in for that to happen create scan combo you've got down here i'm gonna bury these child updates because they're not they're more like little utilities for us create scan result so when we look at a result we've got combo here relationship there this one as a result i think scan result scan type instant scan i guess i have to if i create it create it as complete and then rescan it i think that's what will have to happen um for instance type was it status or state state even though it's called status it's called state this is created as complete to start with what's the uh there's a trick and it's in goran's book macros or something um i've never used them always forget about them i'm sure this is where they come in useful i haven't got my initial eyes yeah wrath i know status is on especially on a the task record or something like that approval status i think is the field name but it's called status the label status the field name state i can't spell initialize can i here we are auto complete gr combo does i know there is a difference between initialize and new value i can't remember what that is but i think it was travis maybe on this code creative blog that talked about the difference between initialized new record if it wasn't travis and i'm missing someone's credit let me know um so in my combo record this sources we don't need to create to target no we just need to create a combo record and then we'll populate it afterwards i think so i think we need to do anything do we just need to insert just to get one and save this dot pr combo equals set value state this dot tr result equals um the rgr the macro how'd you do it tab tab there we are tab thanks raf but you know what i'll go back and edit them i hate double quotes and obviously we shouldn't be using gr but then you can just modify the name but make sure you do if you're using that so i'm going to create a scan result which is going to be complete is that anything on scan result that i can put any kind of narrative about what i'm doing in here actions error message finding count okay so finding count be useful uh progress id scan type status result number yeah i kind of would like a short description or something on there just to give it a bit of a description on why i'm running it where i'm running it from maybe that source is maybe that's what that's for so i'm going to create a scan result i'm going to create a scan combo and in here so i'm going to say [Music] should be an idea okay if i do that i'm actually i'm not populating a glide record into it so yeah this dog create scan combo set value in here combo combo id create scan result so get a scan result add targets to result combo so that get child update set ids if i say get update hit target so that gives me my target i'm going to add targets to result combo just trying to think of the order of how i'm going to execute so let's do it here if i say what's a run scan from update set update set id need something to hold it all together so puppet set ideas equals got that add targets to result combo oh you see raph you can't always put um you can't always put functions in order especially in the script include what what i like to do script includes put the main kind of calling ones at the top and then go through and make these private and if you look at some of the script includes that are really well organized you know that the top ones are the kind of public methods and they'll return the private method and for me that's just good for organization um right now i'm just trying to piece together because i haven't drawn it out i'm trying to literally just hack this through but um what's that going to return var add targets to result combo that's going to give me my combo id so actually it should be id equals add targets to result combo and target ids result these and then trigger scan from combo this dot trigger scan from combo equals combo id i think that's piecing it all together isn't it the scan result id i'm just gonna save that yeah it doesn't matter i think it's called hoisting or something like that i only learned about the technical name for it um because uh that's now available in explore so down here you've got support hoisting okay yeah so it runs in a try catch block which prevents hoisting so that's why you don't have to do returns and stuff but hoisting is the ability basically it takes all the functions puts them at the top first and you can call them before they've been defined but in explore especially in 4.7 and beyond before that you can't call a function before it's been defined and technically in javascript it does have to be defined before it's called but what i find is it's great to have trying to have that order so like have it organized definitely but the top method should be for me the first one that's you expect to get called the main kind of utility of the of the api and then these things are going to be like the next one down the next one down obviously that's not if i did it this way okay but once you start getting a little bit more interdependent of them you can't do it completely sequential uh it does happen in the script include it doesn't i can call whatever i want from the bottom before it's at the top so that get gr it's not getting cool it's getting called up here but i put it right at the bottom because i don't expect anyone to really use that i'm using that even though these should be private right i wouldn't expect someone to call my api externally but it's a bit late right now to start going through and renaming all of those functions and if i had vs code it would be great so i can just find the dependencies so let's see if this works i'm just going to try it i'm going to create an updates a ui action on the update set okay so configure ui actions and say run i don't know run batch scan just put run scan from update set and that will be current what is that returning it's not returning anything what does trigger scan from combo return we don't know but let's return here and a not sure what that's going to be but i want to see something i'll put a condition in here oops i'll put a condition in here to make sure it's only available for certain types of update sets blah blah blah i just want to know is this going to run so if i look at my and the way i've written that code by the way it gets child but it will also or should also handle batch so depending but you might be in a release batch and have multiple sprint batches within there and you might want to just access that story level and down so it should handle it should handle those kind of eventualities but it's still a bit of a work in progress let's go to my update sir let's tidy up some of these tabs so we know what we're dealing with i expect this will fail let's just look at scan results so we've got seven in here at the moment let's add our classic updates and updated by create and created by so we've got seven at the moment i'm in an update set and i've got my ui actually what i didn't do on my ui action just want to set this i think that's right go to my update set well my action redirect didn't work but i have got a third one there uh a new one there 4758 it's got no targets in there i've got a we've combo combo it's got no targets you can execute scan on the combo so what have i done wrong there i've obviously got my ui action this is what i always have to do because i forget to type if i look for script contains action. any of these ones typed it wrong i know i have oh that's protected because and i didn't get my message did i it failed let's put a script debugger on there something's going wrong how long have you been going for have we learned anything tonight ready to catch it okay when something froze out like that first thing to do just detect the logs just take a quick look at them there's no point going searching not the same thing again if i it's brilliant very impressed here we go result ids is not defined this ui action result is not defined okay so it's gone deeper right so if i look at that log the result id is not defined line eight of my scripts include yeah so ids because it's result id that's why i didn't add targets that's why i stopped there okay let's go again just reset the script debugger go we're going in oh it crashed again what is going on hopefully i get a nicer area this time add targets to a result have i forgot to put this of course i have it's what happens when i'm rushing what happens when i'm rushing just go again will not be defeated oh it's failed again there's got to be something something silly in here that wasn't just now was it my time clocks out but 49 35 that's the same message it did say here that scan initiated so i did get a result let's look at our scan results that's his full scan in progress interesting with the same combo why done something wrong this one he's got no targets cool raf thanks mate i'm going to see this one out i'll let you know i'll get on here i've got a full scan with the same combo that combo doesn't have well it has got targets in it is it not set in the table name i've pushed the ids in for the tag they say id are they ah they are ids of my update set get target update sets yes silly me then our child update sets right so in here let's look yeah charlotte looks like so good but i need to create target i close to my windows earlier okay so create target so this is should be an array so array update set ids equals zero and so we did this earlier and it was running an explore and i forgot to transform that so array target ids dot push this dot create target says update set already updates set by the i what are you happy about unexpected tokens this dot there let's push so that creates a target that gives target updates ids okay i think that might work i'm not sure why it ran a full scan that's interesting let's see actually redirect to the right place close the logs and let's look back at the results that's still in progress okay so 299 out of 351 doesn't seem to be moving doesn't seem to be a way to cancel the scan either i guess you could access it through the notes or something but let's just have a look it still seems to be stuck it's good if you could cancel from here maybe i've broken it let's see what happens if from this update set i click scan result 12. start debugging what is that just fired off oh because i'm only on the initial right it should be from here i've got the catch in the wrong place so scan results was 12 run twice did it got targets 98 of them wow something's really going wrong here hey yeah it really shouldn't be that difficult i'm sure i'm sure by piecing it together really struggling now so that's on my ui action go in okay so let's just have a look update set id i've got one i've got one update id coming in here i'm using an object in there to dedupe on the run so gray updates ids we've got three one two three that's perfect it's what we wanted for y is zero less than length we know that our target ah it's not an array look at that again naming conventions because i've called it because i've called it an array i know that i'm expecting to handle it as an array here we need to do split is it split or is it joined which way around is it very split it's the reverse of joining i know that joining merges into one splitting breaks one array into multiple pretty sure yes just want to check that um hopefully that handles the string correctly probably broken the scan results again live in there okay it's all complete so we're dealing with 16. let's put the debuggers back on run the batch scan debug play that to the next line so now it should come back as an array yes now that's an array and that's why it was playing up create a scan result it's a scan combo that's perfect okay so we've got combo id is that going to work then 18 and why is it it's creating two of them each time it's quite funny something's going wrong there so that one's got three targets which are my update sets ah this one's a run perfect so it is running but it is creating two scan i results know why i've got free findings though it's not good because it's the update so i've just created so what am i doing wrong upgradeability that's wrong differs from baseline oh yeah yeah because i went in and updated those business rules made them inactive and inactive they're not actually different but it's registered the fact that they've been changed um and they're critical okay from an upgradeability perspective ah this is the bit that mark was pointing out against the previous scan okay so it looks at one scan and then creates the other scan so the first one i created when you scan it again that's why so it's the first time i scan it i'm not really scanning it i don't know how to create all the parts beforehand so um yeah that's a bit of a bit of a challenge so we've got three findings let's just go back on that dashboard upgradeability security ui action visibility yeah i haven't put any conditions on there but let's see what is recommended is it telling me yeah can be accessed by user with no roles exactly that's perfect it's it's true my type of what is this a check of security it's a table check i think yes table check it out at the top right okay so i mean in terms of examples of checks there's lots of examples in there the thing is we need to start looking at looking for some linter information but you can see in here apart from the fact it's using gr itself which is bad practice i assume a linter would find that for us it's looking at the action by the action view example here i guess that's what joins the two together and it's saying so it's got current so current is the table that's being queried so it goes to that table any table that meets the condition and that table is the current and it looks on the view and says either the condition has a role all right okay so this action view is saying this must be where the let's just show definition on here show data on here ui action visibility right okay yeah ui action view i don't understand i was thinking it was an actual database view yeah that's where you attach a role to ui action so it's checking there if i haven't got one then check have i got gs has role in the condition of the ui action if i haven't got either of those things then this ui action has got a security finding on it and finding the increment just seems to be the method for like the object that's going to deal with the source and the increment up so i feel like it makes sense but it's not very well documented if we want to start taking advantage of this then we are going to need a little bit more um a little more a bit more detail around how to use it i understand that they've locked the api down which is it makes a lot of sense there must be a lot of stuff going on there we don't really want people playing around with with the scanner but if we want to put our own definitions in there and be effective than we need to i need to find out how i can trigger the scan to run the first time and populate all those multiple records but i think generally for myself i've definitely i've definitely counted this successful i've been able to scan multiple update sets within a batch from a batch the fact is it created one in the first place so that without access to the api it's difficult to know how to solve that so let's have a look i don't know if anyone else is still tuned in it says i've got a viewer but that might actually be myself because i was checking that things are running um apologies for the hats if you're seeing me tuned in on stuff and i've got hats on yeah the hair's just really awful right now i wanted to how can i add a new transition i just want to test it out while we're while we're running live and i've forgotten how to add a transition transition to ibs and the scene transitions click the plus icon and the scene transitions ah here there's no plus okay i'm calling this one roll deep let's see if i can actually it's good deep roll by renaming it i think it's too many seconds i don't really want to change this one well that one works does this one just messing around trying to sort out i'll tell you what i didn't do i probably didn't save it down with the transparency oh well you have to wait for next time i think so well thanks for tuning in tonight uh apologies for the very technical issues at the start um thanks to everyone who has tuned in managed to hopefully get eyes on instant scan and see how you can start to use this in your um in your role i'm even working for customers or if you're in the customer or even if you're in kind of application development um that side of things look at the instant scan in quebec have a little dig around thanks to mark look at the link in the description have a little dig around see if you can find it in orlando and paris and start to take advantage of it and i guess as we find more documentation we'll start to share that yeah stay tuned to the channel and thank you very much for uh for tuning in thanks for all the support until next time take care stay safe and see you soon you