Blast Radius for ServiceNow
Blast Radius provides configuration dependency analysis across a ServiceNow instance. Before making changes to fields, tables, or artifacts, use these tools to understand the full blast radius.
Tool Overview
| Tool | Purpose | When to Use |
|------|---------|-------------|
| snow_blast_radius_apps | List apps with config counts | Starting point — understand the instance landscape |
| snow_blast_radius_table_configs | All configs on a table | "What runs on the incident table?" |
| snow_blast_radius_field_references | Reverse field lookup | "What touches incident.assignment_group?" |
| snow_blast_radius_artifact_dependencies | Forward dependency analysis | "What does this business rule read/write?" |
| snow_blast_radius_reverse_dependencies | Reverse artifact lookup | "What calls the IncidentUtils script include?" |
Recommended Workflow
1. Instance Overview
Start with snow_blast_radius_apps to see which applications have the most configurations:
→ snow_blast_radius_apps(include_config_counts: true)
2. Table Deep-Dive
Pick a table and see everything running on it:
→ snow_blast_radius_table_configs(table_name: "incident")
This returns all business rules, client scripts, UI actions, UI policies, ACLs, script includes, and data policies on that table.
3. Field Impact Check
Before changing a field, find every artifact that touches it:
→ snow_blast_radius_field_references(table_name: "incident", field_name: "assignment_group")
This is the most powerful tool — it searches across all artifact types and classifies each reference as read, write, or condition.
4. Artifact Analysis
Analyze what a specific artifact depends on:
→ snow_blast_radius_artifact_dependencies(artifact_type: "business_rule", artifact_sys_id: "abc123")
Returns fields read/written, tables queried, script includes called, and a complexity rating.
5. Reverse Dependencies
Find what depends on a specific artifact (e.g., a script include):
→ snow_blast_radius_reverse_dependencies(artifact_type: "script_include", artifact_identifier: "IncidentUtils")
Common Questions and Which Tool to Use
| Question | Tool |
|----------|------|
| "What apps are in this instance?" | snow_blast_radius_apps |
| "What business rules run on incident?" | snow_blast_radius_table_configs |
| "What touches the state field on change_request?" | snow_blast_radius_field_references |
| "What does this business rule do?" | snow_blast_radius_artifact_dependencies |
| "What uses the TaskUtils script include?" | snow_blast_radius_reverse_dependencies |
| "Is it safe to remove this field?" | snow_blast_radius_field_references |
| "How complex is this business rule?" | snow_blast_radius_artifact_dependencies |
| "What's the blast radius of changing this script include?" | snow_blast_radius_reverse_dependencies |
Configuration Types Tracked
- Business Rules (
sys_script) — server-side scripts triggered on table operations - Client Scripts (
sys_script_client) — browser-side scripts for form interactions - UI Actions (
sys_ui_action) — buttons, links, and context menu items - UI Policies (
sys_ui_policy) — field visibility, mandatory, and read-only rules - ACLs (
sys_security_acl) — access control rules per table/field/operation - Script Includes (
sys_script_include) — reusable server-side libraries - Data Policies (
sys_data_policy2) — data validation rules
Script Analysis Patterns
The script analyzer detects these patterns in ServiceNow scripts:
Field reads: current.field, gr.getValue('field'), g_form.getValue('field'), .addQuery('field'), .orderBy('field')
Field writes: current.field = value, gr.setValue('field', value), g_form.setValue('field', value)
Table queries: new GlideRecord('table'), new GlideAggregate('table')
Script include calls: new ClassName() (excludes Glide built-in classes)