Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Verifying the Integrity of the Unified Agent

This procedure enables you It is recommended to verify the integrity of the downloaded Unified Agent’s JAR file per each release. The following two options are available:

  1. Checksum verification
    Calculate the SHA-256 checksum of the Unified Agent’s JAR file and compare it to the published checksum file (in GitHub or S3).

  2. Signature verification
    Use the JarSigner tool to verify the signature of the Unified Agent's

...

  1. JAR file

...

  1. and ensure that it originated from WhiteSource.

...

  1.  Do as follows:

    1. Download

    JarSigner 
    1. JarSigner (there are multiple sources from where the utility can be downloaded).

    2. From the command line, enter the following command to run JarSigner and view the list of security certificates in the

    .jar
    1. JAR file:

      Code Block
      jarsigner -verify -verbose <UA jar>

After running, ensure that the WhiteSource information appears in the list of security certificates.

Scanning Remote Repositories 

...