Scanning EAR or WAR files
How to use Meterian to scan EAR or WAR files
The Meterian scanner can be used to scan EAR or WAR files when those contain jar files. In order to do that, however, the files must be unpacked in a folder so that, later, the Meterian Client can be used to execute a binary scan against that.
In order to do this consistently, Meterian provides a simple supporting script, ant-unpack.sh, that given an EAR or a WAR file, it will extract all jars contained in the archive ti a folder specified by the user (or the current folder if not specified). At that point, the Meterian Client can be used to execute a scan of the components. The script will also provide a dummy build.xml file to trigger the Ant plugin of the scanner, which will the identify the JARs using binary/signature detection.
Note that some of those jar files may be legacy versions, so the system may take some time to resolve them. This is absolutely normal, and it happens only the first time, as later their information will be stored on the Meterian SAAS servers. If, under these conditions, the client times out, you can always relaunch it.
Usage example
First expand the war file in directory:
Then simply execute a scan with the Meterian client:
Last updated