# Scanning EAR or WAR files The Meterian scanner can be used to scan EAR or WAR files when those contain jar files. In order to do that, however, the files must be unpacked in a folder so that, later, the Meterian Client can be used to execute a binary scan against that. Please note that it's now possible to avoid unpacking the files using the [Binaries](/languages-support/binaries.md) scanner that, however, has a wider range of operation. In order to do this consistently, Meterian provides a simple supporting script,[ ant-unpack.sh](https://raw.githubusercontent.com/MeterianHQ/supporting-scripts/main/ant-unpack.sh), that given an EAR or a WAR file, it will extract all jars contained in the archive ti a folder specified by the user (or the current folder if not specified). At that point, the Meterian Client can be used to execute a scan of the components. The script will also provide a dummy build.xml file to trigger the Ant plugin of the scanner, which will the identify the JARs using binary/signature detection. Note that some of those jar files may be legacy versions, so the system may take some time to resolve them. This is absolutely normal, and it happens only the first time, as later their information will be stored on the Meterian SAAS servers. If, under these conditions, the client times out, you can always relaunch it. **Usage example** First expand the war file in directory: ``` $ ~/ant-unpack.sh ./target/cargo-tracker.war /tmp/test Archive: ./target/cargo-tracker.war inflating: /tmp/test/WEB-INF/lib/h2-2.2.220.jar inflating: /tmp/test/WEB-INF/lib/primefaces-12.0.0-jakarta.jar inflating: /tmp/test/WEB-INF/lib/commons-lang3-3.8.1.jar Total JAR files extracted in folder "/tmp/test": 3 ``` Then simply execute a scan with the Meterian client: ``` $ java -jar ~/meterian-cli.jar --folder=/tmp/test Meterian Client v0.0.00.0, build 0000 © 2017-2023 Meterian Ltd - All rights reserved [...] Java scan - running Ant locally... - ant: Collecting jars signatures... - ant: Resolving jars signatures... Loaded 3/3 - ant: Resolving jars metadata... - ant: Ant dependencies generated... Execution successful! [...] Final results: - security: 100 (minimum: 90) - stability: 99 (minimum: 90) - licensing: 100 (minimum: 90) Full report available at: https://www.meterian.com/projects/?pid=00000000-0000-0000-0000-00000000&branch=head&mode=eli ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.meterian.io/languages-support/java/scanning-ear-or-war-files.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.