Improve the performance of scanning a large number of jars #35
Description
The hashes are not of a file, but of normalized classes. I can understand the motivation behind it. However, what we also need is a possibility to identify a .jar with a vulnerability very quickly. Imagine we have apps that have around 1 GB of Java classes. Normalizing these would take quite a long time. We need to be able to do just the checksum of a file and say "this is the X library and contains CVE ###, fixed in version Y.