The HILSTER Testing Framework supports signed test reports since version
Signed reports are a very useful feature to proof that a test report was not modified.
This could be useful when dealing with certification authorities or during legal proceedings to document when, how and to what degree a product was tested.
The signature is created using asymmetric cryptography. This allows for independent verification of the signatures validity with the public key.
Signed reports can be verified by others using the
checksignatures command line utility which
does not need to be licensed and which is shipped with
Creating signed reports¶
Signed reports can only be created for the internal reports of the HILSTER Testing Framework. These are the HTML-report, the JUnit-xml-report and the JSON-Report. User supplied reports are not signed for security reasons.
To be able to create signed reports you need to license the
Once the feature is enabled
htf.signatures signed reports are created automatically if you use
$ htf run,
$ htf dryrun,
The signature is written into an extra file with the name of the report plus
To disable the creation of signatures you can set the environment variable
set HTF_SIGN_REPORTS=0 on Windows or
export HTF_SIGN_REPORTS=0 on Linux.
checksignatures is free to use and does not need a license.
To check signatures you can use the
checksignatures commandline utility which is shipped with
When called without any parameters
checksignatures scans the current folder and prints
the status of the files found.
Files without signatures can be omitted by using the
To verify specific files or folders, add them as parameters seperated by whitespace.