...
The public key used to verify the OpenWhisk checksums can be found here. Download the key and import it on your local machine.
```
gpg --import <key_file>
...
The parameter <key_file> is the file, where the public key is saved.
To generate the SHA512 checksum:
gpg --print-md SHA512 <artifact>
...
Download the signature for OpenWhisk 0.9.0, and verify it with the command:
gpg --verify openwhisk-0.9.0-incubating-sources.tar.gz.asc openwhisk-0.9.0-incubating-sources.tar.gz
...
Download the OpenWhisk utilities project with the following command:
git clone https://github.com/apache/incubator-openwhisk-utilities.git
Then,run the following command:
scancode/scanCode.py --config scancode/ASF-Release.cfg <Path of root directory for openwhisk artifact>
...