From SO link: https://stackoverflow.com/a/54111506 (Rostislav Matl)
#!/bin/bash
mvn_classpath=`mvn dependency:build-classpath -B | awk '/Dependencies classpath:/{getline; print}' | sed -e s/:/\\\\n/g`
for jar in $mvn_classpath; do
echo -n `jarsigner -verify $jar | grep verified | wc -l`; echo " $jar";
done
This will list JAR files used by your project - those that are signed and verified are preceded by 1, the unsigned by 0. I had no signed JAR that would not be possible to verify, so I'm not sure how the logic should look in this case.