You could look at File integrity monitoring software.
Basically these are designed to detect the introduction of rootkits to filesystems but at the core they have a database for files with meta information (checksum, hashes) and monitor files that have been changed or added under a set of directories which is what you want.
The oldest one I've heard about is Tripwire but an open source version was created called AIDE. A more recent one is OSSEC recommended from https://serverfault.com/questions/141800/recommend-alternative-to-tripwire.