Skip to content

Create THIRD-PARTY-NOTICES.txt#162

Merged
Mahesh-Binayak merged 1 commit into
mosip:developfrom
rajapandi1234:patch-5
Jan 6, 2026
Merged

Create THIRD-PARTY-NOTICES.txt#162
Mahesh-Binayak merged 1 commit into
mosip:developfrom
rajapandi1234:patch-5

Conversation

@rajapandi1234

@rajapandi1234 rajapandi1234 commented Jan 6, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Chores
    • Added third-party notices documentation listing all third-party packages, their licenses, versions, and homepages used in the project.

✏️ Tip: You can customize this high-level summary in your review settings.

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jan 6, 2026

Copy link
Copy Markdown

Walkthrough

A new THIRD-PARTY-NOTICES.txt file has been added that documents all third-party packages used in the project, including their respective licenses, versions, and homepages. This provides compliance and attribution information for dependencies.

Changes

Cohort / File(s) Summary
Third-party License Documentation
THIRD-PARTY-NOTICES.txt
Added comprehensive list of third-party packages (Spring Framework, Jackson, MOSIP Kernel Libraries, Apache Commons, JSON.simple, Gson, Apache HttpClient, Lombok, SLF4J Bridges, OkHttp MockWebServer, JUnit, Mockito, Maven plugins) with license information and references to full license terms.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hoppity-hop, the licenses are clear,
Third-party notices bring cheer!
Spring, Jackson, Maven aligned,
Compliance and attribution, well-defined,
A grateful nod to each package dear! 📜✨

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding a new THIRD-PARTY-NOTICES.txt file to document third-party packages and their licenses.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI Agents
In @THIRD-PARTY-NOTICES.txt:
- Around line 27-31: Remove the duplicate individual entries for Apache Commons
Lang and Apache Commons Codec and keep the consolidated grouping "Apache Commons
Libraries (commons-lang3, commons-codec)" — specifically delete the separate
entries that list commons-lang3 and commons-codec (the individual blocks
duplicated further down) or merge their content into the single consolidated
entry so each Apache Commons package appears only once in
THIRD-PARTY-NOTICES.txt.
🧹 Nitpick comments (1)
THIRD-PARTY-NOTICES.txt (1)

117-144: Separate build-time dependencies from runtime dependencies.

Maven plugins and build tools (lines 117–144) are development-time dependencies, not runtime third-party packages. Grouping them with production dependencies reduces the document's clarity and usefulness for compliance/attribution purposes. Consider moving these to a separate "Build Tools & Plugins" section or excluding them if the goal is runtime compliance only.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7fb1682 and 452f318.

📒 Files selected for processing (1)
  • THIRD-PARTY-NOTICES.txt
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build-biosdk-client / maven-build
🔇 Additional comments (1)
THIRD-PARTY-NOTICES.txt (1)

1-146: Verify the referenced license/ directory and SBOM completeness.

The document references a "license/" directory (line 146) for full license texts, but there's no indication of whether this directory exists or contains the referenced files. Additionally, many packages have "(Not specified in SBOM)," suggesting the Software Bill of Materials may be incomplete.

Please confirm:

  1. Does the license/ directory exist at the repository root and contain license files for all listed packages?
  2. Is the SBOM comprehensive? If not, consider documenting which packages lack version information and why.
  3. Are there critical runtime dependencies missing from this list?

Comment thread THIRD-PARTY-NOTICES.txt
@Mahesh-Binayak Mahesh-Binayak merged commit 76260ea into mosip:develop Jan 6, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants