Create NOTICE

[rajapandi1234]

Summary by CodeRabbit

• Documentation
  • Added NOTICE file detailing third-party component licenses and attributions, organized by license type (Mozilla Public License 2.0, BSD, MIT, EPL, JSON License).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new NOTICE file is introduced that catalogs third-party components and their associated licenses used by the project, organized by license category across MOSIP platform, e-signet, and SDK/utility libraries.

Changes

Cohort / File(s)	Summary
License Documentation NOTICE	New file enumerating third-party components organized by license type (Mozilla Public License 2.0, BSD/BSD-Style, JSON License, MIT License, Eclipse Public License), including attribution for MOSIP platform components, e-signet modules, SDKs, and libraries (e.g., PostgreSQL JDBC Driver, OpenCV Java, JUnit, Lombok, Mockito); references full license texts in license/ directory

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A NOTICE so fine, with licenses all in a line,
Third-party friends, their attributions to tend,
From MPL to MIT, in categories we split,
Each library named, compliance framed! 📜✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Create NOTICE' is directly related to the changeset, which introduces a new NOTICE file documenting third-party components and licenses.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baa6cea and ed39851.

📒 Files selected for processing (1)

• NOTICE

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Check repository structure
echo "=== Repository Structure ==="
ls -la | head -20

echo -e "\n=== Looking for license directory ==="
find . -maxdepth 2 -name "license*" -type d

echo -e "\n=== Looking for dependency manifest files ==="
ls -la pom.xml build.gradle build.gradle.kts package.json 2>/dev/null || echo "No Maven/Gradle/NPM manifests found in root"

echo -e "\n=== Checking for NOTICE file location ==="
find . -name "NOTICE*" -type f | head -10

echo -e "\n=== Checking git files to understand structure ==="
git ls-files | grep -E "(pom.xml|build.gradle|package.json|NOTICE|LICENSE|license)" | head -20

Repository: mosip/id-authentication

Length of output: 2014

---

🏁 Script executed:

#!/bin/bash

echo "=== THIRD-PARTY-NOTICES file ==="
head -100 THIRD-PARTY-NOTICES

echo -e "\n=== NOTICE file (for comparison) ==="
cat NOTICE

echo -e "\n=== Checking pom.xml files in subdirectories ==="
echo "authentication/pom.xml dependencies:"
head -50 authentication/pom.xml

Repository: mosip/id-authentication

Length of output: 8448

---

🏁 Script executed:

#!/bin/bash

echo "=== Checking for tensorflow in pom.xml files ==="
rg -i "tensorflow" . --type xml -A 2 -B 2

echo -e "\n=== Checking for spring dependencies in pom.xml files ==="
rg -i "spring" . --type xml | head -30

echo -e "\n=== Looking for all dependency references ==="
find . -name "pom.xml" -type f -exec grep -l "dependency" {} \;

Repository: mosip/id-authentication

Length of output: 3810

---

Remove false reference to non-existent license/ directory and completely rebuild NOTICE with accurate, complete component listing.

The NOTICE file has critical issues:

1. Non-existent directory reference (lines 54-56): The statement "Full license texts for these components are available in the license/ directory" is false—no such directory exists in the repository. Remove or correct this reference.

2. Severely incomplete component listing: The NOTICE omits the entire Apache License 2.0 section. Missing critical dependencies: Spring Boot, Spring Framework, Spring Cloud, Spring Kafka, Spring Batch, Spring Security, SpringDoc OpenAPI, Micrometer, Jackson, Apache Commons, Apache HttpComponents, Hibernate Validator, JSON Simple, and JSON Path.

3. License misclassification: TensorFlow Java is listed under "MIT License" but is actually distributed under Apache License 2.0 (confirmed in pom.xml and detailed in THIRD-PARTY-NOTICES).

4. Duplicate documentation: A comprehensive THIRD-PARTY-NOTICES file already exists with accurate licensing details. Consolidate or align these documents to avoid confusion about which is authoritative.

Either replace NOTICE with a complete, accurate listing (using THIRD-PARTY-NOTICES as reference) or remove it in favor of the existing comprehensive THIRD-PARTY-NOTICES file.