Create THIRD-PARTY-NOTICES

[rajapandi1234]

Summary by CodeRabbit

• Documentation
  • Added third-party notices documenting open-source packages and their licenses, including Spring Framework, Spring Boot, Spring Security, SpringDoc OpenAPI, and PostgreSQL JDBC Driver.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A THIRD-PARTY-NOTICES document was added to catalog open-source dependencies used in the project, listing package names, version families, licenses (primarily Apache 2.0 and BSD 2-Clause), and homepage references, with full license texts maintained in the repository's license directory.

Changes

Cohort / File(s)	Summary
Third-Party Notices Documentation THIRD-PARTY-NOTICES	New file documenting open-source dependencies including Spring Framework (3.x), Spring Boot (3.x), Spring Security (6.x), Spring Cloud Config, SpringDoc OpenAPI (2.x), and PostgreSQL JDBC Driver (42.x) with their respective licenses and sources.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 With credits given, true and bright,
Each dependency listed just right,
Spring and Postgres, now displayed,
In the notices that I have made,
Attribution's the open-source way! 📜

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly describes the main change: creating a new THIRD-PARTY-NOTICES document. It is concise, specific, and accurately represents the primary objective of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

THIRD-PARTY-NOTICES (2)

10-11: Clarify the license source attribution for better compliance.

Multiple entries reference licenses as "Inferred from project's official repository," which is vague. For proper legal attribution, specify the exact source:

• Reference the actual LICENSE file in each dependency package, or
• Reference the exact SPDX license identifier from the package manifest, or
• Link to the official repository's LICENSE file location

This increases confidence that the license attribution is accurate and verified.

🔎 Example improvement for license attribution

Instead of:

License: Apache License 2.0
         (Inferred from project's official repository)

Use one of:

License: Apache License 2.0 (SPDX: Apache-2.0)
         Source: https://github.com/spring-projects/spring-boot/blob/main/LICENSE.txt

License: Apache License 2.0
         Source: org.springframework.boot:spring-boot-starter-web/META-INF/LICENSE.txt

Also applies to: 18-19, 26-27, 35-36, 43-44

---

1-48: Clarify scope: direct vs. transitive dependencies.

The THIRD-PARTY-NOTICES file documents major direct dependencies appropriately. However, clarify whether this lists only direct dependencies (which is standard practice) or is intended to be comprehensive. Direct dependencies should be listed in a NOTICE file, but transitive dependencies typically are not required. Add a brief header statement like: "This document lists the direct dependencies of this project. For transitive dependencies and detailed dependency trees, refer to the project manifest (pom.xml/package.json)."

Additionally:

• License source attribution: Replace "Inferred from project's official repository" with direct references to specific LICENSE files or official sources (e.g., "per Apache License 2.0 text at https://www.apache.org/licenses/LICENSE-2.0")
• Verify license/ directory: Confirm the referenced license/ directory exists and contains copies of all documented licenses

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6610c98 and 3bcd0c1.

📒 Files selected for processing (1)

• THIRD-PARTY-NOTICES

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: partner-onboarder / build-dockers

🔇 Additional comments (1)

THIRD-PARTY-NOTICES (1)

48-48: Verify that the referenced license/ directory exists and contains appropriate license files.

The closing paragraph references a license/ directory that should contain full license texts. Please confirm:

1. The license/ directory exists in the repository root
2. Each referenced license (Apache License 2.0, BSD 2-Clause) has a corresponding file in that directory
3. The files contain the full, official license text