From 385509c196afb6f03697ab4f0b61a6bb31c80108 Mon Sep 17 00:00:00 2001 From: Rakshithasai123 Date: Wed, 26 Nov 2025 15:19:50 +0530 Subject: [PATCH 1/3] Add THIRD-PARTY-NOTICES with package licenses(registration) This file lists third-party packages used in the project along with their licenses, versions, and homepages. Signed-off-by: Rakshithasai123 --- THIRD-PARTY-NOTICES.txt | 425 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 THIRD-PARTY-NOTICES.txt diff --git a/THIRD-PARTY-NOTICES.txt b/THIRD-PARTY-NOTICES.txt new file mode 100644 index 00000000000..5f08728995c --- /dev/null +++ b/THIRD-PARTY-NOTICES.txt @@ -0,0 +1,425 @@ +THIRD-PARTY-NOTICES + +This project includes third-party packages that are distributed under various open-source licenses. Below is a list of packages and their associated licenses. + +================================================================================ +Package: MOSIP Kernel Libraries +(io.mosip.kernel:kernel-core, kernel-cbeffutil-api, kernel-dataaccess-hibernate, + kernel-biometrics-api, kernel-websubclient-api, kernel-templatemanager-velocity, + kernel-logger-logback, kernel-bom, kernel-idvalidator-rid, kernel-idvalidator-vid, + kernel-biosdk-provider, kernel-keymanager-service, kernel-auth-adapter) +Version: 1.3.0-SNAPSHOT family (from SBOM where specified) +License: Mozilla Public License 2.0 (Inferred from project’s official repository) +Homepage: https://mosip.io +================================================================================ + +================================================================================ +Package: MOSIP Registration Processor & Commons Libraries +(io.mosip.registrationprocessor:registration-processor-core, + registration-processor-info-storage-service, + registration-processor-registration-status-service-impl, + mosip-stage-executor, + registration-processor-packet-receiver-stage, + registration-processor-packet-uploader-stage, + registration-processor-packet-classifier-stage, + registration-processor-verification-stage, + registration-processor-uin-generator-stage, + registration-processor-biometric-extraction-stage, + registration-processor-finalization-stage, + registration-processor-credential-requestor-stage, + registration-processor-manual-adjudication-stage, + registration-processor-abis-handler-stage, + registration-processor-abis-middleware-stage, + registration-processor-bio-dedupe-service-impl, + registration-processor-bio-dedupe-stage, + registration-processor-quality-classifier-stage, + registration-processor-securezone-notification-stage, + registration-processor-message-sender-impl, + registration-processor-message-sender-stage, + registration-processor-rest-client, + registration-processor-packet-manager, + registration-processor-biometric-authentication-stage, + registration-processor-demo-dedupe-stage, + registration-processor-cmd-validator-stage, + registration-processor-operator-validator-stage, + registration-processor-supervisor-validator-stage, + registration-processor-introducer-validator-stage, + registration-processor-packet-validator-stage, + io.mosip.commons:khazana) +Version: 1.3.0-SNAPSHOT family (from SBOM where specified) +License: Mozilla Public License 2.0 (Inferred from project’s official repository) +Homepage: https://mosip.io +================================================================================ + +================================================================================ +Package: Spring Boot & Spring Framework +(org.springframework.boot:spring-boot-starter-web, + spring-boot-starter-security, + spring-boot-starter-actuator, + spring-boot-starter-activemq, + spring-boot-starter-data-jpa, + spring-boot-starter-test, + spring-boot-starter, + spring-boot-configuration-processor, + spring-boot-maven-plugin, + org.springframework:spring-context, + org.springframework:spring-tx, + org.springframework.batch:spring-batch-test, + org.springframework.cloud:spring-cloud-starter-config) +Version: Spring 3.2.x family (spring-boot-maven-plugin 3.2.3 per SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://spring.io/projects/spring-boot +================================================================================ + +================================================================================ +Package: Spring Security Test +(org.springframework.security:spring-security-test) +Version: 6.x family (not fully specified in SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://spring.io/projects/spring-security +================================================================================ + +================================================================================ +Package: SpringDoc OpenAPI +(org.springdoc:springdoc-openapi-starter-webmvc-ui, + org.springdoc:springdoc-openapi-maven-plugin) +Version: Starter WebMVC UI 2.5.0, Maven Plugin 0.2 (from SBOM) +License: Apache License 2.0 +Homepage: https://springdoc.org +================================================================================ + +================================================================================ +Package: Springfox Swagger +(io.springfox:springfox-swagger2, springfox-swagger-ui) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://github.com/springfox/springfox +================================================================================ + +================================================================================ +Package: Jackson JSON Processor +(com.fasterxml.jackson.core:jackson-core, + jackson-databind, + jackson-annotations, + com.fasterxml.jackson.module:jackson-module-afterburner) +Version: 2.15.4 (per SBOM) +License: Apache License 2.0 +Homepage: https://github.com/FasterXML/jackson +================================================================================ + +================================================================================ +Package: Micrometer Metrics +(io.micrometer:micrometer-core, micrometer-registry-prometheus) +Version: Not fully specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://micrometer.io +================================================================================ + +================================================================================ +Package: Eclipse Vert.x +(io.vertx:vertx-core, + vertx-web, + vertx-web-client, + vertx-config, + vertx-config-spring-config-server, + vertx-kafka-client, + vertx-health-check, + vertx-micrometer-metrics, + vertx-hazelcast, + vertx-camel-bridge, + vertx-unit, + vertx-lang-ceylon) +Version: 3.x family (includes 3.4.1 and 3.6.2 per SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://vertx.io +================================================================================ + +================================================================================ +Package: Hazelcast Kubernetes Integration +(com.hazelcast:hazelcast-kubernetes) +Version: 1.0.0 (from SBOM) +License: Apache License 2.0 +Homepage: https://github.com/hazelcast/hazelcast-kubernetes +================================================================================ + +================================================================================ +Package: Apache ActiveMQ +(org.apache.activemq:activemq-client) +Version: 6.1.2 (from SBOM) +License: Apache License 2.0 +Homepage: https://activemq.apache.org +================================================================================ + +================================================================================ +Package: Apache Camel Integration +(org.apache.camel:camel-http, + camel-jsonpath, + camel-vertx, + camel-kafka) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://camel.apache.org +================================================================================ + +================================================================================ +Package: Apache Hadoop Client +(org.apache.hadoop:hadoop-client) +Version: 2.8.1 (from SBOM) +License: Apache License 2.0 +Homepage: https://hadoop.apache.org +================================================================================ + +================================================================================ +Package: Apache Velocity +(org.apache.velocity:velocity, velocity-tools) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://velocity.apache.org +================================================================================ + +================================================================================ +Package: Zipkin Distributed Tracing +(io.zipkin.zipkin2:zipkin) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://zipkin.io +================================================================================ + +================================================================================ +Package: H2 In-Memory Database +(com.h2database:h2) +Version: 1.4.195 (from SBOM) +License: Mozilla Public License 2.0 OR Eclipse Public License 1.0 +Homepage: https://h2database.com +================================================================================ + +================================================================================ +Package: PostgreSQL JDBC Driver +(org.postgresql:postgresql) +Version: Not specified in SBOM +License: PostgreSQL License (BSD-style) (Inferred from project’s official repository) +Homepage: https://jdbc.postgresql.org +================================================================================ + +================================================================================ +Package: Joda-Time +(joda-time:joda-time) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://www.joda.org/joda-time +================================================================================ + +================================================================================ +Package: Google Guava +(com.google.guava:guava) +Version: 30.1.1-jre (from SBOM) +License: Apache License 2.0 +Homepage: https://github.com/google/guava +================================================================================ + +================================================================================ +Package: Caffeine Cache +(com.github.ben-manes.caffeine:caffeine) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://github.com/ben-manes/caffeine +================================================================================ + +================================================================================ +Package: JSON Libraries (org.json & JSON Simple) +(org.json:json, + com.googlecode.json-simple:json-simple) +Version: Not specified in SBOM +License: + - org.json: JSON License (Inferred from project’s official repository) + - json-simple: Apache License 2.0 (Inferred from project’s official repository) +Homepage: + - org.json: https://github.com/stleary/JSON-java + - json-simple: https://github.com/fangyidong/json-simple +================================================================================ + +================================================================================ +Package: Apache Commons IO, Pool & Codec +(commons-io:commons-io, + commons-pool:commons-pool, + commons-codec:commons-codec) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://commons.apache.org +================================================================================ + +================================================================================ +Package: Apache HttpComponents Mime +(org.apache.httpcomponents:httpmime) +Version: 4.3.1 (from SBOM) +License: Apache License 2.0 +Homepage: https://hc.apache.org +================================================================================ + +================================================================================ +Package: JSch SSH Library +(com.jcraft:jsch) +Version: Not specified in SBOM +License: BSD-style JSch License (Inferred from project’s official repository) +Homepage: http://www.jcraft.com/jsch +================================================================================ + +================================================================================ +Package: Lombok +(org.projectlombok:lombok) +Version: Not specified in SBOM +License: MIT License (Inferred from project’s official repository) +Homepage: https://projectlombok.org +================================================================================ + +================================================================================ +Package: Java JWT +(com.auth0:java-jwt) +Version: 3.9.0 (from SBOM) +License: MIT License +Homepage: https://github.com/auth0/java-jwt +================================================================================ + +================================================================================ +Package: Javax Inject +(javax.inject:javax.inject) +Version: 1 (from SBOM) +License: Apache License 2.0 +Homepage: https://javax-inject.github.io/javax-inject +================================================================================ + +================================================================================ +Package: JAXB API +(javax.xml.bind:jaxb-api) +Version: 2.3.1 (from SBOM) +License: CDDL 1.1 OR GPL 2.0 with Classpath Exception +Homepage: https://github.com/eclipse-ee4j/jaxb-api +================================================================================ + +================================================================================ +Package: Java Servlet API +(javax.servlet:javax.servlet-api) +Version: 4.0.1 (from SBOM) +License: CDDL 1.1 OR GPL 2.0 with Classpath Exception +Homepage: https://github.com/eclipse-ee4j/servlet-api +================================================================================ + +================================================================================ +Package: Scala Standard Library +(org.scala-lang:scala-library) +Version: 2.11.0 (from SBOM) +License: BSD 3-Clause License +Homepage: https://www.scala-lang.org +================================================================================ + +================================================================================ +Package: Ceylon Language Distribution +(org.ceylon-lang:ceylon-complete) +Version: 1.3.2 (from SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://ceylon-lang.org +================================================================================ + +================================================================================ +Package: MVEL Expression Language +(org.mvel:mvel2) +Version: 2.5.2 (from SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://github.com/mvel/mvel +================================================================================ + +================================================================================ +Package: Awaitility +(org.awaitility:awaitility) +Version: Not specified in SBOM +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://github.com/awaitility/awaitility +================================================================================ + +================================================================================ +Package: JUnit +(junit:junit) +Version: Not specified in SBOM +License: Eclipse Public License 1.0 (Inferred from project’s official repository) +Homepage: https://junit.org/junit4 +================================================================================ + +================================================================================ +Package: Mockito & PowerMock +(org.mockito:mockito-core, + org.powermock:powermock-core, + powermock-api-mockito2, + powermock-module-junit4) +Version: Not specified in SBOM +License: + - Mockito: MIT License (Inferred from project’s official repository) + - PowerMock components: Apache License 2.0 (Inferred from project’s official repository) +Homepage: + - Mockito: https://github.com/mockito/mockito + - PowerMock: https://github.com/powermock/powermock +================================================================================ + +================================================================================ +Package: Byte Buddy +(net.bytebuddy:byte-buddy) +Version: 1.10.13 (from SBOM) +License: Apache License 2.0 +Homepage: https://bytebuddy.net +================================================================================ + +================================================================================ +Package: Javassist +(org.javassist:javassist) +Version: 3.27.0-GA (from SBOM) +License: Apache License 2.0 OR LGPL 2.1+ OR MPL 1.1 +Homepage: https://www.javassist.org +================================================================================ + +================================================================================ +Package: JaCoCo Maven Plugin +(org.jacoco:jacoco-maven-plugin) +Version: 0.8.11 (from SBOM) +License: Eclipse Public License 2.0 +Homepage: https://www.jacoco.org/jacoco +================================================================================ + +================================================================================ +Package: SonarQube Maven Scanner +(org.sonarsource.scanner.maven:sonar-maven-plugin) +Version: 3.7.0.1746 (from SBOM) +License: GNU Lesser General Public License v3.0 +Homepage: https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner-for-maven +================================================================================ + +================================================================================ +Package: Git Commit ID Maven Plugin +(pl.project13.maven:git-commit-id-plugin) +Version: 3.0.1 (from SBOM) +License: Apache License 2.0 (Inferred from project’s official repository) +Homepage: https://github.com/git-commit-id/git-commit-id-maven-plugin +================================================================================ + +================================================================================ +Package: Sonatype Central Publishing Maven Plugin +(org.sonatype.central:central-publishing-maven-plugin) +Version: 0.7.0 (from SBOM) +License: Apache License 2.0 +Homepage: https://central.sonatype.org +================================================================================ + +================================================================================ +Package: Apache Maven Build Plugins +(org.apache.maven.plugins:maven-compiler-plugin, + maven-war-plugin, + maven-source-plugin, + maven-javadoc-plugin, + maven-jar-plugin, + maven-gpg-plugin, + maven-surefire-plugin) +Version: As listed in SBOM (e.g., compiler 3.8.0, war 3.1.0, source 2.2.1, javadoc 3.2.0, jar 3.0.2, gpg 1.5, surefire 2.22.0) +License: Apache License 2.0 +Homepage: https://maven.apache.org/plugins +================================================================================ + + +Full license texts and additional details for each of the above packages are available in the license/ directory of this repository. Please refer to those files or the original source of each package for complete legal terms and conditions. From 8a7c9fa4808cfb7aeb0b491a76b37d2524f9f09a Mon Sep 17 00:00:00 2001 From: Rakshithasai123 Date: Fri, 12 Dec 2025 11:01:10 +0530 Subject: [PATCH 2/3] Update THIRD-PARTY-NOTICES.txt Signed-off-by: Rakshithasai123 --- THIRD-PARTY-NOTICES.txt | 8 -------- 1 file changed, 8 deletions(-) diff --git a/THIRD-PARTY-NOTICES.txt b/THIRD-PARTY-NOTICES.txt index 5f08728995c..ead7be3cb24 100644 --- a/THIRD-PARTY-NOTICES.txt +++ b/THIRD-PARTY-NOTICES.txt @@ -391,14 +391,6 @@ License: GNU Lesser General Public License v3.0 Homepage: https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/scanners/sonarscanner-for-maven ================================================================================ -================================================================================ -Package: Git Commit ID Maven Plugin -(pl.project13.maven:git-commit-id-plugin) -Version: 3.0.1 (from SBOM) -License: Apache License 2.0 (Inferred from project’s official repository) -Homepage: https://github.com/git-commit-id/git-commit-id-maven-plugin -================================================================================ - ================================================================================ Package: Sonatype Central Publishing Maven Plugin (org.sonatype.central:central-publishing-maven-plugin) From 2f83d89d0a57b81798db4b389d4fe4960cc90959 Mon Sep 17 00:00:00 2001 From: Rakshithasai123 Date: Tue, 16 Dec 2025 13:05:47 +0530 Subject: [PATCH 3/3] Update THIRD-PARTY-NOTICES.txt Signed-off-by: Rakshithasai123 --- THIRD-PARTY-NOTICES.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/THIRD-PARTY-NOTICES.txt b/THIRD-PARTY-NOTICES.txt index ead7be3cb24..2b30d7fd4b5 100644 --- a/THIRD-PARTY-NOTICES.txt +++ b/THIRD-PARTY-NOTICES.txt @@ -189,7 +189,7 @@ Homepage: https://zipkin.io Package: H2 In-Memory Database (com.h2database:h2) Version: 1.4.195 (from SBOM) -License: Mozilla Public License 2.0 OR Eclipse Public License 1.0 +License: Eclipse Public License 1.0 Homepage: https://h2database.com ================================================================================ @@ -292,7 +292,7 @@ Homepage: https://javax-inject.github.io/javax-inject Package: JAXB API (javax.xml.bind:jaxb-api) Version: 2.3.1 (from SBOM) -License: CDDL 1.1 OR GPL 2.0 with Classpath Exception +License: CDDL 1.1 Homepage: https://github.com/eclipse-ee4j/jaxb-api ================================================================================ @@ -300,7 +300,7 @@ Homepage: https://github.com/eclipse-ee4j/jaxb-api Package: Java Servlet API (javax.servlet:javax.servlet-api) Version: 4.0.1 (from SBOM) -License: CDDL 1.1 OR GPL 2.0 with Classpath Exception +License: CDDL 1.1 Homepage: https://github.com/eclipse-ee4j/servlet-api ================================================================================ @@ -371,7 +371,7 @@ Homepage: https://bytebuddy.net Package: Javassist (org.javassist:javassist) Version: 3.27.0-GA (from SBOM) -License: Apache License 2.0 OR LGPL 2.1+ OR MPL 1.1 +License: Apache License 2.0 Homepage: https://www.javassist.org ================================================================================