//third_party is the repository where we check in all non-Google code,
binaries, and data. (Its full name is
- Adding code to //third_party
- What and why?
- Rights and responsibilities
- Why can there be only one version in //third_party?
- Useful tools
- Project-Specific Policies
NOTE: To make terminology simple, we’ll use the word “code” below. However, process wise, it applies equally well to third-party binaries and data that need to be checked in.
What and why?
Using third-party code saves time and is consistent with our values. To use any
third-party code, we import it and place its source into
is a special repository designed specifically to house all open source code used
//piper/.../google3 projects at Google. Placing all third-party code into the
same repository allows us to easily find all uses of third-party code by a
project, and thus to comply with any license requirements the third-party code
All non-Google or open source code and data goes into //third_party
//third_party/ subdirectory is the master directory for all code that is
not 100% owned by Google. All third-party code, whether received under an open
source or proprietary license, is kept in third_party.
Google-owned open source projects must be moved to third_party prior to being released under an open source license, even if Google owns 100% of the code, because the projects are expected to receive external contributions.
Google owned means code Google owns the copyright to. This means:
Code contributed to Google under a Google Contributor Agreement is not Google-owned, as that agreement does not assign copyright.
Code, tools, libraries, or protocols that are open source, free software, or under proprietary licenses must be in
WARNING: Please keep in mind that some code is only available under licenses that make it unsuitable for use at Google. Such code cannot be used at Google or checked into
A library you wrote for your Ph.D. thesis, or code you wrote at your last job, or code you found on StackOverflow, or code you found in a textbook (it can have surprising conditions!), all need to be in
Data other than source code, including precompiled binaries and libraries, WSDL, XML, XSD, and anything else that you might not consider “code” falls under this restriction. If it’s going into source control, and Google doesn’t own the copyright, it needs to follow this policy. In the remainder of this document, when we refer to “code,” assume we are also talking about whatever kind of data you were thinking about.
Google modifications of third-party code go into
If you think these situations don’t apply to you, please email emailremoved@.
IMPORTANT: These rules also apply to code in
//experimental — you may not check in code authored
outside Google into
//third_party makes it easy to examine all non-Google code
We respect other people’s rights, both in letter and spirit. When we ship a new product, we need to examine non-Google code to make sure we’re complying with the authors’ licenses.
It’s also useful for determining how we treat the code. Tools we run to enforce Google-style (i.e., code formatters) should ignore non-Google code. When there’s a security warning about non-Google code, we want to scan all non-Google code to find problems.
All these are easier when non-Google code is in one place instead of spread
throughout the codebase. Hence,
//third_party also makes life
easier for OSPO, which means we have more time to
The policies and procedures documented here apply to all projects that live in google3. There are project-specific policies for:
- Third-party libraries outside of google3
Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.