Skip to content
Latchkey

cargo-deny "failed to satisfy license requirements" in CI

cargo-deny evaluated a crate's SPDX license expression against your [licenses] policy and it failed to satisfy the requirements, so the check reported the crate and exited non-zero.

What this error means

The licenses check prints that a crate failed to satisfy license requirements and shows its license expression (which may be an OR/AND combination) that no allowed branch matches.

Terminal
error: failed to satisfy license requirements
   crate = mixed-crate 0.3.1
   license = (MIT OR GPL-3.0)
   = no allowed license matched the expression

Common causes

No branch of the SPDX expression is allowed

A dual license like (MIT OR GPL-3.0) only satisfies the policy if at least one allowed license matches. If none is in your allow list, it fails.

The confidence threshold rejected a fuzzy match

For crates whose license text is matched by content, a low match confidence below the configured threshold can cause the expression to not be satisfied.

How to fix it

Allow a branch that satisfies the expression

  1. Read the printed SPDX expression for the crate.
  2. Add one of its acceptable licenses (for example MIT) to allow.
  3. Re-run so cargo-deny can satisfy the OR expression via the allowed branch.
deny.toml
# deny.toml
[licenses]
allow = ["MIT", "Apache-2.0", "BSD-3-Clause"]

Adjust the confidence threshold if matching is fuzzy

When a valid license fails only because of a low text-match score, lower the license match threshold slightly (with legal awareness) so the expression evaluates.

deny.toml
# deny.toml
[licenses]
confidence-threshold = 0.8

How to prevent it

  • Understand SPDX OR/AND semantics when curating the allow list.
  • Keep the confidence threshold high enough to avoid false matches.
  • Review dual-licensed crates so at least one branch is allowed.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →