cargo-deny "failed to satisfy license requirements" in CI
cargo-deny evaluated a crate's SPDX license expression against your [licenses] policy and it failed to satisfy the requirements, so the check reported the crate and exited non-zero.
What this error means
The licenses check prints that a crate failed to satisfy license requirements and shows its license expression (which may be an OR/AND combination) that no allowed branch matches.
error: failed to satisfy license requirements
crate = mixed-crate 0.3.1
license = (MIT OR GPL-3.0)
= no allowed license matched the expressionCommon causes
No branch of the SPDX expression is allowed
A dual license like (MIT OR GPL-3.0) only satisfies the policy if at least one allowed license matches. If none is in your allow list, it fails.
The confidence threshold rejected a fuzzy match
For crates whose license text is matched by content, a low match confidence below the configured threshold can cause the expression to not be satisfied.
How to fix it
Allow a branch that satisfies the expression
- Read the printed SPDX expression for the crate.
- Add one of its acceptable licenses (for example MIT) to
allow. - Re-run so cargo-deny can satisfy the OR expression via the allowed branch.
# deny.toml
[licenses]
allow = ["MIT", "Apache-2.0", "BSD-3-Clause"]Adjust the confidence threshold if matching is fuzzy
When a valid license fails only because of a low text-match score, lower the license match threshold slightly (with legal awareness) so the expression evaluates.
# deny.toml
[licenses]
confidence-threshold = 0.8How to prevent it
- Understand SPDX OR/AND semantics when curating the allow list.
- Keep the confidence threshold high enough to avoid false matches.
- Review dual-licensed crates so at least one branch is allowed.