/conda-deny

🔎🐍 A CLI tool to check your project's dependencies for license compliance

Primary LanguageRustBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

conda-deny

License CI Status Binary Build Conda Platform Codecov

🗂 Table of Contents

📖 Introduction

conda-deny is a CLI tool for checking software environment dependencies for license compliance. Compliance is checked with regard to a whitelist of licenses provided by the user.

💿 Installation

You can install conda-deny using pixi:

pixi global install conda-deny

Or by downloading our pre-built binaries from the releases page.

🎯 Usage

conda-deny demo conda-deny demo

conda-deny can be configured in your pixi.toml or pyproject.toml (pixi.toml is preferred). The tool expects a configuration in the following format:

[tool.conda-deny]
#--------------------------------------------------------
# General setup options:
#--------------------------------------------------------
license-whitelist = "https://raw.githubusercontent.com/QuantCo/conda-deny/main/tests/test_remote_base_configs/conda-deny-license_whitelist.toml" # or ["license_whitelist.toml", "other_license_whitelist.toml"]
platform = "linux-64" # or ["linux-64", "osx-arm64"]
environment = "default" # or ["default", "py39", "py310", "prod"]
lockfile = "environment/pixi.lock" # or ["environment1/pixi.lock", "environment2/pixi.lock"]

#--------------------------------------------------------
# License whitelist directly in configuration file:
#--------------------------------------------------------
safe-licenses = ["MIT", "BSD-3-Clause"]
ignore-packages = [
    { package = "make", version = "0.1.0" },
]

After installing conda-deny, you can run conda-deny check in your project. This then checks pixi.lock to determine the packages (and their versions) used in your project.