diff --git a/deny.toml b/deny.toml
index c26c30e3..bbd2b8e6 100644
--- a/deny.toml
+++ b/deny.toml
@@ -2,3 +2,24 @@
 ignore = [
   { id = "RUSTSEC-2026-0097", reason = "rand 0.8.5 is a transitive dep from ark-std/logos-blockchain-*/risc0-* which pin to 0.8.x. Fix is in rand >= 0.9.3, outside the 0.8 semver range. The vulnerability requires custom logger + thread_rng + reseeding which we don't trigger." },
 ]
+
+[licenses]
+allow = [
+  "Apache-2.0 WITH LLVM-exception",
+  "Apache-2.0",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "BlueOak-1.0.0",
+  "CC0-1.0",
+  "CDDL-1.0",
+  "CDLA-Permissive-2.0",
+  "ISC",
+  "MIT",
+  "MPL-2.0",
+  "Unicode-3.0",
+  "Zlib",
+]
+
+[bans]
+multiple-versions = "allow"