Really a nice and helpful tool. Unfortunately if fails for pyqt packages.

gathering licenses...
Traceback (most recent call last):
...
license = regex_license.search(metadata).group('license')
AttributeError: 'NoneType' object has no attribute 'group'

Reproduce: ini file from repo, requirements.txt with the following content

PyQt5==5.11.3
PyQt5-sip==4.19.13

For some reason, the license is not present in PyQt5-sip package metadata.
Fixed by #22.
With the fix, your testcase results in:

gathering licenses...
2 packages and dependencies.
check unauthorized packages...
1 package.
    PyQt5 (5.11.3): ['GPL v3']
      dependency:
          PyQt5
check unknown packages...
1 package.
    PyQt5-sip (4.19.13): UNKNOWN
      dependency:
          PyQt5-sip << PyQt5

Thanks for the fast response. This fixes indeed the Attribute error. However, I still do not understand your approach with approved packages.

If I write in the ini file

[Authorized Packages]
PyQt5: 5.11.3
PyQt5-sip: 4.19.13

it still gives me the output (shouldn't it be all ok?):

gathering licenses...
2 packages and dependencies.
check unauthorized packages...
1 package.
PyQt5 (5.11.3): ['GPL v3']
dependency:
PyQt5
check unknown packages...
1 package.
PyQt5-sip (4.19.13): UNKNOWN
dependency:
PyQt5-sip << PyQt5

I would like to use your tool as a test step in CI pipeline.

Explicitly authorized packages are always accepted, whatever the level (standard, cautious, paranoid).
There is a bug in the check, however, because config values from the strategy file are converted to lowercase, whereas the accepted package check is case sensitive. I am going to fix that.

Fixed by #23 in version 0.3.7