Quantco
diff --git a/‎Cargo.lock
+22 b/‎Cargo.lock
+22
diff --git a/‎Cargo.toml
+1 b/‎Cargo.toml
+1
diff --git a/‎src/check.rs
+59-9 b/‎src/check.rs
+59-9
diff --git a/‎src/cli.rs
+18-1 b/‎src/cli.rs
+18-1
diff --git a/‎src/conda_deny_config.rs
+8-6 b/‎src/conda_deny_config.rs
+8-6
diff --git a/‎src/lib.rs
+29-7 b/‎src/lib.rs
+29-7
diff --git a/‎src/license_info.rs
+15-5 b/‎src/license_info.rs
+15-5
@@ -36,6 +36,7 @@ clap-verbosity-flag = "3.0.2"
 env_logger = "0.11.6"
 log = "0.4.25"
 tempfile = "3.16.0"
+csv = "1.3.1"
 
 [dev-dependencies]
 assert_cmd = "2.0.14"
 
@@ -1,7 +1,13 @@
-use crate::{fetch_license_infos, license_info::LicenseInfo, CheckOutput, CondaDenyCheckConfig};
+use crate::{
+    fetch_license_infos,
+    license_info::{LicenseInfo, LicenseState},
+    CheckOutput, CondaDenyCheckConfig, OutputFormat,
+};
 use anyhow::{Context, Result};
 use colored::Colorize;
 use log::debug;
+use serde::Serialize;
+use serde_json::json;
 use std::io::Write;
 
 fn check_license_infos(config: &CondaDenyCheckConfig) -> Result<CheckOutput> {
@@ -20,14 +26,58 @@ fn check_license_infos(config: &CondaDenyCheckConfig) -> Result<CheckOutput> {
 pub fn check<W: Write>(check_config: CondaDenyCheckConfig, mut out: W) -> Result<()> {
     let (safe_dependencies, unsafe_dependencies) = check_license_infos(&check_config)?;
 
-    writeln!(
-        out,
-        "{}",
-        format_check_output(
-            safe_dependencies,
-            unsafe_dependencies.clone(),
-        )
-    )?;
+    match check_config.output_format {
+        OutputFormat::Pretty => {
+            writeln!(
+                out,
+                "{}",
+                format_check_output(safe_dependencies, unsafe_dependencies.clone(),)
+            )?;
+        }
+        OutputFormat::Json => {
+            let json_output = json!({
+                "safe": safe_dependencies,
+                "unsafe": unsafe_dependencies,
+            });
+            writeln!(out, "{}", json_output)?;
+        }
+        OutputFormat::Csv => {
+            #[derive(Debug, Clone, Serialize)]
+            struct LicenseInfoWithSafety {
+                package_name: String,
+                version: String,
+                license: LicenseState,
+                platform: Option<String>,
+                build: String,
+                safe: bool,
+            }
+
+            let mut writer = csv::WriterBuilder::new().from_writer(vec![]);
+
+            for (license_info, is_safe) in unsafe_dependencies
+                .iter()
+                .map(|x: &LicenseInfo| (x, false))
+                .chain(safe_dependencies.iter().map(|x: &LicenseInfo| (x, true)))
+            {
+                let extended_info = LicenseInfoWithSafety {
+                    package_name: license_info.package_name.clone(),
+                    version: license_info.version.clone(),
+                    license: license_info.license.clone(),
+                    platform: license_info.platform.clone(),
+                    build: license_info.build.clone(),
+                    safe: is_safe,
+                };
+                writer.serialize(&extended_info).with_context(|| {
+                    format!(
+                        "Failed to serialize the following LicenseInfo to CSV: {:?}",
+                        extended_info
+                    )
+                })?;
+            }
+
+            out.write_all(&writer.into_inner()?)?;
+        }
+    }
 
     if !unsafe_dependencies.is_empty() {
         Err(anyhow::anyhow!("Unsafe licenses found"))
 
@@ -5,6 +5,8 @@ use clap_verbosity_flag::{ErrorLevel, Verbosity};
 use clap::Parser;
 use rattler_conda_types::Platform;
 
+use crate::OutputFormat;
+
 #[derive(Parser, Debug)]
 #[command(name = "conda-deny", about = "Check and list licenses of pixi and conda environments", version = env!("CARGO_PKG_VERSION"))]
 pub struct Cli {
@@ -40,12 +42,16 @@ pub enum CondaDenyCliConfig {
         environment: Option<Vec<String>>,
 
         /// Check against OSI licenses instead of custom license whitelists.
-        #[arg(short, long)]
+        #[arg(long)]
         osi: Option<bool>,
 
         /// Ignore when encountering pypi packages instead of failing.
         #[arg(long)]
         ignore_pypi: Option<bool>,
+
+        /// Output format
+        #[arg(short, long, global = true)]
+        output: Option<OutputFormat>,
     },
     /// List all packages and their licenses in your conda or pixi environment
     List {
@@ -68,6 +74,10 @@ pub enum CondaDenyCliConfig {
         /// Ignore when encountering pypi packages instead of failing.
         #[arg(long)]
         ignore_pypi: Option<bool>,
+
+        /// Output format
+        #[arg(short, long, global = true)]
+        output: Option<OutputFormat>,
     },
 }
 
@@ -106,6 +116,13 @@ impl CondaDenyCliConfig {
             CondaDenyCliConfig::List { ignore_pypi, .. } => *ignore_pypi,
         }
     }
+
+    pub fn output_format(&self) -> Option<OutputFormat> {
+        match self {
+            CondaDenyCliConfig::Check { output, .. } => *output,
+            CondaDenyCliConfig::List { output, .. } => *output,
+        }
+    }
 }
 
 #[cfg(test)]
 
@@ -7,6 +7,7 @@ use std::vec;
 use std::{fs::File, io::Read};
 
 use crate::license_whitelist::IgnorePackage;
+use crate::OutputFormat;
 
 #[derive(Debug, Deserialize)]
 pub struct CondaDenyTomlConfig {
@@ -47,12 +48,6 @@ pub enum LockfileSpec {
     Multiple(Vec<PathBuf>),
 }
 
-#[derive(Debug, Deserialize)]
-struct PixiEnvironmentEntry {
-    _file: String,
-    _environments: Vec<String>,
-}
-
 #[derive(Debug, Deserialize)]
 pub struct CondaDeny {
     #[serde(rename = "license-whitelist")]
@@ -71,6 +66,8 @@ pub struct CondaDeny {
     pub safe_licenses: Option<Vec<String>>,
     #[serde(rename = "ignore-packages")]
     pub ignore_packages: Option<Vec<IgnorePackage>>,
+    #[serde(rename = "output-format")]
+    pub output_format: Option<OutputFormat>,
 }
 
 impl CondaDenyTomlConfig {
@@ -132,6 +129,10 @@ impl CondaDenyTomlConfig {
         self.tool.conda_deny.ignore_pypi
     }
 
+    pub fn get_output_format(&self) -> Option<OutputFormat> {
+        self.tool.conda_deny.output_format
+    }
+
     pub fn empty() -> Self {
         CondaDenyTomlConfig {
             tool: Tool {
@@ -144,6 +145,7 @@ impl CondaDenyTomlConfig {
                     ignore_pypi: None,
                     safe_licenses: None,
                     ignore_packages: None,
+                    output_format: None,
                 },
             },
         }
 
@@ -19,6 +19,7 @@ use license_whitelist::{get_license_information_from_toml_config, IgnorePackage}
 use anyhow::{Context, Result};
 use log::debug;
 use rattler_conda_types::Platform;
+use serde::Deserialize;
 use spdx::Expression;
 
 use crate::license_info::LicenseInfos;
@@ -29,19 +30,33 @@ pub enum CondaDenyConfig {
     List(CondaDenyListConfig),
 }
 
+#[derive(Debug, Clone, clap::ValueEnum, Default, Deserialize, Copy)]
+#[serde(rename_all = "kebab-case")]
+pub enum OutputFormat {
+    #[serde(rename = "pretty")]
+    #[default]
+    Pretty,
+    #[serde(rename = "json")]
+    Json,
+    #[serde(rename = "csv")]
+    Csv,
+}
+
 /// Configuration for the check command
 #[derive(Debug)]
 pub struct CondaDenyCheckConfig {
     pub lockfile_or_prefix: LockfileOrPrefix,
     pub osi: bool,
     pub safe_licenses: Vec<Expression>,
     pub ignore_packages: Vec<IgnorePackage>,
+    pub output_format: OutputFormat,
 }
 
 /// Shared configuration between check and list commands
 #[derive(Debug)]
 pub struct CondaDenyListConfig {
     pub lockfile_or_prefix: LockfileOrPrefix,
+    pub output_format: OutputFormat,
 }
 
 #[derive(Debug, Clone)]
@@ -94,6 +109,7 @@ fn get_lockfile_or_prefix(
             }))
         }
     } else if !lockfile.is_empty() && !prefix.is_empty() {
+        // TODO: Specified prefixes override lockfiles
         Err(anyhow::anyhow!(
             "Both lockfiles and conda prefixes provided. Please only provide either or."
         ))
@@ -113,7 +129,7 @@ fn get_lockfile_or_prefix(
             ))
         } else if environments.is_some() {
             Err(anyhow::anyhow!(
-                "Cannot specify environments and conda prefixes at the same time"
+                "Cannot specify pixi environments and conda prefixes at the same time"
             ))
         } else if ignore_pypi.is_some() {
             Err(anyhow::anyhow!(
@@ -202,13 +218,17 @@ pub fn get_config_options(
         toml_config.get_ignore_pypi()
     };
 
+    let output_format = if cli_config.output_format().is_some() {
+        cli_config.output_format()
+    } else {
+        toml_config.get_output_format()
+    };
+
     let lockfile_or_prefix =
         get_lockfile_or_prefix(lockfile, prefix, platforms, environments, ignore_pypi)?;
 
     let config = match cli_config {
-        CondaDenyCliConfig::Check {
-            osi, ..
-        } => {
+        CondaDenyCliConfig::Check { osi, .. } => {
             // defaults to false
             let osi = if osi.is_some() {
                 osi
@@ -234,11 +254,13 @@ pub fn get_config_options(
                 osi,
                 safe_licenses,
                 ignore_packages,
+                output_format: output_format.unwrap_or(OutputFormat::Pretty),
             })
         }
-        CondaDenyCliConfig::List { .. } => {
-            CondaDenyConfig::List(CondaDenyListConfig { lockfile_or_prefix })
-        }
+        CondaDenyCliConfig::List { .. } => CondaDenyConfig::List(CondaDenyListConfig {
+            lockfile_or_prefix,
+            output_format: output_format.unwrap_or(OutputFormat::Pretty),
+        }),
     };
 
     Ok(config)
 
@@ -3,10 +3,9 @@ use std::path::{Path, PathBuf};
 use anyhow::{Context, Result};
 use colored::Colorize;
 use rattler_conda_types::PackageRecord;
+use serde::Serialize;
 use spdx::Expression;
 
-
-
 use crate::{
     conda_meta_entry::{CondaMetaEntries, CondaMetaEntry},
     expression_utils::{check_expression_safety, extract_license_texts, parse_expression},
@@ -15,7 +14,7 @@ use crate::{
     CheckOutput, CondaDenyCheckConfig, LockfileSpec,
 };
 
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Serialize)]
 pub struct LicenseInfo {
     pub package_name: String,
     pub version: String,
@@ -107,6 +106,7 @@ impl Ord for LicenseInfo {
     }
 }
 
+#[derive(Debug, Clone, Serialize)]
 pub struct LicenseInfos {
     pub license_infos: Vec<LicenseInfo>,
 }
@@ -254,19 +254,28 @@ impl LicenseInfos {
     }
 }
 
-#[derive(Debug, Clone, PartialEq)]
+#[derive(Debug, Clone, PartialEq, Serialize)]
 #[allow(clippy::large_enum_variant)]
 pub enum LicenseState {
+    #[serde(serialize_with = "serialize_expression")]
     Valid(Expression),
     Invalid(String),
 }
 
+fn serialize_expression<S>(expr: &Expression, serializer: S) -> Result<S::Ok, S::Error>
+where
+    S: serde::Serializer,
+{
+    serializer.serialize_str(&format!("{:?}", expr))
+}
+
 #[cfg(test)]
 mod tests {
 
     use super::*;
-    use crate::{conda_meta_entry::CondaMetaEntry, LockfileOrPrefix};
+    use crate::{conda_meta_entry::CondaMetaEntry, LockfileOrPrefix, OutputFormat};
     use spdx::Expression;
+
     #[test]
     fn test_license_info_from_conda_meta_entry() {
         let entry = CondaMetaEntry {
@@ -330,6 +339,7 @@ mod tests {
             osi: false,
             safe_licenses,
             ignore_packages,
+            output_format: OutputFormat::Pretty,
         };
 
         let (_, unsafe_dependencies) = unsafe_license_infos.check(&config).unwrap();