diff --git a/cmd/grant/cli/option/check.go b/cmd/grant/cli/option/check.go
index dc36156..9a08aae 100644
--- a/cmd/grant/cli/option/check.go
+++ b/cmd/grant/cli/option/check.go
@@ -1,6 +1,8 @@
 package option
 
-import "github.com/anchore/clio"
+import (
+	"github.com/anchore/clio"
+)
 
 type Check struct {
 	List        `json:",inline" yaml:",inline" mapstructure:",squash"`
@@ -14,14 +16,7 @@ func DefaultCheck() Check {
 		List:        DefaultList(),
 		Quiet:       false,
 		OsiApproved: false,
-		Rules: []Rule{
-			{
-				Name:     "deny-all",
-				Reason:   "grant by default will deny all licenses",
-				Pattern:  "*",
-				Severity: "high",
-			},
-		},
+		Rules:       []Rule{defaultDenyAll},
 	}
 }
 
diff --git a/cmd/grant/cli/option/rule.go b/cmd/grant/cli/option/rule.go
index d0dfd9f..632ece3 100644
--- a/cmd/grant/cli/option/rule.go
+++ b/cmd/grant/cli/option/rule.go
@@ -8,3 +8,10 @@ type Rule struct {
 	Mode       string   `json:"mode" yaml:"mode" mapstructure:"mode"`
 	Exceptions []string `json:"exceptions" yaml:"exceptions" mapstructure:"exceptions"`
 }
+
+var defaultDenyAll = Rule{
+	Name:    "default-deny-all",
+	Reason:  "grant by default will deny all licenses",
+	Mode:    "deny",
+	Pattern: "*",
+}
diff --git a/grant/case.go b/grant/case.go
index 0f9a25c..0a3ef7e 100644
--- a/grant/case.go
+++ b/grant/case.go
@@ -45,6 +45,7 @@ func NewCases(userInputs ...string) []Case {
 		log.Errorf("unable to create case handler: %+v", err)
 		return cases
 	}
+
 	defer ch.Close()
 	for _, userInput := range userInputs {
 		c, err := ch.determineRequestCase(userInput)
diff --git a/grant/policy.go b/grant/policy.go
index 3a371ce..23d2aed 100644
--- a/grant/policy.go
+++ b/grant/policy.go
@@ -14,6 +14,7 @@ type Policy struct {
 }
 
 var DefaultDenyAll = Rule{
+	Name:       "default-deny-all",
 	Glob:       glob.MustCompile("*"),
 	Exceptions: []glob.Glob{},
 	Mode:       Deny,
@@ -57,8 +58,7 @@ func (p Policy) IsDenied(license License, pkg *Package) (bool, *Rule) {
 		var toMatch string
 		if license.IsSPDX() {
 			toMatch = strings.ToLower(license.LicenseID)
-		}
-		if p.MatchNonSPDX && !license.IsSPDX() {
+		} else {
 			toMatch = strings.ToLower(license.Name)
 		}
 
diff --git a/grant/policy_test.go b/grant/policy_test.go
index 3e8c112..5fa24f7 100644
--- a/grant/policy_test.go
+++ b/grant/policy_test.go
@@ -73,3 +73,43 @@ func Test_NewPolicy(t *testing.T) {
 		})
 	}
 }
+
+func Test_Policy_DenyAll(t *testing.T) {
+	tests := []struct {
+		name string
+		p    Policy
+		want struct {
+			denied bool
+			rule   *Rule
+		}
+	}{
+		{
+			name: "Policy Default Deny All denies all licenses",
+			p:    DefaultPolicy(),
+			want: struct {
+				denied bool
+				rule   *Rule
+			}{
+				denied: true,
+				rule: &Rule{
+					Name:       "default deny all",
+					Glob:       glob.MustCompile("*"),
+					Exceptions: []glob.Glob{},
+					Mode:       Deny,
+					Reason:     "grant by default will deny all licenses",
+				},
+			},
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			denied, rule := tc.p.IsDenied(License{LicenseID: "MIT", SPDXExpression: "MIT"}, nil)
+			if denied != tc.want.denied {
+				t.Errorf("Expected %t, got %t", tc.want.denied, denied)
+			}
+			if diff := cmp.Diff(tc.want.rule, rule); diff != "" {
+				t.Errorf("IsDenied() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
diff --git a/test/cli/check_test.go b/test/cli/check_test.go
index 7f1e458..8b96124 100644
--- a/test/cli/check_test.go
+++ b/test/cli/check_test.go
@@ -1 +1,39 @@
 package cli
+
+import (
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func Test_CheckCmd(t *testing.T) {
+	tests := []struct {
+		name             string
+		args             []string
+		expectedInOutput []string
+	}{
+		{
+			name: "check command will deny all on empty config",
+			args: []string{"-c", emptyConfigPath, "check", "dir:../../."},
+			expectedInOutput: []string{
+				"check failed",
+				"license matches for rule: default-deny-all; matched with pattern *",
+				"Apache-2.0",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := exec.Command(grantTmpPath, tt.args...)
+			output, err := cmd.CombinedOutput()
+			if err != nil && !strings.Contains(err.Error(), "exit status 1") {
+				t.Fatalf("cmd.CombinedOutput() failed with %s\n %s", err, string(output))
+			}
+			for _, expected := range tt.expectedInOutput {
+				if !strings.Contains(string(output), expected) {
+					t.Errorf("expected %s to be in output, but it wasn't; output: %s", expected, string(output))
+				}
+			}
+		})
+	}
+}
diff --git a/test/cli/main_test.go b/test/cli/main_test.go
index 2ec45ac..180d1d2 100644
--- a/test/cli/main_test.go
+++ b/test/cli/main_test.go
@@ -7,7 +7,10 @@ import (
 	"testing"
 )
 
-const grantTmpPath = "../../.tmp/grant"
+const (
+	grantTmpPath    = "../../.tmp/grant"
+	emptyConfigPath = "../../.tmp/grant_empty.yaml"
+)
 
 func buildBinary() (string, error) {
 	buildCmd := exec.Command("go", "build", "-o", grantTmpPath, "../../cmd/grant/main.go") // Adjust the last argument to your package path if necessary
@@ -15,12 +18,22 @@ func buildBinary() (string, error) {
 	return grantTmpPath, err
 }
 
+func generateEmptyConfig() (string, error) {
+	emptyConfigCmd := exec.Command("touch", emptyConfigPath)
+	err := emptyConfigCmd.Run()
+	return emptyConfigPath, err
+}
+
 // setup function that you want to run before any tests
 func setup(m *testing.M) {
 	_, err := buildBinary()
 	if err != nil {
 		log.Fatalf("Failed to build binary: %v", err)
 	}
+	_, err = generateEmptyConfig()
+	if err != nil {
+		log.Fatalf("Failed to generate empty config: %v", err)
+	}
 }
 
 // teardown function to clean up after the tests