diff --git a/.github/dependency-review-config.yaml b/.github/dependency-review-config.yaml
index df8f653..08389a1 100644
--- a/.github/dependency-review-config.yaml
+++ b/.github/dependency-review-config.yaml
@@ -11,7 +11,10 @@ allow-licenses:
 - 'X11'
 - 'Zlib'
 
+allow-dependencies-licenses:
 # this action is GPL-3 but it is only used in CI
 # https://github.com/actions/dependency-review-action/issues/530#issuecomment-1638291806
-allow-dependencies-licenses: >
-  pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787
+- pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787
+# this package is MPL-2.0 and has a CNCF exception
+# https://github.com/cncf/foundation/blob/9b8c9173c2101c1b4aedad3caf2c0128715133f6/license-exceptions/cncf-exceptions-2022-04-12.json#L43C17-L43C47
+- pkg:golang/github.com/go-sql-driver/mysql