diff --git a/pkgs/development/tools/pip-audit/default.nix b/pkgs/development/tools/pip-audit/default.nix
new file mode 100644
index 000000000000..f8dd0d94806d
--- /dev/null
+++ b/pkgs/development/tools/pip-audit/default.nix
@@ -0,0 +1,75 @@
+{ lib
+, fetchFromGitHub
+, fetchpatch
+, python3
+}:
+
+let
+  py = python3.override {
+    packageOverrides = self: super: {
+
+      # ansible doesn't support resolvelib > 0.6.0 and can't have an override
+      resolvelib = super.resolvelib.overridePythonAttrs (oldAttrs: rec {
+        version = "0.8.1";
+        src = fetchFromGitHub {
+          owner = "sarugaku";
+          repo = "resolvelib";
+          rev = version;
+          sha256 = "1qpd0gg9yl0kbamlgjs9pkxd39kx511kbc92civ77v0ka5sw8ca0";
+        };
+      });
+    };
+  };
+in
+with py.pkgs;
+
+buildPythonApplication rec {
+  pname = "pip-audit";
+  version = "2.0.0";
+  format = "setuptools";
+
+  src = fetchFromGitHub {
+    owner = "trailofbits";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-JHRUYugptbsbqyXy5IxBVQq1NNbTR1xdt791ZQ2jP7s=";
+  };
+
+  propagatedBuildInputs = [
+    cachecontrol
+    cyclonedx-python-lib
+    html5lib
+    packaging
+    pip-api
+    progress
+    resolvelib
+  ];
+
+  checkInputs = [
+    pretend
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "pip_audit"
+  ];
+
+  disabledTestPaths = [
+    "test/dependency_source/test_requirement.py"
+    "test/dependency_source/test_resolvelib.py"
+    "test/service/test_pypi.py"
+    "test/service/test_osv.py"
+  ];
+
+  disabledTests = [
+    "test_get_pip_cache"
+    "test_virtual_env"
+  ];
+
+  meta = with lib; {
+    description = "Tool for scanning Python environments for known vulnerabilities";
+    homepage = "https://github.com/trailofbits/pip-audit";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 1b754a6a5905..f3976591ef6f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -14433,6 +14433,8 @@ with pkgs;
 
   poetry2conda = python3Packages.callPackage ../development/python-modules/poetry2conda { };
 
+  pip-audit = callPackage ../development/tools/pip-audit {};
+
   pipenv = callPackage ../development/tools/pipenv {};
 
   pipewire = callPackage ../development/libraries/pipewire {