diff --git a/pkgs/by-name/oc/octoscan/package.nix b/pkgs/by-name/oc/octoscan/package.nix
new file mode 100644
index 000000000000..c3a6e4d50b96
--- /dev/null
+++ b/pkgs/by-name/oc/octoscan/package.nix
@@ -0,0 +1,33 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+}:
+
+buildGoModule rec {
+  pname = "octoscan";
+  version = "0-unstable-2024-08-25";
+
+  src = fetchFromGitHub {
+    owner = "synacktiv";
+    repo = "octoscan";
+    # https://github.com/synacktiv/octoscan/issues/7
+    rev = "69f0761fe4d31f7fe4050fde5fd807364155fde4";
+    hash = "sha256-2aCjqjBDXqGbu94o22JRpJ5nUv8U46JGRcrBJCINflQ=";
+  };
+
+  vendorHash = "sha256-9IT8qTFzn8otWGTBP7ODcT8iBckIJ/3+jkbF1dq6aDw=";
+
+  ldflags = [
+    "-s"
+    "-w"
+  ];
+
+  meta = {
+    description = "Static vulnerability scanner for GitHub action workflows";
+    homepage = "https://github.com/synacktiv/octoscan";
+    license = lib.licenses.gpl3Only;
+    maintainers = with lib.maintainers; [ fab ];
+    mainProgram = "octoscan";
+  };
+}