diff --git a/pkgs/tools/security/slsa-verifier/default.nix b/pkgs/tools/security/slsa-verifier/default.nix
new file mode 100644
index 000000000000..188052452db2
--- /dev/null
+++ b/pkgs/tools/security/slsa-verifier/default.nix
@@ -0,0 +1,43 @@
+{ lib
+, fetchFromGitHub
+, buildGoModule
+}:
+
+buildGoModule rec {
+  pname = "slsa-verifier";
+  version = "2.0.1";
+
+  src = fetchFromGitHub {
+    owner = "slsa-framework";
+    repo = "slsa-verifier";
+    rev = "v${version}";
+    hash = "sha256-Gef8TQSd6bTWIzFOQ9xjqB49We7IKBu9p/Lb426nNbc=";
+  };
+
+  vendorHash = "sha256-1syIEjvqYHCiOLf8Fc2vghFKfN6ADM05By11jGNZODs=";
+
+  CGO_ENABLED = 0;
+  GO111MODULE = "on";
+  GOFLAGS = "-trimpath";
+
+  subPackages = [ "cli/slsa-verifier" ];
+
+  tags = [ "netgo" ];
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-buildid="
+    "-X sigs.k8s.io/release-utils/version.gitVersion=${version}"
+  ];
+
+  doCheck = false;
+
+  meta = {
+    homepage = "https://github.com/slsa-framework/slsa-verifier";
+    changelog = "https://github.com/slsa-framework/slsa-verifier/releases/tag/v${version}";
+    description = "Verify provenance from SLSA compliant builders";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ developer-guy mlieberman85 ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a4ad447c5e2b..4cd388cfc00e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12164,6 +12164,8 @@ with pkgs;
 
   slowlorust = callPackage ../tools/networking/slowlorust { };
 
+  slsa-verifier = callPackage ../tools/security/slsa-verifier { };
+
   slsnif = callPackage ../tools/misc/slsnif { };
 
   slstatus = callPackage ../applications/misc/slstatus {