diff --git a/pkgs/tools/package-management/cargo-audit/default.nix b/pkgs/tools/package-management/cargo-audit/default.nix
new file mode 100644
index 000000000000..45422f613d0d
--- /dev/null
+++ b/pkgs/tools/package-management/cargo-audit/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, lib, rustPlatform, fetchFromGitHub, openssl, pkg-config, Security, libiconv }:
+rustPlatform.buildRustPackage rec {
+  pname = "cargo-audit";
+  version = "0.9.1";
+
+  src = fetchFromGitHub {
+    owner = "RustSec";
+    repo = "cargo-audit";
+    rev = "v${version}";
+    sha256 = "0j556dh0lf2l8nq7pfl5bbypgsvp00fh6ckms9wr4dgb8xvpf2r1";
+  };
+
+  cargoSha256 = "0200x0bdllq7mpxmp7ly5jarpkc3gpg22gxq8qvdbnmyd39b7wx0";
+
+  buildInputs = [ openssl libiconv ] ++ lib.optionals stdenv.isDarwin [ Security ];
+  nativeBuildInputs = [ pkg-config ];
+
+  # The tests require network access which is not available in sandboxed Nix builds.
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Audit Cargo.lock files for crates with security vulnerabilities";
+    homepage = "https://rustsec.org";
+    license = with licenses; [ mit asl20 ];
+    maintainers = with maintainers; [ basvandijk ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b7308fff8ac7..25ac15f3a973 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -8371,6 +8371,9 @@ in
 
   defaultCrateOverrides = callPackage ../build-support/rust/default-crate-overrides.nix { };
 
+  cargo-audit = callPackage ../tools/package-management/cargo-audit {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
   cargo-download = callPackage ../tools/package-management/cargo-download { };
   cargo-edit = callPackage ../tools/package-management/cargo-edit { };
   cargo-graph = callPackage ../tools/package-management/cargo-graph { };