diff --git a/pkgs/tools/security/kubeaudit/default.nix b/pkgs/tools/security/kubeaudit/default.nix
new file mode 100644
index 00000000000..76cf9f65c36
--- /dev/null
+++ b/pkgs/tools/security/kubeaudit/default.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "kubeaudit";
+  version = "0.16.0";
+
+  src = fetchFromGitHub {
+    owner = "Shopify";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-AIvH9HF0Ha1b+NZiJmiT6beYuKnCqJMXKzDFUzV9J4c=";
+  };
+
+  vendorSha256 = "sha256-XrEzkhQU/KPElQNgCX6yWDMQXZSd3lRXmUDJpsj5ACY=";
+
+  postInstall = ''
+    mv $out/bin/cmd $out/bin/$pname
+  '';
+
+  # Tests require a running Kubernetes instance
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Audit tool for Kubernetes";
+    homepage = "https://github.com/Shopify/kubeaudit";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8a226e7cc34..187615e0843 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -14779,6 +14779,8 @@ with pkgs;
 
   kube-aws = callPackage ../development/tools/kube-aws { };
 
+  kubeaudit = callPackage ../tools/security/kubeaudit { };
+
   kubectx = callPackage ../development/tools/kubectx { };
 
   kube-prompt = callPackage ../development/tools/kube-prompt { };