diff --git a/pkgs/tools/security/cdxgen/default.nix b/pkgs/tools/security/cdxgen/default.nix
new file mode 100644
index 00000000000..ffdd977da41
--- /dev/null
+++ b/pkgs/tools/security/cdxgen/default.nix
@@ -0,0 +1,27 @@
+{ lib
+, fetchFromGitHub
+, buildNpmPackage
+}:
+
+buildNpmPackage rec {
+  pname = "cdxgen";
+  version = "6.0.14";
+
+  src = fetchFromGitHub {
+    owner = "AppThreat";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-ddeX2EwA2g6wgfsNxf/5ZVsQOHlINGhxif/y6368wCw=";
+  };
+
+  npmDepsHash = "sha256-CJ939wT9dKUzMDH2yHKgT056F2AVBevJlS/NhUBjx0E=";
+
+  dontNpmBuild = true;
+
+  meta = with lib; {
+    description = "Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images";
+    homepage = "https://github.com/AppThreat/cdxgen";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ dit7ya ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 4bd9165aca4..b39d6622841 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3861,6 +3861,8 @@ with pkgs;
 
   cde = callPackage ../tools/package-management/cde { };
 
+  cdxgen = callPackage ../tools/security/cdxgen { };
+
   ceres-solver = callPackage ../development/libraries/ceres-solver {
     gflags = null; # only required for examples/tests
   };