diff --git a/pkgs/development/tools/flawfinder/default.nix b/pkgs/development/tools/flawfinder/default.nix
new file mode 100644
index 00000000000..28805b4abe4
--- /dev/null
+++ b/pkgs/development/tools/flawfinder/default.nix
@@ -0,0 +1,35 @@
+{ lib
+, stdenv
+, fetchurl
+, installShellFiles
+, python3
+}:
+
+stdenv.mkDerivation rec {
+  pname = "flawfinder";
+  version = "2.0.15";
+
+  src = fetchurl {
+    url = "https://dwheeler.com/flawfinder/flawfinder-${version}.tar.gz";
+    sha256 = "01j4szy8gwvikrfzfayfayjnc1za0jxsnxp5fsa6d06kn69wyr8a";
+  };
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  buildInputs = [ python3 ];
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/bin
+    cp ${pname} $out/bin
+    installManPage flawfinder.1
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Tool to examines C/C++ source code for security flaws";
+    homepage = "https://dwheeler.com/flawfinder/";
+    license = with licenses; [ gpl2Only ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c1d3fd879bc..8a59644d004 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -4412,6 +4412,8 @@ in
 
   flamegraph = callPackage ../development/tools/flamegraph { };
 
+  flawfinder = callPackage ../development/tools/flawfinder { };
+
   flips = callPackage ../tools/compression/flips { };
 
   fmbt = callPackage ../development/tools/fmbt {