diff --git a/pkgs/by-name/op/openscap/package.nix b/pkgs/by-name/op/openscap/package.nix
new file mode 100755
index 000000000000..4f807219d31f
--- /dev/null
+++ b/pkgs/by-name/op/openscap/package.nix
@@ -0,0 +1,160 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  cmake,
+  libsepol,
+  popt,
+  libxml2,
+  libxslt,
+  openssl,
+  util-linux,
+  pcre2,
+  pcre,
+  libselinux,
+  graphviz,
+  glib,
+  python3,
+  swig,
+  libgcrypt,
+  opendbx,
+  xmlbird,
+  haskellPackages,
+  libyaml,
+  yaml-filter,
+  xmlsec,
+  bzip2,
+  valgrind,
+  asciidoc,
+  installShellFiles,
+  rpm,
+  system-sendmail,
+  hyperscan,
+  gnome2,
+  curl,
+  procps,
+  systemd,
+  perl,
+  doxygen,
+  pkg-config,
+  perl538Packages,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "openscap";
+  version = "1.3.10";
+
+  src = fetchFromGitHub {
+    owner = "OpenSCAP";
+    repo = "openscap";
+    rev = version;
+    hash = "sha256-P7k+Ygz/XmpTSKBEqbyJsd1bIDVJ1HA/RJdrEtjYD5g=";
+  };
+
+  strictDeps = true;
+
+  nativeBuildInputs = [
+    cmake
+    asciidoc
+    doxygen
+    rpm
+    swig
+    util-linux
+    pkg-config
+  ];
+
+  buildInputs =
+    with perl538Packages;
+    [
+      XMLXPath
+      LinuxACL
+      XMLTokeParser
+    ]
+    ++ [
+      perl
+      popt
+      openssl
+      valgrind
+      pcre2
+      pcre
+      libxslt
+      xmlsec
+      hyperscan
+      libselinux
+      libyaml
+      xmlbird
+      installShellFiles
+      bzip2
+      yaml-filter
+      python3
+      libgcrypt
+      libxml2
+      systemd
+      haskellPackages.pthread
+      graphviz
+      system-sendmail
+      procps
+      libsepol
+      curl
+      glib
+      gnome2.ORBit2
+      opendbx
+    ];
+
+  prePatch = ''
+    export SWIG_PERL_DIR=lib/perl
+    substituteInPlace swig/perl/CMakeLists.txt \
+      --replace-fail "DESTINATION ''${PERL_VENDORLIB}" "DESTINATION ''${SWIG_PERL_DIR}''${PERL_VERSION}" \
+      --replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"
+    substituteInPlace src/common/oscap_pcre.c \
+      --replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>" \
+      --replace-fail "#include <pcre.h>" "#include <${pcre.dev}/include/pcre.h>"
+  '';
+
+  cmakeFlags = [
+    "-DPCRE2_INCLUDE_DIRS=${pcre2.dev}/include"
+    "-DPCRE2_LIBRARIES=${pcre2.out}/lib"
+    "-DENABLE_DOCS=TRUE"
+    "-DENABLE_TESTS=TRUE"
+    "-DENABLE_OSCAP_UTIL=TRUE"
+    "-DENABLE_OSCAP_UTIL_CHROOT=TRUE"
+    "-DENABLE_OSCAP_UTIL_SSH=TRUE"
+    "-DENABLE_OSCAP_UTIL_DOCKER=TRUE"
+    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
+    "-DOPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT=TRUE"
+    "-DSYSTEMD_UNITDIR=lib/systemd/system"
+    "-DENABLE_VALGRIND=TRUE"
+    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
+    "-DPYTHON_SITE_PACKAGES_INSTALL_DIR=${python3.pkgs.python.sitePackages}"
+    "-DOPENSCAP_INSTALL_DESTINATION=bin"
+    "-DCMAKE_INSTALL_BINDIR=bin"
+    "-DCMAKE_INSTALL_MANDIR=share"
+    "-DENABLE_MITRE=TRUE"
+    "-DCMAKE_INSTALL_LIBDIR=lib"
+    "-DCMAKE_INSTALL_INCLUDEDIR=include"
+    "-DCMAKE_INSTALL_DATADIR=share"
+    "-DBUILD_TESTING=ON"
+    "-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON"
+    "-DCMAKE_POLICY_DEFAULT_CMP0025=NEW"
+  ];
+
+  postBuild = ''
+    make docs
+  '';
+
+  installPhase = ''
+    make install
+    installManPage $out/share/man8/*.8
+    rm -rf $out/share/man8
+  '';
+
+  meta = {
+    description = "NIST Certified SCAP 1.2 toolkit";
+    homepage = "https://github.com/OpenSCAP/openscap";
+    changelog = "https://github.com/OpenSCAP/openscap/blob/${src.rev}/NEWS";
+    license = lib.licenses.lgpl21Only;
+    maintainers = with lib.maintainers; [ tochiaha ];
+    mainProgram = "oscap";
+    platforms = [ "x86_64-linux" ];
+  };
+}