diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 093755a13e8f..aa145718230c 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -6034,6 +6034,12 @@
     githubId = 982322;
     name = "Henrik Olsson";
   };
+  henrirosten = {
+    email = "henri.rosten@unikie.com";
+    github = "henrirosten";
+    githubId = 49935860;
+    name = "Henri Rosten";
+  };
   henrytill = {
     email = "henrytill@gmail.com";
     github = "henrytill";
diff --git a/pkgs/tools/security/sbomnix/default.nix b/pkgs/tools/security/sbomnix/default.nix
new file mode 100644
index 000000000000..2449573c080a
--- /dev/null
+++ b/pkgs/tools/security/sbomnix/default.nix
@@ -0,0 +1,55 @@
+{ lib
+, fetchFromGitHub
+, coreutils
+, curl
+, gnugrep
+, gnused
+, gzip
+, nix
+, python
+  # python libs
+, colorlog
+, graphviz
+, numpy
+, packageurl-python
+, pandas
+, requests
+, reuse
+, tabulate
+}:
+
+python.pkgs.buildPythonApplication rec {
+  pname = "sbomnix";
+  version = "1.4.5";
+
+  src = fetchFromGitHub {
+    owner = "tiiuae";
+    repo = pname;
+    rev = "refs/tags/v${version}";
+    hash = "sha256-RxDFxVGivVBw2uhtzf231Q2HHTBFKSqGrknr2Es/ygM=";
+  };
+
+  makeWrapperArgs = [
+    "--prefix PATH : ${lib.makeBinPath [ coreutils curl gnugrep gnused gzip graphviz nix ]}"
+  ];
+
+  propagatedBuildInputs = [
+    colorlog
+    graphviz
+    numpy
+    packageurl-python
+    pandas
+    requests
+    reuse
+    tabulate
+  ];
+
+  pythonImportsCheck = [ "sbomnix" ];
+
+  meta = with lib; {
+    description = "Generate SBOMs for nix targets";
+    homepage = "https://github.com/tiiuae/sbomnix";
+    license = with licenses; [ asl20 bsd3 cc-by-30 ];
+    maintainers = with maintainers; [ henrirosten jk ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 00de72fa70b6..326af8ccc4a9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -18759,6 +18759,8 @@ with pkgs;
 
   sawjap = callPackage ../development/tools/java/sawjap { };
 
+  sbomnix = python3.pkgs.callPackage ../tools/security/sbomnix { };
+
   sd-local = callPackage ../development/tools/sd-local { };
 
   seer = libsForQt5.callPackage ../development/tools/misc/seer { };