diff --git a/DEVELOPERS b/DEVELOPERS
index 6478cdad0bc..9e983ae1132 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -156,6 +156,7 @@ F:	package/zabbix/
 
 N: 	Alexis Lothoré <alexis.lothore@bootlin.com>
 F:	package/libxmlsec1/
+F:	package/openscap/
 F: 	package/python-scp/
 
 N:	Alistair Francis <alistair@alistair23.me>
diff --git a/package/Config.in b/package/Config.in
index 93d15975cbe..371a1c33e1f 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2290,6 +2290,7 @@ menu "Security"
 	source "package/libselinux/Config.in"
 	source "package/libsemanage/Config.in"
 	source "package/libsepol/Config.in"
+	source "package/openscap/Config.in"
 	source "package/safeclib/Config.in"
 	source "package/softhsm2/Config.in"
 endmenu
diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index d9a712bcb6a..7ebf26c3b15 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -185,4 +185,16 @@ endef
 LIBCURL_POST_INSTALL_TARGET_HOOKS += LIBCURL_TARGET_CLEANUP
 endif
 
+HOST_LIBCURL_DEPENDENCIES = host-openssl
+HOST_LIBCURL_CONF_OPTS = \
+	--disable-manual \
+	--disable-ntlm-wb \
+	--disable-curldebug \
+	--with-ssl \
+	--without-gnutls \
+	--without-mbedtls \
+	--without-nss \
+	--without-libpsl
+
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))
diff --git a/package/openscap/Config.in b/package/openscap/Config.in
new file mode 100644
index 00000000000..317055c7532
--- /dev/null
+++ b/package/openscap/Config.in
@@ -0,0 +1,24 @@
+config BR2_PACKAGE_OPENSCAP
+	bool "openscap"
+	depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS  # libgcrypt
+	depends on !BR2_STATIC_LIBS # dlfcn.h
+	select BR2_PACKAGE_LIBCURL
+	# In theory should build without crypto, but in practice it
+	# doesn't: https://github.com/OpenSCAP/openscap/issues/2310
+	select BR2_PACKAGE_LIBGCRYPT if !BR2_PACKAGE_LIBNSS
+	select BR2_PACKAGE_LIBXML2
+	select BR2_PACKAGE_LIBXSLT
+	select BR2_PACKAGE_LIBXMLSEC1
+	select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
+	select BR2_PACKAGE_PCRE
+	select BR2_PACKAGE_PCRE_UTF
+	help
+	  The purpose of this project is to create security policy
+	  content for various platforms
+
+	  https://www.open-scap.org/
+	  https://github.com/OpenSCAP/openscap
+
+comment "openscap needs a toolchain w/ dynamic library"
+	depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS
+	depends on BR2_STATIC_LIBS
diff --git a/package/openscap/openscap.hash b/package/openscap/openscap.hash
new file mode 100644
index 00000000000..e98631372d5
--- /dev/null
+++ b/package/openscap/openscap.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  6e61913fca3a74d310d7cf9354973eeaefa42be909ae649af1df48c3c08bc6ff  openscap-1.3.12.tar.gz
+sha256  5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a  COPYING
diff --git a/package/openscap/openscap.mk b/package/openscap/openscap.mk
new file mode 100644
index 00000000000..20427524d79
--- /dev/null
+++ b/package/openscap/openscap.mk
@@ -0,0 +1,75 @@
+################################################################################
+#
+# openscap
+#
+################################################################################
+
+OPENSCAP_VERSION = 1.3.12
+OPENSCAP_SITE = https://github.com/OpenSCAP/openscap/releases/download/$(OPENSCAP_VERSION)
+OPENSCAP_LICENSE = LGPL-2.1+
+OPENSCAP_LICENSE_FILES = COPYING
+OPENSCAP_SUPPORTS_IN_SOURCE_BUILD = NO
+OPENSCAP_INSTALL_STAGING = YES
+
+OPENSCAP_DEPENDENCIES = \
+	host-pkgconf \
+	libcurl \
+	libxml2 \
+	libxmlsec1 \
+	libxslt \
+	pcre
+
+HOST_OPENSCAP_DEPENDENCIES = \
+	host-pkgconf \
+	host-libcurl \
+	host-libgcrypt \
+	host-libxml2 \
+	host-libxmlsec1 \
+	host-libxslt \
+	host-pcre
+
+OPENSCAP_CONF_OPTS = \
+	-DENABLE_OSCAP_UTIL=ON \
+	-DENABLE_OSCAP_UTIL_DOCKER=OFF \
+	-DENABLE_OSCAP_UTIL_CHROOT=OFF \
+	-DENABLE_OSCAP_UTIL_PODMAN=OFF \
+	-DENABLE_OSCAP_UTIL_VM=OFF \
+	-DENABLE_PROBES_WINDOWS=OFF \
+	-DENABLE_TESTS=OFF \
+	-DWITH_CRYPTO=gcrypt \
+	-DENABLE_PYTHON3=OFF
+
+HOST_OPENSCAP_CONF_OPTS = \
+	-DENABLE_OSCAP_UTIL=ON \
+	-DENABLE_OSCAP_UTIL_DOCKER=OFF \
+	-DENABLE_OSCAP_UTIL_CHROOT=OFF \
+	-DENABLE_OSCAP_UTIL_PODMAN=OFF \
+	-DENABLE_OSCAP_UTIL_VM=OFF \
+	-DENABLE_PROBES_WINDOWS=OFF \
+	-DENABLE_TESTS=OFF \
+	-DWITH_CRYPTO=gcrypt \
+	-DENABLE_PYTHON3=OFF
+
+ifeq ($(BR2_PACKAGE_ACL),y)
+OPENSCAP_DEPENDENCIES += acl
+endif
+
+ifeq ($(BR2_PACKAGE_LIBCAP),y)
+OPENSCAP_DEPENDENCIES += libcap
+endif
+
+ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
+OPENSCAP_DEPENDENCIES += libgcrypt
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNSS),y)
+OPENSCAP_DEPENDENCIES += libnss
+endif
+
+ifneq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
+OPENSCAP_DEPENDENCIES += musl-fts
+OPENSCAP_CONF_OPTS += -DCMAKE_EXE_LINKER_FLAGS=-lfts
+endif
+
+$(eval $(cmake-package))
+$(eval $(host-cmake-package))