diff --git a/scanners/boostsecurityio/pnpm-audit/README.md b/scanners/boostsecurityio/pnpm-audit/README.md
new file mode 100644
index 0000000..73c9361
--- /dev/null
+++ b/scanners/boostsecurityio/pnpm-audit/README.md
@@ -0,0 +1,7 @@
+# boostsecurityio/npm-audit
+
+## Environment variables
+
+### `NPM_AUDIT_ARGS`
+
+Additionnal arguments given to `npm audit`.
diff --git a/scanners/boostsecurityio/pnpm-audit/module.yaml b/scanners/boostsecurityio/pnpm-audit/module.yaml
new file mode 100644
index 0000000..c98ec5a
--- /dev/null
+++ b/scanners/boostsecurityio/pnpm-audit/module.yaml
@@ -0,0 +1,33 @@
+api_version: 1.0
+
+
+id: boostsecurityio/pnpm-audit
+name: pnpm-audit
+namespace: boostsecurityio/pnpm-audit
+scan_types:
+  - sca
+
+config:
+  support_diff_scan: true
+  include_files:
+    - pnpm-lock.yaml
+
+steps:
+  - scan:
+      command:
+        docker:
+          image: node:18.12-alpine3.16@sha256:1f09c210a17508d34277971b19541a47a26dc5a641dedc03bd28cff095052996
+          command: |
+            sh -c 'npm install -g pnpm@latest-10 && pnpm audit --json $PNPM_AUDIT_ARGS || true'
+          workdir: /src
+          environment:
+            HOME: /tmp
+            PNPM_AUDIT_ARGS: ${PNPM_AUDIT_ARGS:-}
+      format: sarif
+      post-processor:
+        docker:
+            image: public.ecr.aws/boostsecurityio/boost-converter-sca:6e4b6c1@sha256:417c90b672b016b01dac84a4cf24d3a042503b6ddcfd1ba22ebd24d229f78883
+            command: |
+              process --scanner pnpm-audit
+            environment:
+                PYTHONIOENCODING: utf-8
diff --git a/scanners/boostsecurityio/pnpm-audit/rules.yaml b/scanners/boostsecurityio/pnpm-audit/rules.yaml
new file mode 100644
index 0000000..f3edfd8
--- /dev/null
+++ b/scanners/boostsecurityio/pnpm-audit/rules.yaml
@@ -0,0 +1,2 @@
+import:
+  - boostsecurityio/sca-cve