diff --git a/tools/packaging/static-build/tools/Dockerfile b/tools/packaging/static-build/tools/Dockerfile
new file mode 100644
index 0000000000..aa468488dc
--- /dev/null
+++ b/tools/packaging/static-build/tools/Dockerfile
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM alpine:3.18
+ARG GO_TOOLCHAIN
+ARG RUST_TOOLCHAIN
+
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+RUN apk --no-cache add \
+        bash \
+        curl \
+        gcc \
+        git \
+        libcap-ng-static \
+        libseccomp-static \
+        make \
+        musl-dev \
+        protoc && \
+    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
diff --git a/tools/packaging/static-build/tools/build-static-tools.sh b/tools/packaging/static-build/tools/build-static-tools.sh
new file mode 100755
index 0000000000..15e9f740a5
--- /dev/null
+++ b/tools/packaging/static-build/tools/build-static-tools.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2023 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+init_env() {
+	source "$HOME/.cargo/env"
+
+	export LIBC=musl
+	export LIBSECCOMP_LINK_TYPE=static
+	export LIBSECCOMP_LIB_PATH=/usr/lib
+
+	extra_rust_flags=" -C link-self-contained=yes"
+}
+
+build_tool_from_source() {
+	set -x
+	tool=${1}
+
+	echo "build ${tool} from source"
+	init_env
+
+	cd src/tools/${tool}
+	make
+}
+
+build_tool_from_source $@
diff --git a/tools/packaging/static-build/tools/build.sh b/tools/packaging/static-build/tools/build.sh
new file mode 100755
index 0000000000..11abe7bb22
--- /dev/null
+++ b/tools/packaging/static-build/tools/build.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2023 Intel
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly tools_builder="${script_dir}/build-static-tools.sh"
+
+source "${script_dir}/../../scripts/lib.sh"
+
+tool="${1}"
+
+container_image="${VIRTIOFSD_CONTAINER_BUILDER:-$(get_tools_image_name)}"
+[ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
+
+sudo docker pull ${container_image} || \
+	(sudo docker $BUILDX build $PLATFORM \
+	    	--build-arg RUST_TOOLCHAIN="$(get_from_kata_deps "languages.rust.meta.newest-version")" \
+		-t "${container_image}" "${script_dir}" && \
+	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"
+	 push_to_registry "${container_image}")
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${repo_root_dir}" \
+	"${container_image}" \
+	bash -c "${tools_builder} ${tool}"