diff --git a/Makefile b/Makefile
index c761729..112598d 100644
--- a/Makefile
+++ b/Makefile
@@ -37,6 +37,22 @@ tag_checked_out:
 	git checkout -q tags/${BUILDTAG}
 	@echo Don\'t forget that we are in checked out tag $(BUILDTAG) now.
 
+# use bash shell arithmetic and sed to turn a `git describe` version
+# into a semver version. For this we increase the PATCH number, so that
+# any commit after a tag is considered newer than the semver from the tag
+# without an optional 'v'
+GITDESC := $(shell git describe)
+GITDESCPATCH := $(shell echo '$(GITDESC)' | sed -E 's/v?[0-9]+\.[0-9]+\.([0-9]+)[-+]?.*/\1/')
+SEMVERPATCH := $(shell echo $$(( $(GITDESCPATCH) + 1 )))
+# Hint: The regexp in the next line only matches if there is a hyphen (`-`)
+#       and we can assume that git describe has added a string after the tag
+SEMVER := $(shell echo '$(GITDESC)' | sed -E 's/v?([0-9]+\.[0-9]+\.)([0-9]+)(-.*)/\1$(SEMVERPATCH)\3/' )
+testsemver:
+	@echo from \'$(GITDESC)\' transformed to \'$(SEMVER)\'
+
+
+# Set -ldflags parameter to pass the semversion.
+LDFLAGS = -ldflags "-X github.com/csaf-poc/csaf_distribution/util.SemVersion=$(SEMVER)"
 
 # Build binaries and place them under bin-$(GOOS)-$(GOARCH)
 # Using 'Target-specific Variable Values' to specify the build target system
@@ -48,7 +64,7 @@ build_win: GOOS = windows
 build_linux build_win:
 	$(eval BINDIR = bin-$(GOOS)-$(GOARCH)/ )
 	$(MKDIR) $(BINDIR)
-	env GOARCH=$(GOARCH) GOOS=$(GOOS) $(BUILD) -o $(BINDIR) -v ./cmd/...
+	env GOARCH=$(GOARCH) GOOS=$(GOOS) $(BUILD) -o $(BINDIR) $(LDFLAGS) -v ./cmd/...
 
 
 # Remove bin-*-* directories
diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go
index 30406a7..a4ae759 100644
--- a/cmd/csaf_checker/main.go
+++ b/cmd/csaf_checker/main.go
@@ -3,8 +3,8 @@
 //
 // SPDX-License-Identifier: MIT
 //
-// SPDX-FileCopyrightText: 2021 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
-// Software-Engineering: 2021 Intevation GmbH <https://intevation.de>
+// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
 
 package main
 
@@ -12,11 +12,13 @@ import (
 	"bufio"
 	_ "embed" // Used for embedding.
 	"encoding/json"
+	"fmt"
 	"html/template"
 	"io"
 	"log"
 	"os"
 
+	"github.com/csaf-poc/csaf_distribution/util"
 	"github.com/jessevdk/go-flags"
 )
 
@@ -29,6 +31,7 @@ type options struct {
 	Insecure   bool    `long:"insecure" description:"Do not check TLS certificates from provider"`
 	ClientCert *string `long:"client-cert" description:"TLS client certificate file (PEM encoded data)" value-name:"CERT-FILE"`
 	ClientKey  *string `long:"client-key" description:"TLS client private key file (PEM encoded data)" value-name:"KEY-FILE"`
+	Version    bool    `long:"version" description:"Display version of the binary"`
 }
 
 func errCheck(err error) {
@@ -132,6 +135,11 @@ func main() {
 	domains, err := flags.Parse(opts)
 	errCheck(err)
 
+	if opts.Version {
+		fmt.Println(util.SemVersion)
+		return
+	}
+
 	if len(domains) == 0 {
 		log.Println("No domains given.")
 		return
diff --git a/cmd/csaf_provider/main.go b/cmd/csaf_provider/main.go
index 29a64ec..daaefb3 100644
--- a/cmd/csaf_provider/main.go
+++ b/cmd/csaf_provider/main.go
@@ -9,16 +9,32 @@
 package main
 
 import (
+	"fmt"
 	"log"
 	"net/http/cgi"
+
+	"github.com/csaf-poc/csaf_distribution/util"
+	"github.com/jessevdk/go-flags"
 )
 
+type options struct {
+	Version bool `long:"version" description:"Display version of the binary"`
+}
+
 func main() {
 	cfg, err := loadConfig()
 	if err != nil {
 		log.Fatalf("error: %v\n", err)
 	}
 
+	var opts options
+	parser := flags.NewParser(&opts, flags.Default)
+	parser.Parse()
+	if opts.Version {
+		fmt.Println(util.SemVersion)
+		return
+	}
+
 	c, err := newController(cfg)
 	if err != nil {
 		log.Fatalf("error: %v\n", err)
diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go
index 7b4c49e..dcee311 100644
--- a/cmd/csaf_uploader/main.go
+++ b/cmd/csaf_uploader/main.go
@@ -23,6 +23,7 @@ import (
 
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/csaf-poc/csaf_distribution/csaf"
+	"github.com/csaf-poc/csaf_distribution/util"
 	"github.com/jessevdk/go-flags"
 	"github.com/mitchellh/go-homedir"
 	"golang.org/x/crypto/bcrypt"
@@ -48,7 +49,8 @@ type options struct {
 
 	Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider"`
 
-	Config *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"`
+	Config  *string `short:"c" long:"config" description:"Path to config ini file" value-name:"INI-FILE" no-ini:"true"`
+	Version bool    `long:"version" description:"Display version of the binary"`
 }
 
 type processor struct {
@@ -359,6 +361,11 @@ func main() {
 	args, err := parser.Parse()
 	check(err)
 
+	if opts.Version {
+		fmt.Println(util.SemVersion)
+		return
+	}
+
 	if opts.Config != nil {
 		iniParser := flags.NewIniParser(parser)
 		iniParser.ParseAsDefaults = true
diff --git a/util/file.go b/util/file.go
index 66b7240..8e71851 100644
--- a/util/file.go
+++ b/util/file.go
@@ -3,8 +3,8 @@
 //
 // SPDX-License-Identifier: MIT
 //
-// SPDX-FileCopyrightText: 2021 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
-// Software-Engineering: 2021 Intevation GmbH <https://intevation.de>
+// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
 
 package util
 
@@ -17,6 +17,10 @@ import (
 	"time"
 )
 
+// SemVersion the version in semver.org format, MUST be overwritten during
+// the linking stage of the build process
+var SemVersion = "0.0.0"
+
 // NWriter is an io.Writer counting the bytes copied through it.
 type NWriter struct {
 	io.Writer