GitHub, in collaboration with the Open Source Security Foundation (OpenSSF) and Google, has introduced the V4 release of the OpenSSF's Scorecard project, an automated security tool designed to identify risky supply chain practices in open-source projects. This initiative includes a GitHub Action and starter workflow integrated into the GitHub interface and Marketplace to assist developers in adhering to security best practices. When set up, the Scorecards Action automatically runs on repository changes, alerting developers about potential supply chain risks via GitHub's code scanning. The tool checks for various security measures, such as the presence of static analysis tools like CodeQL, and sends results to the GitHub code scanning alerts API, visible under the project's security tab. GitHub provides these features, including CodeQL and 1,000 Actions minutes, free for public repositories, with availability for enterprises through GitHub Enterprise and GitHub Advanced Security. Users can easily configure the Scorecards workflow and integrate additional static analysis tools to enhance project security.