diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
new file mode 100644
index 0000000..32f1a86
--- /dev/null
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,47 @@
+---
+name: Scorecard supply-chain security
+on:
+  workflow_dispatch:
+  # For Branch-Protection check (for repo branch protection or rules).
+  # Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '29 11 * * 6'
+  push:
+    branches: ['main']
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Merge to Main Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+
+    steps:
+      - name: 'Checkout code'
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          persist-credentials: false
+
+      - name: 'Run analysis'
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+      - name: 'Upload artifact'
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+      - name: 'Upload to code-scanning'
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.24.9
+        with:
+          sarif_file: results.sarif
diff --git a/README.md b/README.md
index 976954c..8e875a5 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,8 @@
+[![Docker Build](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/docker-build.yml/badge.svg)](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/docker-build.yml)
+[![Lint](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/lint.yml/badge.svg)](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/lint.yml)
+[![Tests](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/tests.yml/badge.svg)](https://github.com/github-community-projects/internal-contribution-forks/actions/workflows/tests.yml)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/github-community-projects/internal-contribution-forks/badge)](https://scorecard.dev/viewer/?uri=github.com/github-community-projects/internal-contribution-forks)
+
 <h1 align="center">
   Internal Contribution Forks
 </h1>