diff --git a/.github/workflows/supply-chain.yml b/.github/workflows/supply-chain.yml
new file mode 100644
index 0000000..4de8e0e
--- /dev/null
+++ b/.github/workflows/supply-chain.yml
@@ -0,0 +1,49 @@
+# Portions of this file contributed by NIST are governed by the
+# following statement:
+#
+# This software was developed at the National Institute of Standards
+# and Technology by employees of the Federal Government in the course
+# of their official duties. Pursuant to Title 17 Section 105 of the
+# United States Code, this software is not subject to copyright
+# protection within the United States. NIST assumes no responsibility
+# whatsoever for its use by other parties, and makes no guarantees,
+# expressed or implied, about its quality, reliability, or any other
+# characteristic.
+#
+# We would appreciate acknowledgement if the software is used.
+
+# This workflow uses Make to review direct dependencies of this
+# repository.
+
+name: Supply Chain
+
+on:
+  schedule:
+    - cron: '15 5 * * 1,2,3,4,5'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version:
+          - '3.9'
+          - '3.12'
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # This enables supply chain review against only a selected
+        # branch.  For those using the "Git-Flow" style of branching,
+        # the ref value should be 'develop', so an upstream dependency
+        # only relevant for, say, code formatting does not need to
+        # induce a new commit on 'main', or a release.
+        # https://cyberdomainontology.org/ontology/development/#branching-cdo-git-flow
+        ref: develop
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Review dependencies
+      run: make check-supply-chain
diff --git a/Makefile b/Makefile
index b786812..c42c333 100644
--- a/Makefile
+++ b/Makefile
@@ -96,13 +96,37 @@ check-supply-chain: \
   check-supply-chain-pre-commit
 
 # This target is scheduled to run as part of prerelease review.
+#
+# Update pre-commit configuration and use the updated config file to
+# review code.  Only have Make exit if 'pre-commit run' modifies files.
 check-supply-chain-pre-commit: \
   .venv-pre-commit/var/.pre-commit-built.log
 	source .venv-pre-commit/bin/activate \
 	  && pre-commit autoupdate
 	git diff \
 	  --exit-code \
-	  .pre-commit-config.yaml
+	  .pre-commit-config.yaml \
+	  || ( \
+	      source .venv-pre-commit/bin/activate \
+	        && pre-commit run \
+	          --all-files \
+	          --config .pre-commit-config.yaml \
+	    ) \
+	    || git diff \
+	      --stat \
+	      --exit-code \
+	      || ( \
+	          echo \
+	            "WARNING:Makefile:pre-commit configuration can be updated.  It appears the updated would change file formatting." \
+	            >&2 \
+	            ; exit 1 \
+                )
+	@git diff \
+	  --exit-code \
+	  .pre-commit-config.yaml \
+	  || echo \
+	    "INFO:Makefile:pre-commit configuration can be updated.  It appears the update would not change file formatting." \
+	    >&2
 
 clean:
 	@$(MAKE) \