We use a tool under a Linux Foundation project called anteater https://github.com/opnfv/releng-anteater, which does the same thing (but is for a jenkins / gerrit workflow). A key difference from looking at talisman, is anteater uses standard RegEx rather then code to seek out strings, so anyone can add their own strings / file names easily into a simple yaml file. Like wise they can use regex to provide a waiver, should something be incorrectly reported.

I am thinking now would be a good time to port it to working with webhooks as well.

The tool would have blocked the aws credentials from being checked in: https://github.com/opnfv/releng-anteater/blob/master/master_...

It's not foolproof but this tool needs to be more widely-known - it would've saved me on countless occasions.