Automic VaultAutomic Vault

brew

Install talisman with Homebrew, MacPorts, winget

Tool to detect and prevent secrets from getting checked in. Version 1.37.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install talisman

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install talisman

MacPorts ports tree · devel/talisman/Portfile · source: api.github.com

Windows

Windows Package Managerverified · 92%
winget install --id Thoughtworks.Talisman -e

Windows Package Manager source index · Thoughtworks.Talisman · source: cdn.winget.microsoft.com

overview

Package summary

Tool to detect and prevent secrets from getting checked in

Commands and aliases

  • talisman

history

Project history and usage

Talisman is a Thoughtworks-maintained secret-scanning CLI and Git-hook tool. It became package-manager relevant because it packages a common DevSecOps guardrail as a local binary that can run before code leaves a developer workstation.

Project history

The official repository was initialized on 2015-12-14 and the first observed release tag, v0.1.0, is dated 2016-04-19. Its README defines the project as a tool that scans Git changesets so likely secrets or sensitive information do not leave the developer's workstation.

Adoption history

Talisman is distributed as a standalone executable, as a repository Git hook, and as a global Git hook template. The official README documents Homebrew installation, release-page binaries, an install script, pre-commit integration, and Husky integration, which placed it in the same day-to-day tooling layer as linters and formatters.

How it is used

The standard usage is to install the `talisman` binary and invoke it from pre-commit or pre-push hooks. It checks outgoing changesets for patterns such as SSH keys, authorization tokens, and private keys; it can also run directly as a CLI utility for Git repository scanning.

Why package nerds care

Package nerds care about Talisman because it is a classic local-policy binary: small enough to install with Homebrew, easy to pin in hook frameworks, and useful before centralized secret-scanning infrastructure ever sees a commit. Its documented auto-update behavior from v0.4.4 also reflects the tension between reproducible pinned tooling and security tools that want to stay current.

Timeline

  • 2015-12-14: First commits in the official Git repository.
  • 2016-04-19: First observed release tag, v0.1.0.
  • 2018-10-08: v0.3.1 appears in the tag history before the README-documented v0.4.4 auto-update behavior.
  • 2025-05-02: v1.37.0 appears as the latest observed tag and Homebrew stable version.

Related projects

  • Talisman is commonly used with Git hooks, pre-commit, and Husky. In package-manager culture it sits beside tools such as git-secrets and detect-secrets, though this record relies only on the official Talisman sources for claims.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.talismanrc

executables

Installed executables

CommandKindExposureNote
talismancliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.37.0
manager updated
local dataok
upstreamcurrent
latest detectedv1.37.0

https://github.com/thoughtworks/talisman

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:talisman
Version1.37.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/talisman
Homepagehttps://thoughtworks.github.io/talisman/
Repositoryhttps://github.com/thoughtworks/talisman
Upstream docshttps://thoughtworks.github.io/talisman/docs
LicenseMIT
Source archivehttps://github.com/thoughtworks/talisman/archive/refs/tags/v1.37.0.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nametalisman
Version Scheme1
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

MacPorts95%

talisman

sudo port install talisman
  • normalized package name match
  • Matched by: Talisman
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/talisman/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
winget95%

Thoughtworks.Talisman

winget install --id Thoughtworks.Talisman -e
  • normalized package name match
  • Matched by: Talisman
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: Thoughtworks.Talisman from https://cdn.winget.microsoft.com/cache/source.msix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment