# Install talisman with Homebrew, MacPorts, winget

Tool to detect and prevent secrets from getting checked in. Version 1.37.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:talisman
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install talisman
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install talisman
```

  Evidence: MacPorts ports tree: devel/talisman/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Windows

- winget (92%):

```sh
winget install --id Thoughtworks.Talisman -e
```

  Evidence: Windows Package Manager source index: Thoughtworks.Talisman from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:talisman
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/talisman>
- **Version:** 1.37.0
- **Source summary:** Tool to detect and prevent secrets from getting checked in
- **Homepage:** <https://thoughtworks.github.io/talisman/>
- **Repository:** <https://github.com/thoughtworks/talisman>
- **Upstream docs:** <https://thoughtworks.github.io/talisman/docs>
- **License:** MIT
- **Source archive:** <https://github.com/thoughtworks/talisman/archive/refs/tags/v1.37.0.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- talisman (cli)
- talisman (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.37.0
- Local data: ok
- Upstream repository: https://github.com/thoughtworks/talisman
- Upstream latest detected: v1.37.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Talisman is a Thoughtworks-maintained secret-scanning CLI and Git-hook tool. It became package-manager relevant because it packages a common DevSecOps guardrail as a local binary that can run before code leaves a developer workstation.

### Project history

The official repository was initialized on 2015-12-14 and the first observed release tag, v0.1.0, is dated 2016-04-19. Its README defines the project as a tool that scans Git changesets so likely secrets or sensitive information do not leave the developer's workstation.

### Adoption history

Talisman is distributed as a standalone executable, as a repository Git hook, and as a global Git hook template. The official README documents Homebrew installation, release-page binaries, an install script, pre-commit integration, and Husky integration, which placed it in the same day-to-day tooling layer as linters and formatters.

### How it is used

The standard usage is to install the `talisman` binary and invoke it from pre-commit or pre-push hooks. It checks outgoing changesets for patterns such as SSH keys, authorization tokens, and private keys; it can also run directly as a CLI utility for Git repository scanning.

### Why package nerds care

Package nerds care about Talisman because it is a classic local-policy binary: small enough to install with Homebrew, easy to pin in hook frameworks, and useful before centralized secret-scanning infrastructure ever sees a commit. Its documented auto-update behavior from v0.4.4 also reflects the tension between reproducible pinned tooling and security tools that want to stay current.

### Timeline

- 2015-12-14: First commits in the official Git repository.
- 2016-04-19: First observed release tag, v0.1.0.
- 2018-10-08: v0.3.1 appears in the tag history before the README-documented v0.4.4 auto-update behavior.
- 2025-05-02: v1.37.0 appears as the latest observed tag and Homebrew stable version.

### Related projects

- Talisman is commonly used with Git hooks, pre-commit, and Husky. In package-manager culture it sits beside tools such as git-secrets and detect-secrets, though this record relies only on the official Talisman sources for claims.

### Sources

- <https://formulae.brew.sh/api/formula/talisman.json>
- <https://github.com/thoughtworks/talisman README>
- <https://github.com/thoughtworks/talisman official Git history and tags>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .talismanrc
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** talisman
- **Version Scheme:** 1
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- MacPorts - talisman: normalized package name match | MacPorts ports tree: devel/talisman/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- winget - Thoughtworks.Talisman: normalized package name match | Windows Package Manager source index: Thoughtworks.Talisman from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [ggshield](https://www.automicvault.com/pkg/brew/ggshield/) - Shares av.db curated category or tags: cli, devsecops, secrets-scanning, security.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, devsecops, pre-commit, security.
- [noseyparker](https://www.automicvault.com/pkg/brew/noseyparker/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [trufflehog](https://www.automicvault.com/pkg/brew/trufflehog/) - Shares av.db curated category or tags: cli, secrets-scanning, security.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, devsecops, security.
- [chainloop-cli](https://www.automicvault.com/pkg/brew/chainloop-cli/) - Shares av.db curated category or tags: cli, devsecops, security.
- [cycode](https://www.automicvault.com/pkg/brew/cycode/) - Shares av.db curated category or tags: cli, devsecops, secrets-scanning, security.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Shares av.db curated category or tags: cli, pre-commit, security.

## Combined YAML source

View the package source record on GitHub. [combined/talisman.yml](https://github.com/automic-vault/db/blob/main/combined/talisman.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
