Of course the CLI tool catches all kinds of secrets and passwords before they are committed to repositories, but it does so much more. Here is a list of features as of today:
Secrets - the tool identifies 50+ tokens, keys, IDs as well as passwords. For a complete list of secrets check out this page.
Custom RegEx - you can configure your own regular expressions that the tool will identify the same way the above secrets are identified
Sensitive Words - similar to secrets, the tool identifies sensitive words like master, slave, dummy, and blacklist. For a complete list of sensitive words check out this page.
Commit Signing - the CLI can check that the commit is going to be signed or not and warn or block in case the commit is not signed.
Large Binary Files - the CLI tool can check that a “large” binary file is going to be committed and ether ignore, warn, or block the commit depending on the file size. By default binary files less than 500 KB will be ignored; if more than 500 KB but less than 10 MB, CLI will warn but allow the commit; if more than 10 MB then the commit will be blocked.
Navigate here for more information about installing and configuring the CLI tool.