A project I’ve worked uses a simple set of macros in a header that’s included in every file (some compilers let you specify such a header on the command line, so you can force it’s use in a makefile):

#define strcpy  strcpy_is_banned_use_strlcpy
#define strcat  strcat_is_banned_use_strlcat
#define strncpy strncpy_is_banned_use_strlcpy
#define strncat strncat_is_banned_use_strlcat
#define sprintf sprintf_is_banned_use_snprintf

With these macros, the build will fail if you try to use a banned function (and the linker will tell you what you should use instead).

So it doesn’t get checked on commit, per se, but as long as your team members make sure things build before they check in, the system works. And if they don’t, then everyone starts getting build break emails, which tends to quickly correct the behavior.

Simple, but effective.