I am writing a pre-receive hook for Git. This is the one where if multiple commits are pushed, and any one of them fail, then the whole push fails. Which is what I want.
while read old new ref; do 
    [[ $new = *[^0]* ]] && news="$news $new"
done
git rev-list $news --not --all
This will avoid things like fastforwards over previously-pushed commits triggering wasted revalidation of unchanged content.
You can use a pre-receive hook and still list all pushed commits.
See this answer which includes:
chomp(my @commits = `git rev-list $old..$new`);
if ($?) {
  warn "git rev-list $old..$new failed\n";
  ++$errors, next;
}
foreach my $sha1 (@commits) {
  // validate some policy
}
As commented by torek, this is only for the master branch.
You can deal with multiple branches:
#!/bin/bash
while read oldrev newrev refname
do
    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
    if [ "master" == "$branch" ]; then
        # Do something
    fi
done