From 7e181d14d676653edea249f49268d1011e58a67c Mon Sep 17 00:00:00 2001 From: Viachaslau Date: Fri, 20 Feb 2026 10:12:18 +0400 Subject: [PATCH 01/10] chore: initialize workflow skip-checks:true --- .brightsec/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .brightsec/.gitkeep diff --git a/.brightsec/.gitkeep b/.brightsec/.gitkeep new file mode 100644 index 0000000..e69de29 From 4da8760b5a6544f03bda35df08c77e16d27b808b Mon Sep 17 00:00:00 2001 From: Viachaslau Date: Fri, 20 Feb 2026 10:13:39 +0400 Subject: [PATCH 02/10] ci: temporarily disable workflows while addressing security issues skip-checks:true --- .github/workflows/ci.yml | 124 --------------------------------------- 1 file changed, 124 deletions(-) delete mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 4e2a120..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,124 +0,0 @@ -name: ci - -on: - push: - branches: - - main - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - container: - image: buildpack-deps:buster - defaults: - run: - shell: bash - services: - postgres: - image: postgres:9.6 - env: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: postgres - POSTGRES_DB: blog_development - ports: - - 5432:5432 - options: >- - --name postgres - --health-cmd "pg_isready -U postgres" - --health-interval 5s - --health-timeout 5s - --health-retries 10 - env: - PGHOST: postgres - PGPORT: 5432 - PGUSER: postgres - PGPASSWORD: postgres - PGDATABASE: blog_development - DATABASE_URL: postgres://postgres:postgres@postgres:5432/blog_development - steps: - - uses: actions/checkout@v4 - - - name: Point apt to Debian archive - run: | - sed -i 's|deb.debian.org/debian|archive.debian.org/debian|g' /etc/apt/sources.list - sed -i 's|security.debian.org/debian-security|archive.debian.org/debian-security|g' /etc/apt/sources.list - sed -i '/buster-updates/d' /etc/apt/sources.list - - - name: Install system deps - run: | - apt-get -o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true update - apt-get -o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true install -y --no-install-recommends \ - build-essential \ - libffi-dev \ - libgdbm-dev \ - libpq-dev \ - libreadline-dev \ - libssl-dev \ - libxml2-dev \ - libxslt1-dev \ - postgresql-client \ - nodejs \ - libyaml-dev \ - zlib1g-dev - - - name: Install Ruby 2.3.3 - env: - RUBY_PREFIX: /opt/ruby-2.3.3 - run: | - git clone --depth=1 https://github.com/rbenv/ruby-build.git /tmp/ruby-build - /tmp/ruby-build/install.sh - ruby-build 2.3.3 "$RUBY_PREFIX" - echo "$RUBY_PREFIX/bin" >> "$GITHUB_PATH" - - - name: Install bundler - run: gem install bundler -v 1.10.6 - - - name: Configure bundler for nokogiri - run: bundle config build.nokogiri --use-system-libraries - - - name: Install gems - run: bundle install - - - name: Wait for postgres - run: | - for i in $(seq 1 30); do - pg_isready -h "$PGHOST" -p "$PGPORT" -d "$PGDATABASE" && break - sleep 2 - done - bundle exec ruby -e "require 'pg'; PG.connect(host: ENV['PGHOST'], port: ENV['PGPORT'].to_i, dbname: ENV['PGDATABASE'], user: ENV['PGUSER'], password: ENV['PGPASSWORD']);" - - - name: Setup database - run: bundle exec rake db:create db:migrate db:seed - - - name: Start server - run: | - bundle exec rails server -b 0.0.0.0 -p 3000 >rails.log 2>&1 & - - - name: Wait for server readiness - run: | - READY=0 - for i in $(seq 1 30); do - echo "Attempt ${i}/30: checking http://localhost:3000" - if curl -sSfL http://localhost:3000 >/dev/null; then - echo "Server responded successfully on attempt ${i}." - READY=1 - break - fi - echo "Server still starting up, waiting 2s before retry." - sleep 2 - done - if [ "$READY" -ne 1 ]; then - echo "Server failed to start" - tail -n 200 rails.log || true - exit 1 - fi - echo "Server is ready; last 200 lines of rails.log:" - tail -n 200 rails.log || true - - - name: Check homepage - run: | - if ! curl -sSfL http://localhost:3000 | grep -F "Home"; then - echo "Homepage check failed" - exit 1 - fi From 81db9861a9736a1e883336d4515cbc3307a3b621 Mon Sep 17 00:00:00 2001 From: Viachaslau Date: Fri, 20 Feb 2026 10:13:49 +0400 Subject: [PATCH 03/10] test: add auto-generated e2e security tests skip-checks:true --- .brightsec/tests/get-posts-search.test.ts | 40 +++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .brightsec/tests/get-posts-search.test.ts diff --git a/.brightsec/tests/get-posts-search.test.ts b/.brightsec/tests/get-posts-search.test.ts new file mode 100644 index 0000000..b4a89b7 --- /dev/null +++ b/.brightsec/tests/get-posts-search.test.ts @@ -0,0 +1,40 @@ +import { test, before, after } from 'node:test'; +import { SecRunner } from '@sectester/runner'; +import { AttackParamLocation, HttpMethod } from '@sectester/scan'; + +const timeout = 40 * 60 * 1000; +const baseUrl = process.env.BRIGHT_TARGET_URL!; + +let runner!: SecRunner; + +before(async () => { + runner = new SecRunner({ + hostname: process.env.BRIGHT_HOSTNAME!, + projectId: process.env.BRIGHT_PROJECT_ID! + }); + + await runner.init(); +}); + +after(() => runner.clear()); + +test('GET /posts/search', { signal: AbortSignal.timeout(timeout) }, async () => { + await runner + .createScan({ + tests: ['sqli', 'xss', 'business_constraint_bypass'], + attackParamLocations: [AttackParamLocation.QUERY], + starMetadata: { + code_source: 'NeuraLegion/ruby-example-app:master', + databases: ['PostgreSQL'], + user_roles: ['admin'] + }, + poolSize: +process.env.SECTESTER_SCAN_POOL_SIZE || undefined + }) + .setFailFast(false) + .timeout(timeout) + .run({ + method: HttpMethod.GET, + url: `${baseUrl}/posts/search?search_term=example`, + auth: process.env.BRIGHT_AUTH_ID + }); +}); \ No newline at end of file From 2129f71dadbeecf68ec9db9cbf62b2117340e6fe Mon Sep 17 00:00:00 2001 From: Viachaslau Date: Fri, 20 Feb 2026 10:14:01 +0400 Subject: [PATCH 04/10] ci: add CI workflow to run e2e security tests --- .github/workflows/bright.yml | 131 ++++++++++++++++++ .../configure-bright-credentials/action.yaml | 53 +++++++ 2 files changed, 184 insertions(+) create mode 100644 .github/workflows/bright.yml create mode 100644 .github/workflows/composite/configure-bright-credentials/action.yaml diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml new file mode 100644 index 0000000..f1fbcb1 --- /dev/null +++ b/.github/workflows/bright.yml @@ -0,0 +1,131 @@ +name: Bright + +on: + pull_request: + branches: + - '**' + +permissions: + checks: write + contents: read + id-token: write + +jobs: + test: + runs-on: ubuntu-latest + container: + image: buildpack-deps:buster + defaults: + run: + shell: bash + services: + postgres: + image: postgres:9.6 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: blog_development + ports: + - 5432:5432 + options: >- + --name postgres + --health-cmd "pg_isready -U postgres" + --health-interval 5s + --health-timeout 5s + --health-retries 10 + env: + PGHOST: postgres + PGPORT: 5432 + PGUSER: postgres + PGPASSWORD: postgres + PGDATABASE: blog_development + DATABASE_URL: postgres://postgres:postgres@postgres:5432/blog_development + steps: + - uses: actions/checkout@v4 + + - name: Point apt to Debian archive + run: | + sed -i 's|deb.debian.org/debian|archive.debian.org/debian|g' /etc/apt/sources.list + sed -i 's|security.debian.org/debian-security|archive.debian.org/debian-security|g' /etc/apt/sources.list + sed -i '/buster-updates/d' /etc/apt/sources.list + + - name: Install system deps + run: | + apt-get -o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true update + apt-get -o Acquire::Check-Valid-Until=false -o Acquire::AllowInsecureRepositories=true install -y --no-install-recommends \ + build-essential \ + libffi-dev \ + libgdbm-dev \ + libpq-dev \ + libreadline-dev \ + libssl-dev \ + libxml2-dev \ + libxslt1-dev \ + postgresql-client \ + nodejs \ + libyaml-dev \ + zlib1g-dev + + - name: Install Ruby 2.3.3 + env: + RUBY_PREFIX: /opt/ruby-2.3.3 + run: | + git clone --depth=1 https://github.com/rbenv/ruby-build.git /tmp/ruby-build + /tmp/ruby-build/install.sh + ruby-build 2.3.3 "$RUBY_PREFIX" + echo "$RUBY_PREFIX/bin" >> "$GITHUB_PATH" + + - name: Install bundler + run: gem install bundler -v 1.10.6 + + - name: Configure bundler for nokogiri + run: bundle config build.nokogiri --use-system-libraries + + - name: Install gems + run: bundle install + + - name: Setup database + run: bundle exec rake db:create db:migrate db:seed + + - name: Start application + env: + DATABASE_URL: postgres://postgres:postgres@postgres:5432/blog_development + PGDATABASE: blog_development + PGHOST: postgres + PGPASSWORD: postgres + PGPORT: 5432 + PGUSER: postgres + run: | + bundle exec rails server -b 0.0.0.0 -p 3000 & + + - name: Probe application readiness + run: | + for i in {1..30}; do curl -sS -o /dev/null http://127.0.0.1:3000 && exit 0 || sleep 5; done; exit 1 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22.x + + - name: Install SecTesterJS dependencies + run: | + npm i --save=false --prefix .brightsec @sectester/core@0.49.0 @sectester/repeater@0.49.0 @sectester/scan@0.49.0 @sectester/runner@0.49.0 @sectester/reporter@0.49.0 + + - name: Authenticate with Bright + uses: ./.github/workflows/composite/configure-bright-credentials + with: + BRIGHT_HOSTNAME: development.playground.brightsec.com + BRIGHT_PROJECT_ID: 5naKKxNc3e4Akp1GuEdmiK + BRIGHT_TOKEN: ${{ secrets.BRIGHT_TOKEN }} + + - name: Run security tests + env: + BRIGHT_HOSTNAME: development.playground.brightsec.com + BRIGHT_PROJECT_ID: 5naKKxNc3e4Akp1GuEdmiK + BRIGHT_AUTH_ID: m8XBzLrw8pWSjHQDhKQgCr + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + BRIGHT_TOKEN: ${{ env.BRIGHT_TOKEN }} + BRIGHT_TARGET_URL: http://127.0.0.1:3000 + SECTESTER_SCAN_POOL_SIZE: ${{ vars.SECTESTER_SCAN_POOL_SIZE }} + run: | + node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts \ No newline at end of file diff --git a/.github/workflows/composite/configure-bright-credentials/action.yaml b/.github/workflows/composite/configure-bright-credentials/action.yaml new file mode 100644 index 0000000..8498384 --- /dev/null +++ b/.github/workflows/composite/configure-bright-credentials/action.yaml @@ -0,0 +1,53 @@ +name: 'Configure BrightSec credentials' + +inputs: + BRIGHT_HOSTNAME: + description: 'Hostname for the BrightSec environment' + required: true + BRIGHT_PROJECT_ID: + description: 'Project ID for BrightSec' + required: true + BRIGHT_TOKEN: + description: 'Pre-configured token' + required: false + +runs: + using: 'composite' + steps: + - id: configure_env_from_input + name: 'Set existing token in env' + shell: bash + if: ${{ inputs.BRIGHT_TOKEN != '' }} + env: + BRIGHT_TOKEN: ${{ inputs.BRIGHT_TOKEN }} + run: | + echo "BRIGHT_TOKEN=${BRIGHT_TOKEN}" >> $GITHUB_ENV + + - id: configure_bright_credentials_through_oidc + name: 'Exchange OIDC credentials for Bright token' + shell: bash + if: ${{ inputs.BRIGHT_TOKEN == '' }} + env: + BRIGHT_HOSTNAME: ${{ inputs.BRIGHT_HOSTNAME }} + BRIGHT_PROJECT_ID: ${{ inputs.BRIGHT_PROJECT_ID }} + run: | + # Retrieve OIDC token from GitHub + OIDC_TOKEN=$(curl -sS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ + "${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value') + + # Post the token to BrightSec + RESPONSE=$(curl -s -X POST "https://${BRIGHT_HOSTNAME}/api/v1/projects/${BRIGHT_PROJECT_ID}/api-keys/oidc" \ + -H "Content-Type: application/json" \ + -d "{\"token\": \"${OIDC_TOKEN}\"}") + + if ! echo "$RESPONSE" | jq -e . > /dev/null 2>&1; then + echo "Error: $RESPONSE" 1>&2 + exit 1 + fi + + # Extract the pureKey + PURE_KEY=$(echo "$RESPONSE" | jq -r '.pureKey') + + # Mask and store in environment + echo "::add-mask::$PURE_KEY" + echo "BRIGHT_TOKEN=$PURE_KEY" >> $GITHUB_ENV From c63ec876ccb00d8b5d6f20e99a9486b4d1d7a0b6 Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 11:17:05 +0400 Subject: [PATCH 05/10] chore: enable development mode --- .github/workflows/bright.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index f1fbcb1..3a4e63e 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -89,6 +89,8 @@ jobs: - name: Start application env: + RAILS_ENV: development + RACK_ENV: development DATABASE_URL: postgres://postgres:postgres@postgres:5432/blog_development PGDATABASE: blog_development PGHOST: postgres @@ -96,7 +98,7 @@ jobs: PGPORT: 5432 PGUSER: postgres run: | - bundle exec rails server -b 0.0.0.0 -p 3000 & + bundle exec rails server -e development -b 0.0.0.0 -p 3000 & - name: Probe application readiness run: | From 72a574d4b351b2fab2ac105bbd5b752a5a23cd0c Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 11:48:12 +0400 Subject: [PATCH 06/10] chore: server log --- .github/workflows/bright.yml | 37 +++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index 3a4e63e..002886a 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -98,11 +98,19 @@ jobs: PGPORT: 5432 PGUSER: postgres run: | - bundle exec rails server -e development -b 0.0.0.0 -p 3000 & + mkdir -p tmp log + : > tmp/rails-server.log + bundle exec rails server -e development -b 0.0.0.0 -p 3000 > tmp/rails-server.log 2>&1 & + echo $! > tmp/rails-server.pid - name: Probe application readiness run: | - for i in {1..30}; do curl -sS -o /dev/null http://127.0.0.1:3000 && exit 0 || sleep 5; done; exit 1 + for i in {1..30}; do + curl -sS -o /dev/null http://127.0.0.1:3000 && exit 0 || sleep 5 + done + echo "Application readiness probe failed. Last server log lines:" + tail -n 200 tmp/rails-server.log || true + exit 1 - name: Setup Node.js uses: actions/setup-node@v4 @@ -130,4 +138,27 @@ jobs: BRIGHT_TARGET_URL: http://127.0.0.1:3000 SECTESTER_SCAN_POOL_SIZE: ${{ vars.SECTESTER_SCAN_POOL_SIZE }} run: | - node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts \ No newline at end of file + node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts + + - name: Dump Rails logs + if: ${{ always() }} + run: | + echo "===== tmp/rails-server.log =====" + if [ -f tmp/rails-server.log ]; then + cat tmp/rails-server.log + else + echo "tmp/rails-server.log not found" + fi + echo "===== log/development.log =====" + if [ -f log/development.log ]; then + cat log/development.log + else + echo "log/development.log not found" + fi + + - name: Stop application + if: ${{ always() }} + run: | + if [ -f tmp/rails-server.pid ]; then + kill "$(cat tmp/rails-server.pid)" || true + fi From 113e2c992a8596aef321f027a1626719aa9de6cc Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 12:19:59 +0400 Subject: [PATCH 07/10] chore: precreate tmp dir --- .github/workflows/bright.yml | 36 +++--------------------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index 002886a..c336b3f 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -98,19 +98,12 @@ jobs: PGPORT: 5432 PGUSER: postgres run: | - mkdir -p tmp log - : > tmp/rails-server.log - bundle exec rails server -e development -b 0.0.0.0 -p 3000 > tmp/rails-server.log 2>&1 & - echo $! > tmp/rails-server.pid + mkdir -p tmp + bundle exec rails server -e development -b 0.0.0.0 -p 3000 & - name: Probe application readiness run: | - for i in {1..30}; do - curl -sS -o /dev/null http://127.0.0.1:3000 && exit 0 || sleep 5 - done - echo "Application readiness probe failed. Last server log lines:" - tail -n 200 tmp/rails-server.log || true - exit 1 + for i in {1..30}; do curl -sS -o /dev/null http://127.0.0.1:3000 && exit 0 || sleep 5; done; exit 1 - name: Setup Node.js uses: actions/setup-node@v4 @@ -139,26 +132,3 @@ jobs: SECTESTER_SCAN_POOL_SIZE: ${{ vars.SECTESTER_SCAN_POOL_SIZE }} run: | node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts - - - name: Dump Rails logs - if: ${{ always() }} - run: | - echo "===== tmp/rails-server.log =====" - if [ -f tmp/rails-server.log ]; then - cat tmp/rails-server.log - else - echo "tmp/rails-server.log not found" - fi - echo "===== log/development.log =====" - if [ -f log/development.log ]; then - cat log/development.log - else - echo "log/development.log not found" - fi - - - name: Stop application - if: ${{ always() }} - run: | - if [ -f tmp/rails-server.pid ]; then - kill "$(cat tmp/rails-server.pid)" || true - fi From 2e6a8ef449d9c00570e3ca84e45661de4fe5e690 Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 12:49:23 +0400 Subject: [PATCH 08/10] chore: redirect server output to log file --- .github/workflows/bright.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index c336b3f..d744376 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -99,7 +99,7 @@ jobs: PGUSER: postgres run: | mkdir -p tmp - bundle exec rails server -e development -b 0.0.0.0 -p 3000 & + bundle exec rails server -e development -b 0.0.0.0 -p 3000 > tmp/rails-server.log 2>&1 & - name: Probe application readiness run: | From 3fdfb5693b90af9b497d4cb1719d24270b5ec8cb Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 19:13:24 +0400 Subject: [PATCH 09/10] chore: avoid tmp dir --- .github/workflows/bright.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index d744376..ff256cc 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -98,8 +98,7 @@ jobs: PGPORT: 5432 PGUSER: postgres run: | - mkdir -p tmp - bundle exec rails server -e development -b 0.0.0.0 -p 3000 > tmp/rails-server.log 2>&1 & + bundle exec rails server -e development -b 0.0.0.0 -p 3000 > rails.log 2>&1 & - name: Probe application readiness run: | @@ -131,4 +130,4 @@ jobs: BRIGHT_TARGET_URL: http://127.0.0.1:3000 SECTESTER_SCAN_POOL_SIZE: ${{ vars.SECTESTER_SCAN_POOL_SIZE }} run: | - node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts + node --experimental-transform-types --experimental-strip-types --experimental-detect-module --disable-warning=MODULE_TYPELESS_PACKAGE_JSON --disable-warning=ExperimentalWarning --test-force-exit --test-concurrency=4 --test .brightsec/tests/*.test.ts \ No newline at end of file From 582af9536370e8c7c43452d97b32c69ae791acd7 Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Fri, 20 Feb 2026 19:19:50 +0400 Subject: [PATCH 10/10] chore: remove development mode --- .github/workflows/bright.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/bright.yml b/.github/workflows/bright.yml index ff256cc..b33ff3d 100644 --- a/.github/workflows/bright.yml +++ b/.github/workflows/bright.yml @@ -89,8 +89,6 @@ jobs: - name: Start application env: - RAILS_ENV: development - RACK_ENV: development DATABASE_URL: postgres://postgres:postgres@postgres:5432/blog_development PGDATABASE: blog_development PGHOST: postgres @@ -98,7 +96,7 @@ jobs: PGPORT: 5432 PGUSER: postgres run: | - bundle exec rails server -e development -b 0.0.0.0 -p 3000 > rails.log 2>&1 & + bundle exec rails server -b 0.0.0.0 -p 3000 > rails.log 2>&1 & - name: Probe application readiness run: |