AppThreat
diff --git a/.github/workflows/container-tests.yml b/.github/workflows/container-tests.yml
@@ -0,0 +1,94 @@
+name: Container slices tests
+
+on:
+  workflow_dispatch:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+jobs:
+  ruby-samples:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-24.04", "ubuntu-24.04-arm"]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: setup paths
+        run: |
+          mkdir -p repotests
+          mkdir -p rubyresults
+      - uses: actions/checkout@v4
+        with:
+          repository: 'campsite/campsite'
+          path: 'repotests/campsite'
+          ref: '10197238bbbefd9c9ac7c77467b647fd93993ba0'
+      - uses: actions/checkout@v4
+        with:
+          repository: 'bionomia/bionomia'
+          path: 'repotests/bionomia'
+          ref: '5ada8b5f4a5f68561a7195e2badc2f744dc4676e'
+      - uses: actions/checkout@v4
+        with:
+          repository: 'OWASP/railsgoat'
+          path: 'repotests/railsgoat'
+          ref: 'c1e8ff1e3b24a1c48fcfc9fbee0f65dc296b49d9'
+      - name: generate usages sbom - bionomia
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/rubyresults/bionomia
+          cd repotests/bionomia
+          docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom:main atom --help
+          docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom:main rbastgen --help
+          docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom:main atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app
+          ls -lh
+          cp *.slices.json $GITHUB_WORKSPACE/rubyresults/bionomia
+      - name: generate usages sbom - railsgoat
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/rubyresults/railsgoat
+          cd repotests/railsgoat
+          docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom:main atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app
+          ls -lh
+          cp *.slices.json $GITHUB_WORKSPACE/rubyresults/railsgoat
+      - name: generate usages sbom - campsite
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/rubyresults/campsite
+          cd repotests/campsite/api
+          docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom:main atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app
+          ls -lh
+          cp *.slices.json $GITHUB_WORKSPACE/rubyresults/campsite
+      - uses: actions/upload-artifact@v4
+        with:
+          name: rubyresults
+          path: rubyresults
+        if: matrix.os == 'ubuntu-24.04'
+
+  npm-latest-tests:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-24.04", "ubuntu-24.04-arm", "macos-latest"]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+    steps:
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '23.x'
+          registry-url: https://registry.npmjs.org/
+      - uses: coursier/cache-action@v6
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+      - name: Install atom latest
+        run: |
+          npm install -g @appthreat/atom
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4.2'
+          bundler-cache: false
+      - name: Check rbastgen 3.4.2
+        run: |
+          rbastgen --help
diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml
@@ -19,6 +19,8 @@ jobs:
   al9-deploy:
     if: github.repository_owner == 'appthreat'
     runs-on: ubuntu-24.04
+    outputs:
+      image-uri: ghcr.io/appthreat/atom@${{ steps.build.outputs.digest }}
     permissions:
       contents: write
       packages: write
@@ -52,7 +54,8 @@ jobs:
           sbt stage createDistribution
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Log in to the Container registry
@@ -67,21 +70,124 @@ jobs:
         with:
           images: |
             ghcr.io/appthreat/atom
+          flavor: latest=false,suffix=-amd64
       - name: Build and push Docker images
         uses: docker/build-push-action@v5
+        id: build
         with:
           file: ci/Dockerfile
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=atom
           cache-to: type=gha,mode=max,scope=atom
 
+  al9-deploy-arm:
+    if: github.repository_owner == 'appthreat'
+    runs-on: ubuntu-24.04-arm
+    outputs:
+      image-uri: ghcr.io/appthreat/atom@${{ steps.build.outputs.digest }}
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '22'
+      - uses: sbt/setup-sbt@v1
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '23.x'
+      - name: Delete `.rustup` directory
+        run: rm -rf /home/runner/.rustup # to save disk space
+        if: runner.os == 'Linux'
+      - name: Delete `.cargo` directory # to save disk space
+        run: rm -rf /home/runner/.cargo
+        if: runner.os == 'Linux'
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.sbt
+            ~/.coursier
+          key: ${{ runner.os }}-sbt-${{ hashfiles('**/build.sbt') }}
+      - run: |
+          sbt stage createDistribution
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/appthreat/atom
+          flavor: latest=false,suffix=-arm64
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          file: ci/Dockerfile
+          context: .
+          platforms: linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=atom-arm
+          cache-to: type=gha,mode=max,scope=atom-arm
+
+  al9-deploy-manifest:
+    if: github.repository_owner == 'appthreat'
+    runs-on: ubuntu-24.04
+    needs: [al9-deploy, al9-deploy-arm]
+    outputs:
+      image-uri: ghcr.io/appthreat/atom@${{ steps.build.outputs.digest }}
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: metadata
+        with:
+          images: ghcr.io/${{ github.repository }}
+      - uses: int128/docker-manifest-create-action@v2
+        id: build
+        with:
+          index-annotations: ${{ steps.metadata.outputs.labels }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          sources: |
+            ${{ needs.al9-deploy.outputs.image-uri }}
+            ${{ needs.al9-deploy-arm.outputs.image-uri }}
+
   sle-deploy:
     if: github.repository_owner == 'appthreat'
     runs-on: ubuntu-24.04
+    outputs:
+      image-uri: ghcr.io/appthreat/atom-sle@${{ steps.build.outputs.digest }}
     permissions:
       contents: write
       packages: write
@@ -115,7 +221,8 @@ jobs:
           sbt stage createDistribution
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Log in to the Container registry
@@ -131,14 +238,116 @@ jobs:
         with:
           images: |
             ghcr.io/appthreat/atom-sle
+          flavor: latest=false,suffix=-amd64
       - name: Build and push Docker images
         uses: docker/build-push-action@v5
+        id: build
         with:
           file: ci/Dockerfile.sle
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: true
           tags: ${{ steps.meta2.outputs.tags }}
           labels: ${{ steps.meta2.outputs.labels }}
           cache-from: type=gha,scope=atom-sle
           cache-to: type=gha,mode=max,scope=atom-sle
+
+  sle-deploy-arm:
+    if: github.repository_owner == 'appthreat'
+    runs-on: ubuntu-24.04-arm
+    outputs:
+      image-uri: ghcr.io/appthreat/atom-sle@${{ steps.build.outputs.digest }}
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '22'
+      - uses: sbt/setup-sbt@v1
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '23.x'
+      - name: Delete `.rustup` directory
+        run: rm -rf /home/runner/.rustup # to save disk space
+        if: runner.os == 'Linux'
+      - name: Delete `.cargo` directory # to save disk space
+        run: rm -rf /home/runner/.cargo
+        if: runner.os == 'Linux'
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.sbt
+            ~/.coursier
+          key: ${{ runner.os }}-sbt-${{ hashfiles('**/build.sbt') }}
+      - run: |
+          sbt stage createDistribution
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta2
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/appthreat/atom-sle
+          flavor: latest=false,suffix=-arm64
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        id: build
+        with:
+          file: ci/Dockerfile.sle
+          context: .
+          platforms: linux/arm64
+          push: true
+          tags: ${{ steps.meta2.outputs.tags }}
+          labels: ${{ steps.meta2.outputs.labels }}
+          cache-from: type=gha,scope=atom-sle-arm
+          cache-to: type=gha,mode=max,scope=atom-sle-arm
+
+  sle-deploy-manifest:
+    if: github.repository_owner == 'appthreat'
+    runs-on: ubuntu-24.04
+    needs: [sle-deploy, sle-deploy-arm]
+    outputs:
+      image-uri: ghcr.io/appthreat/atom-sle@${{ steps.build.outputs.digest }}
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: metadata
+        with:
+          images: ghcr.io/appthreat/atom-sle
+      - uses: int128/docker-manifest-create-action@v2
+        id: build
+        with:
+          index-annotations: ${{ steps.metadata.outputs.labels }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          sources: |
+            ${{ needs.sle-deploy.outputs.image-uri }}
+            ${{ needs.sle-deploy-arm.outputs.image-uri }}