Acharya Institute of Technology

Department of Information Science and Engineering

Academic Year – 2024 - 2025

Technical Seminar (21CS81)

Synopsis

on

Continuous Integration and Continuous Deployment

(CI/CD)

Submitted by

Abhishek Mangalur 1AY21IS003

Date of Submission:
Remarks of the Guide:

Name of the Guide with Designation:

Prof. Pushpalatha K S
Assistant Professor, Dept. of ISE

Signature of the Guide with Date:

 CONTENTS
Chapters Page No.

Abstract 1

Introduction 2

Literature Survey 3

Methodology 5

References 9
Continuous Integration and Continuous Deployment 2024-25

ABSTRACT
In modern software development, the demand for faster delivery, improved reliability, and high-
quality software has led to the widespread adoption of Continuous Integration (CI) and Continuous
Deployment (CD). CI/CD automates the building, testing, and deployment of applications, ensuring
rapid and error-free software delivery. This topic explores the core principles of CI/CD, its
significance in DevOps, and its impact on software development lifecycles.

The report also covers recent advancements such as GitOps, AI-driven automation, DevSecOps,
and serverless CI/CD, which enhance security, observability, and scalability. Additionally, an
overview of popular CI/CD tools like Jenkins, GitHub Actions, and ArgoCD is provided. By
leveraging these advancements, organizations achieve faster time-to-market, better collaboration,
and automated release management, making CI/CD an essential component of modern IT
infrastructure.

Dept. of Information Science and Engineering, A I T 1

Continuous Integration and Continuous Deployment 2024-25

INTRODUCTION
In the evolving landscape of software development, delivering high-quality software at an
accelerated pace has become a necessity. Traditional software development practices involved
lengthy release cycles, manual integration of code changes, and extensive human intervention
during testing and deployment. These methods were not only time-consuming but also prone to
errors, leading to delayed releases, unstable applications, and inefficient workflows. To overcome
these challenges, modern software engineering has embraced automation and continuous delivery
mechanisms, leading to the emergence of Continuous Integration (CI) and Continuous Deployment
(CD).

The Need for CI/CD

In earlier development models, software releases would occur once every few months or even years.
Developers worked in isolated environments, and integrating their code with the rest of the system
was done only towards the end of the development cycle. This approach often led to:

• Integration problems, where combining different pieces of code would introduce unexpected
bugs.

• Slow feedback loops, where developers would discover issues late in the development cycle.

• Deployment failures, caused by manual errors and lack of automated testing.

Understanding CI/CD
Continuous Integration (CI) is the practice of merging code changes frequently into shared repository,
followed by automated testing to detect errors early. Developers commit their code multiple times a
day, and each commit triggers an automated build and test process. This helps in identifying
integration issues at an early stage, reducing the complexity of debugging later.

Continuous Deployment (CD) takes automation further by ensuring that tested code is automatically
deployed to production without manual intervention. This means that every successful build and test
cycle results in a new software release, allowing organizations to deliver updates within minutes
instead of weeks or months.

Dept. of Information Science and Engineering, A I T 2

Continuous Integration and Continuous Deployment 2024-25

LITERATURE SURVEY
Shortfalls /
Technical Ideas /
Name of the Disadvantages &
Sl No. Paper Title Algorithms Used &
Authors Solution Provided by the
Advantages
Proposed System
1 Prevalence of Saumya Gupta, Agile SDLC, CI/CD Complexity, security
GitOps, Madhulika (Jenkins, GitLab CI, risks, skill dependency,
DevOps in Fast Bhatia, Ansible), SDN, resource-intensive.
CI/CD Cycles Meenakshi VXLAN-EVPN, IaC
Memoria, Preeti (Terraform, Ansible),
Proposes the use of
Manani Containerization
Automated network
(Docker, Kubernetes).
configuration, CI/CD
pipeline integration,
Automated network
security best practices,
deployment,
scalable network
scalability, continuous
management, monitoring
testing, improved fault
& rollbacks.
tolerance, faster time to
market.
2 Implementation Spas Georgiev, GitOps, Declarative Learning curve, complex
of an Agile Kamelia Configuration, debugging, Git
SDLC CI/CD Nikolova Continuous bottlenecks, state drift
pipeline for Deployment, ArgoCD, issues.
managing a FluxCD, Immutable
SDN VXLAN- Infrastructure, Policy- Automated GitOps
EVPN fabric as-Code, DevSecOps deployments, security
(Snyk, Trivy). enforcement via Policy-
as-Code, improved
Simplified observability, efficient
configuration, CI/CD workflows,
improved deployment scalable Kubernetes-
consistency, rollbacks, based architecture.
security, scalability.

Dept. of Information Science and Engineering, A I T 3

Continuous Integration and Continuous Deployment 2024-25

3 Creating Tomáš Golis, The paper discusses the Managing numerous

Microservices Pavle Dakić, implementation of microservices and their
and using Valentino microservices, which interactions can be
infrastructure as Vranić involves breaking down complex.
code within the applications into smaller, Dynamic container
CI/CD for independently deployable creation and management
dynamic services. may require significant
container computational resources.
creation

4 CI/CD Pipeline Nalini M K, Implementing security Automated tools may

with Mahalakshmi B measures that prioritize sometimes flag non-issues
Vulnerability Nevya, the most severe threats or miss actual
Mitigation Khandelwal, to an organization. vulnerabilities.
Nandan Pai, Integrating tools within Incorporating security
Sharan L the CI/CD pipeline to tools into existing CI/CD
automatically scan for pipelines can be complex
vulnerabilities in code and may require
and dependencies. significant adjustments.
5 Secure Pranshu Bajpai, Defining security Immutable infrastructure
Development Adam Lewis policies can be inflexible, making
Workflows in programmatically to it challenging to apply
CI/CD Pipeline ensure consistent urgent patches or
enforcement across all configuration changes.
stages of the CI/CD
pipeline. Implementing and
managing Policy as Code
and RBAC can add
complexity to the
development process.

Dept. of Information Science and Engineering, A I T 4

Continuous Integration and Continuous Deployment 2024-25

METHODOLOGY
4.1 CI/CD Pipeline Workflow
A CI/CD pipeline consists of the following stages:
1) Code Commit – Developers push code to a shared repository (e.g., GitHub, GitLab).
2) Build Process – Code is compiled and packaged using tools like Maven, Gradle, or Docker.
3) Automated Testing – Unit, integration, and security tests run automatically using JUnit,
Selenium.
4) Artifact Storage – Successfully built code is stored in repositories like Docker Hub, Nexus.
5) Deployment – Code is deployed to staging using Jenkins, GitHub Actions, ArgoCD.
6) Monitoring & Feedback – Tools like Prometheus, Grafana, and ELK Stack track performance.

4.2 Modern Advancements in CI/CD

1) GitOps – Using Git as a single source of truth for infrastructure and deployments.

2) AI in CI/CD – Automated failure detection, intelligent rollbacks, and anomaly detection.

3) DevSecOps – Integrating security tools like SonarQube and SAST into pipelines.

4) Serverless CI/CD – Running pipelines on AWS Lambda, Google Cloud Functions.

5) Observability & Monitoring – Implementing Open Telemetry, Prometheus, and Grafana for
deep insights.

Dept. of Information Science and Engineering, A I T 5

Continuous Integration and Continuous Deployment 2024-25

4.3 Tools and Techniques in CI/CD

The implementation of CI/CD relies on various tools and technologies that automate different stages
of the software development lifecycle.

1. Continuous Integration (CI) Tools

• Jenkins – One of the most widely used open-source automation servers that
supports integration with multiple CI/CD tools.
• GitHub Actions – A built-in CI/CD tool for GitHub that automates workflows directly
within repositories.
• GitLab CI/CD – A powerful CI/CD solution integrated with GitLab, offering
automated builds, testing, and deployments.
• Circle CI – A cloud-based CI/CD tool that provides fast and scalable build automation.
• Travis CI – A CI/CD service that integrates directly with GitHub repositories, primarily
used for open-source projects.

2. Continuous Deployment (CD) Tools

• Argo CD – A declarative GitOps-based tool used for deploying applications in

Kubernetes environments.
• Spinnaker – A cloud-native CD tool that enables multi-cloud deployments.
• Tekton – A Kubernetes-native CI/CD framework designed for scalable and secure
automation.
• Flux CD – A GitOps-based continuous deployment tool that keeps Kubernetes clusters in
sync with Git repositories.

3. Build and Artifact Management Tools

• Maven – A build automation tool used primarily for Java projects.
• Docker – A containerization technology that allows applications to be packaged along
with their dependencies.

4. Testing and Quality Assurance Tools

• JUnit – A widely used testing framework for Java applications.

• Selenium – A tool for automating web browser testing.
• Postman – Used for API testing and automated validation of API responses.

Dept. of Information Science and Engineering, A I T 6

Continuous Integration and Continuous Deployment 2024-25

6. Monitoring and Logging Tools

• Prometheus – A monitoring tool that collects and stores time-series data for application
performance tracking.
• Grafana – A visualization tool used to create real-time dashboards based on metrics
collected by Prometheus.
• ELK Stack (Elasticsearch, Logstash, Kibana) – A centralized logging solution used to
monitor and analyze application logs.

7. Security and Compliance in CI/CD (DevSecOps)

• Trivy – A security scanner that detects vulnerabilities in container images.

• Snyk – A tool used for scanning and fixing security vulnerabilities in dependencies.
• Vault (HashiCorp) – A tool for managing and securing secrets, API keys, and credentials in
CI/CD pipelines.

4.4 Automated Testing

• Various testing techniques ensure software reliability before deployment.
• Unit Testing verifies individual components.
• Integration Testing checks communication between modules.
• Functional Testing ensures the software meets requirements.
• Security Testing identifies vulnerabilities before deployment. Tools Used: JUnit, Selenium,
Postman, SonarQube

4.5 Artifact Management

• Successful builds generate deployable artifacts (JAR, WAR, Docker images).
• These artifacts are stored in a repository for versioning and future deployments.

4.6 Continuous Deployment (CD)

• Involves deploying software to staging or production environments automatically.
• Kubernetes-based deployment ensures scalability and high availability.
• Blue-Green and Canary deployments prevent downtime.

4.7 Monitoring and Feedback Loop

• Continuous monitoring ensures application performance, reliability, and security.
• Logging tools track system behavior and detect issues in real time.
• Automated alerts notify developers about failures or performance degradation.

Dept. of Information Science and Engineering, A I T 7

Continuous Integration and Continuous Deployment 2024-25

4.8 Deployment Strategies

Different deployment strategies are used depending on project requirements:

1. Rolling Deployment
• Gradually replaces old instances with new ones without downtime.
• Ensures a smooth transition but may take longer to complete.
• Used in cloud-native applications and Kubernetes environments.
2. Blue-Green Deployment
• Two identical environments (blue and green) are maintained.
• Traffic is switched from the current to the new environment once testing is complete.
• Enables instant rollback if issues arise.
3. Canary Deployment
• Releases updates to a small subset of users first.
• Monitors performance before rolling out changes to the entire system.
• Ideal for risk-sensitive applications (e.g., banking, healthcare).

Dept. of Information Science and Engineering, A I T 8

Continuous Integration and Continuous Deployment 2024-25

REFERENCES
1) S. Georgiev and K. Nikolova, "Implementation of an Agile SDLC CI/CD pipeline for
managing a SDN VXLAN-EVPN fabric," 2023 31st National Conference with International
Participation (TELECOM), Sofia, Bulgaria, 2023, pp. 1-4, doi: 10.1109/TELECOM59629.2
023.10409668.

2) S. Gupta, M. Bhatia, M. Memoria and P. Manani, "Prevalence of GitOps, DevOps in Fast

CI/CD Cycles," 2022 International Conference on Machine Learning, Big Data, Cloud and
Parallel Computing (COM-IT-CON), Faridabad, India, 2022, pp. 589-596, doi:
10.1109/COM-IT-CON54601.2022.9850786.

3) T. Golis, P. Dakić and V. Vranić, "Creating Microservices and using infrastructure as code
within the CI/CD for dynamic container creation," 2022 IEEE 16th International Scientific
Conference on Informatics (Informatics), Poprad, Slovakia, 2022, pp. 114-119, doi:
10.1109/Informatics57926.2022.10083442.

4) N. M K, M. B S, N. Khandelwal, N. Pai and S. L, "CI/CD Pipeline with Vulnerability

Mitigation," 2023 International Conference on Recent Advances in Science and Engineering
Technology (ICRASET), B G NAGARA, India, 2023, pp. 1-6, doi: 10.1109/ICRASET59632
.2023.10419921.

5) P. Bajpai and A. Lewis, "Secure Development Workflows in CI/CD Pipelines," 2022 IEEE
Secure Development Conference (SecDev), Atlanta, GA, USA, 2022, pp. 65-66, doi:
10.1109/SecDev53368.2022.00024.

Dept. of Information Science and Engineering, A I T 9