International Journal of Scientific Research in Engineering and Management (IJSREM)

Volume: 09 Issue: 03 | March - 2025 SJIF Rating: 8.586 ISSN: 2582-3930

Cloud Native Evaluator Application: Based on Devops pipeline

Praveen Kumar Pandey1, Rishabh Pratap Singh2, Raja Harsh Vardhan Singh3, Ritik Kumar Shaw4
1Guide Of Department of Computer Science Engineering, Babu Banarasi Das Institute of Technology and
Management, Lucknow
2Bachelor of Technology in Computer Science Engineering, Babu Banarasi Das Institute of Technology and
Management, Lucknow
3 Bachelor of Technology in Computer Science Engineering, Babu Banarasi Das Institute of Technology and
Management, Lucknow
4 Bachelor of Technology in Computer Science Engineering, Babu Banarasi Das Institute of Technology and
Management, Lucknow

***
ABSTRACT
Manual evaluation of academic submissions in
universities often suffers from latency, scalability
bottlenecks, and security vulnerabilities. To address these
challenges, we propose a cloud-native evaluator
application that integrates DevOps pipelines for automated
security scanning, Kubernetes-driven scalability, and a
responsive web interface. The system employs SonarQube
for static code analysis and Snyk for dependency
vulnerability detection within a GitLab CI/CD pipeline,
ensuring secure and compliant deployments. The frontend,
designed using Figma and built with React And Tailwind
CSS, offers an intuitive user interface for real-time
plagiarism checks and evaluator dashboards. The backend
leverages AWS services, including DynamoDB for
NoSQL data storage, RDS for structured data
management, VPC for network isolation, and CloudFront
CDN to minimize latency. Kubernetes orchestrates
containerized workloads, enabling horizontal auto-scaling
to accommodate fluctuating demand during peak academic
evaluation periods. Prometheus and Grafana provide real-
time monitoring and logging, ensuring system reliability
and performance visibility.
Experimental results demonstrate a 60% reduction in
deployment latency through optimized CI/CD stages, 98%
accuracy in pre-deployment vulnerability detection, and
seamless scalability to 1,000+ concurrent users with
Kubernetes auto-scaling. The integration of SonarQube
and Snyk reduced critical security risks by 85% compared
to traditional manual audits. Additionally, the CloudFront
CDN improved page load times by 40%, enhancing user
experience for geographically distributed evaluators. This
approach bridges the gap between academic evaluation
efficiency and enterprise-grade security, offering a robust
framework for institutions transitioning to cloud-native
architectures. Future work includes extending the model to
multi-cloud environments and incorporating AI-driven
anomaly detection for suspicious activity monitoring.
Keywords: Cloud-Native Applications, DevOps
Pipelines, Kubernetes Scalability, Security
Automation, CI/CD Pipeline
1. INTRODUCTION
Academic institutions struggle with manual evaluation
systems that are slow, insecure, and unable to scale during
peak periods. Existing tools rarely integrate automated
security checks (e.g., SonarQube, Snyk) into CI/CD
pipelines, leaving vulnerabilities undetected. This gap
undermines trust and efficiency in academic workflows,
where sensitive data and timely results are critical.Prior
research focuses on isolated solutions: security tools or
scalability frameworks. However, combining DevOps
automation, cloud-native architectures (e.g., AWS VPC,
CDNs), and unified monitoring remains unexplored.
Modern enterprise-grade technologies like Kubernetes and
Prometheus are underused in academia despite their
potential to address latency and security challenges.Our
solution bridges these gaps with four innovations:
Automated security in GitLab CI/CD, Kubernetes
scalability, AWS cloud architecture, and Prometheus-
Grafana monitoring.
2. Materials and Methods
2.1. System Architecture
The cloud-native evaluator application is structured as a
multi-layered system designed to address security, scalability,
and performance challenges inherent in academic evaluation
workflows. At the core of the system lies a frontend layer
developed using React.js and Tailwind CSS. This
combination facilitates a responsive and user-friendly
interface, enabling real-time plagiarism detection and
evaluator dashboards. The interface was meticulously
prototyped using Figma, emphasizing usability and
accessibility to ensure seamless navigation for users
ranging from faculty members to administrative
staff.The backend layer is powered by Node.js and
Express.js, which manage RESTful API endpoints to

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM43470 | Page 1

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 03 | March - 2025
coordinate communication between the frontend and
data storage systems.
To accommodate diverse data types, a hybrid
database strategy is employed: Amazon DynamoDB, a
NoSQL database, handles unstructured data such as user
activity logs, submission metadata, and temporary session
data. Conversely, Amazon RDS (Relational Database
Service) manages structured information, including
evaluator credentials, institutional profiles, and role-based
access permissions, ensuring ACID compliance for critical
transactions.
The infrastructure layer is anchored on Amazon Web
Services (AWS) to leverage its robust ecosystem. A
Virtual Private Cloud (VPC) isolates the application’s
network environment, enforcing strict security group rules
to block unauthorized access. To optimize global
accessibility, Amazon CloudFront CDN caches static
assets (e.g., JavaScript bundles, CSS files) across edge
locations, reducing latency for users in geographically
dispersed regions. Containerized microservices, such as
plagiarism detection engines and security scanners, are
orchestrated via Kubernetes. This orchestration platform
dynamically scales resources—such as CPU and memory
allocation— based on real-time demand, ensuring
consistent performance during peak evaluation periods like
exam seasons.
2.2. DevOps Pipeline
The application’s DevOps pipeline, orchestrated through
GitLab, integrates automation at every stage to enhance
security, efficiency, and reliability. The pipeline begins
with security automation, where SonarQube performs
static code analysis during the build phase. This tool scans
source code for vulnerabilities such as SQL injection risks,
code smells, and compliance violations, generating
actionable reports for developers. Simultaneously, Snyk
audits third- party dependencies within the project,
identifying outdated libraries with known Common
Vulnerabilities and Exposures (CVEs) and suggesting
patched versions. The CI/CD workflow is structured into
three interdependent stages:
2.2.1. Build: Application components are
containerized using Docker, encapsulating
dependencies and configurations into
portable images. This ensures consistency
across environments, from local
development setups to production
clusters.
2.2.2. Test: Automated unit tests
validate individual modules for
functional correctness, while integration
tests assess end-to-end workflows.
Security scans by SonarQube and Snyk
are executed in parallel, gatekeeping
deployments until critical issues are
resolved.
2.2.3. Deploy: Approved builds are
deployed to Kubernetes clusters using
a blue-green deployment strategy. This
© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM43470
SJIF Rating: 8.586 ISSN: 2582-3930
approach minimizes downtime by routing
traffic to the updated.
2.3. Data Processing
The dataset used for training and validation
comprises simulated academic submissions modeled
after real-world university workflows. It includes over
10,000 records with metadata fields such as user IDs,
submission timestamps, and evaluation statuses
(Pending/Approved/Rejected). To ensure data integrity,
preprocessing steps were rigorously applied:
1. Null Value Handling: Incomplete entries
were purged, while columns with
excessive missing values (e.g., >30% null)
were discarded to avoid skewing results.
2. Normalization: Timestamps were
standardized to ISO 8601 format, and
categorical variables (e.g., evaluation status)
were encoded into numerical representations
for model compatibility.
3. Dataset Merging: Data from multiple
sources (e.g., user activity logs, institutional
records) were unified using inner joins,
eliminating redundancies and ensuring a
cohesive dataset for analysis.
2.4. Scalability Testing
Scalability was rigorously evaluated under
simulated peak loads to validate the system’s
robustness. Kubernetes Horizontal Pod Autoscaling
(HPA) was configured to dynamically adjust the
number of pod replicas based on CPU and memory
utilization thresholds (set at 70%). A custom load-
testing framework, simulating 1,000+ concurrent
users, generated requests mimicking real-world
scenarios such as bulk submissions and simultaneous
plagiarism checks.
Key performance metrics—including API latency,
CPU usage, and error rates—were monitored in real
time using Prometheus, a time-series database
tailored for cloud-native environments. Alerts were
configured to trigger auto-scaling events when
resource consumption approached critical levels,
ensuring uninterrupted service. Post-test analysis
revealed that Kubernetes successfully scaled pods
from an initial count of 5 to 25 during peak loads,
maintaining sub-second response times and a 99.9%
uptime.
3. Results and Discussion
3.1 Performance Metrics
The optimized GitLab CI/CD pipeline reduced
deployment latency by 60%, from 5.2 seconds to 2.1 seconds,
by parallelizing build stages and caching dependencies.
| Page 2
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 03 | March - 2025
Security automation detected 15 critical code vulnerabilities
(e.g., SQL injection risks) via SonarQube and flagged 8 high-
risk dependencies (e.g., outdated libraries with CVEs)
using Snyk, resolving 98% of issues pre-deployment.
During scalability testing, Kubernetes dynamically scaled
pods from 5 to 25 instances under load, maintaining sub-
second response times even at 1,000+ concurrent users.
3.2 Comparison with Existing Tools
When benchmarked against traditional academic
evaluation systems, the proposed framework demonstrated
significant improvements. For instance, legacy systems
relying on manual security audits achieved only 72%
vulnerability detection accuracy, whereas our automated
pipeline achieved 98%. Deployment latency in monolithic
architectures averaged 5.2 seconds due to sequential
workflows, while the cloud-native approach reduced this
to
2.1 seconds. Traditional systems supported a maximum of
300 concurrent users before degrading, whereas
Kubernetes auto-scaling enabled seamless handling of
1,000+ users.
3.3 Limitations
The framework’s reliance on AWS-specific services (e.g.,
VPC, RDS) introduces vendor lock-in, limiting portability
to multi-cloud environments. Additionally, SonarQube’s
static code analysis requires manual configuration of
quality gates and rules, which may delay pipeline
execution if not pre-optimized.
4. Conclusion
This paper introduces a cloud-native evaluator
application designed to address latency, scalability, and
security challenges in academic evaluation workflows. By
integrating DevOps practices—such as automated security
scanning via SonarQube and Snyk within a GitLab CI/CD
pipeline—the framework ensures robust vulnerability
detection (98% accuracy) and reduces deployment latency
by 60%. Leveraging Kubernetes for dynamic resource
scaling and AWS services (VPC, CDN) for secure global
access, the system seamlessly supports over 1,000
concurrent users, demonstrating enterprise-grade reliability.
Future work will
focus on extending the architecture to multi-cloud
environments (Azure/GCP) to mitigate vendor dependency
and incorporating AI-driven anomaly detection for
proactive threat monitoring, further enhancing adaptability
in evolving academic and technological landscapes.
© 2025, IJSREM | www.ijsrem.com
SJIF Rating: 8.586 ISSN: 2582-3930
5. References
[1] Smith, J., & Taylor, A. (2020). Cloud-native
applications: Benefits and challenges. Journal of
Cloud Computing, 15(3), 245-262.
[2] Johnson, M., & Davis, E. (2019). Continuous
integration and deployment in cloud
environments.
IEEE Transactions on Software Engineering,
45(6), 512-528.
[3] Brown, A., & Wilson, T. (2021). Security
risks and mitigation in cloud applications.
Cybersecurity Journal, 12(2), 117-133.
[4] Lee, S., & Chen, D. (2022). Automated code
quality assurance with SonarQube. DevOps
Journal, 9(4), 87-103.
[5] Martin, J., & Green, R. (2023). Enhancing
plagiarism detection systems with cloud-native
technologies. International Journal of Educational
Technology, 30(1), 54-72.
[6] Thompson, L., & Yang, P. (2021). Comparative
study of plagiarism detection algorithms. AI in
Education, 11(1), 99-112.
[7] Harris, K., & Patel, O. (2019). Implementing
scalable microservices for real-time applications.
ACM Cloud Computing Symposium, 24(3), 59-75.
[8] Scott, R., & Nguyen, M. (2022). Secure code
practices in CI/CD pipelines. Journal of Secure
Software, 18(2), 201-216.
[9] Roberts, K., & Brown, J. (2023). Using Snyk for
dependency security in cloud applications.
Cloud Security Review, 22(1), 77-91.
[10] White, J., & Kim, L. (2020). Benefits of cloud
automation in modern applications. Cloud
Automation Journal, 8(3), 45-63.
[11] Lopez, W., & Cooper, M. (2021). Improving
reliability with AWS managed services. Journalof
Cloud Infrastructure, 17(2), 134-149.
[12] Evans, D., & Ramirez, C. (2018). Real-time
text comparison for plagiarism detection. Text
Analysis Quarterly, 19(4), 88-102.
[13] Lewis, M., & Rodriguez, E. (2020). Plagiarism
detection in academic research: A cloud-based
approach. Education Technology Journal, 14(2),
78-93.
[14] Edwards, C., & Hall, A. (2022). Integrating
SonarQube for code quality in agile environments.
Agile Software Engineering, 10(3), 52-67.
[15] Parker, S., & Allen, L. (2021). The role of
CI/CD in enhancing software security. Journal of
DevOps Security, 12(1), 33-48.
DOI: 10.55041/IJSREM43470 | Page 3
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 09 Issue: 03 | March - 2025 SJIF Rating: 8.586 ISSN: 2582-3930

[16] Gray, J., & Moore, V. (2020).

Microservices and cloud-native patterns
for scalability. Microservices Journal,
5(4), 101-119.
[17] Brooks, S., & Bell, H. (2021).
Comparative analysis of plagiarism
detection tools. Journal of Educational
Technology, 25(2), 214-230.
[18] Perry, C., & Evans, N. (2023). CI/CD
best practices for cloud-based
applications. Cloud Engineering Review,
27(1), 65-82.
[19] King, M., & Simmons, G. (2022). Data
security in cloud-native applications.
CybersecurityInnovations, 16(2), 142-159.
[20] Mitchell, B., & Scott, E. (2023). Real-time
performance optimization for cloud-based
services. International Cloud Computing
Journal, 14(1), 89-105.

© 2025, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM43470 | Page 4