Project Name
Successful CVS to Git Migration with Automated CI/CD for a Railway PSU
The client is a Government of India undertaking that operates and maintains a critical railway corridor spanning over 300 kilometres of some of the most geographically challenging terrain in the country. It runs business-critical enterprise applications, including HRMS, Finance, Train Arrival/Departure Management, Emergency Quota, and Health Management, serving thousands of railway employees and operational staff. With a mandate to modernise legacy infrastructure and zero tolerance for disruption to daily rail operations or data leaving its on-premises government network, the organisation engaged Ksolves to eliminate this operational fragility in 30 calendar days.
- Single Point of Failure in Source Control: The entire codebase resided on a single CVS server with trunk-based commits and no branching strategy. A server failure would halt the development pipeline with no way to recover history.
- Fully Manual Build and Deployment Process: Both the legacy application (Java 1.6 / JBoss 5.0.1) and the modern stack (Spring Boot / Angular) required manual compilation, manual WAR/JAR packaging, and manual SSH deployment to each of the three environments, consuming hours per release cycle.
- Zero Code Quality or Security Checks: No static analysis, no dependency vulnerability scanning, and no automated tests existed. Code reached production purely on the basis of manual review and sign-off, with security gaps only surfacing during periodic VAPT audits.
- No Artifact Management or Dependency Governance: Build outputs were not stored centrally. Dependencies were pulled directly from the internet during each build with no proxy, no caching, and no reproducibility guarantee.
- Dual-Stack Complexity Across Legacy and Modern Applications: The CI/CD solution had to support both a JDK 1.6/JBoss 5 legacy ERP application using Apache Ant builds and a modern JDK 11+/Spring Boot/Angular stack simultaneously on the same pipeline infrastructure.
- Government Compliance and Data Sovereignty Constraints: All tooling had to run entirely on the client's on-premises infrastructure behind the government firewall, with LDAP authentication integration, SSL encryption, and strict adherence to ISO 27001 and VAPT compliance requirements.
Ksolves designed and delivered a fully on-premises, open-source CI/CD platform in 30 calendar days, purpose-built for a government environment with zero tolerance for data leaving the network. The governing principle was independent stability at every step: each tool was deployed, validated, and handed over to the client team before the next was introduced, ensuring the railway's operations were never disrupted.
- GitLab CE with cvs2git Migration: Self-hosted GitLab CE replaced CVS as the central version control system. The full commit history was migrated using cvs2git with zero data loss. GitFlow branching, merge-request reviews, and protected branches were enforced from Day 1, eliminating the single-point-of-failure risk.
- Jenkins Declarative Pipelines with Dual Build Agents: Jenkins Master orchestrates all CI/CD pipelines via Jenkinsfile stored in each repository. Two dedicated build agents, one for the legacy JDK 1.6/Apache Ant stack and one for the modern JDK 11+/Angular/Spring Boot stack, ensure both application architectures are built and deployed through a single automated pipeline.
- SonarQube CE Quality Gate with OWASP Rules: Every merge request passes through a mandatory SonarQube analysis with OWASP security rules enabled. Hard-fail quality gates prevent any code from progressing to UAT or Production without passing static analysis, replacing the previous zero-check approach.
- Nexus OSS Artifact Repository and Dependency Proxy: A central Nexus OSS instance stores all build artifacts (WAR, JAR, npm packages) and acts as a Maven/npm proxy, eliminating direct internet dependency during builds and ensuring every release is reproducible and auditable.
- OWASP Dependency-Check and GitLeaks Integration: Continuous dependency vulnerability scanning and secret detection run automatically on every commit, providing continuous pre-audit evidence and shifting security left from periodic VAPT cycles to every code change.
- LDAP-Integrated Automated Deployment to 3 Environments: All developers authenticate via existing LDAP/Active Directory. Automated SSH-based deployment pipelines push validated builds to Dev, UAT, and Production environments with environment-specific configurations, SMTP notifications, and sign-off gates.
Technology Stack
| Category | Tecchnology |
|---|---|
| Source Control | GitLab CE (Self-Hosted) |
| CI/CD | Jenkins (Declarative Pipelines) |
| Artifact Mgmt | Nexus OSS |
| Code Quality | SonarQube CE |
| Security | OWASP Dependency-Check + GitLeaks |
| Infrastructure | On-Premises Linux VMs (RHEL/Ubuntu) |
Ksolves delivered a fully automated, on-premises CI/CD platform replacing CVS and manual deployments with Git-based version control, Jenkins pipelines, SonarQube quality gates, Nexus artifact management, and continuous security scanning across all three environments in 30 calendar days. Deployment time dropped from 2 to 4 hours of manual effort to under 15 minutes, with 100% of code changes now quality and security-gated. The platform satisfies ISO 27001 and VAPT compliance requirements and is staged for Phase 2 Kubernetes/GitOps and Phase 3 Prometheus/Grafana observability, enabling the client to continue modernisation at its own pace.
Is Your Development Team Still Deploying Manually with Legacy Version Control?
