k6 - Load Testing Tool Integration

[Jingyan5]

k6 - Load Testing Tool Integration

Installation Evidence

• k6 v1.6.1 installed via apt on the VM
• k6-tests/load-test.js test script created

Artifacts

• k6-tests/k6-output.txt — terminal output from k6 load test run

Results Summary

• 300 total requests, 10 virtual users over 30 seconds
• 100% success rate (all checks passed)
• Avg response time: 18.72ms, max: 178.79ms
• All responses under 500ms threshold

Pros

• Zero code changes required to existing codebase
• Immediately produces rich, quantitative performance metrics
• Simulates real concurrent user traffic
• Simple JavaScript-based test scripts
• Great for catching performance regressions over time
• Can integrate into GitHub Actions CI pipeline

Cons

• Requires the app to be running during the test
• Only tests performance, not code quality or security
• Results vary depending on VM load at time of test
• No built-in comparison between runs

Customization Notes

• vus and duration can be tuned to simulate heavier traffic
• Can add multiple endpoints to test different routes
• Thresholds can be set to auto-fail if response times exceed limits

[Jingyan5]

What is the name and high-level description of what the tool does?

k6 is a load testing tool where you write a JS script to simulate a bunch
of users hitting your app at the same time and it tells you how it holds up.
Docs: https://k6.io/docs/

Is the tool used for static or dynamic analysis?

Dynamic — the app has to actually be running for it to work.

What types of problems does this particular tool catch?

Slow or failing endpoints under concurrent traffic. When I ran it on NodeBB
with 10 virtual users for 30 seconds, everything passed with an avg response
time of 18.72ms so the app handled it fine. It won't catch anything
security or code quality related though.

What types of customization are possible or necessary?

You can change the number of virtual users, duration, and which endpoints
get tested. You can also set thresholds so the test auto-fails if response
times go over a limit, which makes it easy to plug into CI.

How can/should this tool be integrated into a development process?

Since the app needs to be running, you can't really use it as a standard
PR check. More practical as a scheduled nightly run or a manual trigger
before releases. The test scripts are just JS files so they're easy to
keep in the repo and build on over time.

Are there many false positives/negatives?

No real false positives since it's measuring actual responses. The main
issue is false negatives — it only tests what you write scripts for, so
gaps in coverage are on you. Results can also vary depending on VM load
at the time which makes comparisons a bit tricky.