My Journey Into Open Source and My First Big PR

Nachiket Roy — Tue, 03 Mar 2026 07:18:27 +0000

I heard about open source around a year ago, and honestly, I didn’t jump in out of excitement - it was pure curiosity. I just wanted to see how things worked behind the scenes. So I started exploring the good-first-issue label on GitHub, picked some random repos, forked them, committed a few changes, and slowly figured out the whole contribution workflow.
Back then, I also knew about GSoC - Google Summer of Code - but only at a surface level. To me, it was simply “contribute → get selected.” I had no idea how big real-world codebases could be or how overwhelming they might feel.

Finding My Direction: OWASP

While browsing blogs about how to get started, almost everyone suggested reading previous years’ GSoC write-ups. So I did. And while reading those posts, one organization suddenly stood out: OWASP.

The reason was simple - I already knew about the OWASP Top 10. Out of hundreds of unfamiliar organizations, OWASP felt like a place where I at least understood the purpose.

As I explored further, projects like NEST, CRE, and BLT started popping up. I leaned toward NEST at first because I’m more comfortable with TypeScript. BLT looked really interesting, but I had zero experience with Django or Python.

And then came the twist.

The Blog That Changed Everything

I found a GSoC blog written by a contributor. They had built four security labs for the BLT project and the write-up was so friendly that it gave me confidence:

“I may not know the stack, but I can surely replicate this and extend it.”

That belief was strong enough for me to try. Plus, I knew I could use AI tools to understand things. How hard could it be?

Well… harder than I expected.

My First PR: The Reality Check

I replicated the labs, joined the Slack workspace, got confirmation, and made my PR in October:

Added Labs: Under Security Labs Added More Labs #4628

Nachiket-Roy posted on Oct 14, 2025

Added more labs in security labs section closes #4784

To seed labs and their tasks simply run : python manage.py seed_all_security_lab

Summary by CodeRabbit

Refactor
- Restructured task detail page into clear, per-lab sections for payload exercises (SQLi, XSS, CSRF, Command Injection, Broken Auth, IDOR, File Upload, Sensitive Data Exposure, Open Redirect, SSRF)
- Unified and simplified MCQ and simulation submission flows and result display with consistent styling driven by correctness
- Minor formatting and structural template cleanups
Chores
- Added a management command to seed the six security labs and their tasks for testing/dev environments

View on GitHub

The moment I asked for a review, reality hit.
Replication wasn’t as simple as copy → paste → commit.

I had:

added irrelevant files
failed pre-commit checks
triggered Sentry and CodeRabbit warnings I didn’t even understand
and generally made every beginner mistake possible

After a lot (and I mean a lot) of back-and-forth, and with patient help from the maintainer - Donnie, I finally cleared everything. One month later, the PR was merged. And that changed everything for me.

From Zero Momentum to Light Speed

Once that first PR got merged, it was a massive boost.

I started reading issues, picking tasks, opening PRs, getting reviews, fixing things, and before I knew it, I had multiple PRs merged in the same month. The slow start turned into full-speed progress.

We were also encouraged to review others’ PRs. I didn’t really know how to do that, so I watched how other contributors reviewed code and followed their patterns. Tools like CodeRabbit and Sentry helped; they taught me how to reason about code warnings.

I also started recognizing common patterns in the backend:

N+1 query problems
cache stampede issues
repeated logic patterns
places where optimizations were needed

I wasn’t an expert, but I was learning how to spot things. I used Copilot and CodeRabbit to understand unfamiliar parts of the repo and slowly built a mental map of its workflow.

Where I Am Now

From that first confused PR to today, the journey has been wild.
I now:

understand the repo’s structure
can navigate issues, commits, and workflows confidently
know how reviews function
contribute regularly
and feel genuinely connected to the project

What started as a random attempt to explore open source turned into something meaningful that i want to continue growing in.

DEV Community: Nachiket Roy