The latest articles on DEV Community by Yash Goel (@yashhzd). https://dev.to/yashhzd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3820988%2F688a9bdf-350f-4b8b-ba5d-b61a0cb06654.jpeg https://dev.to/yashhzd en Yash Goel Sat, 14 Mar 2026 18:17:21 +0000 https://dev.to/yashhzd/my-journey-to-open-source-2c6p https://dev.to/yashhzd/my-journey-to-open-source-2c6p <p>From zero contributions to 34 merged PRs. How a bug-logging platform changed the way I think about code, community, and what it means to be a developer.</p> <p>The Night I Almost Didn't Click "Fork"<br> It was late January 2026. I'd been reading about Google Summer of Code for weeks, scrolling through org lists, bookmarking repositories I'd never open again. I was doing what most students do — preparing to contribute without ever actually contributing.<br> Then I found OWASP BLT. My first contribution was a small one - My first real contribution wasn't the security dashboard. It was something much smaller.<br> <a href="https://github.com/OWASP-BLT/BLT/pull/5644" rel="noopener noreferrer">PR #5644</a> — Add spam detection utility for bug report views.</p> <p>I remember the feeling when I opened that pull request, i was quite nervous And tbh it was my first pr on github . I'd set up the Docker environment (which, on Windows 11, is its own adventure — port conflicts, CRLF line endings, Django version mismatches between local pip and Docker). I'd found a genuine gap: bug report views had no spam filtering.</p> <p>so after 2 months of contributing my progress was - </p> <ul> <li> <strong>34</strong> pull requests merged</li> <li> <strong>63</strong> tests written (for the security dashboard alone)</li> <li> <strong>10</strong> security vulnerabilities fixed</li> <li> <strong>7</strong> N+1 query optimizations</li> <li> <strong>6</strong> new database models</li> <li> <strong>12</strong> files changed in the largest PR</li> <li> <strong>13</strong> CodeRabbit review rounds addressed</li> </ul> <p>"Security Is a Mindset, Not a Checklist" . also "The Best Bug Fixes Are the Ones Nobody Asked For" this is what i learnt from contributing to OWASP-BLT . </p> <p>A Thank You</p> <p>I want to thank DonnieBLT specifically. His reviews were tough, his standards were high, and his vision for the project pushed me far beyond what I thought I could do. When he asked me to rebuild the security dashboard from scratch with an org-scoped architecture, it felt overwhelming. But it was the right call, and the result was something I'm genuinely proud of.<br> Good mentors don't make things easy. They make you better.<br> And to the OWASP BLT community — every contributor, reviewer, and maintainer who keeps this project alive — thank you. You gave a student with zero open-source experience a chance to contribute something real.</p> <p>If you're a student thinking about open source — just start. Find a project that matters to you, read the code until it makes sense, and fix something small. The first PR is the hardest. Everything after that is momentum.</p> <p>BLT- <a href="https://github.com/OWASP-BLT" rel="noopener noreferrer">https://github.com/OWASP-BLT</a><br> MENTOR- <a href="https://github.com/DonnieBLT" rel="noopener noreferrer">https://github.com/DonnieBLT</a></p> <p>Follow my journey: <a href="https://github.com/yashhzd" rel="noopener noreferrer">github.com/yashhzd</a>.<a href=""></a></p> opensource