I heard about open source around a year ago, and honestly, I didn’t jump in out of excitement - it was pure curiosity. I just wanted to see how things worked behind the scenes. So I started exploring the good-first-issue label on GitHub, picked some random repos, forked them, committed a few changes, and slowly figured out the whole contribution workflow.
Back then, I also knew about GSoC - Google Summer of Code - but only at a surface level. To me, it was simply “contribute → get selected.” I had no idea how big real-world codebases could be or how overwhelming they might feel.
Finding My Direction: OWASP
While browsing blogs about how to get started, almost everyone suggested reading previous years’ GSoC write-ups. So I did. And while reading those posts, one organization suddenly stood out: OWASP.
The reason was simple - I already knew about the OWASP Top 10. Out of hundreds of unfamiliar organizations, OWASP felt like a place where I at least understood the purpose.
As I explored further, projects like NEST, CRE, and BLT started popping up. I leaned toward NEST at first because I’m more comfortable with TypeScript. BLT looked really interesting, but I had zero experience with Django or Python.
And then came the twist.
The Blog That Changed Everything
I found a GSoC blog written by a contributor. They had built four security labs for the BLT project and the write-up was so friendly that it gave me confidence:
“I may not know the stack, but I can surely replicate this and extend it.”
That belief was strong enough for me to try. Plus, I knew I could use AI tools to understand things. How hard could it be?
Well… harder than I expected.
My First PR: The Reality Check
I replicated the labs, joined the Slack workspace, got confirmation, and made my PR in October:
Added Labs: Under Security Labs Added More Labs
#4628
Added more labs in security labs section closes #4784
To seed labs and their tasks simply run :
python manage.py seed_all_security_lab
-
Refactor
- Restructured task detail page into clear, per-lab sections for payload exercises (SQLi, XSS, CSRF, Command Injection, Broken Auth, IDOR, File Upload, Sensitive Data Exposure, Open Redirect, SSRF)
- Unified and simplified MCQ and simulation submission flows and result display with consistent styling driven by correctness
- Minor formatting and structural template cleanups
-
Chores
- Added a management command to seed the six security labs and their tasks for testing/dev environments
The moment I asked for a review, reality hit.
Replication wasn’t as simple as copy → paste → commit.
I had:
- added irrelevant files
- failed pre-commit checks
- triggered Sentry and CodeRabbit warnings I didn’t even understand
- and generally made every beginner mistake possible
After a lot (and I mean a lot) of back-and-forth, and with patient help from the maintainer - Donnie, I finally cleared everything. One month later, the PR was merged. And that changed everything for me.
From Zero Momentum to Light Speed
Once that first PR got merged, it was a massive boost.
I started reading issues, picking tasks, opening PRs, getting reviews, fixing things, and before I knew it, I had multiple PRs merged in the same month. The slow start turned into full-speed progress.
We were also encouraged to review others’ PRs. I didn’t really know how to do that, so I watched how other contributors reviewed code and followed their patterns. Tools like CodeRabbit and Sentry helped; they taught me how to reason about code warnings.
I also started recognizing common patterns in the backend:
- N+1 query problems
- cache stampede issues
- repeated logic patterns
- places where optimizations were needed
I wasn’t an expert, but I was learning how to spot things. I used Copilot and CodeRabbit to understand unfamiliar parts of the repo and slowly built a mental map of its workflow.
Where I Am Now
From that first confused PR to today, the journey has been wild.
I now:
- understand the repo’s structure
- can navigate issues, commits, and workflows confidently
- know how reviews function
- contribute regularly
- and feel genuinely connected to the project
What started as a random attempt to explore open source turned into something meaningful that i want to continue growing in.
Top comments (1)
@nachiket-roy, that’s an amazing story! I know exactly which blog post you were referring to about security. Labs were such a blast to be part of, and I hope they’re giving the community a fantastic learning experience. I’ve been really impressed with your contributions and your constant drive to push code forward. You’re a true leader in our community, and I can say you’re even a guiding light. Thank you so much for all your contributions; it’s truly evident.