Django is a way to build web applications, powering thousands of websites, including Instagram, Pinterest, and Spotify. Written in Python, this web application framework enables teams to quickly model data and intuitively build forms for a broad range of use cases. In fact, GitGuardian makes extensive use of Django, powering user workspaces. Django is also completely free and open source software made by a global community of volunteers. In early September, around 300 of those builders, coders, and core community organizers gathered in Chicago for DjangoCon 2025.

Over five days, the community attended talks, engaged in meaningful hallway conversations, had a lot of fun in the Windy City, and, along the way, coordinated on the future of the project. The first three days of talks included an hour of lightning talks, allowing any participant to sign up to give a 5-minute presentation on any topic. Some of the best ideas and conversations at the event came from these mini sessions. Overall, talks ranged from deployment strategies to making the project more welcoming to new contributors, and from beginner-friendly introductions to in-depth technical code-based examples and demos.

The final two days of the event were open-source sprints. These are the working days when developers, document writers, testers, and all the other volunteers who help create and maintain Django itself can collaborate in person.

Underlying all of it was a real sense of wanting to make things better for the user, the developer, and the community overall. Here are just a few highlights from the sessions at DjangoCon US 2025. 

Lateral Thinking With Seasoned Technology

The keynote from Carson Gross, creator of HTMX, "Lateral Thinking with Weathered Technology: How The Nintendo Philosophy Applies to Modern Web Development," invoked Nintendo’s legendary engineer, Gunpei Yokoi, the creator of the Game Boy and producer of Metroid, among other notable accomplishments. Yokoi popularized the philosophy of "lateral thinking with withered technology,” leveraging stable, well-understood components rather than chasing bleeding-edge specs. An alternative translation would prefer the term "seasoned" technology, explained Carson.

He pointed out that the Game Boy, released with older tech, still dominated against the more advanced Sega Game Gear because Nintendo prioritized fun over buzzwords and unproven hardware. Similarly, the Wii, which was built largely on GameCube-era hardware, won by rethinking player experience, not raw performance.

Carson argued that web development faces the same trap. Developers often chase “the new hotness” instead of focusing on user experience. Tools like hypermedia controls, like links and forms, which are the web’s original foundation, may feel outdated, but they remain powerful.

That philosophy drives HTMX. By embedding attributes like hx-target or hx-swap in HTML, developers can create interactive experiences, like infinite scroll, active search, or inline editing, without the overhead of large JavaScript frameworks. One striking case study showed a 96% reduction in JS dependencies and 67% less code when a React app was replaced with Django + HTMX.

One thing we know in security is that the less complex a system is, the easier it is to maintain and secure. 

Carson Gross

Deploying Reliably, Repeatedly, And Securly With GitOps

Calvin Hendryx-Parker, CTO of Six Feet Up, demonstrated how Django projects can thrive in modern Kubernetes environments in his talk "Deploy Django: GitOps & Kubernetes Made Easy." In his talk, he tempted the "demo gods" by doing a live deployment, from authorization to code push, all the way through to a working site running in containers. 

Calvin explained that, instead of ad-hoc deployments and “works on my machine” anxiety, GitOps provides:

  • A single source of truth via the Git repo.
  • Declarative infrastructure that describes the desired state.
  • Automated reconciliation through tools like ArgoCD.
  • Security baked in, from sealed secrets to encrypted credentials.

Calvin showed how ArgoCD continuously watches Git repositories and automatically syncs changes, enabling cloud-agnostic deployments with zero downtime and full audit trails. He explained the security benefits and best practices, even citing the manual authorization set he does for the demo as being replaceable through properly stored credentials, encrypted at rest. 

This session was a good example of security being baked into the design of the system, proving that modern developers do, in fact, want to do things safely.

Calvin Hendryx-Parker

Joy As Your Fuel

In his session, "The X’s and O’s of Open Source with ShotGeek", Kudzayi Bamhare, Django Developer at Two Rock Software and Founder of ShotGeek, used basketball metaphors to deliver his story. This included his biggest lesson learned: that passion drives success.

His Django-powered project ShotGeek started from his childhood love of NBA Jam and the wealth of basketball data available via the nba_api. What kept him going wasn’t coding or people using his app; it was the joy. Kudzayi then explained that sustaining that joy requires structure.

He compared OSS governance to the triangle offense, where three sides work in tandem to move the ball down the court. First, you need governance to allow clear decision-making. This allows you to create the community that will create the docs, onboard new members, and get the word out on social media. And for sustainability, any project needs funding to cover costs and reward contributors.

To prevent burnout, Kudzayi launched the "Shot Creator Program," paying early-career developers to build features while gaining mentorship and experience. He reminded attendees that technology, especially open source, isn’t just about code; it’s about teams, systems, and sustaining joy.

Kudzayi Bamhare

Who Collects Your QR Code Data?

In her talk "Reverse engineering the QR code generator and URL forwarder service," Mariatta Wijaya, Senior Software Engineering Consultant, tackled a small but real problem: QR codes at events. She explained that too often, free QR services inject ads, redirect through shady URLs, or harvest data. For speakers and attendees, that erodes trust. Instead of accepting those tradeoffs, she built her own solution with Django.

Using Python libraries like `qrcode` and `segno`, she created a self-hosted QR generator and forwarder that avoids trackers and suspicious redirects. Now she can recycle QR codes across years of conference talks without reprinting expensive banners or exposing attendees to questionable links.

Her talk was a great reminder that security and trust apply even to the smallest components.

Mariatta

Lighting Round

The lightning talks at DjangoCon really stood out as each presenter was deeply passionate about their subject matter. Talks ranged from deeply technical to outright humorous. Here is just a sample of what was presented. 

Chrissy Wainwright — Our Experiment with Vibe Coding
Chrissy’s team at Six Feet Up experimented with “vibe coding,” letting AI tools like Claude, Gemini, and Goose scaffold entire Django features. While the speed and variety were impressive, the results suffered from instability, version roulette, and a worrying lack of code ownership. Her takeaway from the whole experience is that AI can accelerate workflows, but only if you enforce guardrails, add human review, and train it on small, well-bounded tasks like unit test generation.

Automated Guard Rails for Vibe Coding
Vibe coding might sound like a trendy term, but it’s really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.
GitGuardian Blog - Take Control of Your Secrets SecurityAndy Rea

Marcelo Elizeche Landó — Back-Channel Logout: If You Build It, They Will Come
Marcelo discussed logging out of everything, not just the identity provider (IdP), as one of the trickier elements of safely leveraging SSO. Back-channel logout, supported in OIDC, allows an IdP to notify all connected apps to terminate sessions simultaneously, removing the risk of “phantom” logins lingering after a global logout. Despite its obvious security benefits, adoption has been frustratingly low, which leaves organizations exposed to session hijacking and incomplete logout flows.

Securing your CI/CD: an OIDC Tutorial
The article highlights the significance of securing CI/CD systems and offers three best practices. It introduces OpenID Connect (OIDC) as a means to employ short-lived tokens for improved security.
GitGuardian Blog - Take Control of Your Secrets SecurityGuest Expert

Sanyam Khurana — Django Phone Verify
Sanyam gave us a walk-through of his project Django Phone Verify, a lightweight package that adds one-time password (OTP) verification via SMS, independent of any broader authentication system. The solution is provider-agnostic, working with Twilio, Nexmo, or Vonage, and can be integrated into Django views or APIs in under a minute. By reducing boilerplate and increasing trust with flexible OTP workflows, it lowers the barrier for developers to add strong identity checks without overcomplicating their stacks with full authentication workflow overhead.

A Community Focused On Stability, Simplicity, And Security

Unlike many of the posts in our Conference recaps at GitGuardian, security was not the main focus of DjangoCon. Your author was the only speaker whose entire focus was on securing the developer's workflow, but I was not the only speaker who talked about properly storing and using secrets. The Django community really is built on the belief that stability and trust are inseparable from progress.

In my experience, this is true of any successful project. Developers are thinking about performance, governance, and sustainability, but they are also thinking about how to protect users and projects from real-world threats.