kimai
Kimai is a professional open-source time-tracking application supporting multi-user teams, invoicing, and reporting. It offers both self-hosted and SaaS deployment options with features like SAML/LDAP authentication, role-based permissions, and a plugin marketplace.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | kimai/kimai |
| Owner | kimai |
| Primary language | PHP |
| License | AGPL-3.0 — OSI-approved |
| Stars | 4.8k |
| Forks | 802 |
| Open issues | 335 |
| Latest release | 2.61.0 (2026-06-20) |
| Last updated | 2026-07-06 |
| Source | https://github.com/kimai/kimai |
What kimai is
PHP 8.2+ Symfony-based web application using Doctrine ORM and MySQL/MariaDB backend. Provides REST JSON API, multi-timezone support, and deployable via Docker, traditional hosting, or managed cloud. Licensed under AGPL-3.0.
Get the kimai source
Clone the repository and explore it locally.
git clone https://github.com/kimai/kimai.gitcd kimai# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- PHP 8.2+ with MariaDB ≥10.6 or MySQL ≥8.4 mandatory; verify hosting environment meets extension requirements (gd, intl, mbstring, pdo, tokenizer, xml, xsl, zip).
- AGPL-3.0 requires any modifications or derivative works deployed to be open-sourced; assess whether internal customizations will trigger disclosure obligations.
- Docker deployments available but subdirectory installations unsupported—require dedicated subdomain, increasing DNS and SSL management overhead.
- ~2 weeks between releases per README; monitor update cadence for security patches and compatibility with PHP 8.4/8.5 lifecycle.
- 335 open issues as of data snapshot; prioritize review of blocker issues and plugin marketplace compatibility with target version.
When to avoid it — and what to weigh
- Proprietary SaaS-only requirement — If your compliance or licensing framework requires only proprietary software with vendor SLAs, Kimai's AGPL requirement and self-hosting model may conflict.
- Zero operational overhead needed — Requires PHP, MySQL/MariaDB, and web server setup; no plug-and-play managed offering without running your own infrastructure or paying for the official SaaS.
- Legacy .NET or Java tech stack — Built entirely on PHP/Symfony; integration with isolated .NET/Java systems is possible via REST API but adds complexity compared to native platform solutions.
- Real-time GPS or field workforce tracking — Designed for office/project time tracking, not mobile-first field crew location logging or geofencing. Limited native mobile app support.
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). Network use triggers copyleft obligations—any deployed modifications must be source-available to users. Requires review if internal customization is planned.
AGPL-3.0 permits commercial use and hosting, but any network-deployed derivative must provide source code to users. A commercial support and SaaS offering (kimai.cloud) is operated by the project; clarify whether your use model requires that, or if self-hosting + AGPL compliance suffices. Consult legal counsel if shipping private modifications.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
AGPL-3.0 code transparency supports security review. Project includes CI/CD and code coverage reporting. Supports TOTP 2FA, SAML/LDAP, and role-based permissions. No explicit vulnerability disclosure policy or security audit results in data. MariaDB/MySQL dependency requires standard database hardening. Self-hosting model places security patching responsibility on operator. No warranty or SLA for OSS version.
Alternatives to consider
Toggl Track
Commercial SaaS time tracker with strong mobile app and integrations; suitable if no open-source/self-hosting requirement and managed operations preferred.
Harvest
Enterprise time + invoicing SaaS with white-label options; better fit if compliance mandates proprietary vendor contracts and zero operational overhead.
OpenTimesheet (OSS alternative)
Lighter PHP/Laravel-based open-source timesheet tool; consider if simpler feature set, smaller team, and AGPL avoidance are priorities.
Build on kimai with DEV.co software developers
Our team can help assess AGPL licensing implications, design a secure self-hosted deployment, and integrate Kimai with your existing systems. Start a technical review today.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
kimai FAQ
Can we deploy Kimai in a subdirectory under our domain?
What does AGPL-3.0 mean for our commercial time-tracking service?
Is there a hosted SaaS option to avoid self-hosting?
Does Kimai support mobile apps?
Custom software development services
Need help beyond evaluating kimai? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Ready to evaluate Kimai for your team?
Our team can help assess AGPL licensing implications, design a secure self-hosted deployment, and integrate Kimai with your existing systems. Start a technical review today.