Kiwi
Kiwi TCMS is an open-source test management system built in Python that supports both manual and automated testing with features like bug tracker integration, access control, and API layers. It has been actively maintained since its 2017 fork from the Nitrate project and serves as an alternative to commercial test management tools.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | kiwitcms/Kiwi |
| Owner | kiwitcms |
| Primary language | Python |
| License | GPL-2.0 — OSI-approved |
| Stars | 1.2k |
| Forks | 363 |
| Open issues | 136 |
| Latest release | v16.1 (2026-06-24) |
| Last updated | 2026-07-08 |
| Source | https://github.com/kiwitcms/Kiwi |
What Kiwi is
Django-based Python application offering test case management, test execution tracking, bug integration, role-based access control, and REST API. Deployable via Docker; supports multiple database backends and integrations with external systems (GitLab confirmed).
Get the Kiwi source
Clone the repository and explore it locally.
git clone https://github.com/kiwitcms/Kiwi.gitcd Kiwi# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- GPL-2.0 copyleft license requires all modifications to be made available; verify internal IP strategy before customizing.
- Docker-based deployment simplifies initial setup; assess database backend requirements and persistence strategy for production.
- No explicit security audit data provided; review Coverity and codecov metrics (referenced in README) and conduct threat modeling for sensitive test data.
- Python/Django stack; ensure organization has expertise in those technologies for customization and troubleshooting.
- 136 open issues at snapshot; assess backlog health and prioritization before committing to critical workflow dependencies.
When to avoid it — and what to weigh
- Proprietary/closed-source requirement — GPL-2.0 license mandates source code disclosure and derivative work compliance. Requires legal review if commercial software distribution is planned.
- Need for guaranteed SLA or commercial support without external contract — Community-driven project. Commercial support mentioned but only via external arrangement; no embedded SLA guarantees in the open-source offering.
- Minimal self-hosted infrastructure preference — Requires Docker, database backend (unknown specifics), and ongoing maintenance. Not a lightweight single-binary deployment.
- Real-time performance testing or load testing focus — Designed for test management and execution tracking, not performance/load testing tools. Scope mismatch for that use case.
License & commercial use
Licensed under GPL-2.0 (GNU General Public License v2.0). This is a strong copyleft license requiring any modified source code to be made available under the same license. Commercial use of unmodified software is permitted; modifications for internal use are allowed but if distributed, trigger copyleft obligations.
Unmodified Kiwi TCMS may be used commercially for test management without license violation. However, any customizations or derivative works must comply with GPL-2.0 copyleft: source code modifications must be disclosed and licensed identically. Commercial support is offered separately (external arrangement). Proprietary software that depends on or bundles Kiwi TCMS requires legal review.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Project uses Coverity scan and CodeCov (visible in badges); code quality tooling is in place. No explicit security audit, penetration test results, or vulnerability disclosure policy mentioned in provided data. Test management systems often handle sensitive test scripts and defect data—assess authentication (RBAC mentioned), TLS/encryption in transit, and data isolation before deployment. Access control is noted as a feature; depth and multi-tenancy support require review.
Alternatives to consider
TestRail (Gurock)
Commercial, cloud-native test management with strong integrations and professional support; choose if vendor support and SaaS model are priorities over open source.
TestLink
Open-source TCMS (GPL); Kiwi was forked from Nitrate, a TestLink alternative. Choose TestLink if simpler deployment or specific legacy integration is required.
Zephyr (Atlassian)
Jira-integrated test management; choose if your team is already Jira-centric and need native Atlassian ecosystem integration over standalone open-source deployment.
Build on Kiwi with DEV.co software developers
Review the full documentation and deployment guide at kiwitcms.readthedocs.io, test the public tenant at public.tenant.kiwitcms.org, and consult legal on GPL-2.0 compliance before integration.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
Kiwi FAQ
Can we modify Kiwi TCMS and keep changes proprietary?
What database backends are supported?
Is commercial support available?
What is the typical deployment footprint and infrastructure requirement?
Software development & web development with DEV.co
Adopting Kiwi is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source testing software in production.
Evaluate Kiwi TCMS for Your QA Team
Review the full documentation and deployment guide at kiwitcms.readthedocs.io, test the public tenant at public.tenant.kiwitcms.org, and consult legal on GPL-2.0 compliance before integration.