🩺 Vitals
- 🟢 Last active: 2026-06-30
- 📦 Latest release: 1.6.0 (2026-06-22)
- 🐞 Open issues: 125
- 🌟 Stars: 1.3k
What do these metrics mean?
- Last active: when code was last pushed, as of our last check. The dot is green when that was recent, grey otherwise. A long gap can mean a tool is finished and stable, not only unmaintained.
- Latest release: the most recent tagged, packaged version the maintainers published. Not every healthy project tags releases.
- Open issues: unresolved reports and requests. A high number is normal for a popular project and is not a warning on its own.
- Stars: how many people bookmarked the project on its forge. A rough popularity signal, not a measure of quality.
🏗️ Profile
- Official: horilla.com
- Source: github.com/horilla/horilla-hr
- License: LGPL-2.1
- Deployment: Docker | Python (Pip)
- Data Model: PostgreSQL
- Jurisdiction: India 🇮🇳 (Cybrosys Technologies)
- Compliance (SaaS): N/A (SOC 2 In Progress)
- Compliance (Self-Hosted): GDPR Ready
- Complexity: Medium (3/5) - Django app plus PostgreSQL setup and patching
- Maintenance: Medium (3/5) - DB migrations and Django security updates
- Enterprise Ready: Medium (3/5) - RBAC and audit logs included; SSO/SAML and custom payroll gated to Enterprise
1. The Executive Summary
What is it? Horilla is a self-hosted Human Resource Management System (HRMS) built on Python and Django that covers the full HR lifecycle: recruitment and onboarding, employee records, attendance and leave, payroll, performance and asset management. Its defining trait is that it is fully open source under LGPL-2.1, with no open-core "Starter vs Advanced" split: every functional module ships in the free edition. The commercial tier sells operations (managed hosting, SSO/SAML, custom payroll rules and dedicated support), not unlocked features.
The Strategic Verdict:
- 🔴 For enterprises that mandate federated identity from day one: Caution. SSO, SAML, LDAP and Active Directory integration are reserved for the custom Enterprise tier, so the free edition leaves an identity-integration gap. Weigh this alongside governance concentration: development is effectively single-vendor, so the roadmap depends on one company's priorities.
- 🟢 For European SMEs leaving per-employee HR SaaS: Strong fit. Horilla delivers the complete module set, including payroll, recruitment and performance, on your own infrastructure with no feature paywall and no per-seat licence. For a mid-market team, that is the cleanest sovereign exit from Personio or BambooHR.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | Personio (SaaS) | Horilla (Self-Hosted) |
|---|---|---|
| User Licensing | Per-employee/mo, recurring | $0 licence; all modules included |
| Data Residency | Vendor-controlled cloud | 100% your infrastructure |
| Module Access | Payroll and ATS tiered by plan | Payroll, ATS and performance free |
| Enterprise Tax | Bundled into the subscription | Only SSO/SAML, custom payroll and support |
3. The "Day 2" Reality Check
🚀 Deployment & Operations
- Installation: Horilla ships as a Python/Django application backed by PostgreSQL, with an official Docker Compose setup for a quick standup and a manual pip-based install for full control. A production deployment needs a team comfortable running Django and administering PostgreSQL: migrations, backups and security patching are ongoing work.
- Scalability: The architecture is a single application serving one organisation's HR estate. Scaling is vertical and database-bound, centred on the PostgreSQL tier rather than distributed orchestration, so capacity planning is routine database and app-server tuning.
🛡️ Security & Governance (Risk Assessment)
- Jurisdiction & Geopolitics: Cybrosys Technologies is headquartered in Kerala, India. India sits outside both the US CLOUD Act and the EU data-sovereignty framework, so neither regime's mandates reach the vendor directly, but India is not an EU adequacy country, which matters for the managed-cloud option where the vendor processes your data. Self-hosting removes the question entirely: with the application on your own EU infrastructure, there is no vendor-held copy of employee data, and the jurisdiction of Cybrosys becomes irrelevant to your GDPR posture.
- The Compliance Shift: Horilla ships application-level controls (RBAC, audit logs, AES-256 encryption at rest) but holds no completed independent certification. Its SOC 2 Type II is in progress with a stated Q3 2026 target, so today there is no vendor attestation to inherit. Self-hosting puts the full burden of uptime, encrypted backups, network security and audit readiness on your team. The application supports a GDPR-compliant deployment; it does not certify one.
- License & Governance: Horilla's core is LGPL-2.1, weak copyleft with no network clause. Running it internally or serving it to staff over your network triggers no distribution obligation, and you can build proprietary integrations against it without opening your own code; only direct modifications to Horilla's own files carry a share-back duty. The real risk is not the licence but governance concentration: development is single-vendor (Cybrosys), with no independent foundation or public governance charter, which is a single point of failure for the roadmap. The permissive licence is the mitigant, because the community can fork the code if stewardship lapses.
4. Market Landscape
🏢 Proprietary Incumbents
- Personio: The European mid-market HR SaaS standard. Employee data lives in the vendor's cloud on a recurring per-employee subscription, and the HR logic follows the vendor's roadmap rather than yours.
- BambooHR: The US mid-market HRIS default, with strong usability but a per-employee subscription and data held in a US vendor cloud, which carries CLOUD Act exposure.
🤝 Open Source Ecosystem
- OrangeHRM: The established dedicated open-source HRMS, but open-core: its free Starter edition gates external API access, payroll connectors and advanced recruitment to a paid Advanced tier, exactly the modules Horilla ships free. The trade is OrangeHRM's greater maturity and adoption against Horilla's no-paywall module set.
- ERPNext: A full open-source ERP whose HR and Payroll modules are included with no paywall. The stronger choice when you want HR embedded in finance, inventory and projects rather than a dedicated HR system of record.